Update: HBCI testing for non-Germans

Chris Lyttle chris at wilddev.net
Sun Jan 16 03:00:24 EST 2005

Sweet Christian, this is wonderful news. 
Thanks for your efforts here.


On Sat, 2005-01-15 at 17:00 +0100, Christian Stimming wrote:
> Hi all,
> a few days ago I described an available testserver account, so that others can 
> try out the HBCI features even without an actual HBCI bank.
> The provider of this testserver now notified me that its server address has 
> changed. So if you tried the setup with the IP address from 2005-01-11, then 
> you will have to try again with a new address of 
> "www.hora-obscura.de/pintan/PinTanServlet". Since this might be interesting 
> for other hackers in the future as well, I just added this into src/
> import-export/hbci/HACKING-HBCITEST.txt. The file is intended solely to 
> developers, not at all to end users, so it should never be distributed with 
> any tarball. Below is a copy of this text.
> Christian
> Hi all developers,
> as you know, Gnucash includes support for the German online banking 
> protocol HBCI, and I usually emphasize that anyone outside Germany will 
> be unable to use all these cool features. But it recently came to my 
> mind that there is a test server, simulating a HBCI bank, which is run 
> by a friend of us (Stefan Palme), and he is able to give the Gnucash 
> developers something like a test account for, well, testing purposes.
> One authentification method of the HBCI protocol requires only a PIN for 
> login, and a TAN (transaction number) for each issued online order. We 
> can use this as a shared test account, because anyone who knows the PIN 
> (and some TANs) can use it. So I invite all you fellow developers to 
> install the HBCI features of gnucash, start the HBCI setup druid, setup 
> a Pin/Tan-based HBCI account, and just try out all the possible 
> features. Naturally, this test account won't move any real money around )
> (The Pin/Tan authentification method was added in 1.8.10 when changing 
> the HBCI library to Aqbanking. This method is rather insecure, but since 
> it is very simple to use there is quite some demand for it. So we 
> eventually implemented it in gnucash. I wouldn't recommend this for real 
> online banking if there is any of the other HBCI authentification 
> methods like chip cards or RSA keys available.)
> Here's what you need to enter in the HBCI setup druid:
> * "Use Pin/Tan mode"
> * Bank Code: 80007777
>    Server: www.hora-obscura.de/pintan/PinTanServlet 
>    (the URL changed on 2005-01-15)
>    User-Name: (something arbitrary; only for yourself)
>    User-Id: gnucash
>    Customer-Id: gnucash [or as a second customer: gnucash2]
> * Then press next all the time
> * For this user the PIN is: 12345
> * The setup druid should automatically recognize that this account 
>   offers access to the account numbers "2501111538" and "2501111539"
> * That finishes the setup.
> If you want to send money between these two account numbers back and 
> forth, you can do so by using any of the following TANs:
>                                   11111111
>                                   22222222
>                                   ...
>                                   99999999
> Enjoy! Don't hesitate to notify me if anything is broke.
> Christian stimming at tuhh.de
> There's an administrator web frontend reachable under
> https://www.hora-obscura.de/hbci wheren the used TANs can be
> resetted. The password for this can be asked from Christian Stimming.
> _______________________________________________
> gnucash-devel mailing list
> gnucash-devel at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-devel
RedHat Certified Engineer #807302549405490.
Checkpoint Certified Security Expert 2000 & NG
        | |   |^|
        | |^| | |  Life out here is raw 
        | | |^| |  But we will never stop
        | |_|_| |  We will never quit 
        | / __> |  cause we are Metallica
        |/ /    |
        \       /
         |     |

More information about the gnucash-devel mailing list