How to hack TSA Pre-Check
 

don't do this, it may be a crime.

http://puckinflight.wordpress.com/20...-check-system/

tl;dr

Hack your boarding pass barcode, insert in the pre-check code, photoshop the new barcode on to your boarding pass. Instant pre-check.

How to hack TSA Pre-Check
 

Fail. So now any terrorist with a scanner and printer can get through pre check.

Thanks alot tsa, please just go away

Wait - if hacking a barcode is this easy for PreCheck, why isn't it just as easy to hack a barcode for the entire boarding pass? Surely they have some sort of encryption or checkdigit equivalent for the barcode that would spit it out as invalid because it doesn't conform to the algorithm.

It's is a crime and people who attempt this are going to ruin it for others who follow the rules.

It is possible. I wasn't able to identify the string in the barcode information. This maybe a CheckSum code. However, it doesn't matter. Not all boarding passes are scanned at the TSA checkpoint. The photoshop hack from like 5 years is still valid.

All boarding passes for precheck are, though, right?

The text string isn't really what's important, though, it's the barcode that's important, and whether there's some additional bar code validation. I don't know enough about the tech as to how this is done.

Seat/Gate assignment perhaps?

Yes, my boarding pass has the "3" which means if there was Pre-Check in T2 at PHX I could use it. I did not edit the data posted other than to remove personal information.

Possible. What I did to test the concept was decode the barcode, then take the information I got and re-encode it on another system. The barcode created looked the same as the first. If there was "hidden" data, it should have manifested in the design of the barcode. Though, I admit I am no great shake at understanding the creation of barcode.

I X'd out my seat assignment, and none of those numbers correspond to a gate in PHX.

You do admit that this is really just a theoretical exercise.

It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)

I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.

If the data you put in were the same, the barcode should look the same. If you changed a piece of data, would it look different, and, if so, would it look different in more ways than just the place representing the change you made?

That said, if the barcode creation program complies with the algorithm for that type of barcode, it should implement any check digits as well, so the point may be irrelevant.

I agree I just validated the concept. Also, I just used two websites and MSpaint. However, people who are far more diligent can easily get a hold of barcode readers and do a complete study.

Also, by not encrypting the data one can still if they are eligible for pre-check allowing a person to make decision on whether or not to try and "beat the screening" at the airport long before they get to the TDC at the airport. So, even if the one can't modify the data, just by having it visible allows people to beat the system.

All of this could be stopped if the TSA and the Airlines just encrypted the data to begin with.

While I would be interested in the result, I am far less interested in the consequences if its not smooth sailing :p

True, but the issue was of hidden data. All I did was cut and paste the un-encoded data line. If it was missing hidden CheckSum data the the new barcode would look different than the original. It didn't. I am no expert, I could have missed something.

Now I can't identify some of the data, so it is possible that is CheckSum line that cause the scanner to tell the TSA I am a baddy if I altered it.

You go first. I am right behind you I swear. :D

Perhaps the first test should be with a BP that is simply decoded and recoded? That way if you are asked to print a new one, the encoded digits in fact match on both, then just blame your cheap home printer for screwing up "again."