ePark Systems hack

[Frank Lamingo]

So I live down in Miami Beach and they just got this new program from eparksystems.com for parking meters. Basically you buy this little device which sits on your dash of your car and counts down time/money as opposed to putting the coins in the meters. It's great since you only pay for the time you need. To reload, you call the city and they give you a code which you input into the device which tells the device how much credit to issue onto the device. No communication with any mainframe is established. So there has got to be a way to hack this device to give you unlimited credits or at least a secret to the codes you have to enter. I haven't a clue, but though that others might have some insight.

[Sparda]

Is there any thing else besides time left displayed on the device? A serial number perhaps?

[DingleBerries]

Collect all the codes you can and try to see if they are being generated by a specific algorithm... think keygen.

[digip]

If they don't generate the codes based on the specific unit and your account itself, then you could potentially guess duplicate pin codes from other peoples devices. Best thing to try is get two of them (not two of your own, but one of yours and maybe some on you know who has their own account and device) and see if you can use the same code on both. If so, then there is the potential to generate your own codes which may already be in use by other devices, letting you use their pin and not charging it to your account. These most likely work in some way by RFID, so if you can determine if your deivce sends a specific Device ID along with the code they send you, then can determine the safety of using other people codes, because if the device sends your acocunt into along with the code, using other peoples codes would expose you to stealing.

I imagine the device has some way of identifying itself to the meter, and also your account, so without experimentation and knowing more about the device itself, its pretty hard to say what can be done with it.

Does the device come apart easily? Maybe check its inards for some more infor, like hardware serial numnbers, brand names or whatever.

[soundguymike]

Looking at the website it seems that this unit does connect to its servers and can uniquely identify itself.

It has as one of the features is tracking how much time/money is left on your ipark. This means that it communicates and uniquely identifies itself to the servers. Therefore the key is most likely generated at payment and expires when a machine has used it.

My guess the best way to try to hack this system would be try to find a digital photo display that is the same size and shape as the screen in the ipark. Rip out all the innards and put the photo frame in its place. Then put the digital photo frame on a 1 second slide show with a pictures of what the ipark looks like when counting down. Then it looks like it is working. Of course the parking attendent would be able to log into eparkssystems.com and see that something was up.

[Keltha]

IMO , you should just gut it and replace the circuitry with your own

It seems like it is all based on the parking lot enforcer

[shazam]

IMO , you should just gut it and replace the circuitry with your own

It seems like it is all based on the parking lot enforcer

The epark devices in Miami Beach do NOT communicate with anything. They are simply serialized programable (different parking zones) countdown timers. They are "refilled" by providing the serial number. There MUST be a keygen that uses the serial number and the dollar amount requested that generates a resulting "refill" code. All that talk about communicating with some server is meant to mislead you. My guess is each serialized device can only accept a code once. I'm sure the engineers at epark systems thought of these things. I suppose the best way to beat the system would be to clone one device to another and so on. Then just buy the credit once and refill all the devices with the same serial number each time. Or create a keygen somehow.

[Keltha]

I meant that all you need to do is replace the circuit inside with a countdown timer that you can set to whatever you want. what i meant by that it is based on the parking lot enforcer, is that their is no authentication or anything, all they base this on is that the enforcer just sees something that is counting down

[shazam]

I meant that all you need to do is replace the circuit inside with a countdown timer that you can set to whatever you want. what i meant by that it is based on the parking lot enforcer, is that their is no authentication or anything, all they base this on is that the enforcer just sees something that is counting down

Actually there is a series of displays that rotate on the screen. One of the screens says Miami Beach, the next is the parking zone and time limit, next is a security code that is Julian calendar specific and the third is the time of day and finally there is the time and date.

Thus a simple count down timer would not work. However an eprom could be programed to display the above referenced items however the security code screen algorithm would need to be decoded.