Your balance: 0, 20 transactions left.
Command: create 100
Transaction #0 over 100 initiated. Please complete it using the verification code: 201107233b6619255504600f301e7209
Your balance: 0, 19 transactions left.
Command: complete 0 201107233b6619255504600f301e7209
Transaction completed!
Your balance: 100, 19 transactions left.
```

Let's first study how the hash are created by analyzing the function `encrypt`.

```python
def encrypt(self, t):
self.__r.set_x(t.get_k())
ct = ""
s = str(t)
l = len(s)
for c in s:
getnext = self.__r.get_next()
print getnext
print getnext % 2**7
ct += chr( ord(c) ^ (getnext % 2**7) )
print ct.encode('hex')
return ct.encode('hex')
```

`t.get_k()` returns a random 32 bits hash which is used to initialize the `Randomizer` object `__r`.
Once we know the initial value of `__r` the subsequent `get_next` operations are determinists.
The values of `__r.get_next()` are used to encrypt the message `TRANSACTION: xxxx` where `xxxx` is the amount of the transaction.

To exploit this program, we need to replace the space in the message `TRANSACTION: xxxx` by a `9`.

In order to do that, we isolate the encoded byte representing the `space` in the transaction hash and XOR it with the hexadecimal value of the `space` ascii code.

To automate the process, I wrote this little Python script.

```python
import sys

s = sys.argv[1]

c = s[24:26].decode('hex')
x = ord(c) ^ 32
c = ord('9') ^ x
c = hex(c).lstrip("0x")

s = s[:24] + c + s[26:]

print s
```

Now we can hack every transactions to change the amount.

```
WELCOME TO THE BANK BACKEND!