Sometimes when you are dealing with technology you come across things with little documentation and the source code is not commented. In such cases it can take a significant investment of time and effort to work out how something works before modifications and improvements can be designed and implemented. The ability to reverse engineer and recognise patterns is a valuable skill in any IT guru’s range of skills.
Anyway, in a moment of boredom the barcode at the bottom of one of our Coles supermarket shopping dockets caught my attention. At first glance it might seem fairly random string of numbers underneath the barcode but with a little bit of analysis the structure can be worked out.
What we need is an example docket.
Sample Docket
As you can see, there are twenty digits at the bottom of the docket, specifically 07170631041011070404. These twenty digits are the concatenation of five pieces of information all of which are found on the docket.
At least in my mind, the number at the bottom should be unique enough to distinguish this voucher from others and one simple way to do that is to include a timestamp. First thoughts may turn to the date on which the docket was generated which was 10/10/2010 (a pattern in itself) but there doesn’t appear to be anything that matches it in the voucher number. However, if you look closely, you can see that the eleventh to sixteenth digits in the voucher number (i.e. 101107) could date in yy/mm/dd format (i.e. 2010/11/07) which would correspond to the expiration date of the voucher.
So then we turn our attention to the first to tenth digits. If we look around the docket we can spot that the first four digits (i.e. 0717) match the store number at the top of the docket. Immediately below the store number on the docket is a receipt number (i.e.3104) which can also be found in the seventh to tenth digits.
So what about the fifth and sixth digits in between?
At first glance it might not jump out at you but these two digits correspond with the register at which the transaction was processed in the store. In this case “06” corresponds with register six.
So what about the last four digits?
This actually had me stumped for a bit. At first I thought they might be check digits or a hash against the rest of the voucher number to protect against forgery and provide validation but this didn’t turn out to be the case. All of my other voucher had the same four digits (i.e. 0404). In order to compare, I found an expired special offer voucher to try and determine the correlation.
Expired Special Offer Voucher
One thing that is special about this voucher is that it offers ten cents off a litre instead of the usual four cents that you can obtain at the supermarket. This seems to correspond with the last four digits being “1010” on the voucher and “0404” on the regular vouchers generated at the supermarket checkout.
So now that we’ve mapped out the entire barcode, what does this mean for the average consumer?
First, it gives Coles the ability to uniquely identify each customer as the combination of the store, receipt and register numbers provides enough unique data to prevent duplication or overlap of numbers. Coles would also have the ability track your voucher redemption at the petrol station back to the point of purchase that generated the voucher. Furthermore, Coles would be able to link all of your transactions at the supermarket back to you based upon the credit card used to pay at the checkout (if used). Of course, there would be legal issues in retaining your exact credit card number as a unique identifier as it would contravene but a way to step around this would be to use a one way hash of the credit card number. The use of loyalty cards could also enable the ability to track customers across different credit or debit cards.
In terms of validating the vouchers upon redemption one could ponder upon the implemented sophistication. The expiration date is included in the voucher number which could easily be checked at the petrol station almost instantaneously. However, as to whether or not the redemption status for each unique barcode (either at the same petrol station or elsehwere) is validated at the petrol station remains unclear. One could come to the conclusion that they are not given that the voucher needs to be surrendered at the petrol station. This could also be backed up by the fact that special vouchers (such as the ten cent per litre voucher mentioned earlier) have identical barcodes across up to two hundred thousand vouchers.
Anyway, it’s amazing how a little reverse engineering can lead you down a rabbit hole – it’s just one of the things that I love about information technology.
5 comments
Skip to comment form
Very cool! Nice bit of detective work!
Heh, I figured it out after staring at several Coles vouchers for 5 minutes. Coles are now doing 8c discounts and it was a bit obvious when the last 4 digits changed from 0404 to 0808 (plus the evidence on your website that a 10c discount is 1010); is this a case of dial-your-own discount?
Also for real reverse-engineering we should use crowdsourcing to collate a list of all the Coles stores and their 4-digit store ID.
Finally it’s scary that each use of a docket identifies an individual customer.
In case you were wondering, the 0404 and 0808 and 1010 is not a simple duplication of “4 cents per litre”.
It is actually 04 cents off “per LPG litre” and then 04 cents off “per Petrol litre”.
I know this because as a checkout operator, when we manually generate these discount dockets, it asks us how much cents discount petrol, and how much cents discount LPG
Author
Thanks for the inside information 😉
Nice work, I’ve fiddled around with this and woolies, woolies does not use any tracking of printed reciepts so you can duplicate all you want as long as you have a suitable printer (thermal). We have a thermal bluetooth unit. I print one off from my phone each time a need a discount.