Originally Posted by Majuki
The barcode is PDF-417, but it's encrypted. You can read the barcode, but you'd have to decode the string. I believe the boarding pass scanners are standalone, but I'm not 100% sure.
They're actually not encrypted at all. BPs printed online and mobile BPs have a signature appended to them to validate the data, but the data is still plaintext. Agent and kiosk printed BPs have no signature at all. This is why you see 'BP Signature not verified' on the TSA ticket scanners. The LLL/CLR are not encoded in text after your name - otherwise you'd see it on the gate ticket scanners.
If I had to take a wild shot-in-the-dark guess at it, and not run afoul of any DMCA-type laws which probably criminalize reading unencrypted data from a piece of paper, I would guess that the boarding pass contains the following data in the following order. If I were so inclined, I could verify this by reading and comparing several tickets on different airlines from before Pre-Check, from flights where I wasn't selected, and from flights where I was. Theoretically.
Char 2: Leg of the flight you are on
Char 3: Name in Last/First format.
Char 23: Designation of whether your ticket is paper or electronic.
Char 24: Record Locator
Char 31: Origin
Char 34: Destination
Char 37: Airline code
Char 40: Flight number
Char 45: Day of year (1-366) of flight
Char 48: Cabin (agent and kiosk printed BPs only say F A or J, online or mobile BPs actually contain the bucket letter)
Char 49: Seat assignment
Char 53: Sequence number
Char 66: Check in location (online(WW), kiosk(0K), agent (R0))
Char 69: Day of year of check-in
Char 73: Marketing airline code
Char 89: Not sure, AA puts 29 here, AS puts 25.
Char 91: Ticketing airline 3-digit code (001, 027)
Char 94: Ticket number
Char 104: Selected for pre-check (will trigger LLL)
Char 105: Enrolled in pre-check (will trigger CLR)
Char 109: FF program airline code
Char 112: FF program number
Char 129: AS puts gate number here
Char 138: AS puts the name of the kiosk you used here
If all of the above were theoretically true, it wouldn't be hard to use your smartphone to scan the barcode and check the data in the 104th character of an unencrypted block of text to see whether you're getting to leave your shoes on or not.
Also, it would be weird if all of this were described on page 39 of a document somewhere