Ticketmaster is having a rough time lately. Recently, a hacker named [Conduition] managed to reverse-engineer their new “safe” electronic ticket system. Of course, they also had the recent breach where more than half a billion accounts had personal and financial data leaked without any indication of whether or not the data was fully encrypted. But we’re going to focus on the former, as it’s more technically interesting.
Ticketmaster’s stated goals for the new SafeTix system — which requires the use of a smartphone app — was to reduce fraud and ticket scalping. Essentially, you purchase a ticket using their app, and some data is downloaded to your phone which generates a rotating barcode every 15 seconds. When [Conduition] arrived at the venue, cell and WiFi service was totally swamped by everyone trying to load their barcode tickets. After many worried minutes (and presumably a few choice words) [Conduition] managed to get a cell signal long enough to update the barcode, and was able to enter, albeit with a large contingent of similarly annoyed fans trying to enter with their legally purchased tickets.
The real kicker here is that since the barcode rotates every 15 seconds, printing it out simply isn’t an option. This alienates anyone who doesn’t have a smartphone, which includes individuals who may not be able to physically operate one. So the problem isn’t simply that users were being forced to install yet another application on their device, but that the system reduces accessibility to entertainment. [Conduition] was dismayed and frustrated with this, and so the reverse-engineering effort began.
Decoding the barcode was actually quite simple. It is a standard PDF ..
Support the originator by clicking the read the rest link below.
