SlideShare a Scribd company logo

Self-promotion document covers hacking barcodes and vulnerabilities

Download as PPT, PDF
Manideep Konakandla
Manideep Konakandla

This document summarizes the speaker's experience with cracking barcodes. It discusses breaking down EAN-13 barcodes and generating QR codes. It provides examples of using modified or fake barcodes to get free items from stores or access to paid events. The speaker demonstrates how barcodes can be manipulated for things like getting a costly product for cheap, free entry to parties, or bypassing access controls.

Technology
1 of 27
Myself – Self Boasting/ Self D**ba  Authored a book at an age of 21 (2nd edition WIP)  ISO 27001:2013 ISMS LA, CEH, CCNA, ECSA , JNCIP- SEC, JNCIS-SEC etc.  Featured in Deccan Chronicle, The Hindu, The HANS India, Eenadu, Vaartha, Saakshi, AndhraJyothi, Andhrabhoomi etc.  Interviewed by HMTV news channel  Reported vulnerabilities on 100+ popular websites and got lucky with more than 2 dozen of CVE-IDs  Reported BOF on Yahoo Messenger  Trained more than 10,000 people (Corporate + Students)  Currently working with TCS as Security Analyst Enough ……….Just Stop it………!
Where am I taking you now?  Hell, why do I need to listen to this ?  Introduction to barcodes  Breaking down EAN – 13  Your Weapons  Here comes the “heart” of this power-point deck  My experience with Barcode cracking a) XYZ MNC well-known barcode crack b) XYZ shopping mall etc  Brief Introduction on XSS, SQL etc. attacks via Paper, yeah it’s via PAPER…! or NEWS PAPER…! OMG…!
With barcode cracking, you can a) Buy a costly product at the rate of a cheap one b) Free entry to parties – free beers etc c) Free parking d) Bypassing access control - Get free attendance / break your friend’s attendance etc. Disclaimer: I am no way responsible for any mis-use of this technique. I am sharing it just for informational purposes. Why do I need to listen to this ?
 Introduced by Joseph Woodland and Bernard Silver in 1952  First used in ACI but failed and then started commercially on Wrigley company - chewing gum  Optical representation of data to uniquely identify items  Used for tickets, market items, books , parcel tracking, parking etc  Barcodes , Scanners / Verifiers  Barcode verifier standards a)  ISO/IEC 15416 (linear)       b)  ISO/IEC 15426-2 (2D) Introduction to Barcodes
Classification 1. 1D a) EAN – 13 (World-wide) b) UPC (USA, Canada etc) c) Code 128 d) CodeBar e) Plessey etc 2. 2D (More information) a) QR code b) Maxi code c) Aztec code etc 3. 3D (Basing on height) - To withstand high temperature or chemical environments
Slide – Manideep QR code Aztec Code Code 128
Why EAN 13? - Everywhere Book Deodorant Shirt
Moisturizer Shampoo Face wash Powder
Breaking down EAN 13 into pieces Do I need to learn this for doing hacks based on barcode??? - Yes…!
Country Code - 1st two/three digits
Manufacturer – Product code
Verifying check sum digit 1. Numbers at Even position are summed to value A #0+#2+#4+#6+#8+#10 = Value A [7+0+0+4+3+1 = 15 ] 2. Numbers at Odd position are summed and multiplied by 3 3*(#1+#3+#5+#7+#9+#11) = Value B [3* (5+1+5+5+0+0) = 48 ] 3. Value A + Value B = Value C [ 63 ] 4. Remainder of (value C /10) is taken as value D [ 3 ] 5. If check digit = (10 value D), the code read by the machine is correct. [ 7 ]‐
Initial Bit – Part 1 – Part 2 Ever wondered, How are those lines generated? 7 - 501054 - 530107
 Black – 1 and white space – 0  Borders: 101 (left and right) and Center: 01010 (middle) 7 – ABABAB <left border> 101 <part generated from A/B> 0110001 0100111 0011001 0100111 0110001 0011101 +<central > 01010 +< part generated from C > 1001110 1000010 1110010 1100110 1110010 1000100 <right border> 101 Fuzzy Buzzy……
Finally…! 101 0110001 0100111 0011001 0100111 0110001 0011101 01010 1001110 1000010 1110010 1100110 1110010 1000100 101
At your own risk…!
Your weapons Barcode generators Online : http://www.terryburton.co.uk/barcodewriter/generator/ Offline : ByteScout barcode generator Barcode decoders http://www.onlinebarcodereader.com/ http://zxing.org/w/decode.jspx http://www.onlinebarcodescan.com/ http://online-barcode-reader.inliteresearch.com/ 1 – stop point for printers, stickers, labels, scanners etc http://www.barcodesinc.com/ http://www.3sindustries.in/
XYZ Shopping Mall Buy a product worth INR Rs 5000/- for INR Rs 1000/- Demo experience (Social Engineering*)
Other scenarios Drink beer at free of cost Access Control Magic’s Free Parking Corporate Asset Management etc
My Journey with “Beeeeeep” – MNC (well known) Demo Experience
XSS, SQL etc via PAPER…………..!  QR codes  Below QR code for <script>alert("test")</script> (Demo) http://qrcode.kaywa.com/ More demo and in-details in next talk 
Questions????
Resources: www.barcodeisland.com http://www.phenoelit-us.org/stuff/StrichAufRechnung.pdf http://en.wikipedia.org/wiki/International_Article_Number_%28EAN%29
How can you reach me? https://in.linkedin.com/in/manideepk mani [ dot ] konakandla [at] gmail [dot] com

Recommended

Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...OnBoard Security, Inc. - a Qualcomm Company
 
Barcode invention &amp; evolution
Barcode invention &amp; evolutionBarcode invention &amp; evolution
Barcode invention &amp; evolutionFACTS Computer Software L.L.C
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolutionFACTS Computer Software L.L.C
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolutionFACTS Computer Software L.L.C
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
BARCODE TECHNOLOGY
BARCODE TECHNOLOGY BARCODE TECHNOLOGY
BARCODE TECHNOLOGY054JaiganeshM
 
Hyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalHyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalPacSecJP
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 

Recommended

Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...OnBoard Security, Inc. - a Qualcomm Company
 
Barcode invention &amp; evolution
Barcode invention &amp; evolutionBarcode invention &amp; evolution
Barcode invention &amp; evolutionFACTS Computer Software L.L.C
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolutionFACTS Computer Software L.L.C
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolutionFACTS Computer Software L.L.C
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
BARCODE TECHNOLOGY
BARCODE TECHNOLOGY BARCODE TECHNOLOGY
BARCODE TECHNOLOGY054JaiganeshM
 
Hyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalHyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalPacSecJP
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 
Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012DefCamp
 
Cant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardCant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardSlawomir Jasek
 
Discussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. IDiscussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. ILyndonPelletier761
 
Project_report_on_Attendance_system
Project_report_on_Attendance_system Project_report_on_Attendance_system
Project_report_on_Attendance_systemAmi Goswami
 
seminar-on-barcodes
seminar-on-barcodesseminar-on-barcodes
seminar-on-barcodesalibefkani
 
Barcode Decoder
Barcode DecoderBarcode Decoder
Barcode DecoderArijitDhali
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfssuser5b47c8
 
Sprague Ackley, Technologist, Intermec
Sprague Ackley, Technologist, IntermecSprague Ackley, Technologist, Intermec
Sprague Ackley, Technologist, IntermecMIT Enterprise Forum Cambridge
 
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Syeduzzaman Sohag
 
How does a barcode scanner work.pdf
How does a barcode scanner work.pdfHow does a barcode scanner work.pdf
How does a barcode scanner work.pdfBarcode Live
 
GDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationGDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationMithi Sevilla
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numberstmoncrieff
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numberstmoncrieff
 
How do barcodes work? A Complete Guide Barcode Knowledge
How do barcodes work? A Complete Guide Barcode KnowledgeHow do barcodes work? A Complete Guide Barcode Knowledge
How do barcodes work? A Complete Guide Barcode KnowledgeBarcode Live
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...dws1d
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.Jan Geirnaert
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS SmackdownMario Heiderich
 
XBee and RFID
XBee and RFIDXBee and RFID
XBee and RFIDTinker London
 
XBee and RFID
XBee and RFIDXBee and RFID
XBee and RFIDTinker
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

More Related Content

Similar to Self-promotion document covers hacking barcodes and vulnerabilities

Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012DefCamp
 
Cant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardCant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardSlawomir Jasek
 
Discussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. IDiscussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. ILyndonPelletier761
 
Project_report_on_Attendance_system
Project_report_on_Attendance_system Project_report_on_Attendance_system
Project_report_on_Attendance_systemAmi Goswami
 
seminar-on-barcodes
seminar-on-barcodesseminar-on-barcodes
seminar-on-barcodesalibefkani
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfssuser5b47c8
 
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Syeduzzaman Sohag
 
How does a barcode scanner work.pdf
How does a barcode scanner work.pdfHow does a barcode scanner work.pdf
How does a barcode scanner work.pdfBarcode Live
 
GDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationGDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationMithi Sevilla
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numberstmoncrieff
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numberstmoncrieff
 
How do barcodes work? A Complete Guide Barcode Knowledge
How do barcodes work? A Complete Guide Barcode KnowledgeHow do barcodes work? A Complete Guide Barcode Knowledge
How do barcodes work? A Complete Guide Barcode KnowledgeBarcode Live
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...dws1d
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.Jan Geirnaert
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS SmackdownMario Heiderich
 
XBee and RFID
XBee and RFIDXBee and RFID
XBee and RFIDTinker
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 

Similar to Self-promotion document covers hacking barcodes and vulnerabilities (20)

Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012
 
Cant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardCant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless card
 
Discussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. IDiscussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. I
 
Project_report_on_Attendance_system
Project_report_on_Attendance_system Project_report_on_Attendance_system
Project_report_on_Attendance_system
 
seminar-on-barcodes
seminar-on-barcodesseminar-on-barcodes
seminar-on-barcodes
 
Barcode Decoder
Barcode DecoderBarcode Decoder
Barcode Decoder
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdf
 
Sprague Ackley, Technologist, Intermec
Sprague Ackley, Technologist, IntermecSprague Ackley, Technologist, Intermec
Sprague Ackley, Technologist, Intermec
 
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
 
How does a barcode scanner work.pdf
How does a barcode scanner work.pdfHow does a barcode scanner work.pdf
How does a barcode scanner work.pdf
 
GDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationGDGPH Hack Fair Presentation
GDGPH Hack Fair Presentation
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numbers
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numbers
 
How do barcodes work? A Complete Guide Barcode Knowledge
How do barcodes work? A Complete Guide Barcode KnowledgeHow do barcodes work? A Complete Guide Barcode Knowledge
How do barcodes work? A Complete Guide Barcode Knowledge
 
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
How Computer Games Help Children Learn (Stockholm University Dept of Educatio...
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS Smackdown
 
XBee and RFID
XBee and RFIDXBee and RFID
XBee and RFID
 
XBee and RFID
XBee and RFIDXBee and RFID
XBee and RFID
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Self-promotion document covers hacking barcodes and vulnerabilities

  • 1.
  • 2. Myself – Self Boasting/ Self D**ba  Authored a book at an age of 21 (2nd edition WIP)  ISO 27001:2013 ISMS LA, CEH, CCNA, ECSA , JNCIP- SEC, JNCIS-SEC etc.  Featured in Deccan Chronicle, The Hindu, The HANS India, Eenadu, Vaartha, Saakshi, AndhraJyothi, Andhrabhoomi etc.  Interviewed by HMTV news channel  Reported vulnerabilities on 100+ popular websites and got lucky with more than 2 dozen of CVE-IDs  Reported BOF on Yahoo Messenger  Trained more than 10,000 people (Corporate + Students)  Currently working with TCS as Security Analyst Enough ……….Just Stop it………!
  • 3. Where am I taking you now?  Hell, why do I need to listen to this ?  Introduction to barcodes  Breaking down EAN – 13  Your Weapons  Here comes the “heart” of this power-point deck  My experience with Barcode cracking a) XYZ MNC well-known barcode crack b) XYZ shopping mall etc  Brief Introduction on XSS, SQL etc. attacks via Paper, yeah it’s via PAPER…! or NEWS PAPER…! OMG…!
  • 4. With barcode cracking, you can a) Buy a costly product at the rate of a cheap one b) Free entry to parties – free beers etc c) Free parking d) Bypassing access control - Get free attendance / break your friend’s attendance etc. Disclaimer: I am no way responsible for any mis-use of this technique. I am sharing it just for informational purposes. Why do I need to listen to this ?
  • 5.  Introduced by Joseph Woodland and Bernard Silver in 1952  First used in ACI but failed and then started commercially on Wrigley company - chewing gum  Optical representation of data to uniquely identify items  Used for tickets, market items, books , parcel tracking, parking etc  Barcodes , Scanners / Verifiers  Barcode verifier standards a)  ISO/IEC 15416 (linear)       b)  ISO/IEC 15426-2 (2D) Introduction to Barcodes
  • 6. Classification 1. 1D a) EAN – 13 (World-wide) b) UPC (USA, Canada etc) c) Code 128 d) CodeBar e) Plessey etc 2. 2D (More information) a) QR code b) Maxi code c) Aztec code etc 3. 3D (Basing on height) - To withstand high temperature or chemical environments
  • 7. Slide – Manideep QR code Aztec Code Code 128
  • 8. Why EAN 13? - Everywhere Book Deodorant Shirt
  • 10. Breaking down EAN 13 into pieces Do I need to learn this for doing hacks based on barcode??? - Yes…!
  • 11. Country Code - 1st two/three digits
  • 13.
  • 14. Verifying check sum digit 1. Numbers at Even position are summed to value A #0+#2+#4+#6+#8+#10 = Value A [7+0+0+4+3+1 = 15 ] 2. Numbers at Odd position are summed and multiplied by 3 3*(#1+#3+#5+#7+#9+#11) = Value B [3* (5+1+5+5+0+0) = 48 ] 3. Value A + Value B = Value C [ 63 ] 4. Remainder of (value C /10) is taken as value D [ 3 ] 5. If check digit = (10 value D), the code read by the machine is correct. [ 7 ]‐
  • 15. Initial Bit – Part 1 – Part 2 Ever wondered, How are those lines generated? 7 - 501054 - 530107
  • 16.  Black – 1 and white space – 0  Borders: 101 (left and right) and Center: 01010 (middle) 7 – ABABAB <left border> 101 <part generated from A/B> 0110001 0100111 0011001 0100111 0110001 0011101 +<central > 01010 +< part generated from C > 1001110 1000010 1110010 1100110 1110010 1000100 <right border> 101 Fuzzy Buzzy……
  • 17. Finally…! 101 0110001 0100111 0011001 0100111 0110001 0011101 01010 1001110 1000010 1110010 1100110 1110010 1000100 101
  • 18. At your own risk…!
  • 19. Your weapons Barcode generators Online : http://www.terryburton.co.uk/barcodewriter/generator/ Offline : ByteScout barcode generator Barcode decoders http://www.onlinebarcodereader.com/ http://zxing.org/w/decode.jspx http://www.onlinebarcodescan.com/ http://online-barcode-reader.inliteresearch.com/ 1 – stop point for printers, stickers, labels, scanners etc http://www.barcodesinc.com/ http://www.3sindustries.in/
  • 20. XYZ Shopping Mall Buy a product worth INR Rs 5000/- for INR Rs 1000/- Demo experience (Social Engineering*)
  • 21.
  • 22. Other scenarios Drink beer at free of cost Access Control Magic’s Free Parking Corporate Asset Management etc
  • 23. My Journey with “Beeeeeep” – MNC (well known) Demo Experience
  • 24. XSS, SQL etc via PAPER…………..!  QR codes  Below QR code for <script>alert("test")</script> (Demo) http://qrcode.kaywa.com/ More demo and in-details in next talk 
  • 27. How can you reach me? https://in.linkedin.com/in/manideepk mani [ dot ] konakandla [at] gmail [dot] com