This document summarizes the speaker's experience with cracking barcodes. It discusses breaking down EAN-13 barcodes and generating QR codes. It provides examples of using modified or fake barcodes to get free items from stores or access to paid events. The speaker demonstrates how barcodes can be manipulated for things like getting a costly product for cheap, free entry to parties, or bypassing access controls.
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Self-promotion document covers hacking barcodes and vulnerabilities
1.
2. Myself – Self Boasting/ Self D**ba
Authored a book at an age of 21 (2nd
edition WIP)
ISO 27001:2013 ISMS LA, CEH, CCNA, ECSA , JNCIP- SEC,
JNCIS-SEC etc.
Featured in Deccan Chronicle, The Hindu, The HANS India, Eenadu,
Vaartha, Saakshi, AndhraJyothi, Andhrabhoomi etc.
Interviewed by HMTV news channel
Reported vulnerabilities on 100+ popular websites and got lucky with
more than 2 dozen of CVE-IDs
Reported BOF on Yahoo Messenger
Trained more than 10,000 people (Corporate + Students)
Currently working with TCS as Security Analyst
Enough ……….Just Stop it………!
3. Where am I taking you now?
Hell, why do I need to listen to this ?
Introduction to barcodes
Breaking down EAN – 13
Your Weapons
Here comes the “heart” of this power-point deck
My experience with Barcode cracking
a) XYZ MNC well-known barcode crack
b) XYZ shopping mall etc
Brief Introduction on
XSS, SQL etc. attacks via Paper, yeah it’s
via PAPER…! or NEWS PAPER…! OMG…!
4. With barcode cracking, you can
a) Buy a costly product at the rate of a cheap one
b) Free entry to parties – free beers etc
c) Free parking
d) Bypassing access control - Get free attendance / break your friend’s
attendance etc.
Disclaimer:
I am no way responsible for any mis-use of this technique. I am sharing it just
for informational purposes.
Why do I need to listen to this ?
5. Introduced by Joseph Woodland and Bernard Silver in 1952
First used in ACI but failed and then started commercially on
Wrigley company - chewing gum
Optical representation of data to uniquely identify items
Used for tickets, market items, books , parcel tracking,
parking etc
Barcodes , Scanners / Verifiers
Barcode verifier standards
a) ISO/IEC 15416 (linear)
b) ISO/IEC 15426-2 (2D)
Introduction to Barcodes
6. Classification
1. 1D
a) EAN – 13 (World-wide)
b) UPC (USA, Canada etc)
c) Code 128
d) CodeBar
e) Plessey etc
2. 2D (More information)
a) QR code
b) Maxi code
c) Aztec code etc
3. 3D (Basing on height)
- To withstand high temperature
or chemical environments
14. Verifying check sum digit
1. Numbers at Even position are summed to value A
#0+#2+#4+#6+#8+#10 = Value A [7+0+0+4+3+1 = 15 ]
2. Numbers at Odd position are summed and multiplied by 3
3*(#1+#3+#5+#7+#9+#11) = Value B [3* (5+1+5+5+0+0) = 48 ]
3. Value A + Value B = Value C [ 63 ]
4. Remainder of (value C /10) is taken as value D [ 3 ]
5. If check digit = (10 value D), the code read by the machine is correct. [ 7 ]‐
15. Initial Bit – Part 1 – Part 2
Ever wondered, How are those lines generated?
7 - 501054 - 530107
16. Black – 1 and white space – 0
Borders: 101 (left and right) and Center: 01010 (middle)
7 – ABABAB
<left border> 101
<part generated from A/B> 0110001 0100111 0011001 0100111 0110001 0011101
+<central > 01010
+< part generated from C > 1001110 1000010 1110010 1100110 1110010 1000100
<right border> 101
Fuzzy Buzzy……
20. XYZ Shopping Mall
Buy a product worth INR Rs 5000/- for INR Rs 1000/-
Demo experience
(Social Engineering*)
21.
22. Other scenarios
Drink beer at free of cost
Access Control Magic’s
Free Parking
Corporate Asset Management etc
23. My Journey with “Beeeeeep” – MNC (well known)
Demo Experience
24. XSS, SQL etc via PAPER…………..!
QR codes
Below QR code for <script>alert("test")</script> (Demo)
http://qrcode.kaywa.com/
More demo and in-details in next talk