Wednesday, August 16, 2006

Hacking Tesco Discounts

Product: Tesco Finest Chicken Breast with Rocket Sauce & Asparagus.


Normal Situation:

Barcode: 5 051008 990461

Price: £4.99


This evening:

Replacement barcode (sticky label): 9715 0510 0899 0461 4001 7504

Discounted price: £1.75


Respacing the replacement barcode, we get:

971 5 051008 990461 4 00175 04

Hmmm.... it's the original barcode with a few digits prepended and the new price added at the end.  Are they insane?

With a couple more examples, I think it would be trivial to create Tesco discount labels at will.

Surely encoding the discounted price of an item on the barcode is a pretty stupid thing to do?


Anonymous said...

I think Tesco can handle the risk of the 1 person who is geeky enough to do this. :p

DarkKnight said...

I think it is insane. It should at least be encrypted.
I remember a story of someone doing the same in the US, and buying an iPod for around a tenner... what is the most exepensive thing tesco sell?

Anonymous said...

Erm, aren't you guys missing the other six (or maybe 7) digits of which you (a) don't know their meaning, and/or (b) don't know the algorithm of their generation?

Anonymous said...

Tesco are a very odd company and do many odd things, like moving from Notes to Exchange (in this day!!!), one of their major world wide operations has been told by the UK to move to Exchange.

Even though the operation knows that the cost of doing so is massive. How are they going to re write over 50 custom built Notes applications, many of which are mission critical.

Tesco tells you that its all about the customer and what ever they do must be value for the customer.

Please someone tell me how they can proved any value for the customer, by moving to exchange. It is just a massive cost, I am talking about 100,000's of extra pounds that they will have to spend. They are running Notes now on NT and 2000, so with Exchange that will mean 2003 64 Bit OS and servers and far more servers than they have to run Notes.

Anonymous said...

Agreed with Lee here. Although it looks fairly likely that the price is in this barcode, it could be a coincidence - you've no idea whether just changing the barcode and digits to some lower price (for example) would actually work.

Richard Brown said...

You are, of course, all correct on the claim that one observation is not the same as a fact.

However, if you look at the barcode more closely, I claim that of the "surplus" digits, most can be explained away.

The initial "971" is probably the "this is a discount sticker" code. There are two zeroes to allow higher prices to be encoded. Which only leaves two digits.

Given that some Tesco stores have scanners that tell you the price of an item without having to go to a checkout (not to mention having self-checkout), I suspect it wouldn't be too much trouble to try all 100 remaining options.

However, I suspect that of the those two remaining digits, one is a checksum (and hence pre-determined in any case).

Like I said in the initial post, a few more sample stickers and we'd have this nailed.

I would also then probably be sent to prison for breaking some obscure law so it's probably best not to take it too much further...

Richard Brown said...

sorry... it leaves three digits of freedom, not two... but when you treat one as a checksum, you're back to two and hence in the realm of manual brute force attack

Richard Brown said...

Oh... and on the other questions.... I'm almost certainly not the only person sad enough to observe this... I mean.... the human eye is adapted to spot these sorts of patterns... and when the label has the price printed on it and then the same digits appear immediately below in the barcode, you can't help wondering.... :-)

As for the most expensive thing Tesco sells... well they've been known to sell flat screen TVs - so you can easily buy individual items for several hundred pounds each.

Anonymous said...

Never said anything about observing it, but doing it. :-p

Anyway, there's a simple way of finding out if your summation is correct - see if another discounted product has its price encoded in the barcode the same way.

If you then print a new barcode to get discount on something else, of course, you get to go in the room with the rat cage strapped to your face.

Richard Brown said...

I never understood that passage in the book; I've never been particularly scared of rats.

However, getting into trouble is something that has always terrified me. It is the reason I will almost certainly never been an immensely successful entrepreneur and it is probably why I'll fail to capitalise on this wonderful mischief-making discovery.

Anonymous said...

Here's a program which generates discount barcodes for any product from tescos! You just need to choose your price and it calculates the new barcode that you can use at the self-service scanners. Every little helps!