Early vending machines were almost comically easy to steal from; all you needed was a coin on a string or a roughly coin-shaped bit of metal. Eventually, vending machine manufacturers got wise to those tricks and started integrating tamper protection mechanisms. But, vending machines now accept digital payments, and it seems manufacturers need to learn the same lessons again. As Matteo Pisani on Hackernoon demostrates, cracking Argenta vending machines is trivial with some basic hacking skills.
Before we continue, it’s worth pointing out that Argenta doesn’t seem to have patched this vulnerability yet. So, we need to remind you that stealing is wrong and crime — don’t do it. Alright, with that out of the way, onto the crack! Argenta vending machines can accept NFC payments through their proprietary app. The app has a wallet that users can load up with money, and then they can use that wallet to pay for delicious snacks.
Some of you are probably already guessing how this crack works: the value that determines how much money is in the user’s wallet is stored locally in a database on their smartphone. All someone has to do is modify that value, and they suddenly have free money. That database is password protected and encrypted, but it turns out that the encryption key is just the smartphone’s unique IMEI number. With that in mind, Pisani was able to put together a simple Android app that allows the user to add however much money they like to their Argenta wallet. Theoretically, they can then purchase unlimited snacks. Pisani, of course, didn’t do that and instead reported the vulnerability.