Two students find security bug that could let millions do laundry for free - eviltoast
  • uis@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    6 months ago

    Meaning I could either back up and rewrite a $20 card forever, or rewrite the balance to having FF credits or whatever.

    As you can guess, checksum is stored somewhere. And that somewhere happens to be card that was just dumped.

    • Excrubulent@slrpnk.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      6 months ago

      Yeah, but you’d need the algorithm. It could be a hash of some kind, and if you don’t know what kind of algorithm they’re using you can’t replicate it.

      EDIT: Oh, I see what you’re saying. You mean you could simply rewrite the original card value back over it forever. That’s actually quite clever, and it would work even in case the card was completely encrypted.

      Actually that means this is trivial to beat I think.