[ Home ] [ CueCat ] [ Videos ] [ Pics ] [ Lock Picking ] [ OSCAR ]

The Infamous CueCat

What is this 'CueCat' thing?

A CueCat is a free barcode scanner given out by Radio Shack (You've got questions, we've got blank stares™) that plugs into the PS/2 keyboard port on your computer. When you scan a barcode their software that comes bundled with the scanner will take you to a website partaining to the product you just scanned. The company that makes these cats, Digital Convergence, wanted to make sure you could only use these things with their software and nothing else so they made the cat 'encrypt' the output. Naturally the hacker community started taking interest in these new toys and it didn't take long to break the weak encryption scheme. (For more info on the scheme, see this document).
Privacy advocates have also taken an interest in the CueCat. Each CueCat prepends a unique serial number to the output of the code you scanned. When used in conjunction with their software, they are able to keep a database of everything you've scanned and are able to feed you targeted advertisements.
The purpose of this page is to educate the public on the CueCat and related issues, as well as to provide resources that will help you understand and make full use of your CueCat. If you have any comments or suggestions, please email me!


Wednesday, Oct. 11
Thanks to J. Seth Henry, I now have the plain ASCII hack for the CueCat model 68-1965! You can find the email here. I should have some pictures of the completed hack up soon.

Friday, Oct. 6
I was browsing slashdot today and found some information on a hadware hack that will disable all encryption! With ecnryption disabled on the hardware level you don't need any special software to make your scanner useful. If you have a little bit of technical savvy and a soldering iron, you should definitely check it out. The hardware hack page is here.
On another note... I found this page that affirms what people have been worried about, that Digital Convergence is compiling user profiles in order to send you targetted advertising. Check it out.
I also added a document on the encryption scheme used by the CueCat

Monday, Sep. 25 10:25pm
The Privacy Foundation has issued an advisory demanding Digital Convergence, maker of :CueCat, alter their tracking methods. The advisory warns that the device has the ability to track every bar code a user scans, leaving the potential for future development of individual user profiles wide open. Also check out the Privacy Foundation Press Release

Programs and Scripts

Catnip 0.9a - A windows based program that makes the CueCat useful via decryption and a keyboard hook. (25k)
cat.pl A Perl decoder script (925b)
cuecat.tcl TCL decoder script (6.4K)
catkit32.exe - Windows based decoding/KB hook software (3.03MB)
foocat-barcode-0.1.2.tgz Linux decoder (16K)
BeClueCat.zip Perl/BeOS software (12K)


base64.html - An excellent document on the base64 encoding of the CueCat. Definitely worth a read if you want to better understand the encryption scheme.
Hardware Hacks - Instructions for various hardware hacks along with detailed pictures.
http://opensource.lineo.com/cuecat/ - Lots of good info on the cuecats (Shutdown by Digital Convegence once again)
http://air-soldier.com/~cuecat/ - Lots of technical info and pictures on the CueCat hardware.
ActiveBarcode.com - Good info and descriptions of the different types of barcodes.
CueCrap - A nice site with good resources. Many Linux and Windows drivers/programs/decoders. Highly reccomended.

I hear that CueCats are only available in the US. If you live outside the US and want one to play around with, email me and perhaps we can work something out.

Mail the webmaster