Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple's Autoscanning iTunes Card Promo Codes Work via Hidden Font, Can be Replicated by Devs

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,021
38,725



When you purchase an iTunes gift card and redeem it in the App Store, the camera on your iPhone, iPad, or Mac can scan the code on the card to recognize it automatically, saving you the time of typing the numbers in manually.

Equinux, the company behind Mail Designer Pro 3, dug into how Apple's promo code engine works in an effort to make their own scannable cards, and the results are quite interesting. As it turns out, the scanning feature in the App Store is tuned to recognize two things: a unique, hidden font and the dimensions of the box around it.

itunescardpromocode.jpg

Equinux tried the box alone with a range of fonts like Courier and Monaco, and attempted to identify the unique characteristics of the font to find it, but were unsuccessful. Ultimately, the team realized the font that Apple's using is hidden deep within iTunes.
The breakthrough came when we noticed that when you scan a card with your iPhone, the app briefly displays a "scanned" overlay of the code. This means the font must be embedded in the app somewhere. We tried the same with iTunes on macOS. And voila - the iTunes on Mac behaves the same way.

When you look at some of the other folders inside iTunes, we found a tantalizing plugin called "CodeRedeemer." It showed promise. But alas, no font files there either. The app binary does give a hint of where the heavy lifting is being done: "CoreRecognition.framework."
Click to expand...
Hidden in the CoreRecognition.framework, there are two fonts: "Scancardium," for entering and recognizing codes, and "Spendcardium," which appears to be for obscuring credit card details as they're entered. The two fonts can be found by going to Finder on a Mac, clicking Go, choosing Go to Folder and pasting the following: /System/Library/PrivateFrameworks/CoreRecognition.framework/Resources/Fonts/

With a simple double click, the fonts can be installed on a Mac and can be used within different apps. While this is a neat breakdown for end users, it's of particular interest to developers because these fonts can be used to create custom App Store promo code cards that can be scanned in the same way as iTunes gift cards.

appstorepromocodecustom.jpg

Equinux outlines the exact font height to use and how to position it within the surrounding box to get Apple's engine to recognize it, details the company uncovered after investing a lot of time in tweaking fonts and the border of the required box.

Equinux even went one step further and created helpful Sketch and Photoshop templates that developers can use to create App Store promo code cards that can be automatically scanned using a device camera and recognized by the App Store.

Article Link: Apple's Autoscanning iTunes Card Promo Codes Work via Hidden Font, Can be Replicated by Devs
 
Article Link
https://www.macrumors.com/2017/07/14/apple-itunes-card-promo-codes-hidden-font/
There's nothing "secret" about using a font this way. There have been specialty fonts that make for easy and reliable optical character recognition (OCR) via "fuzzy" recognition (e.g. using a photograph) for years. Apple may have developed their own font for whatever reason, but there are literally dozens of speciality typefaces that allow for this. Barcodes work this way as well. Microsoft made a stink at one point how you could hold up a MS gift card in front of a Kinect and have it read similarly quickly. It's a bit of a parlor trick, but does save you from having to type in all those letters and numbers.
 
  • Like
Reactions: adib, dwsolberg, Zirel and 5 others
linkmaster02 said:
Is it legal to use the font in your own promo materials?
Click to expand...
That's a good point. It's not in Apple's best interest to sue, I think, but this would be an unlicensed use of a font they presumably created.
[doublepost=1500055997][/doublepost]
jayducharme said:
And I wonder if it won't be long before someone figures out how to use that method is used for more nefarious purposes...
Click to expand...
Maybe counterfeit cards that people buy thinking they're loaded already but they could do that now. Making it so it actually loads cash is much more difficult as you have to reverse engineer the algorithm that created the code and then make sure that Apple's systems associate it with a cash amount. So probably not.
 
Dumb! Apple's software needs visual properties of the font, not the font itself.
 
Last edited:
LOL tantalizing plugin.

From the developer:

Der Fontengeheim Rahmenwork moos nikt met die Fingerfühlbone verulkt spionweise
geprogrämmt wird.
Only Schablöniefuzz makkt the correct Anschlussing.

Interesting read!
 
  • Like
Reactions: iop
I'm impressed. So few iPhone rumours this year that this non-story actually got posted.

BONUS: How is this a secret font? It's literally on every iTunes gift card.
 
Last edited:
  • Like
Reactions: hxlover904
Quite an interesting workaround - wonder if you'd be able to use them or if Apple will clamp down on its use. I suppose it's not a huge deal.
 
linkmaster02 said:
Is it legal to use the font in your own promo materials?
Click to expand...
As one person said, there may be an issue with using Apple's font without permission. Aside from that, I can't see any problem with it. After all, the font doesn't give you any new capabilities - you can still just type in the code. This is just a shortcut for that.

WRT copyright and fonts, the law is interesting.

A typeface (that is, the actual shape of printed text) is not protected. A font (that is, the embodiment of a typeface in a data file) is considered software and is subject to copyright and license just like any other piece of software. Furthermore, the name of a typeface may be a trademark and subject to its own set of license restrictions.

Which is why you have Monotype's "Times New Roman" and Linotype's "Times Roman" (licensed to Xerox, Apple and Adobe), which are almost identical. Similarly Adobe's "Helvetica", Bitstream's "Swiss" (an identical clone) and Monotype's "Arial" (not the same, but very similar).

In other words, there should be no legal problem if you use font-development software to create a new font (with a new name) that looks identical to Apple's font. But you may be violating the law if you use/redistribute Apple's font file without permission, or if you create a new font that has the same name.

cateye said:
There have been specialty fonts that make for easy and reliable optical character recognition (OCR) ... Apple may have developed their own font for whatever reason, but there are literally dozens of speciality typefaces that allow for this.
Click to expand...
I would love to know why Apple developed their own font when there are very good standard ones already available.

I remember my public library using OCR-A back in the 70's. It looks mechanical by today's standards but it's very easy for both humans and machines to scan. OCR-B is even more human-readable and actually looks very similar to Apple's font.

I'm sure Apple had its reasons (maybe license fees?), but it seems to me that it would've been easier to use OCR-B than to design a new font for this purpose.
 
  • Like
Reactions: Craiguyver, benji888 and 69Mustang
ckelley said:
Probably the same one that's used for scanning HomeKit keys as well, the font looks similar.
Click to expand...

So going to try this at the weekend. I spent a couple of hours trying to create a card with various fonts, and even piecing together pictures of real ones, to stick to my raspberry pi for activating homebridge and couldn't make it work. Now I know why!

(Yes I could and did just type the code but I'm stubborn and wanted it to work! :mad:)
 
might actually be similar technology to how they scan credit cards for Apple Pay. Def no bar-code there.
 
I'm not so sure Apple would disallow it. There really are many interesting applications for developers and it's not like it's particularly secret either (hard to find the right font still). You can already redeem in-app purchases through a redeem code, so imagine a developer handing out cards at a special event or winning these somehow and then using it do get currency in a game. Wouldn't that be nice?
 
shamino said:
I would love to know why Apple developed their own font when there are very good standard ones already available.

I remember my public library using OCR-A back in the 70's. It looks mechanical by today's standards but it's very easy for both humans and machines to scan. OCR-B is even more human-readable and actually looks very similar to Apple's font.

I'm sure Apple had its reasons (maybe license fees?), but it seems to me that it would've been easier to use OCR-B than to design a new font for this purpose.
Click to expand...
You are missing the point.

Using a hidden proprietary font gave Apple another layer of anti-fraud protection when a user scans the card with an Apple device. While the hidden proprietary font doesn't add any extra protection if you manually type in the redemption code, doing an optical scan checks if the card is correctly formatted. Apple controls the printing of the gift cards and the optical scanning recognition which only works on their proprietary devices and proprietary applications in their proprietary store.

Standardized fonts like OCR-B are designed for a totally opposite purpose: to provide standardization amongst many product manufacturers, many scanner manufacturers, and many retailers.

One is walled garden.
The other is open market.

One is like issuing a special currency that will only work in special cash registers and only one store.
The other is like having the Federal Reserve print millions of banknotes.
 
  • Like
Reactions: ErikGrim
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back