Apple's Autoscanning iTunes Card Promo Codes Work via Hidden Font, Can be Replicated by Devs

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jul 14, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    When you purchase an iTunes gift card and redeem it in the App Store, the camera on your iPhone, iPad, or Mac can scan the code on the card to recognize it automatically, saving you the time of typing the numbers in manually.

    Equinux, the company behind Mail Designer Pro 3, dug into how Apple's promo code engine works in an effort to make their own scannable cards, and the results are quite interesting. As it turns out, the scanning feature in the App Store is tuned to recognize two things: a unique, hidden font and the dimensions of the box around it.

    [​IMG]

    Equinux tried the box alone with a range of fonts like Courier and Monaco, and attempted to identify the unique characteristics of the font to find it, but were unsuccessful. Ultimately, the team realized the font that Apple's using is hidden deep within iTunes.
    Hidden in the CoreRecognition.framework, there are two fonts: "Scancardium," for entering and recognizing codes, and "Spendcardium," which appears to be for obscuring credit card details as they're entered. The two fonts can be found by going to Finder on a Mac, clicking Go, choosing Go to Folder and pasting the following: /System/Library/PrivateFrameworks/CoreRecognition.framework/Resources/Fonts/

    With a simple double click, the fonts can be installed on a Mac and can be used within different apps. While this is a neat breakdown for end users, it's of particular interest to developers because these fonts can be used to create custom App Store promo code cards that can be scanned in the same way as iTunes gift cards.

    [​IMG]

    Equinux outlines the exact font height to use and how to position it within the surrounding box to get Apple's engine to recognize it, details the company uncovered after investing a lot of time in tweaking fonts and the border of the required box.

    Equinux even went one step further and created helpful Sketch and Photoshop templates that developers can use to create App Store promo code cards that can be automatically scanned using a device camera and recognized by the App Store.

    Article Link: Apple's Autoscanning iTunes Card Promo Codes Work via Hidden Font, Can be Replicated by Devs
     
  2. ckelley macrumors regular

    Joined:
    Aug 25, 2003
    Location:
    Austin, TX
    #2
    Probably the same one that's used for scanning HomeKit keys as well, the font looks similar.
     
  3. Appurushido macrumors member

    Joined:
    Sep 28, 2012
    #3
    Apple technology, not always the first, but they make sure they always try to make it the best!
     
  4. linkmaster02 macrumors newbie

    Joined:
    Apr 14, 2009
    #4
    Is it legal to use the font in your own promo materials?
     
  5. jayducharme, Jul 14, 2017
    Last edited: Jul 14, 2017

    jayducharme macrumors 68030

    jayducharme

    Joined:
    Jun 22, 2006
    Location:
    The thick of it
    #5
    And I wonder if it won't be long before someone figures out how to use that method for more nefarious purposes...
     
  6. cateye macrumors member

    cateye

    Joined:
    Oct 18, 2011
    #6
    There's nothing "secret" about using a font this way. There have been specialty fonts that make for easy and reliable optical character recognition (OCR) via "fuzzy" recognition (e.g. using a photograph) for years. Apple may have developed their own font for whatever reason, but there are literally dozens of speciality typefaces that allow for this. Barcodes work this way as well. Microsoft made a stink at one point how you could hold up a MS gift card in front of a Kinect and have it read similarly quickly. It's a bit of a parlor trick, but does save you from having to type in all those letters and numbers.
     
  7. nwcs macrumors 65816

    nwcs

    Joined:
    Sep 21, 2009
    Location:
    Tennessee
    #7
    That's a good point. It's not in Apple's best interest to sue, I think, but this would be an unlicensed use of a font they presumably created.
    --- Post Merged, Jul 14, 2017 ---
    Maybe counterfeit cards that people buy thinking they're loaded already but they could do that now. Making it so it actually loads cash is much more difficult as you have to reverse engineer the algorithm that created the code and then make sure that Apple's systems associate it with a cash amount. So probably not.
     
  8. meaning-matters, Jul 14, 2017
    Last edited: Jul 14, 2017

    meaning-matters macrumors 6502

    meaning-matters

    Joined:
    Dec 13, 2013
    #8
    Dumb! Apple's software needs visual properties of the font, not the font itself.
     
  9. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #9
    Try yes, but Apple didn't succeed because now someone found out.
     
  10. Thunderhawks macrumors 601

    Joined:
    Feb 17, 2009
    #10
    LOL tantalizing plugin.

    From the developer:

    Der Fontengeheim Rahmenwork moos nikt met die Fingerfühlbone verulkt spionweise
    geprogrämmt wird.
    Only Schablöniefuzz makkt the correct Anschlussing.

    Interesting read!
     
  11. tob!, Jul 14, 2017
    Last edited: Jul 14, 2017

    tob! macrumors regular

    Joined:
    Aug 17, 2011
    Location:
    Germany
    #11
    I'm impressed. So few iPhone rumours this year that this non-story actually got posted.

    BONUS: How is this a secret font? It's literally on every iTunes gift card.
     
  12. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #12
    I just scanned a Homekit accessory code (It's similar), there wasn't any barcode under it so you are wrong.
     
  13. tob! macrumors regular

    Joined:
    Aug 17, 2011
    Location:
    Germany
    #13
    yeah, I noticed it myself, sorry.
     
  14. cambookpro macrumors 603

    cambookpro

    Joined:
    Feb 3, 2010
    Location:
    United Kingdom
    #14
    Quite an interesting workaround - wonder if you'd be able to use them or if Apple will clamp down on its use. I suppose it's not a huge deal.
     
  15. 69Mustang macrumors 601

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #15
  16. shamino macrumors 68040

    shamino

    Joined:
    Jan 7, 2004
    Location:
    Purcellville, VA
    #16
    As one person said, there may be an issue with using Apple's font without permission. Aside from that, I can't see any problem with it. After all, the font doesn't give you any new capabilities - you can still just type in the code. This is just a shortcut for that.

    WRT copyright and fonts, the law is interesting.

    A typeface (that is, the actual shape of printed text) is not protected. A font (that is, the embodiment of a typeface in a data file) is considered software and is subject to copyright and license just like any other piece of software. Furthermore, the name of a typeface may be a trademark and subject to its own set of license restrictions.

    Which is why you have Monotype's "Times New Roman" and Linotype's "Times Roman" (licensed to Xerox, Apple and Adobe), which are almost identical. Similarly Adobe's "Helvetica", Bitstream's "Swiss" (an identical clone) and Monotype's "Arial" (not the same, but very similar).

    In other words, there should be no legal problem if you use font-development software to create a new font (with a new name) that looks identical to Apple's font. But you may be violating the law if you use/redistribute Apple's font file without permission, or if you create a new font that has the same name.

    I would love to know why Apple developed their own font when there are very good standard ones already available.

    I remember my public library using OCR-A back in the 70's. It looks mechanical by today's standards but it's very easy for both humans and machines to scan. OCR-B is even more human-readable and actually looks very similar to Apple's font.

    I'm sure Apple had its reasons (maybe license fees?), but it seems to me that it would've been easier to use OCR-B than to design a new font for this purpose.
     
  17. MTShipp macrumors 6502a

    Joined:
    Mar 25, 2009
    Location:
    Raleigh, North Carolina
    #17
    No, but I sense an update to the developer license agreement soon.....
     
  18. hmark8 macrumors regular

    Joined:
    Jun 17, 2009
    #18
    Since one can only presume that font is licensed by Apple, not sure how developers would be able to use it legally unless Apple some day officially extends the feature to develops and open sources the font.
     
  19. imran5720 macrumors member

    imran5720

    Joined:
    Dec 21, 2013
  20. Twinsbb17 macrumors member

    Joined:
    Oct 31, 2006
    Location:
    Woodbury, MN
    #20
    Sidenote: what's also surprising is that 5 years ago we were on iTunes 11 yet today we're only at iTunes 12.6.
     
  21. Feenician Suspended

    Feenician

    Joined:
    Jun 13, 2016
    #21
    So going to try this at the weekend. I spent a couple of hours trying to create a card with various fonts, and even piecing together pictures of real ones, to stick to my raspberry pi for activating homebridge and couldn't make it work. Now I know why!

    (Yes I could and did just type the code but I'm stubborn and wanted it to work! :mad:)
     
  22. marco114 macrumors 6502

    marco114

    Joined:
    Jul 17, 2001
    Location:
    USA
    #22
    might actually be similar technology to how they scan credit cards for Apple Pay. Def no bar-code there.
     
  23. Rocketman macrumors 603

    Rocketman

    #23
    Wow, serious reverse engineering. I wonder if Apple will tolerate it?
     
  24. thebluepotato macrumors newbie

    Joined:
    Aug 7, 2012
    Location:
    Switzerland
    #24
    I'm not so sure Apple would disallow it. There really are many interesting applications for developers and it's not like it's particularly secret either (hard to find the right font still). You can already redeem in-app purchases through a redeem code, so imagine a developer handing out cards at a special event or winning these somehow and then using it do get currency in a game. Wouldn't that be nice?
     
  25. Bart Kela macrumors 6502a

    Bart Kela

    Joined:
    Oct 12, 2016
    Location:
    No Service
    #25
    You are missing the point.

    Using a hidden proprietary font gave Apple another layer of anti-fraud protection when a user scans the card with an Apple device. While the hidden proprietary font doesn't add any extra protection if you manually type in the redemption code, doing an optical scan checks if the card is correctly formatted. Apple controls the printing of the gift cards and the optical scanning recognition which only works on their proprietary devices and proprietary applications in their proprietary store.

    Standardized fonts like OCR-B are designed for a totally opposite purpose: to provide standardization amongst many product manufacturers, many scanner manufacturers, and many retailers.

    One is walled garden.
    The other is open market.

    One is like issuing a special currency that will only work in special cash registers and only one store.
    The other is like having the Federal Reserve print millions of banknotes.
     

Share This Page