Messing with barcodes


[nico] just received his credentials for an upcoming conference. On each badge, there’s a 2D barcode with the participant’s bio and contact info. These are meant to be scanned by vendors for future contact. [nico] isn’t so interested in that and plans on updating his personal info by generating a new barcode. To this end, he’s collected a number of links to help out barcode hackers. He used the SWIPE toolkit to identify the format and decode (it has an online component too). There are also several online encoders you can use, like this one from [Terry Burton]. If you’re wondering what sort of shenanigans you can get into faking barcodes, check out [fx]‘s presentation from 24C3.

[photo: seanbonner]

25C3: Nothing to hide announced

Germany’s Chaos Computer Club has announced the theme for their annual Chaos Communication Congress: “Nothing to hide“. Like last year’s “Full steam ahead!“, it’s open to many interpretations. People striking down privacy laws often say citizens shouldn’t mind since they have “Nothing to hide”. The phrase is also connected to the inability to hide data, as the CCC demonstrated this year by publishing the German Home Secretary’s fingerprint. On a more positive side, “Nothing to hide” is also about the free exchange of information that happens at hacker conventions. The Congress is in its 25th year and promises to be as good as ever. At last year’s 24C3, we saw great talks like [Drew Endy]‘s biohacking talk and the original MiFare crypto presentation. 25C3 will be held in Berlin December 27th to 30th. The wiki is already up and they’ve published a call for participation, if you’re interested.

Hacker conference videos

Almost every security conference we’ve attended in the last year has uploaded videos from their speaker tracks. Explore the archives below, and you’re bound to find an interesting talk.

[thanks, Dan]
[photo: ario_j]

Friday night double cap extra

[scott] sent along his lego ipod dock.

The letter [M] brings us the oscilloscope terminal (AVR based text displayed via oscope).

[Max] sent in his funky alarm clock mod.

[Chad] sent in a question, but I dig his custom camera housings.

[sprite_tm] sent in his new use for a cheap photo display.

UPDATE: Torrents for all the talks at the Chaos Communication Congress have been posted.

24C3 Hacking DNA

[Drew Endy]‘s Programming DNA talk was by far the most interesting talk we saw at Chaos Communication Congress. No, DNA doesn’t have much to do with computers, but he points out that hacking principles can be applied just the same. Right now engineers are reversing genetic code and compiling building blocks for creating completely arbitrary organisms. This talk was designed to bootstrap the hacking community so that we can start using and contributing standard biological parts to an open source collection of genetic functions.

You should definitely watch the video to get a good idea of where biohacking is at today. You can find a higher quality version of the video in the archives.

24C3 Mifare crypto1 RFID completely broken

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

24C3 Toying with barcodes

[FX] from Phenoelit gave an entertaining talk about barcode security. He covered both how the systems are implemented and how they’ve been exploited. The first example was a parking garage in Dresden that issues non unique barcodes for the unlimited passes that hotels give out. Anyone code print out an image of that particular code and park for free. German grocery stores have automated machines that refund you for your empty beer bottles. The barcode generated just states the refund amount (5 digits) that you’ll get at the register. Just stick the barcode under something like a six pack and it’ll scan even without the cashier seeing it.

Check out the video to find out more silliness involving DVD rentals, boarding passes, asset management, and SQL injection via the scanner. You can even find higher res versions in the 24C3 media archives.