How to hack TSA Pre-Check
#1
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2007
Location: DFW
Programs: UA Pleb, HH Gold, PWP General Secretary
Posts: 23,199
How to hack TSA Pre-Check
don't do this, it may be a crime.
http://puckinflight.wordpress.com/20...-check-system/
tl;dr
Hack your boarding pass barcode, insert in the pre-check code, photoshop the new barcode on to your boarding pass. Instant pre-check.
http://puckinflight.wordpress.com/20...-check-system/
tl;dr
Hack your boarding pass barcode, insert in the pre-check code, photoshop the new barcode on to your boarding pass. Instant pre-check.
#2
Join Date: Sep 2009
Location: MAD
Programs: DL, UA, AA, BA, Marriott
Posts: 599
How to hack TSA Pre-Check
Fail. So now any terrorist with a scanner and printer can get through pre check.
Thanks alot tsa, please just go away
Thanks alot tsa, please just go away
#3
Join Date: May 2009
Location: Washington, DC
Programs: UA 1K 1MM, AA, DL
Posts: 7,418
Wait - if hacking a barcode is this easy for PreCheck, why isn't it just as easy to hack a barcode for the entire boarding pass? Surely they have some sort of encryption or checkdigit equivalent for the barcode that would spit it out as invalid because it doesn't conform to the algorithm.
#4
Join Date: Jul 2010
Location: MKE
Programs: DL-MM-Diamond HH-Diamond
Posts: 3,218
It's is a crime and people who attempt this are going to ruin it for others who follow the rules.
#5
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2007
Location: DFW
Programs: UA Pleb, HH Gold, PWP General Secretary
Posts: 23,199
Wait - if hacking a barcode is this easy for PreCheck, why isn't it just as easy to hack a barcode for the entire boarding pass? Surely they have some sort of encryption or checkdigit equivalent for the barcode that would spit it out as invalid because it doesn't conform to the algorithm.
11F>30B
#6
Join Date: May 2009
Location: Washington, DC
Programs: UA 1K 1MM, AA, DL
Posts: 7,418
The text string isn't really what's important, though, it's the barcode that's important, and whether there's some additional bar code validation. I don't know enough about the tech as to how this is done.
#8
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2007
Location: DFW
Programs: UA Pleb, HH Gold, PWP General Secretary
Posts: 23,199
Possible. What I did to test the concept was decode the barcode, then take the information I got and re-encode it on another system. The barcode created looked the same as the first. If there was "hidden" data, it should have manifested in the design of the barcode. Though, I admit I am no great shake at understanding the creation of barcode.
I X'd out my seat assignment, and none of those numbers correspond to a gate in PHX.
#9
Join Date: Jun 2007
Location: gggrrrovvveee (ORD)
Programs: UA Pt, Marriott Ti, Hertz PC
Posts: 6,091
You do admit that this is really just a theoretical exercise.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)
I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)
I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.
#10
Join Date: May 2009
Location: Washington, DC
Programs: UA 1K 1MM, AA, DL
Posts: 7,418
That said, if the barcode creation program complies with the algorithm for that type of barcode, it should implement any check digits as well, so the point may be irrelevant.
#11
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2007
Location: DFW
Programs: UA Pleb, HH Gold, PWP General Secretary
Posts: 23,199
You do admit that this is really just a theoretical exercise.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)
I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)
I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.
Also, by not encrypting the data one can still if they are eligible for pre-check allowing a person to make decision on whether or not to try and "beat the screening" at the airport long before they get to the TDC at the airport. So, even if the one can't modify the data, just by having it visible allows people to beat the system.
All of this could be stopped if the TSA and the Airlines just encrypted the data to begin with.
#12
Join Date: Feb 2011
Programs: AA, UA, Marriott Gold
Posts: 349
You do admit that this is really just a theoretical exercise.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)
I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.
It would be interesting to see if you could print one out from home and also a "real" one from the airport to see what happens when you try to scan it. (not that i'm advocating doing anything potentially illegal)
I would think that they would have thought of something as simple as reverse engineering a string of characters in a barcode and put security measures in place to prevent (or at least make more difficult) potential hacking.
#13
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2007
Location: DFW
Programs: UA Pleb, HH Gold, PWP General Secretary
Posts: 23,199
If the data you put in were the same, the barcode should look the same. If you changed a piece of data, would it look different, and, if so, would it look different in more ways than just the place representing the change you made?
That said, if the barcode creation program complies with the algorithm for that type of barcode, it should implement any check digits as well, so the point may be irrelevant.
That said, if the barcode creation program complies with the algorithm for that type of barcode, it should implement any check digits as well, so the point may be irrelevant.
Now I can't identify some of the data, so it is possible that is CheckSum line that cause the scanner to tell the TSA I am a baddy if I altered it.
#14
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2007
Location: DFW
Programs: UA Pleb, HH Gold, PWP General Secretary
Posts: 23,199
#15
Join Date: Feb 2011
Programs: AA, UA, Marriott Gold
Posts: 349
Perhaps the first test should be with a BP that is simply decoded and recoded? That way if you are asked to print a new one, the encoded digits in fact match on both, then just blame your cheap home printer for screwing up "again."