Confronting the store about the problem

This is a continuation of THIS post

I went down to one of the stores today that I used in my research, to tell them about my research, the problem and so on.
I asked for the store manager, and told him about it, and then I asked if he was okay with me testing if the receipt actually worked in the scanner at the checkout.

He seemed a bit skeptical at first, but eventually he told me to follow him to the checkout, and then he asked a cashier to take the receipt and use it as if it was a normal purchase (You can scan the receipt when you are scanning your products, and the machine will deduct the amount it says on the receipt).

The receipt worked, and a few SEK (Swedish crowns) was deducted from the price (Success o/).
After this I told them that they could keep the fake receipt to do with as they wished, like destroying it or something, but they decided to keep it intact and put up a warning sign in the store for the people who work there to keep a lookout for this kind of receipt (even though it would be close to impossible to tell them apart with a few adjustments and a proper receipt printer).

I also asked them if I could use them as a reference when contacting the company that makes these machines, which they approved of.
I didn’t get the approval on paper though, and I even forgot to take any pictures from the machine in the store when it had scanned the fake receipt, but you’ll just have to believe me 🙂

All in all this turned out pretty nicely, and I will make a few more changes to the receipt template and then generator script to make it a bit more complete, and then I will make a small proof-of-concept for my solution to the problem, and then send it to Tomra that makes the machines. After all that I will consider this little project done most likely, if nothing else comes up.

The next project in line after this one that I will be blogging about, is how to break the encryption on public transport cards that use the MIFARE Classic 1K standard (using already built tools, as the encryption was broken a few years ago), and then make copies of the card, as well as altering the data on them (like how much money they have on the card).

Bottom line here is, I’m happy they didn’t call the cops 🙂



4 thoughts on “Confronting the store about the problem

  1. Hej! Jag antar att du är svensk, kul projekt först och främst! Läste det du skrev om mifarekorten, jag har redan lyckats med detta och jag kan lova dig att det är lite jobb med detta. Att ändra saldot på kortet är inte möjligt, inte enligt mig och flera andra som har suttit ett bra tag och tittat på detta.

    Du har min mailadress bifogad, hade kunnat skicka lite material åt dig och så kan vi jämföra information vi får ut. Lycka till!


      • Tjena jag har läst din ”blogg”. jag förstår det mesta inom detta då jag suttit och studerat men det finns lite funderingar fortfarande.
        Du har mitt mail om du har tid. Mvh


  2. Pingback: Having fun with reverse vending machines | Alcor

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.