I worked in retail many years, including doing store shelf tear downs and replacement and night shift stocking.
Back in the day we would get our planograms from HQ, then we’d print out all the labels on perforated paper, and walk the shelves moving product and updating the price tags, throwing out the old. The epaper tags are very clearly an improvement to that process in both time and waste. We would also check the prices using a Motorola price gun and do our fixes manually and then print out new tags or update the counts.
I’m surprised these tags are just IR blasted with no security. I would have expected they’d need some sort of code and you would simply save the code on your gun, pop a tag in front of a product, scan the product, then pair the tag all on your price gun in like 3 actions.
I also would have thought in these days we’d use Bluetooth beacons to triangulate the shelf slot too so that HQ could have a realtime map against their planos (it was not uncommon a product’s size would change and the layout would have holes or products that don’t fit on your real shelf).
Anyways, neat project! Triggered a walk down memory lane for me.
Previously, a criminal could just print their own shelf tags. They'd probably do this somewhere other than in the store to get the details right, but it was doable. (We've all probably seen rolls of blank shelf tags sitting around at the store, and thermal printers are inexpensive. So what if it's two crimes instead of one?)
And then, in the store, they could just switch out the shelf tag(s) and try to play their little scam.
Now with this new development, a criminal still needs to get the details right. Like a blank paper tag, the little screen is also a blank slate. It's just eraseable and rewritable in-situ.
The scam is the same. It's just shaped differently.
---
I do understand why the tags are simple to write. Maintaining some kind of revolving, PKI, or multi-factor auth would be harder than doing nothing, and probably slow. Fixed, basic auth would just get leaked (probably first by Home Assistant tinkerers who find some discarded electronic shelf tags somewhere and want a new display for their house).
One-way jnfrared is cheap and low-power compared to anything with RF. And resets would be a pain in the ass if things were forever associated with a certain product, or a certain place in the store.
The way it's implemented now, on reset (yay new planogram!): All the tags get pulled and put in a pile.
And then: One by one, they're removed from that pile, put on a shelf, and programmed.
That's fast and flexible, and therefore inexpensive. Inexpensive is good. If there's one thing that all retail establishments hate most, it is their labor expense.
It does fail to prevent obvious-scam from happening. But it'd probably cost more to do it "right" than to eat the losses when the scam actually works.
> Fixed, basic auth would just get leaked (probably first by Home Assistant tinkerers who find some discarded electronic shelf tags somewhere and want a new display for their house).
You know what, that is a great idea for a project of mine, where I want to display outside temp and weather forecast in the hallway next to the wardrobe. I have been musing about it for a while now: how to make it small and not stand out, how to handle power delivery, etc.
I was already leaning towards eink, and if I can get one of these price tags cheap plus hide an IR blaster in a corner that would be ideal. All controlled by Home Assistant of course. I'm going to search the usual Chinese online marketplaces tomorrow.
> Previously, a criminal could just print their own shelf tags.
Between your 'previously' and now is a period of at least two or three decades, where shelf tags have only be for your information in the store, while the real price came from computerized POS-Terminals with attached barcode-readers. Which of the two has priority for the customer may depend on country, law, store policy & good will.
Furthermore stores are completely cam covered nowadays, so much luck with being seen fumbling with your gadget in front of that label, or being seen on 'tape' putting another one over it, or things like that :-)
I’m sorry but this entire premise is dubious at best hilarious at worst.
I’ve worked retail on and off for a decade and been friends with AP in most places and no one has ever mentioned this happening. Never been told to watch for it, or heard a rumor about it from another store.
Yes it does, unlike before, a shits-and-giggles attacker could change all the tags in an aisle into "you're gay" without showing anything on surveillance cameras.
He wouldn't gain anything but the store would lose.
Just recently I was in a small shop where I was surprised to see epaper tags and ended up talking to the owner about them. She said they were super flaky and would reset at random. Agter that interaction I am not at all surprised a flipper could mess with them. But I also have not seen them widespread at the physical outlets I shop at.
I was in college when self checkout became a thing and it took us all of about 45 seconds to realize that you could just check everything out as bananas. Steak was weighed and priced at 4011 (banana code) as the stoned teenager cashier paid no attention. Everything on the receipt was literally Bananas
That's crazy. But coming from someone who wrote a book on retail fraud and worked as a retail fraud analyst for several years... you could have just walked straight out with those items.
Transacting was your way of leaving a calling card for the investigators/analysts to find you... You stole regardless of how you did it.
The visual risk of walking out without paying is much greater than the risk that anyone actually investigates AND tries to track him down for it.
Back when I was a kid it was common to still just have simple price tag stickers on every single item. We’d pull off a cheap sticker and put it on an expensive item. If they noticed, we’d just shrug and say “oh Nevermind then” when they found the right price.
The only problem was most cashiers actually knew all the prices of stuff and paid attention, believe it or not they even knew how to make change back in those days /s. So you couldn’t always get super aggressive.
I was of the impression that, in our golden age of individualized surveillance, merely interacting with the kiosk was enough to leave a facial-geometry calling card these days.
I feel like I may have heard this from one of those Illinois BIPA class action suits [0], which reliably have a whiff of crackpot to them from a technical perspective. But it surely seems an obvious enough sort of application…
Seriously. Especially since self-checkout is almost always with a card tied to your identity, not cash.
Depending on the value, the police probably aren't going to show up at your address, but use that card again at the store in the future and you might find the security guard coming over. Or, like many stores, they wait for you to do it repeatedly until it adds up to enough for a felony instead of just a misdemeanor, and then they bring felony charges...
The stores have cameras. Likely someone is well aware those weren't all bananas, and has it on video.
I know people who regularly stole this way. They would usually work in pairs and one would leave a full cart near the exit and the other would walk out confidently. Worst case they figured they would just act the fool and either leave the cart or pay. Irked me that they did this but not enough to rat. I bet these days doing that with any kind of regularity would have you starring on much higher quality film.
This gives the ability to use the excuse "I didn't know how to use the machine, I thought I used it correctly, nobody ever trained me on this", where as just walking out does not
(Not a lawyer, I'd imagine you know better here than I do)
I think the point was that they COULDN'T have just walked out with them, BUT, by learning then going through the motions of a typical check out this A+++ hacker was able to bypass a normal security layer.
if a store does not want to hire capable staff to perform an essential function, they should not expect laypeople to perform that action for free (or at higher cost, as we've seen with grocery prices in the US as human cashiers are reduced) at the same level as a trained staff member.
we do not have to accept this decision to reduce staff and raise prices as a matter of course. plus, if you see somebody stealing food, no, you didn't.
Yesterday I went to Walmart, and at the self-checkout the system quirked out and an attendant came by. She reviewed some sort of draconian overhead cam video of me trying to locate a tag out for a product to scan. Gave me "guilty until proven" innocent vibes. Are these systems actually effective?
Hey, something I'm somewhat qualified to answer! So, yes, these systems are actually effective. The systems and procedures are designed to look low key, but essentially perform PRISM-like mass surveillance behind the scene. These systems are managed by former US IC personnel.
What happens is that your identity is tied to these purchases and after a certain threshold you get flagged as a thief, essentially. At that point, you will get very increased attention (via checkout, purchases, and floor walkers), and after another threshold, will be trespassed and/or prosecuted.
But, you'll probably get away with a banana or few before you trigger the loss prevention threshold.
The self checkout at my preferred grocery store (Hy-vee, an upper midwest chain) has started using these overhead cameras to confirm that you're purchasing everything you ostensibly have in your cart. Except it always flags us for the Starbucks drinks we're carrying (Hy-vees usually have a mini Starbucks shop inside them). More annoying though is that it flags us for the 5 gallon water jug refills that we manually punch into the self-checkout kiosk, because the surveillance system isn't satisfied unless the heavy ass jugs of water leave the cart, slide across the scanner and then get placed in the bagging area – anything else is possible theft.
All this has done is train us to keep the carts out of the camera's viewing angle. It doesn't care if you keep pulling handfuls of groceries out of hammer space, as long as there's no cart in the frame.
I'm in Australia but similar sounding system is in operation at our two major supermarkets.
I scanned a drink, heard the beep, put it in the bag. I scanned a loaf of bread, heard a beep, put it in the bag.
Now, instead of the typical "Unexpected item in the bagging area" it now shows the overhead replay and locks the system out until an employee comes over to review.
Combined with their exit gates that don't open if they think you've not paid for something, and cameras that track you through the store it's feeling very unfriendly.
Sam's club has 'the arch', and one time when I did self checkout I did miss an item (thought I scanned it and I didn't apparently) and so far that's the only time they've actually checked the cart, the rest I was just waved through.
So seems pretty good. Obviously erring on the side of having an employee double check makes sense when their profit margins are generally single digits. One missed tshirt means they lost money on your $300 cart.
IANAL and this depends on the jurisdiction, but in many places, the penalties for shenanigans like these are far steeper than for outright theft, as it's considered to be financial fraud.
Some retail chains, of which Dollar General is the poster child, have one price displayed on the shelf and a different, much higher price at the checkout register.
Links:
> Missouri Attorney General Andrew Bailey has filed suit against Dollar General, claiming deceptive and unfair pricing at its more than 600 retail stores throughout the state. The lawsuit alleges that Dollar General violated Missouri’s consumer protection laws by advertising one price at the shelf and charging a higher price at the register upon checkout.
> The joint investigation revealed that “92 of the 147 locations where investigations were conducted failed inspection. Price discrepancies ranged up to as much as $6.50 per item, with an average overcharge of $2.71 for the over 5,000 items price-checked by investigators.”
> All told, 69 of the 300 items came up higher at the register: a 23% error rate that exceeded the state’s limit by more than tenfold. Some of the price tags were months out of date.
> The January 2023 inspection produced the store’s fourth consecutive failure, and Coffield’s agency, the state department of agriculture & consumer services, had fined Family Dollar after two previous visits. But North Carolina law caps penalties at $5,000 per inspection, offering retailers little incentive to fix the problem. “Sometimes it is cheaper to pay the fines,” said Chad Parker, who runs the agency’s weights-and-measures program.
It sucks that we have to do extra labor and expose ourselves to this kind of legal risk all because a grocery store doesn't want to staff workers. It's not even like they pass these savings onto us...
I saw a video where someone took banana bar code stickers wrapped around a bunch of bananas and put them on the TVs in their shopping cart and then checked out via self checkout.
I predict that self checkout will only remain in the more trustworthy areas…
That video was staged, at Target electronics need to be paid for in the electronics department where there is no self-check out. In addition Target has the best Loss Prevention in the business, including let shoplifters continue until they accumulate enough goods that their crime is a felony.
Every self checkout around here has an employee staffing ~6 terminals. They're supposed to be watching for things like that. Usually theyre just staring vacantly into space, which I get, that job pays nothing and provides 0 mental stimulation.
When you see a TV being purchased, though, it wouldn't be hard to just watch that it in fact got checked in as such.
Systems like Everseen make that approach significantly riskier than it used to be. A live video of you checking out is run through image classification software, so if you scan a steak as 4011, it'll pause the checkout flow and call the SCO (self-checkout) attendant to watch the video of you scanning the item. They then have to approve the scan, at best leaving you publicly humiliated.
At least here, there are randomly triggered checks by shop staff where they have to manually rescan anything before they let you leave. And possibly, those checks are more easily triggered if you do certain very strange things like buying nothing but many separate instances of "bananas' with widely varying weights. Wouldn't be too hard to program a set of rules for the most obvious red flags.
And of course, the area is wide open and well covered by cameras, and usually self-checkout means paying by card or google pay or something, which will tie your identity to the purchase.
Are you me? I also did this at university in Britain circa 2010. I went for onions and carrots mostly. I'd go to the meat or fish counter and get lovely bits of fillet, then check them out weighed as onions.
trust goes both ways. you can be cynical about people who take things without paying, i guess. i prefer to be cynical about the corporations who run and stock these grocery stores with substandard products at artificially inflated prices that benefit shareholders and disadvantage people who need to eat food to live.
Think about blaming the grocery store replacing workers with no one in particular before you blame some college pranksters.
Grocery stores in general consolidating, laying off workers, leaving them without pay/benefits, taking advantage of greedflation, etc., is a bigger drain on society.
That is something you can do in cahoots with a regular cashier and the reason places like Costco check your receipt. The cashier just has to fake scan an item, and nobody would notice. Receipt checking makes it possible to get caught.
There's a tiktok literally floating around right now where somebody sticks a banana band on a cyberpower PC at Walmart and checks out at the self-checkout.
Then the receipt checker at the door checks his receipt and waves him on through.
This was I think effective early on but now there are many systems to detect this "fraud". I say "fraud" because I honestly have zero sympathy for these companies who are doing anything but paying people a living wage to do a job and that goes for Walmart in particular.
I've had opportunity to hear many stories from people who have had largely unintended encounters with law enforcement. Many of these are for "shoplifting". That can be something as simple as forgetting something on the bottom of the cart. Walmart are super aggressive about this and rather than saying "sir, did you forget that thing or not want it anymore?" they prosecute.
Walmart is one of those publicly subsidized companies in the country. They don't pay employees enough so the government gives them food stamps. Those food stamps are largely spent at Walmart so Walmart is profiting on both ends. And then they displace checkout workers with self-checkout and pay for fraud detection systems and when people either intentionally or unintentionally didn't scan something correctly (or at all), they offload the costs of loss prevention onto the state by prosecuting. Walmart doesn't pay for that prosecution. TAxpayers do.
Walmart is a trillion dollar company. The stock has almost 3x'ed in less than 4 years. How long did it take to 3x to that level? About 23 years.
Careful, the law is lenient if you steal from other normal people, but as soon as you steal from the wealthy, try to fraud them, you will see all sort of laws to make sure you are an example to others so they never think about doing the same, but a normal person? Oh well, you should have paid for insurance, or suck it up.
On the other hand, the wealthy can lobby, inflate the prices overnight just because, while also reducing the good weight aka double increase, and you can’t say anything because it’s legal!! It’s a one way “justice” system.
It's interesting how the README.md basically states in every other paragraph how you should not use this without authorization. The term (un)authorized and variations appear 18 times in there.
A lot of discussion about self-checkout fraud, but these tags are only for shoppers' convenience and don't control pricing - One tag goes in front of that SKU on display so you can see the price. At checkout, a barcode or plain old paper tag / printed barcode on the item itself gets scanned and that's where the price is looked up.
You've never been to a grocery store and had something incorrectly 'rung up'? It's happened to me more than a few times and I've never had a problem getting a "price check" and having the item adjusted according to the shelf label.
It's typically in-store policy.
Is Best Buy going to let you walk with a $10 Sony FX3 camera? Probably not. Are they going to fight you over a $10 difference in posted vs look up? Probably not.
From what I remember Connecticut laws used to require retailers to charge the lowest advertised and/or physically labeled price.
Usually the advertised price must be honored, because it may have brought the customer to your store.
For prices displayed on the shelf-label inside the store the law is usually not that strict (YMMV), as a shop-owner can refuse sale on check-out (otherwise I could put a pricetag on e.g. a shopping-basket and the shop-owner would be legally required to sell me the basket...).
Besides, most shops I've seen (in Europe) already moved from Infrared communication to RF (NFC or proprietary), for centralized shelf-label management without handheld devices. So all this study (and the underlying reverse engineering of the IR-protocol) might do is probably accelerate the transition from IR to RF-based ESL...
> Usually the advertised price must be honored, because it may have brought the customer to your store.
This is not the case for groceries in Massachusetts at least. If there’s a discrepancy between the tag’s price and the scanned price the store must charge the customer the lowest of the two: https://www.mass.gov/price-accuracy-information
It definitely varies by jurisdiction, but the register price always loses to any printed price in the US states I’ve lived in. This is a protection since retailers have used pricing mistakes to unfairly profit. Watch your receipt like a hawk at the dollar store[0]
Very much depends where. In QC, if it rings higher than tagged in the store you get the first one for free and the next ones at the lower price. They take it VERY seriously as a result and will take the tag down while they make a new one to ensure nobody else gets a freebie.
Stores hate giving the product away and pricing errors are much lower in my experience.
To me this is about having protocols that are suitable so not anybody can write to these labels without knowing a store secret or using replay attacks.
That law probably wouldn't apply if someone brought their own label printer into the store and put their own price tags on to the merchandise, which is essentially what this is.
Probably mostly dangerous for the user, or are people routinely writing their own price signs in the store and then "buying" it for less? Walking up to the lot at the car store and crossing out some zeros? Don't see how this would be any different.
Back in the day people used to swap/edit price tags a lot. Also making fake coupons with the same knowledge. It was a pretty common and easy form of shoplifting since all barcodes used to do was just encode the pricing/discount information.
Look into openepaperlink. It’s an open source project that integrates with home assistant, and lets you control multiple tags over WiFi with just one device. you can create custom display setups in yaml to show anything you want.
my favorite that I have set up is a tag in my bathroom that shows me today’s weather and chance of rain when im brushing my teeth - I haven’t been caught by surprise in the rain since :)
I use a similar trick with most software. Instead of buying the online one, I get it on The Pirate Bay. These days even open source software you can simply just apply Claude and get a different version.
People online will kick up a fuss about GPL and shit but in real life no one bothers. Shoplift. Close an OSS project. Who cares.
Sometimes I even ride without a ticket. In Europe/Asia especially if you act like clueless American they’ll let you off every time. Done it so many times haha. Some of these places even they will put fruits outside. You can just take extra and hide it. They can’t tell.
One time on drive to Bury St. Edmunds small town in the UK I saw a little farm shop with some sign saying to leave payment there. Zero enforcement. I just took the fruits. No flipper zero needed.
Good life hack. Social hacks like these are not so common but if you’re clever you can get a lot.
It's always funny when people publish source code and have a disclaimer saying "You CANNOT use it for bad!". When is the last time a criminal read such a disclaimer and thought "Oh right, guess this isn't for me"?
Sure, at least the developer can say they did say so, but it doesn't matter. To me it seems more like avoiding responsibility. You published the tool, and by doing so you changed the world, even minutely, and in ways you cannot predict.
As hackers we bear the responsibility of tools we publish. Even if you believe knowledge is the most important and that everything _should_ be published, we should at least be well aware of the consequences. Great power, great responsibility.
I think it’s trying to demonstrate intent. “This is cool and hacking is fun” vs “Here is a tool to do bad things”. I don’t think it would much protect you from consequences, but it can change perception of the intent of the project.
Hardware stores sell chainsaws. There might be a disclaimer about proper usage or safety guidelines or some such, but you're right... someone who intends to use something to commit a crime, will do so regardless of the text asking them not to.
Who do you think feels the effect of fraud/theft at retail stores? The "rich" owners feel a little of it, sure, but they have a proven strategy for keeping their profits up by reducing costs: fire employees and make those who remain do more work for the same pay. So you think this is "not actually a bad thing" because you're screwing over <insert big company here> but really you're just screwing over the workers.
Presumably they want nobody to ever publish or even explore "bad" things.
Because as we all know, if something "bad" is possible, but no one has published a GitHub about it, no one will ever be able to do the bad thing! Society is saved at last!
I wonder if since IR is invisible you could theoretically, in an intellectual exercise, blast IR light in a room and mass change them surreptitiously if that was your goal.
> Can I change the display of all ESLs in a store at once ?
No. For two reasons:
Unlike radio waves, optical communication must be line-of-sight. Even from wall and ceiling reflections, an unique transmitter has no chance of reaching all of the hundreds or thousands of ESLs in a store.
Each ESL has an unique address which must be specified in update commands. There's no known way to broadcast display updates.
I'm sorry, but I'm so sick of seeing "omg hacker man" mystique surrounding flipper, which is exactly what they want because it drives sales. Ofc you can muck about with open and unsecured stuff...like duh.
But it annoys me to no end when I have reasonably intelligent friends parrot claims like "flipper can clone the nfc in your credit card and you can steal people's money wow much hack!"
kind of a circular argument though? the reasonable definition of "unsecured" is "stuff you can't muck about with". That might change over time as attacks/exploits are developed though.
I still don't think I've seen an actually useful application for a Flipper Zero. It's all just "use this to change store price tags" or "here's how to disconnect all bluetooth devices", but also "don't actually use this, because it would be illegal, this is just for educational purposes"
Beside of how the media often tries to present it, the value of Flipper Zero is not for everyone to "become a hacker with this simple app".
Its value is to provide a standardized hardware platform for (white hat) hackers for probing, prototyping, refining and sharing of security research in the fields its hardware supports (Sub-GHz RF, NFC, IR, and custom external boards via simple Input/Output pins).
Prior to that, everyone who wanted to research e.g. RF security had to either build/assemble something custom or buy much more expensive equipment. This created a barrier to collaborate on research, as everyone had to buy/build the same setup.
On top of that, Person A researching some RF topic selected an RF-transceiver from Company X, Person B used a component and a proprietary SDK of Company Y, so consolidating both work streams for a better foundation for all RF-related research required alot of time and effort from someone, breaking workflows of at least one group of researchers, etc.
In contrast, security research which utilizes Flipper Zero can be reproduced and built upon by everyone. All the work is harmonized on the same Hardware architecture, so it's easy for someone familiar with the platform to dive straight into a new idea without having to build a new breadboard, select a chipset, buy additional probing equipment etc.
There is much better hardware available to security researchers (chameleons, hackrf, and actually research-grade (much more expensive) equipment).
The flipper is basically an Arduino pre built with a bunch of static antennas. It's fine and in a decent form factor, but I really haven't found it useful.
Do you have any links to actual research (not children playing "researcher") done with flipper hardware?
Flipper zero themselves try to present the flipper zero as a device that "hacks things with a button press".
And they love the free advertising they get along the same lines by youtubers desperate for clicks.
Ultimately it just sells more devices. The flipper zero can't "hack" anything. It can only be used as a tool to perform hacking, by a skilled individual who is doing all the work/discovering an exploit.
I'm tired of the "security research" angle when it's all just kids playing with ESP32 deauther attacks presented to them on a silver platter.
I should not have to put up with children going "JUST SECURE YOUR NETWORKS BRO" because they spent $30 on some eBay "maurauder" dongle to be a pissant.
I use mine for all sorts. I volunteer at a second-hand shop so use it to set up remotes for donated media devices, I've used it to run scripts to apply the same changes to many computers that aren't on a group policy via BadUSB, I've used it for toys-to-life games, and very much more. There are plenty of genuine uses if you're cluey.
I use mine as a presentation remote, and as a USB interface for some micro controllers. Sure, I could buy a dedicated remote, or a bus pirate or other programming device, but I already have the flipper, so it suits me fine
This one provides the source and asks you to build it yourself so at least it has some credibility for the "education use only" claim.
I've seen similar things posted on here before that had a binary build only and zero technical documentation. It was really hard to see any kind of research or education value in those.
This right here would be useful once these price tag things start being thrown away. Times change and systems get updated and if you keep your eye out you’ll likely be able to get a handful cheap.
It’s been very useful to me in so many ways, from fob management, to one IR, to rf scanner and other stuff, it’s useful if it fits your needs, just like anything else out there.
I’m very surprised here.
I worked in retail many years, including doing store shelf tear downs and replacement and night shift stocking.
Back in the day we would get our planograms from HQ, then we’d print out all the labels on perforated paper, and walk the shelves moving product and updating the price tags, throwing out the old. The epaper tags are very clearly an improvement to that process in both time and waste. We would also check the prices using a Motorola price gun and do our fixes manually and then print out new tags or update the counts.
I’m surprised these tags are just IR blasted with no security. I would have expected they’d need some sort of code and you would simply save the code on your gun, pop a tag in front of a product, scan the product, then pair the tag all on your price gun in like 3 actions.
I also would have thought in these days we’d use Bluetooth beacons to triangulate the shelf slot too so that HQ could have a realtime map against their planos (it was not uncommon a product’s size would change and the layout would have holes or products that don’t fit on your real shelf).
Anyways, neat project! Triggered a walk down memory lane for me.
It doesn't really change anything.
Previously, a criminal could just print their own shelf tags. They'd probably do this somewhere other than in the store to get the details right, but it was doable. (We've all probably seen rolls of blank shelf tags sitting around at the store, and thermal printers are inexpensive. So what if it's two crimes instead of one?)
And then, in the store, they could just switch out the shelf tag(s) and try to play their little scam.
Now with this new development, a criminal still needs to get the details right. Like a blank paper tag, the little screen is also a blank slate. It's just eraseable and rewritable in-situ.
The scam is the same. It's just shaped differently.
---
I do understand why the tags are simple to write. Maintaining some kind of revolving, PKI, or multi-factor auth would be harder than doing nothing, and probably slow. Fixed, basic auth would just get leaked (probably first by Home Assistant tinkerers who find some discarded electronic shelf tags somewhere and want a new display for their house).
One-way jnfrared is cheap and low-power compared to anything with RF. And resets would be a pain in the ass if things were forever associated with a certain product, or a certain place in the store.
The way it's implemented now, on reset (yay new planogram!): All the tags get pulled and put in a pile.
And then: One by one, they're removed from that pile, put on a shelf, and programmed.
That's fast and flexible, and therefore inexpensive. Inexpensive is good. If there's one thing that all retail establishments hate most, it is their labor expense.
It does fail to prevent obvious-scam from happening. But it'd probably cost more to do it "right" than to eat the losses when the scam actually works.
> Fixed, basic auth would just get leaked (probably first by Home Assistant tinkerers who find some discarded electronic shelf tags somewhere and want a new display for their house).
You know what, that is a great idea for a project of mine, where I want to display outside temp and weather forecast in the hallway next to the wardrobe. I have been musing about it for a while now: how to make it small and not stand out, how to handle power delivery, etc.
I was already leaning towards eink, and if I can get one of these price tags cheap plus hide an IR blaster in a corner that would be ideal. All controlled by Home Assistant of course. I'm going to search the usual Chinese online marketplaces tomorrow.
Thank you!
2 replies →
> It doesn't really change anything.
> Previously, a criminal could just print their own shelf tags.
Between your 'previously' and now is a period of at least two or three decades, where shelf tags have only be for your information in the store, while the real price came from computerized POS-Terminals with attached barcode-readers. Which of the two has priority for the customer may depend on country, law, store policy & good will.
Furthermore stores are completely cam covered nowadays, so much luck with being seen fumbling with your gadget in front of that label, or being seen on 'tape' putting another one over it, or things like that :-)
I’m sorry but this entire premise is dubious at best hilarious at worst.
I’ve worked retail on and off for a decade and been friends with AP in most places and no one has ever mentioned this happening. Never been told to watch for it, or heard a rumor about it from another store.
It’s just not something that happens.
>It doesn't really change anything.
Yes it does, unlike before, a shits-and-giggles attacker could change all the tags in an aisle into "you're gay" without showing anything on surveillance cameras.
He wouldn't gain anything but the store would lose.
6 replies →
Just recently I was in a small shop where I was surprised to see epaper tags and ended up talking to the owner about them. She said they were super flaky and would reset at random. Agter that interaction I am not at all surprised a flipper could mess with them. But I also have not seen them widespread at the physical outlets I shop at.
>But I also have not seen them widespread at the physical outlets I shop at.
Me neither. If it parallels the arc of those restaurant buzzers [USA perspective]:
-Big chains first (Olive Garden) with quality industrial systems
-Then, small businesses with dinky systems sold on Bezos site
What do you think, someone would have to be fired if e.g. Best Buy tags were super flaky and reset at random nationwide?
"I also would have thought in these days we’d use Bluetooth beacons to triangulate the shelf slot too."
Maybe wifi6 location based on the gun when setting the tag?
I was in college when self checkout became a thing and it took us all of about 45 seconds to realize that you could just check everything out as bananas. Steak was weighed and priced at 4011 (banana code) as the stoned teenager cashier paid no attention. Everything on the receipt was literally Bananas
That's crazy. But coming from someone who wrote a book on retail fraud and worked as a retail fraud analyst for several years... you could have just walked straight out with those items.
Transacting was your way of leaving a calling card for the investigators/analysts to find you... You stole regardless of how you did it.
The visual risk of walking out without paying is much greater than the risk that anyone actually investigates AND tries to track him down for it.
Back when I was a kid it was common to still just have simple price tag stickers on every single item. We’d pull off a cheap sticker and put it on an expensive item. If they noticed, we’d just shrug and say “oh Nevermind then” when they found the right price.
The only problem was most cashiers actually knew all the prices of stuff and paid attention, believe it or not they even knew how to make change back in those days /s. So you couldn’t always get super aggressive.
22 replies →
I’d be interested in your book!
I was of the impression that, in our golden age of individualized surveillance, merely interacting with the kiosk was enough to leave a facial-geometry calling card these days.
I feel like I may have heard this from one of those Illinois BIPA class action suits [0], which reliably have a whiff of crackpot to them from a technical perspective. But it surely seems an obvious enough sort of application…
[0] https://www.law360.com/articles/2372764/home-depot-s-self-ch...
That's _bananas_.
1 reply →
Seriously. Especially since self-checkout is almost always with a card tied to your identity, not cash.
Depending on the value, the police probably aren't going to show up at your address, but use that card again at the store in the future and you might find the security guard coming over. Or, like many stores, they wait for you to do it repeatedly until it adds up to enough for a felony instead of just a misdemeanor, and then they bring felony charges...
The stores have cameras. Likely someone is well aware those weren't all bananas, and has it on video.
Play stupid games, win stupid prizes.
9 replies →
I know people who regularly stole this way. They would usually work in pairs and one would leave a full cart near the exit and the other would walk out confidently. Worst case they figured they would just act the fool and either leave the cart or pay. Irked me that they did this but not enough to rat. I bet these days doing that with any kind of regularity would have you starring on much higher quality film.
This gives the ability to use the excuse "I didn't know how to use the machine, I thought I used it correctly, nobody ever trained me on this", where as just walking out does not
(Not a lawyer, I'd imagine you know better here than I do)
I think the point was that they COULDN'T have just walked out with them, BUT, by learning then going through the motions of a typical check out this A+++ hacker was able to bypass a normal security layer.
Congratulations, you have discovered the concept of shoplifting!
Too bad the store owners introduced a way to give customers more control over how merchandise exits their store.
28 replies →
if a store does not want to hire capable staff to perform an essential function, they should not expect laypeople to perform that action for free (or at higher cost, as we've seen with grocery prices in the US as human cashiers are reduced) at the same level as a trained staff member.
we do not have to accept this decision to reduce staff and raise prices as a matter of course. plus, if you see somebody stealing food, no, you didn't.
24 replies →
It's hacking, there a difference. He learned the system and exploited a vulnerability!
Yesterday I went to Walmart, and at the self-checkout the system quirked out and an attendant came by. She reviewed some sort of draconian overhead cam video of me trying to locate a tag out for a product to scan. Gave me "guilty until proven" innocent vibes. Are these systems actually effective?
Hey, something I'm somewhat qualified to answer! So, yes, these systems are actually effective. The systems and procedures are designed to look low key, but essentially perform PRISM-like mass surveillance behind the scene. These systems are managed by former US IC personnel.
What happens is that your identity is tied to these purchases and after a certain threshold you get flagged as a thief, essentially. At that point, you will get very increased attention (via checkout, purchases, and floor walkers), and after another threshold, will be trespassed and/or prosecuted.
But, you'll probably get away with a banana or few before you trigger the loss prevention threshold.
20 replies →
The self checkout at my preferred grocery store (Hy-vee, an upper midwest chain) has started using these overhead cameras to confirm that you're purchasing everything you ostensibly have in your cart. Except it always flags us for the Starbucks drinks we're carrying (Hy-vees usually have a mini Starbucks shop inside them). More annoying though is that it flags us for the 5 gallon water jug refills that we manually punch into the self-checkout kiosk, because the surveillance system isn't satisfied unless the heavy ass jugs of water leave the cart, slide across the scanner and then get placed in the bagging area – anything else is possible theft.
All this has done is train us to keep the carts out of the camera's viewing angle. It doesn't care if you keep pulling handfuls of groceries out of hammer space, as long as there's no cart in the frame.
2 replies →
I'm in Australia but similar sounding system is in operation at our two major supermarkets.
I scanned a drink, heard the beep, put it in the bag. I scanned a loaf of bread, heard a beep, put it in the bag.
Now, instead of the typical "Unexpected item in the bagging area" it now shows the overhead replay and locks the system out until an employee comes over to review.
Combined with their exit gates that don't open if they think you've not paid for something, and cameras that track you through the store it's feeling very unfriendly.
Sam's club has 'the arch', and one time when I did self checkout I did miss an item (thought I scanned it and I didn't apparently) and so far that's the only time they've actually checked the cart, the rest I was just waved through.
So seems pretty good. Obviously erring on the side of having an employee double check makes sense when their profit margins are generally single digits. One missed tshirt means they lost money on your $300 cart.
2 replies →
I do not spend money at businesses that treat me like a criminal.
[dead]
IANAL and this depends on the jurisdiction, but in many places, the penalties for shenanigans like these are far steeper than for outright theft, as it's considered to be financial fraud.
Some retail chains, of which Dollar General is the poster child, have one price displayed on the shelf and a different, much higher price at the checkout register.
Links:
> Missouri Attorney General Andrew Bailey has filed suit against Dollar General, claiming deceptive and unfair pricing at its more than 600 retail stores throughout the state. The lawsuit alleges that Dollar General violated Missouri’s consumer protection laws by advertising one price at the shelf and charging a higher price at the register upon checkout.
> The joint investigation revealed that “92 of the 147 locations where investigations were conducted failed inspection. Price discrepancies ranged up to as much as $6.50 per item, with an average overcharge of $2.71 for the over 5,000 items price-checked by investigators.”
https://progressivegrocer.com/dollar-general-accused-decepti...
> All told, 69 of the 300 items came up higher at the register: a 23% error rate that exceeded the state’s limit by more than tenfold. Some of the price tags were months out of date.
> The January 2023 inspection produced the store’s fourth consecutive failure, and Coffield’s agency, the state department of agriculture & consumer services, had fined Family Dollar after two previous visits. But North Carolina law caps penalties at $5,000 per inspection, offering retailers little incentive to fix the problem. “Sometimes it is cheaper to pay the fines,” said Chad Parker, who runs the agency’s weights-and-measures program.
https://www.theguardian.com/us-news/2025/dec/03/customers-pa...
2 replies →
It sucks that we have to do extra labor and expose ourselves to this kind of legal risk all because a grocery store doesn't want to staff workers. It's not even like they pass these savings onto us...
12 replies →
I saw a video where someone took banana bar code stickers wrapped around a bunch of bananas and put them on the TVs in their shopping cart and then checked out via self checkout.
I predict that self checkout will only remain in the more trustworthy areas…
That video was staged, at Target electronics need to be paid for in the electronics department where there is no self-check out. In addition Target has the best Loss Prevention in the business, including let shoplifters continue until they accumulate enough goods that their crime is a felony.
4 replies →
Every self checkout around here has an employee staffing ~6 terminals. They're supposed to be watching for things like that. Usually theyre just staring vacantly into space, which I get, that job pays nothing and provides 0 mental stimulation.
When you see a TV being purchased, though, it wouldn't be hard to just watch that it in fact got checked in as such.
3 replies →
Systems like Everseen make that approach significantly riskier than it used to be. A live video of you checking out is run through image classification software, so if you scan a steak as 4011, it'll pause the checkout flow and call the SCO (self-checkout) attendant to watch the video of you scanning the item. They then have to approve the scan, at best leaving you publicly humiliated.
At least here, there are randomly triggered checks by shop staff where they have to manually rescan anything before they let you leave. And possibly, those checks are more easily triggered if you do certain very strange things like buying nothing but many separate instances of "bananas' with widely varying weights. Wouldn't be too hard to program a set of rules for the most obvious red flags.
And of course, the area is wide open and well covered by cameras, and usually self-checkout means paying by card or google pay or something, which will tie your identity to the purchase.
Are you me? I also did this at university in Britain circa 2010. I went for onions and carrots mostly. I'd go to the meat or fish counter and get lovely bits of fillet, then check them out weighed as onions.
Back in the day when I was in HS, kids would go to Borders and swap the stickers from cheap books onto expensive computer books.
What about the cameras on those things? Overhead? Did you pay cash?
People like you are why we are living in an increasingly lower trust society, with for example having items behind locked door in shops.
Reminds me a bit of the shopping cart theory.
trust goes both ways. you can be cynical about people who take things without paying, i guess. i prefer to be cynical about the corporations who run and stock these grocery stores with substandard products at artificially inflated prices that benefit shareholders and disadvantage people who need to eat food to live.
Think about blaming the grocery store replacing workers with no one in particular before you blame some college pranksters.
Grocery stores in general consolidating, laying off workers, leaving them without pay/benefits, taking advantage of greedflation, etc., is a bigger drain on society.
11 replies →
Corporations broke the social contract first.
Couldn't you also not just check stuff in? These are all obvious drawbacks, it's not really a high-scrutiny environment.
Most self-checkouts I've come across have weight validation – "Unexpected item in the bagging area".
Categorising things as "bananas" tricks the checkout into accepting the weight of an item, and you pay the appropriate price per bananagram.
7 replies →
That is something you can do in cahoots with a regular cashier and the reason places like Costco check your receipt. The cashier just has to fake scan an item, and nobody would notice. Receipt checking makes it possible to get caught.
Rule #1 of working at a grocery store: you will remember 4011 for the rest of your life.
You know you can just walk out the door with the items without using the scanner at all right?
There's a tiktok literally floating around right now where somebody sticks a banana band on a cyberpower PC at Walmart and checks out at the self-checkout.
Then the receipt checker at the door checks his receipt and waves him on through.
that's nuts
The rest of us have to suffer with a lot of bullshit because a tiny fraction of the population engages in blatant antisocial behavior.
This was I think effective early on but now there are many systems to detect this "fraud". I say "fraud" because I honestly have zero sympathy for these companies who are doing anything but paying people a living wage to do a job and that goes for Walmart in particular.
I've had opportunity to hear many stories from people who have had largely unintended encounters with law enforcement. Many of these are for "shoplifting". That can be something as simple as forgetting something on the bottom of the cart. Walmart are super aggressive about this and rather than saying "sir, did you forget that thing or not want it anymore?" they prosecute.
Walmart is one of those publicly subsidized companies in the country. They don't pay employees enough so the government gives them food stamps. Those food stamps are largely spent at Walmart so Walmart is profiting on both ends. And then they displace checkout workers with self-checkout and pay for fraud detection systems and when people either intentionally or unintentionally didn't scan something correctly (or at all), they offload the costs of loss prevention onto the state by prosecuting. Walmart doesn't pay for that prosecution. TAxpayers do.
Walmart is a trillion dollar company. The stock has almost 3x'ed in less than 4 years. How long did it take to 3x to that level? About 23 years.
Careful, the law is lenient if you steal from other normal people, but as soon as you steal from the wealthy, try to fraud them, you will see all sort of laws to make sure you are an example to others so they never think about doing the same, but a normal person? Oh well, you should have paid for insurance, or suck it up.
On the other hand, the wealthy can lobby, inflate the prices overnight just because, while also reducing the good weight aka double increase, and you can’t say anything because it’s legal!! It’s a one way “justice” system.
Not careful enough
It's interesting how the README.md basically states in every other paragraph how you should not use this without authorization. The term (un)authorized and variations appear 18 times in there.
A lot of discussion about self-checkout fraud, but these tags are only for shoppers' convenience and don't control pricing - One tag goes in front of that SKU on display so you can see the price. At checkout, a barcode or plain old paper tag / printed barcode on the item itself gets scanned and that's where the price is looked up.
You've never been to a grocery store and had something incorrectly 'rung up'? It's happened to me more than a few times and I've never had a problem getting a "price check" and having the item adjusted according to the shelf label.
It's typically in-store policy.
Is Best Buy going to let you walk with a $10 Sony FX3 camera? Probably not. Are they going to fight you over a $10 difference in posted vs look up? Probably not.
From what I remember Connecticut laws used to require retailers to charge the lowest advertised and/or physically labeled price.
This is pretty dangerous. At least in my country the displayed price must be honored and they cannot refuse the sale.
Usually the advertised price must be honored, because it may have brought the customer to your store.
For prices displayed on the shelf-label inside the store the law is usually not that strict (YMMV), as a shop-owner can refuse sale on check-out (otherwise I could put a pricetag on e.g. a shopping-basket and the shop-owner would be legally required to sell me the basket...).
Besides, most shops I've seen (in Europe) already moved from Infrared communication to RF (NFC or proprietary), for centralized shelf-label management without handheld devices. So all this study (and the underlying reverse engineering of the IR-protocol) might do is probably accelerate the transition from IR to RF-based ESL...
> Usually the advertised price must be honored, because it may have brought the customer to your store.
This is not the case for groceries in Massachusetts at least. If there’s a discrepancy between the tag’s price and the scanned price the store must charge the customer the lowest of the two: https://www.mass.gov/price-accuracy-information
8 replies →
It definitely varies by jurisdiction, but the register price always loses to any printed price in the US states I’ve lived in. This is a protection since retailers have used pricing mistakes to unfairly profit. Watch your receipt like a hawk at the dollar store[0]
[0] https://www.theguardian.com/us-news/2025/dec/03/customers-pa...
1 reply →
Very much depends where. In QC, if it rings higher than tagged in the store you get the first one for free and the next ones at the lower price. They take it VERY seriously as a result and will take the tag down while they make a new one to ensure nobody else gets a freebie.
Stores hate giving the product away and pricing errors are much lower in my experience.
How is the transport medium changing anything?
To me this is about having protocols that are suitable so not anybody can write to these labels without knowing a store secret or using replay attacks.
3 replies →
In your country merchants are not obligated to honor fraudulently altered price displays.
No it's not.
We've been able to take a price sticker off one object and put it onto another for a very, very long time.
It's not really a new issue and current law should already cater for it.
That law probably wouldn't apply if someone brought their own label printer into the store and put their own price tags on to the merchandise, which is essentially what this is.
I guess they can use the cameras to show you were tampering with the labels and call the police. Somewhat related xkcd https://xkcd.com/1494/
Probably mostly dangerous for the user, or are people routinely writing their own price signs in the store and then "buying" it for less? Walking up to the lot at the car store and crossing out some zeros? Don't see how this would be any different.
Back in the day people used to swap/edit price tags a lot. Also making fake coupons with the same knowledge. It was a pretty common and easy form of shoplifting since all barcodes used to do was just encode the pricing/discount information.
1 reply →
What they do is swap bar codes, or they code organic fruit as regular, or they "forget" to scan in the self checkout, but yes.
7 replies →
Yeah, the prices the store chooses to display, not your own edits.
In which country?
spain
I'd like to buy some of these tags and use them as displays around my house.
Look into openepaperlink. It’s an open source project that integrates with home assistant, and lets you control multiple tags over WiFi with just one device. you can create custom display setups in yaml to show anything you want.
my favorite that I have set up is a tag in my bathroom that shows me today’s weather and chance of rain when im brushing my teeth - I haven’t been caught by surprise in the rain since :)
Very neat! Where did you acquire the tags and for how much?
I am overjoyed to see this story here, we haven't gotten a lot of these hacks lately. Well done!
Hacks? In my Hacker News? The nerve!
Are these hacks or cracks. I'd say the latter.
1 reply →
They are incredibly easy to break with your finger.
We do not want a world full of hyper-dynamic pricing, we should destroy these.
This is cool and all, but how am I supposed to test it? Get permission at a local store? No way they will let me do it.
I use a similar trick with most software. Instead of buying the online one, I get it on The Pirate Bay. These days even open source software you can simply just apply Claude and get a different version.
People online will kick up a fuss about GPL and shit but in real life no one bothers. Shoplift. Close an OSS project. Who cares.
Sometimes I even ride without a ticket. In Europe/Asia especially if you act like clueless American they’ll let you off every time. Done it so many times haha. Some of these places even they will put fruits outside. You can just take extra and hide it. They can’t tell.
One time on drive to Bury St. Edmunds small town in the UK I saw a little farm shop with some sign saying to leave payment there. Zero enforcement. I just took the fruits. No flipper zero needed.
Good life hack. Social hacks like these are not so common but if you’re clever you can get a lot.
It's always funny when people publish source code and have a disclaimer saying "You CANNOT use it for bad!". When is the last time a criminal read such a disclaimer and thought "Oh right, guess this isn't for me"?
Sure, at least the developer can say they did say so, but it doesn't matter. To me it seems more like avoiding responsibility. You published the tool, and by doing so you changed the world, even minutely, and in ways you cannot predict.
As hackers we bear the responsibility of tools we publish. Even if you believe knowledge is the most important and that everything _should_ be published, we should at least be well aware of the consequences. Great power, great responsibility.
I think it’s trying to demonstrate intent. “This is cool and hacking is fun” vs “Here is a tool to do bad things”. I don’t think it would much protect you from consequences, but it can change perception of the intent of the project.
I think you are right, it just feels useless.
1 reply →
Hardware stores sell chainsaws. There might be a disclaimer about proper usage or safety guidelines or some such, but you're right... someone who intends to use something to commit a crime, will do so regardless of the text asking them not to.
Yeah but like it's fine if two people use a flipper zero to get cheaper groceries. That's not actually a bad thing.
Who do you think feels the effect of fraud/theft at retail stores? The "rich" owners feel a little of it, sure, but they have a proven strategy for keeping their profits up by reducing costs: fire employees and make those who remain do more work for the same pay. So you think this is "not actually a bad thing" because you're screwing over <insert big company here> but really you're just screwing over the workers.
What would you prefer they say?
Presumably they want nobody to ever publish or even explore "bad" things.
Because as we all know, if something "bad" is possible, but no one has published a GitHub about it, no one will ever be able to do the bad thing! Society is saved at last!
[flagged]
Not bringing politics into every discussion challenge: impossible
Free Palestine? I'll take 2...
I struggle to see how supporting a country that has been harassed for 70+ years is "politics". Seems just regular activism.
I wonder if since IR is invisible you could theoretically, in an intellectual exercise, blast IR light in a room and mass change them surreptitiously if that was your goal.
From the upstream project:
> Can I change the display of all ESLs in a store at once ?
No. For two reasons:
Unlike radio waves, optical communication must be line-of-sight. Even from wall and ceiling reflections, an unique transmitter has no chance of reaching all of the hundreds or thousands of ESLs in a store.
Each ESL has an unique address which must be specified in update commands. There's no known way to broadcast display updates.
Lmao more flipper zero crap.
I'm sorry, but I'm so sick of seeing "omg hacker man" mystique surrounding flipper, which is exactly what they want because it drives sales. Ofc you can muck about with open and unsecured stuff...like duh.
But it annoys me to no end when I have reasonably intelligent friends parrot claims like "flipper can clone the nfc in your credit card and you can steal people's money wow much hack!"
kind of a circular argument though? the reasonable definition of "unsecured" is "stuff you can't muck about with". That might change over time as attacks/exploits are developed though.
Influencers gonna influence.
That's just you, bud.
Not your buddy, pal. ;3
1 reply →
I still don't think I've seen an actually useful application for a Flipper Zero. It's all just "use this to change store price tags" or "here's how to disconnect all bluetooth devices", but also "don't actually use this, because it would be illegal, this is just for educational purposes"
Beside of how the media often tries to present it, the value of Flipper Zero is not for everyone to "become a hacker with this simple app".
Its value is to provide a standardized hardware platform for (white hat) hackers for probing, prototyping, refining and sharing of security research in the fields its hardware supports (Sub-GHz RF, NFC, IR, and custom external boards via simple Input/Output pins).
Prior to that, everyone who wanted to research e.g. RF security had to either build/assemble something custom or buy much more expensive equipment. This created a barrier to collaborate on research, as everyone had to buy/build the same setup.
On top of that, Person A researching some RF topic selected an RF-transceiver from Company X, Person B used a component and a proprietary SDK of Company Y, so consolidating both work streams for a better foundation for all RF-related research required alot of time and effort from someone, breaking workflows of at least one group of researchers, etc.
In contrast, security research which utilizes Flipper Zero can be reproduced and built upon by everyone. All the work is harmonized on the same Hardware architecture, so it's easy for someone familiar with the platform to dive straight into a new idea without having to build a new breadboard, select a chipset, buy additional probing equipment etc.
There is much better hardware available to security researchers (chameleons, hackrf, and actually research-grade (much more expensive) equipment).
The flipper is basically an Arduino pre built with a bunch of static antennas. It's fine and in a decent form factor, but I really haven't found it useful.
Do you have any links to actual research (not children playing "researcher") done with flipper hardware?
Flipper zero themselves try to present the flipper zero as a device that "hacks things with a button press".
And they love the free advertising they get along the same lines by youtubers desperate for clicks.
Ultimately it just sells more devices. The flipper zero can't "hack" anything. It can only be used as a tool to perform hacking, by a skilled individual who is doing all the work/discovering an exploit.
1 reply →
I'm tired of the "security research" angle when it's all just kids playing with ESP32 deauther attacks presented to them on a silver platter.
I should not have to put up with children going "JUST SECURE YOUR NETWORKS BRO" because they spent $30 on some eBay "maurauder" dongle to be a pissant.
7 replies →
I use mine for all sorts. I volunteer at a second-hand shop so use it to set up remotes for donated media devices, I've used it to run scripts to apply the same changes to many computers that aren't on a group policy via BadUSB, I've used it for toys-to-life games, and very much more. There are plenty of genuine uses if you're cluey.
Turns out it's what they said it was all along, an educational device.
I use mine as a presentation remote, and as a USB interface for some micro controllers. Sure, I could buy a dedicated remote, or a bus pirate or other programming device, but I already have the flipper, so it suits me fine
You just aren't being creative enough, I use mine daily:
1. TOTP generator
2. As an extra garage door opener to let guests in from my desk
3. To avoid typing my long WiFi password in while setting stuff up (ducky or qr code)
4. Wrote a custom app that suggests meals/ restaurants so when the wife asks what we should eat this week I can just rattle off the random suggestions
Not to mention other random things on a less often basis
This one provides the source and asks you to build it yourself so at least it has some credibility for the "education use only" claim.
I've seen similar things posted on here before that had a binary build only and zero technical documentation. It was really hard to see any kind of research or education value in those.
Yeah, I bought it and it collects a dust since then. Fun device but I have no idea how to use it in my life.
This right here would be useful once these price tag things start being thrown away. Times change and systems get updated and if you keep your eye out you’ll likely be able to get a handful cheap.
It’s been very useful to me in so many ways, from fob management, to one IR, to rf scanner and other stuff, it’s useful if it fits your needs, just like anything else out there.
It's useful for dealing with the industrial equivalent of IOT garbage
[flagged]
As if devices created in Russia would all be "useless" or only for illegal purposes.
I smell prejudice
1 reply →
Cool racism bro