Professional Documents
Culture Documents
Please, enjoy!
==============================================================
Barcode algorithms:
To get a better understanding of Barcode algorithms please visit
http://en.wikipedia.org/wiki/Universal_Product_Code
For the sake of this thread, I will explain all that you need to know to understand
all the information below in the simplest explanation possible.
The most common form of Barcodes is the Universal Product Code(UPC).
UPC is a barcode symbology, meaning that it symbolizes a string. A string, in this
case, in 12 numbers.
-The leading digit identifies the type of purpose the code serves.
-For the next 10 digits, these are defined by variables from when the were
generated (What machine generated them, time generated, number generated, location
of machine, store, employee, etc...)
-The 12th digit is a check digit. A check digit is a calculated modulo value which
is influenced by all of the numbers before it. This digit is present because when
the barcode is scanned, if the check digit doesn't match the rest of the value,
then the scanner knows it didn't read the code correctly.
In the UPC-A system, the check digit is calculated as follows:
Add the digits in the odd-numbered positions (first, third, fifth, etc.) together
and multiply by three.
Add the digits in the even-numbered positions (second, fourth, sixth, etc.) to the
result.
Find the result modulo 10 (i.e. the remainder when divided by 10.. 10 goes into 58
5 times with 8 leftover).
If the result is not zero, subtract the result from ten.
For example, a UPC-A barcode (in this case, a UPC for a box of tissues)
"03600029145X" where X is the check digit, X can be calculated by
This should not be confused with the real numeral "X" which stands for a value of
10 in modulo 11.
-http://en.wikipedia.org/wiki/Universal_Product_Code#Check_digits
(Giant Foodstore)
http://imgur.com/pJkcQ
Leading Digit 4 = Customer Loyalty Card (Can also sometimes be a 9, depending on
how store credit is gained)
Gift Codes are very similar to barcodes, but much harder to predict.
They feature ASCII characters in strings of varying length. To understand how these
codes work, let me explain from start to finish how most (There are always
exceptions codes are created and redeemed.
-First, a string is generated using variable from it's environment (Time generated,
what source it will be sold through, number generated, machine number, etc...)
These strings are almost never random because companies like to see which
distributor sells the most, but in rare cases can be random.
-Third, when purchased from a store, the barcode is scanned to define the value
loaded onto the card, then swiped in the card reader to activate the code. If the
code is distributed via coinstar, any value between $5 - $20 can be assigned.
-Fourth, the code is redeemed. The string is checked against the server and value
is assigned to the account.
(Amazon)
UAM8-WMRQYF-PGKE -- 14
8YUH-Z2U9BU-D5S8 -- 14
DP3N-6P7RV7-JWRR -- 14
C3LP-GX8KME-JDX2 -- 14
Weaknesses:
Weakness #1:
Strings are generated according to an algorithm that avoids collision. (Read
http://en.wikipedia.org/wiki/MD6 if you want to know about why collisions must be
avoided.)
MD6 was submitted to the NIST SHA-3 competition. However, on July 1, 2009, Rivest
posted a comment at NIST that MD6 is not yet ready to be a candidate for SHA-3
because of speed issues, a "gap in the proof that the submitted version of MD6 is
resistant to differential attacks", and an inability to supply such a proof for a
faster reduced-round version, although Rivest also stated at MD6 web site that it
is not withdrawn formally. MD6 did not advance to the second round of the SHA-3
competition. In September 2011, a paper presenting an improved proof that MD6 and
faster reduced-round versions are resistant to differential attacks was posted to
the MD6 website.
Weakness #2:
If a code is not generated randomly, it is susceptible to what I like to call
"Variable elimination".
Let's say we are trying to break Amazon.com Gift Codes
Have Person 1 at Coinstar kiosk #100
Have Person 2 at Coinstar kiosk #101
Have Person #1 call Person #2 and they both purchase a $5 code at the exact same
time.
Have both people wait one minute, then purchase a code each at the same time.
Prediction of Codes:
Not much to say here but explain that once you identify the barcode and use
variable elimination(See pic)
http://imgur.com/RObPx
It's quite easy to make your own. Now go get a badass lego set!
Other Weak Code Algorithms:
(Local Car Wash)
http://imgur.com/Q4US9 (The number 48 is repeated until it truncates at 5 digits.
(Subway Free Cookie)
http://imgur.com/xqlTu
(PacSun 30% Off)
http://imgur.com/mEwrU
(iHop Free Pancakes)
http://imgur.com/Zh7g2
In 20/20 hindsight, the (*) digit I couldn't figure out was a check digit.
For these, just Register in 1st minute of hour with valid code and then DDOS for an
hour or hit their registration.php with slowloris
(Hollister Apple Macbook)
http://imgur.com/3KLHn
(AberCrombie & Fitch Apple MacBook Air)
http://imgur.com/4VLjn
====================================================
Some of the code is jumbled because MyBB(HF) runs MyCode and VB(here) runs on
BBCode.