mandag 16. februar 2009

CueCat USB barcode scanner hacked!

Last week I ordered a CueCat USB barcode scanner from LibraryThing. Today I gave it a first try, on my new book Pragmatic Version Control Using Git. Eager to try my new toy that I had envisioned to ease the process of adding my books to a database I plugged it in, observed that it was recognised as a HID, tried to scan the barcode, and out came this gibberish: .C3nZC3nZC3n2C3P3DxP6DxnY.fHmc.E3zXDhv1C3nYDNzY.

Quite disappointed, I realized that this thing might not be easily used with Linux after all. I searched on Google for CueCat, and soon realized that the stupid scanner outputs a serial number unique to this scanner, followed by the type of barcode and finally the barcode number, and all this is encrypted with CueCat's sophisticated "XOR with C"-cipher:
#!/usr/bin/perl -n 
# Copyright: Larry Wall
printf "Serial: %s Type: %s Code: %s\n",
map {
tr/a-zA-Z0-9+-/ -_/;
$_ = unpack 'u', chr(32 + length()*3/4) . $_;
s/\0+$//;
$_ ^= "C" x length;
} /\.([^.]+)/g;


So I foresaw that this dongle was going to be a pain to use. But after some more reading, I came across this page that shows me how to hack the CueCat and disable the encryption alltogether. So disassembled the device and cut pin number 5, like this:


After reassembling the scanner, I tried it on my book again. And lo and behold, there was the real ISBN number I had been looking for: 9781934356159!

2 kommentarer:

hovelsj sa...

I don't understand why they bother to encrypt it when it's that easy to figure out the hack...!

Filip sa...

Great Barcode scanner, I would recommend it to everyone and anyone that has a POS software and a Point of Sale system.
We have been selling this scanner for a while now with our POS software and POS systems and it is the best scanner in
reliability, no complaints ever, no returns, very reliable.

Support,
www.AlexandriaComputers.com