NCR: Barcodes to Passwords
by Bob Krinkle
This article is an addition to one featured in 21:4 titled "Self-Checkout or ATM?" which introduced some of the features and functionality of the NCR E-Series self-checkout software.
The scope of this article will cover the method of creating operating override barcodes knowing operator numbers and passwords and reversing an existing barcode to operator override number and password.
For this example we will use the operator number 1234, the password 5678, and the barcode will be: 4121234802430
It will be easier to discuss this barcode in parts.
412 signifies to the system that the barcode is an operator override barcode.
The next set 1234 is the operator override/logon number (those of you familiar with Point of Sale know only numbers are typically used and have a limited length).
The following four 8024 is the operator's encrypted password, which we will cover more in depth later.
And the last two parts consist of a nonstandard checksum 3 and an EAN checksum 0.
Though the EAN checksum can be automatically generated using a number of barcode generators, the non-standard checksum will have to be figured out by hand.
To do this we will first add all of the odd places of the barcode number (excluding the EAN checksum and the non-standard checksum) and multiply that number by 3:
4 + 2 + 2 + 4 + 0 + 4 = 16 * 3 = 48You must then add in the skipped numbers (48 + 1 + 1 + 3 + 8 + 2 = 63) and the answer is 63.
The digit in the ones place will be our checksum.
The password for the operator has been encrypted (barely) to be: 8024.
Some quick notes about passwords on these systems: passwords can contain only numbers and can be no more than four-digits in length.
Any passwords less than four-digits automatically have 0s (zeros) inserted in the beginning, which are also encrypted.
Due to the limitations of the barcode system it would be my guess that any password with more than four-digits (if allowed) would only use the first or last four-digits. We continue.
In order to encrypt our password the software has added 3 to the first digit, 4 to the second, 5 to the third, and 6 to the fourth and has not carried any placement.
So to decrypt our password, we should remove 3 from the 8 [5], 4 from 0 (or 10) [6], 5 from the 2 (or 12) [7], and 6 from the 4 (or 14) [8]:
(0)8 - 3 = 5 (1)0 - 4 = 6 (1)2 - 5 = 7 (1)4 - 6 = 8Thus our barcode reveals that user operator is 1234 and the password is 5678.
The reverse process and adding the checksums can be used to create a barcode from only a logon number and password.
Careful using this software outside the U.S. as these barcodes may be in conflict with some Germany product barcodes as they have the rights to EAN 400-440.
Also, since the database of users already exists wouldn't it be possible to add a field for barcodes so passwords wouldn't be part of the barcode at all?
This would also make it possible for someone to change the barcode and not the password and to provide limited access to barcode users.