concert ticket

2 Articles

Ticketmaster SafeTix Reverse-Engineered

July 11, 2024 by 48 Comments

Ticketmaster is having a rough time lately. Recently, a hacker named [Conduition] managed to reverse-engineer their new “safe” electronic ticket system. Of course, they also had the recent breach where more than half a billion accounts had personal and financial data leaked without any indication of whether or not the data was fully encrypted. But we’re going to focus on the former, as it’s more technically interesting.

Ticketmaster’s stated goals for the new SafeTix system — which requires the use of a smartphone app — was to reduce fraud and ticket scalping. Essentially, you purchase a ticket using their app, and some data is downloaded to your phone which generates a rotating barcode every 15 seconds. When [Conduition] arrived at the venue, cell and WiFi service was totally swamped by everyone trying to load their barcode tickets. After many worried minutes (and presumably a few choice words) [Conduition] managed to get a cell signal long enough to update the barcode, and was able to enter, albeit with a large contingent of similarly annoyed fans trying to enter with their legally purchased tickets.

Continue reading “Ticketmaster SafeTix Reverse-Engineered”

PiGates Validates Your Concert Tickets

June 15, 2014 by 30 Comments

gatespi

[Seph] works for a company that handles ticketing for concerts and special events. One of his primary tasks is to check for counterfeit tickets at the gates of an event. Depending on the venue, this can be mag-stripes, bar codes, or one of several breeds of RFID. Until recently, netbooks coupled with USB readers performed the task. The netbooks weren’t a great solution though – they were expensive, relatively fragile, and took up more space than necessary.

[Seph] had a better idea. He created a ticket validation system using a Raspberry Pi. The Pi sits in a translucent case with a PiGlow RGB LED board. A USB reader (in this case a bar code reader) plugs into one of the Pi’s USB ports. These readers can operate in several modes, including keyboard emulation, which [Seph] chose because it wouldn’t require any driver work.

Using PiGates is so simple even a drummer could handle it. Normally the Pi glows blue. When a ticket is scanned, [Seph’s] python script reads the code and verifies it against an online database.If the ticket is valid, the Pi will glow green. A counterfeit ticket is indicated by flashing red LEDs.

Click past the break for more on PiGates.

Continue reading “PiGates Validates Your Concert Tickets”