We never really thought about it before, but a traditional barcode or QR code is pretty two dimensional. A 3D barcode sounds like marketing hype but the JAB (Just Another Barcode) system adds a third dimension in the form of color.
Traditional barcodes assume you have a pretty crude sensor, but a color camera now days is no big deal, so why not take advantage? The JAB system specifies two types of symbols: a master symbol and a slave symbol. A master symbol has four finder patterns at the corner. Slave symbols dock to a master or another docked slave.
If you want to create some JABs, there’s a web interface. If you check advanced, you can change the number of colors used, the size of each “module” (colored box), and the width and height of the master symbol. You can also arrange for error correction. The grid that shows the master and slave symbols will allow you to click on any dockable slave location to create more symbols with different attributes.
You can then save the JAB image and use the scan menu item (at the top) to read the code back. It will also read from a camera.
If you are using a color camera and a computer or phone to read barcodes, this probably is something to check out. After all, you are acquiring color data, why not use it?
You might think of the barcode as something modern, but it has a long strange history going back to the 1930s. Early barcodes looked like bullseyes and were actually inspired by Morse code. We wonder how one of these would look on someone’s arm in ink?
Woodworking is the fine art of turning dead tree carcasses into precision instruments. That means breaking out the saws and chisels and making many, many precise cuts over and over. If you have a table saw, every problem becomes a piece of wood, or something like that, and we’ve seen some fantastic jigs that make these precision cuts even easier. We’ve never seen something like this, though. It’s a box joint jig for a table saw, it’s automated, and it puts barcodes on boxes.
[Ben] built this box joint jig a few years ago as a computer-controlled device that slowly advances a piece of wood on a sled, allowing him to create precise, programmable box joints. The design is heavily influenced from [Matthias Wandel]’s screw advance box joint jig, but instead of wood gears (heh), [Ben] is using the Internet of Things. Or a Raspberry Pi, stepper motor, and a few LEDs. Same difference.
Although [Ben]’s previous box joints were all the same size, a programmable box joint jig can do some weird-looking joints. That’s where [Ben] got the idea to encode a barcode in walnut. After using a web app to create a barcode that encodes the number 255 — this is important for later — [Ben] programmed his jig to cut a few slots.
The box was finished as you would expect, but there’s a neat addition to the top. It’s a combination lock that opens when the combination is set to 255. It’s brilliant, and something that could be done with some handsaws and chisels, but this jig makes it so easy it’s hard to think the jig wasn’t explicitly designed for this project.
For most people, a Post-It note or dry-erase board suffices to ensure that household consumables are replenished when they’re used up. But hackers aren’t like most people, so this surplus barcode scanner turned kitchen inventory manager comes as little surprise. After all, if something is worth doing, it’s worth overdoing.
[Brian Carrigan]’s project began with a chance discovery of an old barcode scanner in his local scrap store. Questions as to why we can never find bargains like a $500 scanner for six bucks aside, [Brian] took the scanner home for a bit of reverse engineering. He knew it used RS-232 but it had been unceremoniously ripped from its connectors, so identifying pins took some detective work. With power and data worked out and the scanner talking to a Raspberry Pi, [Brian] set about integrating it into Wunderlist, a cloud-based list management app. Now when someone eats the last Twinkie, a quick scan of the package looks up the product name via an API call to the UPC database and posts it to Wunderlist. And we’ll bet the red laser beams bouncing around the kitchen make a great nightlight too.
With smartphone barcode reading apps, this might seem a bit like overkill, but we like it just the same. And if barcodes leave you baffled, check out our introduction to these studies in black and white that adorn just about everything.
[virustracker] has been playing around with barcodes lately, and trying to use them as a vector to gain control of the system that’s reading them. It’s a promising attack — nobody expects a takeover via barcodes. The idea isn’t new, and in fact we’ve seen people trying to drop SQL attacks in barcodes long ago, but [virustracker] put a few different pieces together and came up with a viable attack.
The trick is that many POS terminals and barcode readers support command characters in their programming modes. Through use of these Advanced Data Formatting (ADF) modes, [virustracker] sends Windows-Key-r, and then cmd.exe, ftps a file down, and runs it. Whatever computer is on the other side of the barcode scanner has just been owned. ADF even supports a delay function to allow time for the command window to pop up before running the rest of the input.
The article details how they got their payload from requiring more than ten individual barcodes down to four. Still, it’s a suspicious-looking attack to try to pull off where other people (think cashiers) are looking. However, we have many automated machines in our everyday life that use barcodes. How many of these are vulnerable is an open question. [virustracker] suggests lottery machines, package-delivery automats, and even hospitals.
The defense is simple, and it’s the same as everywhere else: disable the debug and configuration modes in your production systems, and sanitize your input. Yes, even the barcodes.
Beep. You hear it every time you buy a product in a retail store. The checkout person slides your purchase over a scanner embedded in their checkout stand, or shoots it with a handheld scanner. The familiar series of bars and spaces on the label is digitized, decoded to digits, and then used as a query to a database of every product that particular store sells. It happens so often that we take it for granted. Modern barcodes have been around for 41 years now. The first product purchased with a barcode was a 10 pack of Juicy Fruit gum, scanned on June 26, 1974 at Marsh supermarket in Troy, Ohio. The code scanned that day was UPC-A, the same barcode used today on just about every retail product you can buy.
The history of the barcode is not as cut and dry as one would think. More than one group has been credited with inventing the technology. How does one encode data on a machine, store it on a physical media, then read it at some later date? Punch cards and paper tape have been doing that for centuries. The problem was storing that data without cutting holes in the carrier. The overall issue was common enough that efforts were launched in several different industries.
Continue reading “The Eloquence of the Barcode”
If you don’t have a niece or nephew we encourage you to get one because they provide a great excuse to take apart kids’ toys.
[Sam] had just bought some animal-themed trading cards. These particular cards accompany a card-reader that uses barcodes to play some audio specific to each animal when swiped. So [Sam] convinces her niece that they should draw their own bar codes. Of course it’s not that easy: the barcodes end up having even and odd parity bits tacked on to verify a valid read. But after some solid reasoning plus trial-and-error, [Sam] convinces her niece that the world runs on science rather than magic.
But it can’t end there; [Sam] wants to hear all the animals. Printing out a bunch of cards is tedious, so [Sam] opens up the card reader and programs and Arduino to press a button and blink an IR LED to simulate a card swipe. (Kudos!) Now she can easily go through all 1023 possible values for the animal cards and play all the audio tracks, and her niece gets to hear more animal sounds than any child could desire.
Along the way, [Sam] found some interesting non-animal sounds that she thinks are Easter eggs but we would wager are for future use in a contest or promotional drawing or something similar. Either way, its great fun to get to listen in on more than you’re supposed to. And what better way to educate the next generation of little hackers than by spending some quality time together spoofing bar codes with pen and paper?
[Dan] has come up with a novel solution to the age old problem of keeping your grocery list up to date. He’s added a bar code scanner and a Raspberry Pi under a kitchen cabinet. He calls the system “Oscar”, though we don’t see any grouchiness in his trash can. When [Dan] runs out of a product, he simply throws it away. Just above his garbage and recycling bin is a low cost barcode scanner. [Dan] holds the item until the scanner reads, then sends it on it’s way to recycling or the landfill. The decoded bar code is processed by a Raspberry Pi also hiding under the cabinet. The Raspberry Pi sends the data to Trello.comusing the Trello api.
If a product isn’t recognized by Trello’s database, trello dispatches a text message to [Dan’s] phone. He can then add the product information via a web interface. We think the user interface is what’s great here. Once products are in the database, the only thing that has to be done day to day is pause for a moment before throwing a package away. [Dan] has all his code up on github, and has also created a reddit thread for Oscar.