The readable date, hour and price are clearly to inform the user about the ticket he/she purchased. The code at the end seems to be an authentication code that might be used to check if your ticket is legitimate and not a counterfeit. The first number/symbol in the SMS also appears to have a special purpose as it’s not immediately clear for what it stands. The question is now how secure this system is.
According to the information page knowing your mobile phone number is enough to verify if you actually bought a ticket. This is again confirmed in the FAQ section in the answer to “What if my mobile phone’s battery is flat”. Here they state that in such an event you must give your phone number. They also say that a forwarded SMS ticket can be recognized as invalid, which is reasonable considering the ticket is registered to the phone number that paid for the ticket. From this it’s clear that you cannot cheat the system by trying to construct a fake SMS ticket, they don’t even need to see the code in the SMS to verify you bought the ticket! It means they store every SMS ticket sold combined with the phone number of the customer.
Nevertheless, the codes and numbers contained in the SMS ticket are still interesting. Let’s first collect a list of valid tickets by using the system and write down the information in an organized list:
Sender Nr Date Hour Code
+32476136809 09* 19/08/2011 17:41 1641t19bk527Q6a444464
+32476136808 08- 19/08/2011 08:50 0750s19rm527Q6f438993
+32476136804 04+ 18/08/2011 18:42 1742S18zk527Z4c436361
+32476136810 10* 18/08/2011 08:58 0758T18bk527Z4u429918
+32476136803 03* 18/08/2011 08:51 0751G18uz527Z4g429841
+32476136803 03+ 18/08/2011 08:51 0751G18vz527Z4k429838
+32476136815 15* 28/07/2011 20:26 1926L28tw527J1a265124
+32476136813 13/ 28/07/2011 13:44 1244I28us527J1n260332
+32476136816 16/ 06/05/2011 19:39 1839E06em527S4g349355
+32476136805 05/ 05/02/2011 16:44 1544f05vi527Z4m707955
From this we can derive several things. The first code 1641t19bk527Q6a444464 will be used to illustrate these observations:
- Multiple phone numbers are used to send the ticket. The first two digits of the SMS ticket (see the column named "Nr") correspond to the last two digits of the phone number that send the ticket to the customer. For the first ticket in the list the first two digits are 09* and the sender was +32476136809.
- The first four digits of the ticket code denote the time of when the SMS ticket was created/purchased. In the example code that time is 16:41.
- The sixth and seventh digit stand for the day of the month the ticket was requested. In the example this is the 19th of the month.
- The three digits in the middle of the code are the last three digits of the phone number that requested the SMS ticket. In the example the phone number of the customer is of the form 04xx/xxx527.
- Although the meaning is still unknown, the following letter and number (in the example Q6) are correlated with the date the ticket was bought on. Notice that for tickets that are bought on the same day the number is always the same for every ticket.
- The laster number is a counter that increases for every ticket created. In the example this number is 444464. This can be clearly seen from the two tickets bought on 18/08/2011 at 08:51. The first one has a number of 429838 and the second 429841. When this counter reaches 999999 it appears to be simply reset to zero.
- It's unknown what the other letters/digits are for.
The reason some of this info is easy to reverse engineer is probably so the bus driver can do a basic check of the code himself. Using the first two digits he can check if the ticket has been received from the correct phone number and with the first four digits of the ticket code he can confirm how long the ticket is valid. Even though such checks don't guarantee security, it does increases the practical usability of the ticket code. But as already mentioned, you cannot cheat the system. Since they record every ticket sold an inspector will notice the counterfeit ticket is not in this list, and thus know you haven't paid anything.
