A friend of mine in college did this, but it was even simpler- there was no barcode, just a number that increased by one for each ticket sold. He went the entire year just making his own to avoid paying $3 per day. Just take the last three days tickets, increment by the average difference, print and display.
When they caught him (he parked in the wrong lot or something) he admitted everything, paid $80, and offered to help them catch others doing the same thing.
He told them to change the end-of-day expiry time to 1 minute earlier than normal, tow everyone with a ticket that expires at the usual time.
This brings back memories of similar collegiate petty scams. There was a year where I was working evenings and commuting to college during the day in my barely-running Cavalier. Money was not abundant. Thankfully, even though the distant parking lots charged us commuters quite a bit for day passes, they used a system with "hang tags" that you put on your mirror.
Each tag had a row of 12 "bubbles" and another grid of 31 "bubbles" covered with the silvered scratch-off stuff you find on lottery scratch tickets. To use one of these daily tags you would scratch off the bubble corresponding to the month and date you were parking.
I soon realized that the parking attendants weren't very observant and between that and the windshield, you could use one of those silver paint pens to "refill" in the bubbles after they had been scratched, use a fine-tipped Sharpie to draw the number back on the re-silvered bubble, and scratch off the next day.
Can't remember how long I did this and I seem to remember eventually getting a ticket but it was right around when my car finally died and the year was almost over. Either way, I could usually get a week or so out of those daily passes before a stray mark or penmanship error would ruin a tag and I'd have to start a new one. I'm pretty sure I got at least $50-100 worth of parking out of my little scam though.
Not proud but hey...I managed to graduate and not starve so, bonus!
I refused to buy a college parking sticker. I pay tuition to go to the school, why do I have to pay to park there? Luckily, I was a night student, so I would park in the visitors parking and set up my classes so I would get out at about the same time the night crew got off (something like 9pm).
I even spent a couple semesters waiting in the parking lot an hour after class. I would read a book, program, or study for that hour.
Once I was late, and visitors was full, so I parked in the regular parking, which promptly got me a ticket. I didn't pay, and they eventually sent the ticket to my address. I called the school and told them I wasn't responsible as I had sold the car to another student, and it was their ticket, not mine. They bought the story and removed the ticket.
A much simpler "hack" occurred to me recently. Suppose you wanted to store your car for a long time in a gated garage that also holds ZipCars.
Drive your car in and take a ticket as normal. When it's time to leave, book a ZipCar for one hour. Grab its parking pass and use it to exit the garage with your car. Park on the street nearby, walk the pass back to the ZipCar.
Are there typically countermeasures in place for this? Match the pass to the license plate with ANPR? Don't allow an exit without a corresponding entrance? Sucks for the next person to use the ZipCar. But how will they know it was you? Are video archives good enough to find the plate associated with a particular card swipe without a ton of manual effort?
(Assume you're trying to store a car for a month or more. At a fairly normal Chicago visitor parking rate of $25 for 2 hours, that would cost $9,000.)
One of the Dr. Dobbs editors made the following confession years ago in an editorial, when Dr. Dobbs was still published on glossy magazine paper. (According to the text, the statute of limitations had already run out.)
When faced with the situation of working on a mainframe at city hall, but not being issued a city parking permit due to bureaucratic oversight, he came up with a solution in code. It just so happened that the system he was working on issued the parking tickets, so he just added conditional logic to detect his name, then deleted the ticket! Problem solved, and no bureaucratic runaround to solve it!
The checksum algorithm they used will only produce 73 different checksums (00000000-99999999: 0-72) - and all of them even. There is space for 9999 different values.
Tips to improve:
f(x) = ( x * secret) mod 1000
- mod 10000 instead of mod 1000 (as mentioned in the article)
- make sure the 'x' varies between 0-9999 (e.g. by splitting the number in half and adding the parts 03001909 > 0300+1909 = 2209)
- make sure the 'secret' is larger than 10000 and non-divisible by factors of 10000 (2 and 5) (e.g.: 54321)
It is probably just a barcode checksum/error code, otherwise they wouldn't have to rely on the values of the first 8 digits. Instead they should generate 4 random digits and store them in the database along with other information, then it basically works like a pin number (and xor it with a proper checksum).
Edit: If it is really a checksum, it is a crappy one.
A secret larger than 10,000 is not useful -- since the multiplication is mod 10,000, the first digit of the secret could be ignored anyway (54321 = 5 * 10000 + 4321 === 4321 mod 10000).
I'm sure this will be a big hit with the legitimate purchasers of the tickets to which those barcodes were assigned... who will find them mysteriously invalid when presented.
A really simple "hack" of a car park with an entry barrier that issues you a ticket is that you can usually exit the car park with an unpaid ticket if it's under 10 min old. So just get a new ticket from the entrance when you want to leave.
They do this so you can get out if there are no spaces.
I haven't done this myself and don't condone it. You will probably get in trouble and it's not nice.
Getting a new ticket from the printer before the barrier will be hard if your car is inside the car park. Often the ticket printer will only work if it notices a large metal object (such as a car) in front of the barrier.
I think this will not work with most of good systems. As there are inductor loops or sensors at the gate(ticketing machine) . Which sense a vehicle and then allow allow the machine to print a ticket. You should check your hypothesis.... But m sure there r weaker systems which don't have these checks
This reminds me of the guy who was caught a few years ago for putting homemade UPC stickers over the printed UPC symbol for expensive LEGO sets so that they'd ring up as inexpensive LEGO sets.
After the felony fraud charges, he would have been better off just shoplifting the sets instead.
Car parking is unique because you can always (well ok with certain exceptions in some countries) connect it to a licence plate and thus to the car owner. Where I live the car owner is (again with some exceptions) held responsible, even if he did not drive - or he gives up the driver.
Over a summer I lived in "intern housing" at a university in the DC area. They wanted $150 for parking for 2mo, yeah, nope. A little bit of research told me that the parking services were a separate entity from the school and that the school would put a hold on my student account and transcripts if there were unpaid charges. I also found that they supposedly boot you after 3 tickets. Tickets are $100 minimum and go up by $50 for every unpaid 30 days. As someone who never took and classes from them they didn't have much leverage over me. I just pulled my front plate, got a few spare plates from the junkyard and slapped one over my real plate when I got home for the night making sure no one plate had more than three tickets. For ~$3 day it was well worth the hassle. They're still sending me notices every two months about my unpaid fine for the one time they ticketed me with my real plate.
Seriously, the easiest way to abuse (private) parking systems is usually to make them write the ticket to a plate that doesn't come back to you.
Another "hack" was that the parking gates at most public garages in the DC area had a rubber sweep on the bottom and were tall enough that most 90s compacts could squeeze under if you retract the antenna, saves about $6 per usage.
So instead the previous owners of those plates get a bunch of tickets and or credit collections sent after them..? For $3/day. But I guess it isn't your problem...
That's risky because they may be able to look up your car by VIN. You'd probably need to randomize it by parking in different locations every day, hoping that you get different meter maids who wouldn't recognize your car. Your car would also have to be so generic in appearance (not just model/color but also condition) that it didn't stand out.
I think he is forgetting that the barcode is generated and exits not in a silo but with knowledge of a controller. I would be amazed if the system did not both track the barcode creation and exit events and trigger protocols on any outside system event.
Print out your card at home, park at lot, scan to checkout, your barcode is in one of three states: 1: Not valid because it has not been issued by the controller, 2: Valid and first use (you left before the other car on the lot with the duplicated barcode has exited), 3: Invalid because it has already been used on exit (the duplicate barcode has already left the lot).
In what scenario given an active controller that is not braindead would this give you any kind of advantage? You are more likely than not going to be in a situation where you trigger an alarm on exit.
Over my summer interning in NYC I found even weaker vulnerabilities with the the NY Waterway ferry's e-ticketing system. Trivially cost can go from greater than $296/month (for some routes) --> $0. Fortunate for those who instinctually think of weaknesses in systems.
[+] [-] gus_massa|10 years ago|reply
The calculation the author wants is
that is equivalent to that is equivalent to The standard method is to solve this first for 1 instead of 642 and this can be solved with the Extended Euclidean Algorithm: https://en.wikipedia.org/wiki/Extended_Euclidean_algorithm(But in this case, and with a computer, it's easier the brute force solution.)
[+] [-] ronreiter|10 years ago|reply
[+] [-] mabbo|10 years ago|reply
When they caught him (he parked in the wrong lot or something) he admitted everything, paid $80, and offered to help them catch others doing the same thing.
He told them to change the end-of-day expiry time to 1 minute earlier than normal, tow everyone with a ticket that expires at the usual time.
[+] [-] soylentcola|10 years ago|reply
Each tag had a row of 12 "bubbles" and another grid of 31 "bubbles" covered with the silvered scratch-off stuff you find on lottery scratch tickets. To use one of these daily tags you would scratch off the bubble corresponding to the month and date you were parking.
I soon realized that the parking attendants weren't very observant and between that and the windshield, you could use one of those silver paint pens to "refill" in the bubbles after they had been scratched, use a fine-tipped Sharpie to draw the number back on the re-silvered bubble, and scratch off the next day.
Can't remember how long I did this and I seem to remember eventually getting a ticket but it was right around when my car finally died and the year was almost over. Either way, I could usually get a week or so out of those daily passes before a stray mark or penmanship error would ruin a tag and I'd have to start a new one. I'm pretty sure I got at least $50-100 worth of parking out of my little scam though.
Not proud but hey...I managed to graduate and not starve so, bonus!
[+] [-] legohead|10 years ago|reply
I even spent a couple semesters waiting in the parking lot an hour after class. I would read a book, program, or study for that hour.
Once I was late, and visitors was full, so I parked in the regular parking, which promptly got me a ticket. I didn't pay, and they eventually sent the ticket to my address. I called the school and told them I wasn't responsible as I had sold the car to another student, and it was their ticket, not mine. They bought the story and removed the ticket.
[+] [-] superuser2|10 years ago|reply
Drive your car in and take a ticket as normal. When it's time to leave, book a ZipCar for one hour. Grab its parking pass and use it to exit the garage with your car. Park on the street nearby, walk the pass back to the ZipCar.
Are there typically countermeasures in place for this? Match the pass to the license plate with ANPR? Don't allow an exit without a corresponding entrance? Sucks for the next person to use the ZipCar. But how will they know it was you? Are video archives good enough to find the plate associated with a particular card swipe without a ton of manual effort?
(Assume you're trying to store a car for a month or more. At a fairly normal Chicago visitor parking rate of $25 for 2 hours, that would cost $9,000.)
[+] [-] stcredzero|10 years ago|reply
When faced with the situation of working on a mainframe at city hall, but not being issued a city parking permit due to bureaucratic oversight, he came up with a solution in code. It just so happened that the system he was working on issued the parking tickets, so he just added conditional logic to detect his name, then deleted the ticket! Problem solved, and no bureaucratic runaround to solve it!
[+] [-] jo-han|10 years ago|reply
Tips to improve: f(x) = ( x * secret) mod 1000
- mod 10000 instead of mod 1000 (as mentioned in the article)
- make sure the 'x' varies between 0-9999 (e.g. by splitting the number in half and adding the parts 03001909 > 0300+1909 = 2209)
- make sure the 'secret' is larger than 10000 and non-divisible by factors of 10000 (2 and 5) (e.g.: 54321)
Pretty sure it wouldn't be so easy to hack then.
[+] [-] nocsaer1|10 years ago|reply
Edit: If it is really a checksum, it is a crappy one.
[+] [-] andrewla|10 years ago|reply
[+] [-] DrScump|10 years ago|reply
[+] [-] ronreiter|10 years ago|reply
[+] [-] samwillis|10 years ago|reply
They do this so you can get out if there are no spaces.
I haven't done this myself and don't condone it. You will probably get in trouble and it's not nice.
[+] [-] Sujan|10 years ago|reply
[+] [-] jschulenklopper|10 years ago|reply
Getting a new ticket from the printer before the barrier will be hard if your car is inside the car park. Often the ticket printer will only work if it notices a large metal object (such as a car) in front of the barrier.
[+] [-] pranaysharma|10 years ago|reply
[+] [-] gloves|10 years ago|reply
[+] [-] kej|10 years ago|reply
After the felony fraud charges, he would have been better off just shoplifting the sets instead.
[+] [-] DanBC|10 years ago|reply
http://lego.gizmodo.com/high-profile-silicon-valley-exec-gui...
http://gizmodo.com/5912141/multimillionaire-software-exec-ar...
http://news.yahoo.com/blogs/technology-blog/incredibly-wealt...
http://www.mercurynews.com/ci_20675946/silicon-valley-tech-e...
But there's this earlier story too:
http://www.eurobricks.com/forum/index.php?showtopic=29272
[+] [-] DanBC|10 years ago|reply
Wherever money is involved, even the small amounts for carparking[1], you're going to have people attacking the system to get free stuff.
And car park machines[2] have extensive audit trails.
[1] an individual stay is quite cheap. Over a year it's a lot of cash.
[2] At least, the Almex Control Systems machines did. As did the TIMTronic and System B and System C and Delta bus ticket machines.
[+] [-] Drdrdrq|10 years ago|reply
[+] [-] jo909|10 years ago|reply
[+] [-] geekamongus|10 years ago|reply
[+] [-] dsfyu404ed|10 years ago|reply
Seriously, the easiest way to abuse (private) parking systems is usually to make them write the ticket to a plate that doesn't come back to you.
Another "hack" was that the parking gates at most public garages in the DC area had a rubber sweep on the bottom and were tall enough that most 90s compacts could squeeze under if you retract the antenna, saves about $6 per usage.
[+] [-] UnoriginalGuy|10 years ago|reply
[+] [-] rconti|10 years ago|reply
[+] [-] mattdotc|10 years ago|reply
Hope saving a few hundred dollars is worth the potential hit to your credit score.
[+] [-] wbsgrepit|10 years ago|reply
Print out your card at home, park at lot, scan to checkout, your barcode is in one of three states: 1: Not valid because it has not been issued by the controller, 2: Valid and first use (you left before the other car on the lot with the duplicated barcode has exited), 3: Invalid because it has already been used on exit (the duplicate barcode has already left the lot).
In what scenario given an active controller that is not braindead would this give you any kind of advantage? You are more likely than not going to be in a situation where you trigger an alarm on exit.
[+] [-] nocsaer1|10 years ago|reply
You have a typo here:
f(21) = (23 * 854) % 1000 = 17934 % 1000 = 934.
I wouldn't be surprised if the last four digits are some form of built-in barcode error checking, and are not used anywhere else.
[+] [-] marnett|10 years ago|reply
[+] [-] esseti|10 years ago|reply
[+] [-] protomyth|10 years ago|reply
[+] [-] troels|10 years ago|reply
[+] [-] ronreiter|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] interdrift|10 years ago|reply