A friend of mine in college did this, but it was even simpler- there was no barcode, just a number that increased by one for each ticket sold. He went the entire year just making his own to avoid paying $3 per day. Just take the last three days tickets, increment by the average difference, print and display.
When they caught him (he parked in the wrong lot or something) he admitted everything, paid $80, and offered to help them catch others doing the same thing.
He told them to change the end-of-day expiry time to 1 minute earlier than normal, tow everyone with a ticket that expires at the usual time.
This brings back memories of similar collegiate petty scams. There was a year where I was working evenings and commuting to college during the day in my barely-running Cavalier. Money was not abundant. Thankfully, even though the distant parking lots charged us commuters quite a bit for day passes, they used a system with "hang tags" that you put on your mirror.
Each tag had a row of 12 "bubbles" and another grid of 31 "bubbles" covered with the silvered scratch-off stuff you find on lottery scratch tickets. To use one of these daily tags you would scratch off the bubble corresponding to the month and date you were parking.
I soon realized that the parking attendants weren't very observant and between that and the windshield, you could use one of those silver paint pens to "refill" in the bubbles after they had been scratched, use a fine-tipped Sharpie to draw the number back on the re-silvered bubble, and scratch off the next day.
Can't remember how long I did this and I seem to remember eventually getting a ticket but it was right around when my car finally died and the year was almost over. Either way, I could usually get a week or so out of those daily passes before a stray mark or penmanship error would ruin a tag and I'd have to start a new one. I'm pretty sure I got at least $50-100 worth of parking out of my little scam though.
Not proud but hey...I managed to graduate and not starve so, bonus!
I refused to buy a college parking sticker. I pay tuition to go to the school, why do I have to pay to park there? Luckily, I was a night student, so I would park in the visitors parking and set up my classes so I would get out at about the same time the night crew got off (something like 9pm).
I even spent a couple semesters waiting in the parking lot an hour after class. I would read a book, program, or study for that hour.
Once I was late, and visitors was full, so I parked in the regular parking, which promptly got me a ticket. I didn't pay, and they eventually sent the ticket to my address. I called the school and told them I wasn't responsible as I had sold the car to another student, and it was their ticket, not mine. They bought the story and removed the ticket.
Think you got that backwards, considering those with cars are the ones paying extra fees (+tickets), thus subsidizing the rest of the students for whatever the college spends the funds on.
Second statement needs a source, and regardless it isn't a valid reason. Colleges don't decide how adults live their lives.
"A 1996 survey found that commercial parking operating expenses average about $500" per year. Construction costs Dallas $13,281 to New York $20,326 av $15,552. http://www.vtpi.org/tca/tca0504.pdf
However, opportunity costs bump that as for example it lowers the density of the area.
> I pay tuition to go to the school, why do I have to pay to park there?
Because "parking a car on campus" and "receiving an education" are different and only tangentially related things; maintaining parking spaces for people who want to do the former is an expense that is not born in accommodating the people who do the latter without the former, so those who wish to do both should pay more than those who wish to only do the latter.
I disagree. My school had a gym that was "free." It was "free" because it was included in our school fees.
"Going to the gym" and "receiving an education" are different and only tangentially related things; maintaining gym facilities are probably much more costly than maintaining a parking system, even if you include "meter maids."
If the school is able to maintain an entire gym, ripe with an indoor track, basketball court, swimming pool, not to mention the (non-free) classes that go along with it, without charging those who take advantage of such facilities (or, put another way, subsidized BY those who do not take advantage of such facilities), I think the school could do without charging students for parking. Visitors, sure; but students?
And there are plenty, plenty of services that schools offer for "free" because they are included in the tuition, that many students don't "take advantage" of (read: don't need/want).
For me, I'd like to be able to curate the benefits I get from the school. No, I do not want to get free condoms from the health center, but I would like free parking. I do not smoke so I do not need free nicotine patches, but I would like to go to the gym.
Of course this is a life long in my past, but it still irks me how many students are forced to learn how to game the system like this because they have to pay for parking. Perhaps not forced, but sometimes it's just not financially feasible for a zero-income college student to pay $9 a day to park on campus.
A much simpler "hack" occurred to me recently. Suppose you wanted to store your car for a long time in a gated garage that also holds ZipCars.
Drive your car in and take a ticket as normal. When it's time to leave, book a ZipCar for one hour. Grab its parking pass and use it to exit the garage with your car. Park on the street nearby, walk the pass back to the ZipCar.
Are there typically countermeasures in place for this? Match the pass to the license plate with ANPR? Don't allow an exit without a corresponding entrance? Sucks for the next person to use the ZipCar. But how will they know it was you? Are video archives good enough to find the plate associated with a particular card swipe without a ton of manual effort?
(Assume you're trying to store a car for a month or more. At a fairly normal Chicago visitor parking rate of $25 for 2 hours, that would cost $9,000.)
There are protections to this type of abuse in just about every comercial parking system -- so much so it is not even listed in advantages/features for most of their marketing materials. It is commonly refereed to Single Entrance Gate or Stateful Egress; basically the card is tracked in a stateful database and is either in use (it has been used to enter but not yet to exit) or not in use (it has exited since its last entry). If you attempt to use the card for entry when it is in the "in use" state it will deny and log the action.
Edited to add: For the next common "game" on this line "why dont you just walk past and card swipe exit" you will note the cameras positioned at the card terminals at all of these lots for this issue. Basically they will have a record of: your license plates for the entry/exists (the sipes and video systems have timecodes that can be matched) and of your person walking by on foot to trigger the exit state.
> Are there typically countermeasures in place for this?
The cost of the zip car + the hassle of booking the zipcar, walking from to it to grab the card, driving your car out and finding parking, then walking back to the car.
I would emphasize that this method requires finding parking outside the parking garage. Around where I live, that could be a long walk back to the garage (and paying a meter...)
Eventually, somebody would notice the car there and remove it by tow truck. Most garages need parking passes or have assigned numbers or something. When someone complains is usually when someone gets towed.
One of the Dr. Dobbs editors made the following confession years ago in an editorial, when Dr. Dobbs was still published on glossy magazine paper. (According to the text, the statute of limitations had already run out.)
When faced with the situation of working on a mainframe at city hall, but not being issued a city parking permit due to bureaucratic oversight, he came up with a solution in code. It just so happened that the system he was working on issued the parking tickets, so he just added conditional logic to detect his name, then deleted the ticket! Problem solved, and no bureaucratic runaround to solve it!
The checksum algorithm they used will only produce 73 different checksums (00000000-99999999: 0-72) - and all of them even. There is space for 9999 different values.
Tips to improve:
f(x) = ( x * secret) mod 1000
- mod 10000 instead of mod 1000 (as mentioned in the article)
- make sure the 'x' varies between 0-9999 (e.g. by splitting the number in half and adding the parts 03001909 > 0300+1909 = 2209)
- make sure the 'secret' is larger than 10000 and non-divisible by factors of 10000 (2 and 5) (e.g.: 54321)
It is probably just a barcode checksum/error code, otherwise they wouldn't have to rely on the values of the first 8 digits. Instead they should generate 4 random digits and store them in the database along with other information, then it basically works like a pin number (and xor it with a proper checksum).
Edit: If it is really a checksum, it is a crappy one.
A lot of symbologies support some kind of modulo check digit. It's mostly there to detect erasure and substitution errors, because those are relatively common errors in decode. A modulo sum is better than nothing, considering that each additional digit increases the length of the barcode. If you're length-constrained, then adding more check-data is a difficult trade-off between stronger protection and smaller module size, meaning that you could add so much data that the barcode becomes too dense to print or read.
A secret larger than 10,000 is not useful -- since the multiplication is mod 10,000, the first digit of the secret could be ignored anyway (54321 = 5 * 10000 + 4321 === 4321 mod 10000).
I'm sure this will be a big hit with the legitimate purchasers of the tickets to which those barcodes were assigned... who will find them mysteriously invalid when presented.
A really simple "hack" of a car park with an entry barrier that issues you a ticket is that you can usually exit the car park with an unpaid ticket if it's under 10 min old. So just get a new ticket from the entrance when you want to leave.
They do this so you can get out if there are no spaces.
I haven't done this myself and don't condone it. You will probably get in trouble and it's not nice.
Getting a new ticket from the printer before the barrier will be hard if your car is inside the car park. Often the ticket printer will only work if it notices a large metal object (such as a car) in front of the barrier.
In Santa Barbara all of the parking lots downtown where the bars are had attendants. This was before people credit card machines allowed lots to be open 24/7. Anyways, most lots had the entrance/exits at the same location so if someone pulled in to get a ticket and then backed out the attendant would notice. One lot had the entrance all by itself on the opposite side of the lot, blocked by some trees. I have many friends who would go out for a night on the town and then get someone to drive them back in the morning, pick up a ticket without entering, then leave using that fresh ticket.
Interestingly, I find that on my bicycle I can trigger the sensors in roads (which in the UK seem to be marked by a line of tar, where the sensor has been cut in and sealed up) by angling my front wheel directly along the line - my belief is that it gives a pretty strong signal because the rim of the wheel is a lot closer than a car would be even though they are a heavier chunk of metal (inverse square relationship). In fact my impression at one place I worked was that the sensor gave a stronger signal doing this as the barrier to get out went up quicker for me than it did for cars. I have extrapolated this belief and also believe that the sensors that detect vehicles before traffic lights also give a stronger signal when the rim is close by and the lights choose to turn my way quicker as they think I'm a bus. I can't really verify this though, because I only ever travel by bicycle.
Anyway, I guess motorcycles are not quite as maneuverable as a bicycle, so would find it harder to trigger the sensors in this deliberate way.
The trigger for lights in the states is electromagnetic. A lot of bikes don't produce enough to trigger so placing a magnet on the frame below the bike helps get you through the lights quicker.
When I parked my motorcycle in the garage at my old job, occasionally, the mechanism did in fact fail to "see" my bike so the low tech solution was that the attendant had a hunk of metal with a handle that he/she would set on the pad when the gate failed to open for my bike.
I think this will not work with most of good systems. As there are inductor loops or sensors at the gate(ticketing machine) . Which sense a vehicle and then allow allow the machine to print a ticket. You should check your hypothesis.... But m sure there r weaker systems which don't have these checks
This reminds me of the guy who was caught a few years ago for putting homemade UPC stickers over the printed UPC symbol for expensive LEGO sets so that they'd ring up as inexpensive LEGO sets.
After the felony fraud charges, he would have been better off just shoplifting the sets instead.
Wasn't there a site years ago that hosted images of bar codes for just about any common item sold at chain stores? I seem to remember the idea being that you could just print out something with a lower price that's still believable and stick it on the item before checking out. The idea was that if anyone caught on, you would claim ignorance and apologize.
From what I remember this didn't work out well for anyone and was handled as you might expect. I'm definitely not someone who would try to give himself a $500 discount on an HDTV but it got me musing about the scam when it crossed my radar. It always seemed to me that in order to be worth the risk and hassle you'd have to do it on a scale that dramatically increased your chances of getting busted. Like you couldn't give yourself a big discount (obvious at checkout) or give yourself lots of little discounts (more chances to get noticed) so aside from the "heehee I found a dirty trick" aspect, it seemed like kind of a terrible scheme (not even counting the fact that you're engaging in fraud).
Related, this is why manufacturer's coupons have changed in the last few years. It was previously possible to create a manufacturers coupon barcode for any UPC that would represent one of the standard discounts before GS1-128 including Buy 1 get 1. The new GS1 barcodes encode much more data that allows better fraud protection.
Car parking is unique because you can always (well ok with certain exceptions in some countries) connect it to a licence plate and thus to the car owner. Where I live the car owner is (again with some exceptions) held responsible, even if he did not drive - or he gives up the driver.
Over a summer I lived in "intern housing" at a university in the DC area. They wanted $150 for parking for 2mo, yeah, nope. A little bit of research told me that the parking services were a separate entity from the school and that the school would put a hold on my student account and transcripts if there were unpaid charges. I also found that they supposedly boot you after 3 tickets. Tickets are $100 minimum and go up by $50 for every unpaid 30 days. As someone who never took and classes from them they didn't have much leverage over me. I just pulled my front plate, got a few spare plates from the junkyard and slapped one over my real plate when I got home for the night making sure no one plate had more than three tickets. For ~$3 day it was well worth the hassle. They're still sending me notices every two months about my unpaid fine for the one time they ticketed me with my real plate.
Seriously, the easiest way to abuse (private) parking systems is usually to make them write the ticket to a plate that doesn't come back to you.
Another "hack" was that the parking gates at most public garages in the DC area had a rubber sweep on the bottom and were tall enough that most 90s compacts could squeeze under if you retract the antenna, saves about $6 per usage.
So instead the previous owners of those plates get a bunch of tickets and or credit collections sent after them..? For $3/day. But I guess it isn't your problem...
That's risky because they may be able to look up your car by VIN. You'd probably need to randomize it by parking in different locations every day, hoping that you get different meter maids who wouldn't recognize your car. Your car would also have to be so generic in appearance (not just model/color but also condition) that it didn't stand out.
My truck was anything but generic. I got tailed by the campus pigs (I'll call them that because that was my experience with them) and stopped several times for no reason (and let off with a "warning" because whatever I had done wasn't something one normally gets cited for, they basically wanted to check my papers and see who I was) because my truck was a decade too old and and several tax brackets too low to be common in that area. They always seemed to see me like I was some tweaker who might steal and scrap their aluminum hand rails to get my next fix.
I figured out that parking way out back significantly reduced my chance of being ticketed. More than once I saw the parking services truck drive up and down the rows making sure everyone had something in each windshield, not actually scanning them. This was during the summer so there was always parking available and 90% of the enforcement I saw was during the first two weeks when everyone moved in.
The permits were a paper with a bar-code displayed in the center of your dash (students got ones that hang from mirrors). I thought of just putting a piece of paper there but I figured any attempt fake would piss them off. The policy was worded such that it made it sound like you only got booted after three UNPAID violations so I think what was happening was that when they put each new plate (all three I used were from the same state) into the system it didn't tell them to boot it because no plate had more than three citations on it. I got six tickets over the course of the summer. Two, two and one on junkyard plates and one on my real plate.
Parking in the same place with a ticket under your wiper would probably work for awhile too.
When I looked on their online parking pass system I don't recall a way to input a VIN so I assume they didn't record it, just a photo that includes the plate and a description.
Like I said, I wouldn't do this somewhere that the municipality does the parking enforcement.
I think he is forgetting that the barcode is generated and exits not in a silo but with knowledge of a controller. I would be amazed if the system did not both track the barcode creation and exit events and trigger protocols on any outside system event.
Print out your card at home, park at lot, scan to checkout, your barcode is in one of three states: 1: Not valid because it has not been issued by the controller, 2: Valid and first use (you left before the other car on the lot with the duplicated barcode has exited), 3: Invalid because it has already been used on exit (the duplicate barcode has already left the lot).
In what scenario given an active controller that is not braindead would this give you any kind of advantage? You are more likely than not going to be in a situation where you trigger an alarm on exit.
Over my summer interning in NYC I found even weaker vulnerabilities with the the NY Waterway ferry's e-ticketing system. Trivially cost can go from greater than $296/month (for some routes) --> $0. Fortunate for those who instinctually think of weaknesses in systems.
The calculation the author wants is
that is equivalent to that is equivalent to The standard method is to solve this first for 1 instead of 642 and this can be solved with the Extended Euclidean Algorithm: https://en.wikipedia.org/wiki/Extended_Euclidean_algorithm(But in this case, and with a computer, it's easier the brute force solution.)