Breaking Bus Tickets – MagStripe Hacks And You

Breaking Bus Tickets – MagStripe Hacks And You

Magnetic stripes store little data, so often times these are used as references back to a centralized database (as in credit cards). This isn’t always possible or practical, however, so implementations must sometimes store all the data that is needed on magnetic stripe itself. When this is used to store identification data only, this usually isn’t a problem. In those cases, as long as you don’t give the card to the bad guy, he can’t read them. But what about ticketing systems? In ticketing systems (like bus tickets), you are giving all the information to the person who is most interested in subverting that information. Many of these systems use proprietary data formats. However, with some reverse engineering and selective purchasing of tickets, these can be decoded. I will discuss not only how to perform this reverse engineering on the tickets, I will display the format the tickets I analyzed (those for the Minneapolis/St. Paul area transit), but also discuss protections to prevent these, and how those protections can fail.

Presented by