[ad_1]
There was a time when to take a British rail journey was to obtain a ticket barely modified since Victorian occasions — a small cardboard rectangle printed with the vacation spot by way of which the inspector on the prepare would punch a gap. In latest a long time these had been changed by credit-card-sized skinny card, and now more and more with scanable 2D codes from an app. These caught the eye of [eta], and she or he set about reverse engineering their operation.
The codes themselves are Aztec barcodes, just like a QR code however with a single central fiducial mark. At first look they resemble the codes utilized by non-UK ticketing techniques, however she quickly discovered that they don’t comply with the identical normal. There adopted a prolonged however fascinating path of investigation, involving app decompilation of a dodgy copy of the ticket inspector app to search out public keys, after which some work with a extra reputably sourced app from one other ticketing firm.
Alongside the way in which it revealed a shocking quantity of traveler knowledge that perhaps shouldn’t be within the public area, and raises the query as to why the ticketing normal stays proprietary. It’s nicely value a learn.
For those who’d like extra UK rail ticket hacking, it shaped the topic of a chat at EMF 2022.
[ad_2]