I was returning bottles today when my hacker instinct kicked and I began to think hmm… I wonder what makes this machine do what it does. If it is programmed in Java or C could I make it do weird things? I know a little about Java and I know that many things (TV remotes, car batteries, etc) are programmed in Java. Let’s say that the machine was Java programmed. How does it read the barcodes on the bottles? Does it scan them and they have some hidden code inside them like they are worth 5¢ or something like that? So, in theory, I could write some code, print it to a barcode, paste the barcode onto a bottle and make it write things on the screen or turn on and off or drop money, right? Not that I would make it give me money. I don’t like stealing. Anyway, what do you guys think?
I don’t know how the code actually works, but most stores only accept returns of a brand they sell there (e.g. you can return Coke almost anywhere, but if you buy a more obscure brand, you would likely have to return it at the same store you bought it at). My guess is that they would check the barcode against a list of brands sold in the store, if it matches up, add $0.10 (or however much a bottle is worth in your area). Also, I doubt they track “Bottle A is worth $0.10 but Bottle B is only worth $0.05” – everything is the same value, so it just counts how many you turned in and applies a multiplier. If that’s true, there’s not much chance for an exploit, unless you want to print out hundreds of barcodes and feed them into the scanner.
That said, that’s mostly just guesswork, and I’m not an experienced hacker, so feel free to take that with a grain/pile of salt, and hope you figure something out. 🙂
(Also, take care to note bottle return limits – in my area, at least, most machines have a limit of $25 per visit.)
I’m thinking that rather than crossing it with a list, the barcode has a list of stores that it is accepted in and if the machine doesn’t see itself on said list, it will deny it. You are correct, it would end up being a game of trial and error but if I could get a chance to see the inner workings/code of the machine, it would not be a problem. I could just go from there. But you are correct on probably everything you said.