24C3 Toying with barcodes


[FX] from Phenoelit gave an entertaining talk about barcode security. He covered both how the systems are implemented and how they’ve been exploited. The first example was a parking garage in Dresden that issues non unique barcodes for the unlimited passes that hotels give out. Anyone code print out an image of that particular code and park for free. German grocery stores have automated machines that refund you for your empty beer bottles. The barcode generated just states the refund amount (5 digits) that you’ll get at the register. Just stick the barcode under something like a six pack and it’ll scan even without the cashier seeing it.

Check out the video to find out more silliness involving DVD rentals, boarding passes, asset management, and SQL injection via the scanner. You can even find higher res versions in the 24C3 media archives.

24 thoughts on “24C3 Toying with barcodes

  1. cool article… :)

    i would have thought that such a widely used system would have been more secure tbh :)

    even the magnetic bar-codes used in some clothing stores (the ones that set the alarms off at the door) can be rendered useless by rubbing the front onto a hard surface.

    not as advance but along the same lines :)

  2. Also, when is Hack A Day going to upgrade to the same comment system that Engadget uses… the comment verification email says:

    P.S.: For future reference, you may avoid these confirmations by using your e-mail and password

  3. @jared

    serious? lol

    i watched a show a while ago about ppl using foil lined bags to trick the senors at the door and block the bar codes from activating them

    although it baffles me how the bar codes activate them

    there must be a separate device (like the plastic discs on shirts etc) do the bar codes do it all?

  4. okay, i really need help. he said to use gnu barcode, (almost) whenever i download some open-source type program, i end up with some .tar.gz file, which i have to extract twice, after which i get a pile of .h, .c, and .nothing files, which open as (crappy) plain text in notepad.

    wtf? can somebody help?

  5. I really do not want to get into a private conversation either.

    Open-source software is usually distributed as source code meant to be compiled on open-source systems. Usually there is a “readme” and/or “install” file with instructions on what to do.

    Since you said you opened the files in “notepad” I guess you are on Windows, in which case what you want is at http://gnuwin32.sourceforge.net/packages/barcode.htm

    PS – Read open-source files with Wordpad instead of notepad.

  6. That was quite excellent. I’m going to have to sent this to a co-worker of mine who’s entire job revolves around writing bar code programs for our companies scanning system.

    Anyone else got an old hacked Radio Shack Cue-Cat they’re digging out of hiding after watching this :)

  7. That was really good. I work with barcodes (and RFID and a lot of other things) in industry and everything in that talk was spot-on.

  8. The Magnetic tags for door alarms dont actually read the barcode. the barcode is just for tag type authentication. I believe the actual tag detection is just through magnetic resonance. I’ve played with sheets of them, they’re printed off on sheets of 8 1/2x 11 sheets, and the barcodes are all the same.

    Thats why you get tags from other stores that go off in each other’s arches, thats also why tinfoil bags block the detectors (sometimes). If you were going for individual item detection, they’d have to use something with a form of rf or magnetic data storage- either way you’d either be bombarded with rf from every item while in the store or have to pass through a bigass cardreader (which opens up a whooole new slew of security issues). The closest i imagine they can get away with would be Rfid tags, but not many stores would want to drop that much cash to keep someone from walking out the door with random crap.

  9. This video is great- I remember I was messing around one time at a gym with a barcode-access weight room, and I bought a drink from the vending machine, scanned it, and it let me in. Beats the $30/mo fee for using it.

    Also, my school uses barcodes on ID cards to pay for lunch. I scanned mine and found that it’s just your student ID number and two zeros. Student ID numbers are pretty much in public domain.

  10. Sorry, I just realized I didn’t post the good link for the decoder. This is another decoder, but not for the same purpose. I don’t have the link on the computer I’m writing on but I’ll try to find it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s