iTunes Gift Card Key System Cracked, Exploited

moonbender writes "Fake but working iTunes gift cards are being sold on Chinese auction sites for a fraction of their value: 'The owner of the Taobao shop told us frankly that the gift card codes are created using key-generators. He also said that he paid money to use the hackers' service. Half a year ago, when they started the business, the price was around 320 RMB [about $47] for [a] $200 card, then more people went into this business and the price went all the way down to 18 RMB [about $2.60] per card, "but we make more money as the amount of customers is growing rapidly."' The people at Chinese market researcher Outdustry have apparently confirmed this by buying a coupon and transferring it into an iTunes account. Oops."

Re:Occam's razor

[plover]

Well, I personally know that InComm is an authorizer to companies that sell iTunes cards at retail, and that unactivated cards have no value. No algorithm is used for those cards, other than the non-sequential generator (to prevent my_card_number+1 fraud.)

But I also know that TFA claims that an algorithm is broken allowing for virtually unlimited generation of cards.

So either TFA is either wrong or deliberately lying (improbable, but not impossible) or both the algorithm and on-line methods are being used by iTunes (neither particularly odd nor improbable.)

It's not an XOR situation.

Re:And You Wonder Why Amazon MP3 Only Works in the

[tacarat]

You can't identify the illegitimate cards. Each individual card isn't kept track of. The bar code on each of them is more like the answer to a math problem. If you know how to solve the problem, you get in, no questions asked. The only thing they can do is change the math problem and eventually get rid of the old one as a valid question to answer.