[LINK] SMH: 'Students crack ticket algorithm'

Roger Clarke Roger.Clarke at xamax.com.au
Wed Nov 14 07:34:15 AEDT 2012

Free ride: students crack ticket algorithm
Ben Grubb
Deputy technology editor
November 12, 2012

A team of university students in Sydney have cracked the secret 
algorithm used on Sydney's public transport tickets for buses, trains 
and ferries, which they say could allow them to print their own 

The students - Damon Stacey, Dougall Johnson, Karla Burnett and Theo 
Julienne - presented their research at the Ruxcon security conference 
in Melbourne last month but did not name the organisation affected, a 
common practice for ethical "white hat" security researchers not 
wishing to do damage to an organisation.

Since the talk was delivered and reported by specialist IT security 
publication SCMagazine, Transport for NSW has owned up to being the 
affected organisation in an emailed statement to Fairfax, in which it 
said it had met with the group and taken steps to minimise the risk 
of fare evasion. For "security purposes" it said it didn't want to 
provide any detail about what action it had taken or what measures 
were in place to prevent fraud.

In an email interview with Fairfax, Mr Julienne, of UNSW, said he and 
the other researchers took about 1000 used tickets purchased over 
about five years and analysed the data on them to work out how it was 
stored and encrypted.

"We looked for correlations - bits of data that were the same across 
similar tickets, and slowly found enough patterns to work out the 
entire algorithm used to encode the ticket," Mr Julienne said. "We 
have not written tickets, but we are certain that it is possible 
seeing as we have uncovered every aspect of the algorithm."

Mr Julienne said he and the other university students started looking 
at a public transport's ticketing system because they were fans of 
public transport and interested in how the data was encrypted. They 
were also interested in what protections were in place against 
malicious users creating fake tickets, Mr Julienne said.

To crack the algorithm used on the transport system's tickets they 
targeted, Mr Julienne said he and the other students used about $300 
worth of equipment (magnetic card readers and some specially 
purchased tickets), their laptops and a "a few weeks" worth of their 
time at night (a few days of which was full-time work).

"We were surprised at how simple the encryption was," Mr Julienne 
said. "Ideally cryptography should be impossible to crack, even if a 
potential attacker or reverse engineer knows every detail about how 
it is implemented. This system on the other hand is relying 
completely on users not knowing how it is implemented, which may have 
been fine when it was introduced in the early '90s because much fewer 
people had access to the technology required to read the tickets, or 
computers fast enough to analyse the data."

Mr Julienne assured Fairfax that he and the other students had not 
written their own tickets, though was "absolutely certain" that it 
would be possible since he and the others knew every detail about the 

Their suspicions of being able to print tickets were confirmed by the 
reaction from the transport organisation affected when they met with 
it to inform it of their research, Mr Julienne said. "They said they 
were already aware of the potential flaws, but it was a large and 
expensive operation to change the tickets."

In a statement, Transport for NSW said that it was a serious offence 
under the Rail Safety (Offences) Regulation 2008 to travel without a 
valid ticket. "This includes a ticket which has been altered."

It added that the new electronic ticketing system to be gradually 
introduced to Sydney's transport system starting with a testing 
period later this year did not use the cracked magnetic stripe used 
on paper tickets.

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law               University of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list