This document summarizes the speaker's experience with cracking barcodes. It discusses breaking down EAN-13 barcodes and generating QR codes. It provides examples of using modified or fake barcodes to get free items from stores or access to paid events. The speaker demonstrates how barcodes can be manipulated and encourages the audience to try it themselves, while also including a disclaimer about misuse.

2. Myself – Self Boasting/ Self D**ba
 Authored a book at an age of 21 (2nd
edition WIP)
 ISO 27001:2013 ISMS LA, CEH, CCNA, ECSA , JNCIP- SEC,
JNCIS-SEC etc.
 Featured in Deccan Chronicle, The Hindu, The HANS India, Eenadu,
Vaartha, Saakshi, AndhraJyothi, Andhrabhoomi etc.
 Interviewed by HMTV news channel
 Reported vulnerabilities on 100+ popular websites and got lucky with
more than 2 dozen of CVE-IDs
 Reported BOF on Yahoo Messenger
 Trained more than 10,000 people (Corporate + Students)
 Currently working with TCS as Security Analyst
Enough ……….Just Stop it………!

3. Where am I taking you now?
 Hell, why do I need to listen to this ?
 Introduction to barcodes
 Breaking down EAN – 13
 Your Weapons
 Here comes the “heart” of this power-point deck
 My experience with Barcode cracking
a) XYZ MNC well-known barcode crack
b) XYZ shopping mall etc
 Brief Introduction on
XSS, SQL etc. attacks via Paper, yeah it’s
via PAPER…! or NEWS PAPER…! OMG…!

4. With barcode cracking, you can
a) Buy a costly product at the rate of a cheap one
b) Free entry to parties – free beers etc
c) Free parking
d) Bypassing access control - Get free attendance / break your friend’s
attendance etc.
Disclaimer:
I am no way responsible for any mis-use of this technique. I am sharing it just
for informational purposes.
Why do I need to listen to this ?

5.  Introduced by Joseph Woodland and Bernard Silver in 1952
 First used in ACI but failed and then started commercially on
Wrigley company - chewing gum
 Optical representation of data to uniquely identify items
 Used for tickets, market items, books , parcel tracking,
parking etc
 Barcodes , Scanners / Verifiers
 Barcode verifier standards
a) ISO/IEC 15416 (linear)
b) ISO/IEC 15426-2 (2D)
Introduction to Barcodes

6. Classification
1. 1D
a) EAN – 13 (World-wide)
b) UPC (USA, Canada etc)
c) Code 128
d) CodeBar
e) Plessey etc
2. 2D (More information)
a) QR code
b) Maxi code
c) Aztec code etc
3. 3D (Basing on height)
- To withstand high temperature
or chemical environments

7. Slide – Manideep
QR code Aztec Code Code 128

8. Why EAN 13? - Everywhere
Book
Deodorant
Shirt

9. Moisturizer Shampoo
Face wash
Powder

10. Breaking down EAN 13 into pieces
Do I need to learn this for doing hacks based on barcode??? - Yes…!

11. Country Code - 1st
two/three digits

12. Manufacturer – Product code

14. Verifying check sum digit
1. Numbers at Even position are summed to value A
#0+#2+#4+#6+#8+#10 = Value A [7+0+0+4+3+1 = 15 ]
2. Numbers at Odd position are summed and multiplied by 3
3*(#1+#3+#5+#7+#9+#11) = Value B [3* (5+1+5+5+0+0) = 48 ]
3. Value A + Value B = Value C [ 63 ]
4. Remainder of (value C /10) is taken as value D [ 3 ]
5. If check digit = (10 value D), the code read by the machine is correct. [ 7 ]‐

15. Initial Bit – Part 1 – Part 2
Ever wondered, How are those lines generated?
7 - 501054 - 530107

16.  Black – 1 and white space – 0
 Borders: 101 (left and right) and Center: 01010 (middle)
7 – ABABAB
<left border> 101
<part generated from A/B> 0110001 0100111 0011001 0100111 0110001 0011101
+<central > 01010
+< part generated from C > 1001110 1000010 1110010 1100110 1110010 1000100
<right border> 101
Fuzzy Buzzy……

17. Finally…!
101 0110001 0100111 0011001 0100111 0110001
0011101 01010 1001110 1000010 1110010 1100110
1110010 1000100 101

18. At your own risk…!

19. Your weapons
Barcode generators
Online : http://www.terryburton.co.uk/barcodewriter/generator/
Offline : ByteScout barcode generator
Barcode decoders
http://www.onlinebarcodereader.com/
http://zxing.org/w/decode.jspx
http://www.onlinebarcodescan.com/
http://online-barcode-reader.inliteresearch.com/
1 – stop point for printers, stickers, labels, scanners etc
http://www.barcodesinc.com/
http://www.3sindustries.in/

20. XYZ Shopping Mall
Buy a product worth INR Rs 5000/- for INR Rs 1000/-
Demo experience
(Social Engineering*)

22. Other scenarios
Drink beer at free of cost
Access Control Magic’s
Free Parking
Corporate Asset Management etc

23. My Journey with “Beeeeeep” – MNC (well known)
Demo Experience

24. XSS, SQL etc via PAPER…………..!
 QR codes
 Below QR code for <script>alert("test")</script> (Demo)
http://qrcode.kaywa.com/
More demo and in-details in next talk 

25. Questions????

26. Resources:
www.barcodeisland.com
http://www.phenoelit-us.org/stuff/StrichAufRechnung.pdf
http://en.wikipedia.org/wiki/International_Article_Number_%28EAN%29

27. How can you reach me?
https://in.linkedin.com/in/manideepk
mani [ dot ] konakandla [at] gmail [dot] com