Walmart Price Scanner 802.11b WiFi?

[burkjt]

Last night we were walking in our local walmart and I noticed several WEP secured 802.11b wifi networks with no SSID like these:

# $Creator: Network Stumbler Version 0.4.0

# $Format: wi-scan summary with extensions

# Latitude Longitude ( SSID ) Type ( BSSID ) Time (GMT) [ SNR Sig Noise ] # ( Name ) Flags Channelbits BcnIntvl DataRate LastChannel

# $DateGMT: 2007-02-18

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:62:19:d6 ) 03:41:31 (GMT) [ 42 91 49 ] # ( ) 0011 00000200 100 110 9

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:cc:33:fb ) 03:42:37 (GMT) [ 43 92 49 ] # ( ) 0011 00000002 100 110 1

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:e7:57 ) 03:42:37 (GMT) [ 51 100 49 ] # ( ) 0011 00000020 100 110 5

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:e5:77 ) 03:42:37 (GMT) [ 35 84 49 ] # ( ) 0011 00000002 100 110 1

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:d5:da ) 03:42:37 (GMT) [ 29 78 49 ] # ( ) 0011 00000020 100 110 5

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:e5:79 ) 03:42:37 (GMT) [ 37 86 49 ] # ( ) 0011 00000002 100 110 1

I think that these are networks for the public price scanners you see around the store.

It would be fun making a stick of gum ring up as 1 grand. :D

[SomeoneE1se]

Last night we were walking in our local walmart and I noticed several WEP secured 802.11b wifi networks with no SSID like these:

# $Creator: Network Stumbler Version 0.4.0

# $Format: wi-scan summary with extensions

# Latitude Longitude ( SSID ) Type ( BSSID ) Time (GMT) [ SNR Sig Noise ] # ( Name ) Flags Channelbits BcnIntvl DataRate LastChannel

# $DateGMT: 2007-02-18

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:62:19:d6 ) 03:41:31 (GMT) [ 42 91 49 ] # ( ) 0011 00000200 100 110 9

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:cc:33:fb ) 03:42:37 (GMT) [ 43 92 49 ] # ( ) 0011 00000002 100 110 1

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:e7:57 ) 03:42:37 (GMT) [ 51 100 49 ] # ( ) 0011 00000020 100 110 5

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:e5:77 ) 03:42:37 (GMT) [ 35 84 49 ] # ( ) 0011 00000002 100 110 1

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:d5:da ) 03:42:37 (GMT) [ 29 78 49 ] # ( ) 0011 00000020 100 110 5

N 0.0000000 E 0.0000000 ( ) BSS ( 00:a0:f8:63:e5:79 ) 03:42:37 (GMT) [ 37 86 49 ] # ( ) 0011 00000002 100 110 1

I think that these are networks for the public price scanners you see around the store.

It would be fun making a stick of gum ring up as 1 grand. :D

dude if you could pull that off and get a picture that would be sweet

[lunex]

Wow. Crack then open and I bet you could really annoy someone.

*waves scanner over UPC for butter**BEEP*What! $1,584? and 92 cents?

[burkjt]

Here is the net stumbler file:

http://www.burkjt.com/share/walmart.ns1

Here is a screen shot:

http://www.burkjt.com/share/netstumbler.JPG

[killzone]

I used to work at a homedepot and I think the system is probubbly similar.

They way it worked at homedepot is:

The Wireless networks you are detecting are either the one used for scanning arriving/outbound shipping or in the conference rooms.

THey way it works is recieving gets all the stuff from a warehouse and or other store and scans a bar codes. That handheld scanner then transmits the packages information through the wifi to the "central databse" for lack of a better word. THis is where all the shipping, tracking, and ect. goes on.

Priceing is actually done by changeing the price field in the store database from a terminal/computer on the lan, the guns are jsut used for counting and inventory, and item lookup, though i know they can acces the price becasue they will display it on occasion but I don't think they can change it as it was always done via a terminal or computer on the lan.

A better way to do this would be to break the WEP or WPA passwords one of the access points and then access a computer on the network. At homedepot the OS of choice was windows 2000 and XP.

The passwords and user name for consisted of first initial last name

ex: bdillon

and the password was usually the store code, social, phone number or ect of the person.

TO access the "database" you simply need a vary easy to guess username (i cant disclose it) and the depaartment name for the password.

With anyluck wallamrt is similar.

P.S. It might not be a bad idea to see if you can acces the online training videos for use of there equipment ie scanners, price codeing, and database access.

happy hacking

[deleted]

Tesco in the UK uses the WiFi System to link the self checkout, self scanners and Staff Tablets.

The Wep for Tesco (the ones i tested) is 227c7677744a733f6b6d492125. But i did a google and if you dig deep into the Tesco website it will tell you the same key.

I dont know how to get into there database but i just use it for internet.

[SomeoneE1se]

you should be able to use something like airpwn to do what you are trying just send back the price of $10,000,000 before the database can send back the correct price.

[rFayjW98ciLoNQLDZmFRKD]

At some wal-marts (usually the super wal-marts) the have the price check scanners that use some sort of wireless networking to grab info. What i interesting about these if you push two of the buttons at the same time (I cant remember witch ones) you get an on screen keyboard. my two cents.

[sideboom]

i know from working at Walmart that the key is posted on these white/blue circles on the roof.. i watched the traffic one night and got a lot of info pulled from the wifi and never had the time to go back and further my finding but to anyone els that has the time see what you can find