Free laundry redux

[Koala] was worried his pseudo smart card trick wouldn’t be considered a HackaDay worthy. We’re more worried the internet police will find this article and have us all tarred and feathered.

Jokes aside, it seems Laundromat owners sure aren’t learning. Long story short, using a Bus Pirate and a few techniques we’ve seen before for smart card hacking [Koala] is able to write whatever amount he needs onto his pseudo smart card; thus giving him a free load of laundry.

Comments

  1. Omni5cience says:

    Gah! I’ve been slowly working on what is basically the same thing.

  2. BadWolf says:

    He’s not the first to achieve this,just the one stupid enough to show it to the wrong people…

    We did it as a proof of concept a year ago,and btw,he doesn’t need to put a specific amount if he just make sure the command the laundry machine send to the card when it take money from it is not heard.So a card with 1.50 would work for ever.

    Cheers

    Th3 Bad Wolf

  3. Polyphuckin says:

    First.

    I have no idea how he did that. Very cool though.

  4. alexq says:

    .. I’ll stick my neck out and say I am uncomfortable with this clever hack. Though it might appear the hacker is wanting to find a vulnerability in a system, it is also a system that is a source of income for someone, or a company. Now, I’m sure, hackaday doesn’t encourage, say, software theft or stealing from a bank, so why encourage a hack that allows some a free ride, albeit at the cost of some time initially?

    I’m concerned for the person who found the weakness in the system because, for all their boasting, they risk getting into hot water – petty theft it might be, but is it worth the potential hassle?

  5. Rick says:

    Back in the day, we used to use a three-pronged claw made from a wire coat-hanger’s hook and two shoulders to get ‘free’ loads of laundry and ‘free’ games of pool from the kind of mechanical coin accepters that have vertical slots where you insert the coins and then push in the handle.
    This is -way- cooler :)

  6. chris says:

    This isn’t a hack its out and out theft !

    There’s a world of difference between a hack and a thievery unfortunately the media seems to have irrevocably abused the term hack, are not they seem synonymous

  7. Sparkinium says:

    I agree that using this to actually get free laundry is theft, and some people might use this knowledge for harm.

    However, this is exactly the sort of thing Hack A Day is about. Somebody probed into a common piece of technology many of us have encountered in daily life, and figured out how it works.

    Maybe this should have a disclaimer not to use it, but I thought it was an interesting article on how laundry cards work.

  8. Dr. Mayhem says:

    “This isn’t a hack its out and out theft!”
    Of course it’s a hack. What they do with it afterwards is not relevant to that aspect.

    In any case, the amount of time, effort, and skill put into it is hardly worth the 50 cents or whatever they might save every week by actually using it (if they do actually use it) so I think it’s pretty evident that this is done for the sport of it rather than for any material gain.

  9. jh says:

    this is still a hack. whether the hack is legal or not (definitely illegal unless you are just testing the system and not stealing resources) is beside the point. I would not advise anyone to use this hack unless they want to risk legal trouble though.

  10. Daryl says:

    @chris easy there boy. Careful on the rage-commenting.

    Nice job. Sounds a lot like what the Boston MTA guys figured out. Looks like corporations really don’t care about security in their products.

  11. turn.self.off says:

    heh, as the local school uses a kind of keyfob for vending machine payments (tho it also accepts coins) i am tempted to get one and see if i can interface with it to get a free soda now and then.

    iirc, there are several stories online where people claim to have done the same during their college engineering years.

  12. LordFantah says:

    … He should have used an Arduino!

    On a serious side note, this is actually pretty neat, even though it has been seen before :)

  13. andar_b says:

    Does this remind anyone of liquid nitrogen hotdogs in Perfect Genius?

    lol

  14. maus says:

    “This isn’t a hack its out and out theft !”

    Don’t be stupid. It’s a hack that CAN BE used as theft by those of questionable morals. Proof of concept doesn’t mean that he’s abusing it.

  15. Kiwini says:

    Wow…sharing how to cheat and steal from a business.

    FAIL

  16. Vonskippy says:

    Lets hope they use the same ticket system in Prison for the shower soap – otherwise he’ll be impressing his new roommates with his bend over hacks.

  17. John Harrison says:

    When will people looking to use smart cards for cash learn to use some actual cryptography? It isn’t as if they would have to break any new ground. Existing secure systems for smart cards are well documented and easily implemented both on the card and in the terminal. Looks like this system is about as poorly implemented as possible.

    Here is a hint for those making systems like this in the future: assume that any card that gets inserted is made by a hostile hacker. Require secure mutual authentication and then authenticate each and every APDU within a secure session. That won stop someone from extracting your keys from hardware, but it will foil this sort of trick.

  18. Sp`ange says:

    A cell phone jammer is illegal but I didn’t hear anyone screaming at Lady Ada. So, say someone steals with this hack.. It’s their responsibilty that they must take for their theft. I don’t condone this, but don’t hate the hack. Hate the thief. Maybe, if anything, they will fix the machines just like ULock fixed their locks.

  19. snowdruid says:

    this is nice i have the same card and have to say the only thieves here are the people from this company no really how much money does a run on a machine really cost? its like you pay 200-300% the price you pay anywhere else. and the system is so badly engineered its just a shame. for example let me explain some of the limitations:every run costs 3frs an then you get the leftover money back depending on the chosen program why not just make a fix price per programm? if you want to recharge the card the amount on it has to be 0 i mean really wtf? oh and i forgot you can only charge a fixed amount of 30frs. this is just ridiculous so i just say yay nice hack make those lazy b******* work for their money

  20. vader says:

    actually … I believe MIT through a fit with Lady Ada’s gadgets, including the wide band RF jammer

  21. Sam says:

    99.999999% of people would not be able to replicate this hack if their lives depended on it. I think the laundry machine business is safe.

  22. Chuckt says:

    You’re a thief.

  23. YaBa says:

    I didn’t even bothered to read all the comments, but, to the first ones, here’s my thought:
    - There’s SO MANY hacks which can be used to illegal stuff… Get real, this IS a little hack, whether you use it to learn or steal is up to you!
    There’s no such thing as right or wrong, only fun and boring…

  24. David says:

    Its hilarious… if its not an arduino blinking a light its blasphemous and should be pulled from hackaday.com… some of you morality morons need to stay off the internet and keep to ratting out your neighbors ;)

  25. Kyle says:

    Do it once it’s a hack, keep doing it until you get caught thats obviously theft.

  26. pogyhauler says:

    Back in the day, there were those of us that reveled in the new found notoriety of being on the edge of High Tech development.
    People started calling us ‘Hackers’. The term being generally considered an accolade.
    It took a long, long time before the concept broadened to include just about any backyard contraption.
    It took even longer before the notion of ‘Phreaking’ (stealing – power, phone, TV, whatever) got rolled in under the catchphrase.
    We tried to fight back. insisting that nefarious, surreptitious activity was proprly termed ‘cracking’.
    For a while that worked.
    Until the lines were not only blurred but almost erased by P2P and digital anarchy.

    Then, as now, there is a discernible line in R&D in any form or discipline. Ethical, or not, malevolent, or not. There ARE ethics, and there IS justice. from the Cottage, to the Super Colliders.

    If a lone researcher, had posted working code for a browser exploit before giving the developers notice or warning. He’d be damned and reviled for dropping a 0 day on the planet. Even were that exploit to be known inside the security community.

    What has happened here is no different.
    This, is enabling, and abetting the publication
    of a 0day against certain revenue tracking machines.
    A hack, is a hack. and a crime is a crime.
    Only those with the morals of a ferret, fail to distinguish amongst them.

    Intellect is not the measure of a man.
    Brilliant criminals, are still sub-human.
    “There’s no such thing as right or wrong, only fun and boring…” is something expected from a 4 year old. By the age of 5, a rudimentary grasp of the concept of ‘fairness’ takes hold.
    By 6, The ‘Golden Rule’ is usually not only understood, but demonstrated.
    Is is possible to be both bright, and morally retarded. As we witness here.

  27. jamieriddles says:

    I believe we have crossed a line with this one

  28. Max Rockbin says:

    Wow. Stealing from a guy who owns a laundromat and probably makes less than half your what your Dad makes. Cool.
    Maybe he’ll have to close and you can walk another 10 blocks to rinse out your tighty whities.

  29. YaBa says:

    @pogyhauler: thanks for the “4 year old” compliment. I always like to keep a fresh and young mind, although I’m in my 30′s, I REFUSE to be a DUMB OLD SQUARE CLOSE MINDED guy…
    BTW; too bad you haven’t read the whole comment as a “whole”, instead you just stared at a motto :|

  30. eviljohnstar says:

    “A black hat would have not shared, they would have just enjoyed free laundry forever…

  31. Will says:

    It’s totally unethical. I don’t come here to find new and interesting ways to become a petty thief.

  32. pogyhauler says:

    I didn’t read the part about how you didn’t bother to read parts?
    Or I didn’t read the part about how you excused this a s ‘little’ hack, and left it to anyone to use it as they will. though this one ‘little’ hack, is specifically designed to exploit a weakness in a revenue tracking system. and ‘beat it’ by circumventing its controls, to get service without the required payment.

    You may have been alive these past 30 years. I have no way to tell, and I really don’t care.
    you’d still be a moral if not intellectual defective if you were 12.
    As for ‘dumb’. I’ll match my credentials against yours and any 3 people you know personally.
    I’ll spot you a knight, a right corner, 4 tiles, or a 1/2 a moyo anytime.

    As for old, damn straight I’m old. got the scars, and the experience to prove it. As for the close minded, If a personal pledge to the golden rule, and a willingness to hold others to that as a minimal standard for membership in the human race is ‘closed’ then so be it.
    I read your whole post. including that part you now ‘qualify’ as a ‘motto’.
    I think you amply demonstrated a substandard command of the language, a suspect IQ, and the fortitude of a weasel.

    Quite the feat in so few letters.

  33. kevin says:

    I don’t know if this qualifies as stealing or theft, its more like counterfeiting. hes still paying for the laundry, but where is that money coming from… nowhere, its fake money.

  34. spacecowboy says:

    Yay. Theft!

    However this is a useful reminder that stored value cards are far from uncompromisable. Don’t rely on cards to solve problems. Just have a coin-op, and a bill changer on site. I dare anyone to post their “coin copying” hacks on hackaday.

    You copy/compromise one of these cards, you might get caught eventually, and slapped with theft-of-services. Counterfeit bills or coins, and if you get caught you get slapped with counterfeiting charges.

  35. Vonskippy says:

    @Sam – excluding 99.999999% of the planet leaves only around 64 people.

    Somehow I don’t think the Laundry ticket system is quite that tough to crack.

  36. Sam says:

    Besides most people not being able to do this, the parts required to do this hack probably cost more than laundry for a year. Any nerd that has these parts laying around does not do his laundry frequently enough for it to be statistically significant in the span of a year.

  37. Sam says:

    @Vonskippy = It’s not that it’s tough to crack, it is the fact that most people don’t have the skills to program their vcrs (blu-ray players?) let alone the technical vocabulary to replicate this hack based solely off of the article provided. Maybe I added a few too many “9″‘s =)

    But the point remains, if you can replicate this hack, you probably could have without this article and probably thought of doing it every time you did a load of laundry (I know I did). The rest of the people in my apartment complex, on the other hand, sometimes jam up the smart card slot with coins =)

  38. FFXIV gil says:

    As for old, damn straight I’m old. got the scars, and the experience to prove it. As for the close minded, If a personal pledge to the golden rule, and a willingness to hold others to that as a minimal standard for membership in the human race is ‘closed’ then so be it.
    I read your whole post. including that part you now ‘qualify’ as a ‘motto’.
    I think you amply demonstrated a substandard command of the language, a suspect IQ, and the fortitude of a weasel.

  39. fireraisr says:

    wow this post is getting a lot of flak. This guy did a legitimate hack. Sure, it’s not the nicest to the laundry owners but he never said he was going to do it on a regular basis. He could have reflashed the card back to the old balance for all you know. This is the same as torrenting a movie or cd, which I’m sure 90% of people here do. Yall need to grow up, it’s hacks like this that force companies to create and adopt better security/encryption procedures. Well, I wouldn’t consider hex to be encryption so in this case adopt ANY encryption for this company.

  40. Tachikoma says:

    Why do people have to be so fucking righteous about everything? This hack was an interesting read. And what people end up doing with this information is between them and the law.

  41. snowdruid says:

    @Tachikoma amen brother well said :P

    for your daily comedy show please read the HaD comments……..

    now really whats the big fuss anone reading this site should know hacking is primarly about knowledge what you end up in the end is secondary ( thats why so many hacks end up as somthing else then originaly planed ^^ )

  42. Gert says:

    Yikes that’s a serious leak.

    If a hacker discovers a weakness the following proces should be undertaken to ensure legal protection.

    A: Get a attorney. And back up all the details of your hacking activities.

    B: Report the details of the leak to the production company and the police/computer crime unit.

    C: Report the existance of the flaw to the press. Don’t leak details, just point out there is a leak. Leaking the details could get you sued.

  43. Lee says:

    it’s obviously a cool looking hack and also morally questionable. Guess Laundromat will have to update their equipment but who wants to telephone them and let them know?

    Caller: “Hi, good mornin’, is that Laundromat?”

    Operator: “It sure is, I’m Steve and how can I hep you today?”

    Caller: “I saw an internet page, showing a laundromat card that never runs out but I don’t have the electrical know how to make one for myself; How much do you sell them for, could you send me one out in the post please?”

  44. qdot says:

    I’m not a lawyer, so please treat this post for it’s educational value, as it does not constitute legal advice in jurisdictions where offering legal advice by uneducated strangers is considered crime.

    Regardless, English common law (unfortunately I can’t speak for the Swiss law) states that for an action to be considered theft, both it must be done in an dishonest manner (which, arguably, presenting a false electronic token can qualify for), and with the intent to permanently deprive the owner of the property (which the blog doesn’t even touch upon – there is no description of the author ever punching a button to pay for the service with the fraudulent card – merely a verification that in fact the device can be deceived).

    Now, to speak on the questionable morals – I consider this installation to be an equivalent of a piggy bank – drop 3CHF, you get a right to do the laundry – every engineer who has worked on embedded systems would laugh at the level of security when handling unauthorized connections.

    Whether this should be a 0-day public disclosure? I believe so – it is my honest belief that with such a minimal loss potential (99.99% of the users wouldn’t be qualified to do the hack, unless given a kit), he wouldn’t get any kind of response from the manufacturer. My guess is, that the engineers designing the system had raised the option of using real cryptography, and it didn’t stand a simple accounting calculation of lost profits due to thieves learning of such hacks, versus the expense of using real smart cards, debugging a more complex software, etc.

    Hence, it’s more a learning opportunity for everyone. Perhaps if enough thieves learn about it from hackaday, the value calculation would look different. I don’t think so – even if such circumvention devices were available as kits (selling of which would likely be illegal) – the company would’ve lost so little of profits it wouldn’t be worth field-upgrading the devices.

    So everybody, please chill, please stop calling honest people ‘thieves’ (that’s actually slander), and enjoy the technical merits of this post.

  45. YaBa says:

    @pogyhauler: I don’t come here to get along in kiddy-flamewars so…
    This is a hack… that’s MY opinion, just ignore it if you don’t like.
    And, yes, my english sucks, but that’s because my natural language is another one.
    With your way of thinking, companies that do pen-testing should be closed and employees arrested. lol.

    @Sam: get a Bus Pirate, it’s real cheap comparing with what you can do with it :)

  46. David B says:

    Very cool. In college we had a slightly lower tech way of getting free laundry. If you unplugged the machine control box and held down a button while you plugged it back in, it would come up asking for a maintenance password. Good ‘ol 0000 always worked. Then, just select the machine and free laundry.

  47. scafativ says:

    This entry is beneath an otherwise excellent website. Why on earth would you post something that will serve to perpetuate theft? That is not what this site is about at all….

  48. Almost_There says:

    Hack-A-Day;

    Don’t even post stuff like this, it reflects poorly on all of us.

  49. xorpunk says:

    it’s a vulnerable crypto system..the one in automotive keys are doing fine security wise..

    The laundrymat owners should replace it to avoid losing money..

  50. blue carbuncle says:

    Didn’t a guy from Georgia Tech do this in his thesis in 2001 with the AT&T Blackboard system and unprotected RS232 or 485 port? That one let you add money campus-wide.
    http://www.yak.net/mirrors/bb-faq.html

    Things didn’t work out for him so great either.