Barcode Hacking 101
Recently I decided that I was tired of my Price Chopper AdvantEdge® Card not functioning properly. After careful inspection of the card, I quickly noticed that the problem had nothing to do with the processing of the card or the barcode scanner, but instead, with the cheap barcode sticker they place upon the back side of the card. After reading about Rob Cockerham’s barcode antics with Safeway, I decided I’d take a similar approach and make my very own card that would work flawlessly.
Rob’s approach was to create a sticker that covered up the barcodes of people with similar Safeway cards, whereas my idea was to create a working homemade savings card using materials that are commonly found in stores that sell office supplies. I started by using a computer program to generate a barcode that matched those used by Price Chopper. Unfortunately, Price Chopper uses their own unique barcode that is encrypted and cannot be recreated using standard computer software. No format even came close to theirs despite numerous attempts. Code 39 came close but was missing a lot of the spacer bars, the EAN codes had a completely different outcome as well.
Determined, I spent an hour (literally!) scanning the back barcode of my Price Chopper Card at 600 DPI and using a very sophisticated program, I had the computer mask the image to reveal a perfect barcode.
And finally, I was able to take the newly generated barcode and make a label with it. This will hopefully work well, if not better than my current card since the print is much bolder and larger than before.
I then printed the barcodes onto a sheet of Avery Labels with had the exact dimensions of my key tag card. Then, using a plastic laminating machine, I laminated an individual label to make my own “key tag” version of my card. It worked flawlessly, though I will have to test it the next time I visit the store�s self-checkout line.
What people fail to realize about barcodes is that despite their high-tech appeal and look, they’re actually one of the easiest things to hack and exploit. For example, my last job had identification badges with a barcode all across the back. The idea was that you would wear your badge which identified your name, title, and work area on the front, and you would use the barcode to gain access to various locked areas that you were given access to by an administrator. What they failed to realize was that with anybody who owns a scanner and the right software can grab an image of the barcode and reproduce it without much trouble. Moreover, with a little more time on their hands, they can create (as I did), a duplicate of the original, in my case, a laminated version which looks exactly like the original.
For example, if someone got a hold of a barcode font, they could very easily print out their very own UPC stickers. While disguising the UPC sticker on a product and changing its scanned identity and/or price is considered illegal in most places, in theory, it could actually work if the sticker covered the original barcode and the cashier did not catch on.
I predict that in the future, barcodes will be even more commonplace than they are now. And in time they will be hacked to some degree because they have, in recent years, become so widespread and easy to duplicate and change. A much more secure system should be implemented gradually until that system too becomes easy to duplicate.
The example I gave you here is marginally (just barely) legal. Please do not use this information to defraud anybody. Despite legality, for my purposes, I don�t think that anybody would be hurt or defrauded in any way and I consider this idea to be a bit of an improvement of sorts.
UPDATE!
On December 14, 2004, I went grocery shopping at the Price Chopper Supermarket in Cobleskill, New York. After explaining to the cashier that my card was not working and I was trying out an experimental version of the card with the same barcode, I finally convinced her to try scanning the card that I made. Much to my surprise, it worked on the very first try, which was better compared to the previous (store) version which required several passes to be read.
Perhaps I’ll post an image of the barcode on my web site to allow others to try it out for themselves. That will have to wait, though, until the next update…
Posted under Everything Else