How to hack TSA Pre-Check
don't do this, it may be a crime.
http://puckinflight.wordpress.com/20...-check-system/ tl;dr Hack your boarding pass barcode, insert in the pre-check code, photoshop the new barcode on to your boarding pass. Instant pre-check. |
How to hack TSA Pre-Check
Fail. So now any terrorist with a scanner and printer can get through pre check.
Thanks alot tsa, please just go away |
Wait - if hacking a barcode is this easy for PreCheck, why isn't it just as easy to hack a barcode for the entire boarding pass? Surely they have some sort of encryption or checkdigit equivalent for the barcode that would spit it out as invalid because it doesn't conform to the algorithm.
|
It's is a crime and people who attempt this are going to ruin it for others who follow the rules.
|
Originally Posted by drewguy
(Post 19527798)
Wait - if hacking a barcode is this easy for PreCheck, why isn't it just as easy to hack a barcode for the entire boarding pass? Surely they have some sort of encryption or checkdigit equivalent for the barcode that would spit it out as invalid because it doesn't conform to the algorithm.
11F>30B |
Originally Posted by colpuck
(Post 19527868)
It is possible. I wasn't able to identify the string in the barcode information. This maybe a CheckSum code. However, it doesn't matter. Not all boarding passes are scanned at the TSA checkpoint. The photoshop hack from like 5 years is still valid.
The text string isn't really what's important, though, it's the barcode that's important, and whether there's some additional bar code validation. I don't know enough about the tech as to how this is done. |
Originally Posted by colpuck
(Post 19527868)
It is possible. I wasn't able to identify the string in the barcode information. This maybe a CheckSum code. However, it doesn't matter. Not all boarding passes are scanned at the TSA checkpoint. The photoshop hack from like 5 years is still valid.
|
Originally Posted by drewguy
(Post 19528059)
All boarding passes for precheck are, though, right?
The text string isn't really what's important, though, it's the barcode that's important, and whether there's some additional bar code validation. I don't know enough about the tech as to how this is done. Possible. What I did to test the concept was decode the barcode, then take the information I got and re-encode it on another system. The barcode created looked the same as the first. If there was "hidden" data, it should have manifested in the design of the barcode. Though, I admit I am no great shake at understanding the creation of barcode.
Originally Posted by FearFree
(Post 19528130)
Seat/Gate assignment perhaps?
|
You do admit that this is really just a theoretical exercise.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal) I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking. |
Originally Posted by colpuck
(Post 19528181)
Possible. What I did to test the concept was decode the barcode, then take the information I got and re-encode it on another system. The barcode created looked the same as the first. If there was "hidden" data, it should have manifested in the design of the barcode. That said, if the barcode creation program complies with the algorithm for that type of barcode, it should implement any check digits as well, so the point may be irrelevant. |
Originally Posted by gobluetwo
(Post 19528189)
You do admit that this is really just a theoretical exercise.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal) I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking. Also, by not encrypting the data one can still if they are eligible for pre-check allowing a person to make decision on whether or not to try and "beat the screening" at the airport long before they get to the TDC at the airport. So, even if the one can't modify the data, just by having it visible allows people to beat the system. All of this could be stopped if the TSA and the Airlines just encrypted the data to begin with. |
Originally Posted by gobluetwo
(Post 19528189)
You do admit that this is really just a theoretical exercise.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal) I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking. |
Originally Posted by drewguy
(Post 19528228)
If the data you put in were the same, the barcode should look the same. If you changed a piece of data, would it look different, and, if so, would it look different in more ways than just the place representing the change you made?
That said, if the barcode creation program complies with the algorithm for that type of barcode, it should implement any check digits as well, so the point may be irrelevant. Now I can't identify some of the data, so it is possible that is CheckSum line that cause the scanner to tell the TSA I am a baddy if I altered it. |
Originally Posted by FearFree
(Post 19528249)
While I would be interested in the result, I am far less interested in the consequences if its not smooth sailing :p
|
Originally Posted by colpuck
(Post 19528287)
You go first. I am right behind you I swear. :D
|
All times are GMT -6. The time now is 4:28 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.