Comment by CYR1X
2 years ago
It's piracy in a way that's analogous to ripping like Netflix content. You are breaking away from DRM which is piracy. They also cite the potential to have multiple tokens valid per one ticket which would let multiple people get in with the same ticket.
I doubt the second bit is true - they will still be marking the ticket as used in their backend.
They are just trying to prevent scalpers printing off tickets 10 times and selling them outside the venues as a scam, which happened at every large concert I have ever been to until recently (so I assume this is working!).
You would hope... But they often run the scanners in offline mode (e.g. at temporary / seasonal events) so there can be lag in the backends being updated.
Heard from a friend who got straight into two events in the same city recently - they presumed the show was at one outdoor venue but the scanners let them straight in at the first (wrong) venue. Went to the correct venue and got in there without any issue too (this suggests one or both venues were offline or using offline scanners).
Hm. So I guess at a small venue that has 3 door people with offline scanners, you have a 2/3 chance of success if you're the second of two people sharing a barcode. Combined with the obvious 3/3 success being the first person, that averages out to 5/6 chance if both of you (oblivious to each other) schedule your arrival similarly.
1 reply →
not really offline but someone who works in industry here once detailed out that each scanner has it's own copy of a SQLite database that is being updated as fast as possible based on inserts of other scanners since any downtime is a big deal at these venues
i.e., theoretically duplicate tickets would be identified but not instantly but still pretty quickly
> they will still be marking the ticket as used in their backend.
I assume that's true, but it makes me wonder how their scanners are connected to the server.
I mean, if 10,000 people showing up to an event with smartphones overwhelms wireless networks, wont that also kick their scanners off the network?
They'd probably like to have a system where, if a scanner loses its connection, it can still validate tickets. It could store a copy of validated tickets locally, and upload it when the network connection is restored - that would mean a copied ticket would have to make sure they go to a different door/scanner. But it would allow copying.
Simplest answer is a private wifi network for the scanners.
3 replies →
I have no idea what connectivity options are available in current scanners, but it sounds like a viable solution could be to use an RF band that customers don't overwhelm, similar to wireless microphones perhaps, with a little hub situated nearby that consolidates the list of already-scanned tickets, possibly standalone or possibly on a wired network that includes other far-away entrances.
1 reply →
900mhz networks like halow or even lorawan should do
Even at huge venues i dont expect requests would be over 5 rps
4 replies →
I'd argue that a few extra people sneaking in on the same ticket (assuming this is even possible) is more like sharing your Netflix credentials than ripping Netflix content and having it be shareable with the entire world.
You're also walking into a stadium/concert in plain view of security cameras, so the stakes and deniability are different as well.
Not a lawyer, but "subverting DRM" (even if it's trivial or really stupidly designed) can be a crime in and of itself in the US under the DMCA. There are a bunch of exceptions to this, so I have no idea if OP's work is actually illegal.
Security researchers are an exception, but the title of "security researcher" is undefined
Now this is f*cked up, isn't it?
It would be DRM if the barcode was copyrighted material, which it isn't.