Dissecting Shaw's Systems
by Sect0r F4ailure
To begin with, let me outline the systems I have encountered at Shaw's (the New England supermarket chain).
As a cashier at one of their branches, I have learned some interesting things. Once in a while, the systems crash and I watch as they start up. This is what I have gathered: the Shaw's cash register is really nothing more than an old 486 running at 100 MHz. It has an AMI BIOS, but a special keyboard. It has an Ethernet connection to a main server somewhere in the building, which is usually in a locked room. You might find this central machine in a closet in the break room. I have also encountered systems near this which are unlocked.
They seem to be used for entering prices and/or modifying anything else that needs to be changed. In the Shaw's that I work at, there is one system running some flavor of UNIX (I don't have access to it usually and it would look suspicious if I started looking at it) and one machine running Windows NT. The cash registers downstairs run DOS 6.something.
Their Ethernet connection to the main computer allows them to send out all of the bank card data to be verified and has the ability to update the food database. There is no Internet connection, only the Shaw's intranet.
Cashier Machines
When you are at the checkout, you see what appears to be a cash register.
What it is in all actuality is an old x86 system (see above). The keyboard has been modified so that all of the standard keys have been replaced with keys functioning as cashier-related items, with the exception of a numerical keypad. This keypad is used to code-enter Price Look-Up Codes (PLUs) or un-scannable items. It can also be used to enter the amount of tender which the shopper hands over.
In the back, there is the standard serial port setup, which includes a keyboard port. You can plug a 104-key keyboard into this and play around with it.
Here are some keys of interest:
MGR - Manager override, required for higher functions such as voids. Located on the bottom-right.
Code/PLU - Used when an item is unscannable or if produce is bought. Bottom-left.
Check Tender - Used when a person writes a check. Requires that a Shaw's card has been entered. Top-middle.
Check 2 - Same as above but doesn't require a Shaw's card.
Cash Tender - Self-explanatory.
Total - Totals out the order and gives the final amount the customer owes.
Void - Voids out either an entire order or a selected item. Manager authorization required.
EFT - Used to activate comms between the little card scanner and the PC. Green.
There is also a Shaw's Charge button, which for all intents and purposes is like cash tender. There is a Scale button somewhere in the area of the tender buttons, which is used to weigh items that need to be code entered.
If you see a black flip-book on the left-hand side of the keyboard, ignore it. It is being phased out and the keys on it are useless. Usually, if you look on top of the machine (between it and the platform which holds the monitor), there is a book which contains most of the PLU numbers for produce and cigarettes, as well as a selection of grocery items.
It's used like this (after logging in): [PLU Number] Code/PLU
Or you can just scan an item.
You can suspend the order by hitting Suspend/Recall on the bottom. In case you were wondering, you take out the last item with Shift+Backspace.
Shift+Tax Exempt allows you to enter a tax exempt number, which removes the tax on the order. I don't know if this will accept any old number, but as I remember it (and this is probably wrong), the tax exempt numbers are six digits long. But that requires that you be logged in, which is explained next.
Logging In
This requires one of the employee passwords.
You don't necessarily want or even need to have a supervisor login immediately. They all get the same cash register screen. The login is the Social Security number of the employee. You then enter it into the login prompt and get the blue register screen, where you can proceed to hit Total and view the contents of the register drawer.
To sign on once the SSN is entered, hit the Sign On/Off button on the right-hand side of the keyboard.
Then you can play around with the PLU codes in the book - just keep in mind that if you tender an order that was never placed, the drawer comes up short when it is counted. Not to mention that without a manager override, you cannot take out anything more than the last item.
Another useful keyboard shortcut is Shift+Check Tender. This prints out what is referred to as the check report. This is usually a long list containing many credit card numbers and information on checks processed.
There is also a black book, usually located on the left-hand side of the machine, hidden from view. It contains bottle slips, coupons, and the receipts printed after each credit/debit order, amongst other things.
The credit orders have the card holder's signature on them as well as their entire credit card number. In my experience, the last terminal in in training mode and is used to each the new cashiers how to use the system effectively. It is of relatively little use, as it has no orders processed in it unless the store gets really hectic.
Managerial Functions
Managers' SSN can provide overrides.
This is useful when a void needs to be done or something goes wrong with the tender. Usually you can just hit Clear/Cancel and the error will go away, leaving you where you started off. Keep in mind that self-authorization is against system policy, and so if you are using a manager's login for the register itself, you will not be able to do overrides with that same manager's SSN. You should obtain a standard cashier's SSN and log in with that.
You might also be interested to know that you can void any amount you wish by entering the number (without a period - so $10.59 would become 1059), hitting Void, MGR, entering a manager's authorization, and pressing one of the departments (next to the numeric keypad.)
This means that the drawer will have more money in it than the system thinks it does. You can also enter an amount which an item may have cost then one of those department buttons, which is like scanning an item from there. I think there is a department limit of $100 on this type of entry, which can be overridden by a manager (MGR, Auth, Enter)
Logging Out
Hit Shift, enter the SSN you used to log in, and hit Log In/Out (this is close to the top right-hand corner, and I may have the name of the button wrong from memory).
Alternatively, you can hit Log In/Out, enter the proper SSN, and hit Enter. You must use the same SSN to log out as you logged in as, or you will have to override it with a manager's SSN.
One more thing to note: if the cashier is logged in at the time you try to log in, the system won't let you. Same is true vice versa. Don't log in with someone's SSN and then have that person try to log in ten minutes later - they will call a manager, who will know immediately that something is wrong.
The other interesting manager function doesn't require you to be logged in at all.
At the login prompt, simply hit MGR and enter any valid login - it doesn't necessarily have to be a manger's, surprisingly. This will print out a report on the printer which looks something like this:
Now, most of that list is a total of sales and losses.
You might want to check out what the status of this person's record is, but that is of less interest than what follows it. After the report is printed, you are given the option of entering one of the commands listed above.
Maybe you want to make the $8 coffee free? Well, that would be stealing, but you get the idea.
90 is of interest because once in a while, the store puts you on a singles tray for a week and monitors your drawer. Basically an audit. Gee, looking at the list, numbers 68 and 90 pop out. Try printing those.
Go buy something small from a cashier. Take a look at your receipt. Their cashier number should be on it, usually a two digit number located at the bottom of the slip.
Also, watch when people punch in and out - they use their employee PIN number to do so. This is usually five digits long and is displayed as they type it in. This can be used to get into the bottle room computer and the training computer, to name a couple of uses.
Gaining a Valid Login
This could prove more difficult.
The easiest way to get this number is to watch as the employee signs on and off. This might be difficult to catch, though, as it only happens once in a while. Here is a trick you might be able to use to your advantage: the little card reader in front can be rebooted by pressing the two keys on opposite corners of the keypad simultaneously.
When this happens, you will no longer be able to enter any credit or debit cards until the employee signs off and back on again. Now, keep in mind that they can enter a credit card by hand and cash doesn't need this little machine, so make sure they only see the debit card you brought, as they cannot enter that by hand.
The employee will have to suspend the order and sign off, which requires a manager override. Also keep in mind that the employee can backspace out the last item, so make sure there are at least two items in your order. Watch carefully as the manager comes over and enters his SSN for the override, and then watch as the employee signs back on. They are usually very quick about sign-offs and sign-ons, so you'll have to watch closely.
Other Computers
There are two other computers which I feel are worth mentioning.
There is one in the bottle room, used to enter bottle returns via a scanner or by touch-screen. This computer is not owned by Shaw's, and therefore it is not under their control as far as software is concerned. They rent it from another company.
The computer runs Windows 3.11 in the background and is a joke to hack into. Alt+Tab, Ctrl+Esc, Ctrl+Alt+Del, or any other Windows keyboard shortcut will break out of the kiosk.
You can then use File -> Run (most of the program groups have been deleted) to run any command on the computer.
Useful commands: winfile, sol (serial-over-LAN), winmine, command, control, etc. You get the idea. Just a standard Windows 3.11 setup.
It also has some interesting stuff in AUTOEXEC.BAT which might be worth taking a look at. There is a database stored somewhere on the hard drive which contains every single employee's PIN number, and I think maybe (although not so sure on this one) their SSNs as well, including all the managers'.
There is also a slow modem attached to the bottle computer which is used by the company who owns it to download the daily reports, etc. The number may be marked on the phone jack this is attached to. The line is again not owned by Shaw's, so you won't be interrupting any company communications. In all the time I've been working at Shaw's, I have only seen this actively transmitting data once or twice.
There is also the training computer for new employees. Ask where the public bathrooms are from any employee - it is likely that this computer will be behind a closed door somewhere near this. As far as I can tell, it is running Windows 98 or NT. It has the standard Windows protection scheme. I haven't taken as close a look at this computer as I have the others, so I have no idea how to hack it or what security software they run. But it is relatively remote and concealed, and as long as there are no new employees being trained, you will probably not be interrupted while looking at it.
There is a training program which certifies new cashiers. Every new trainee must pass this entire program before they are promoted. I can't remember whether it is the SSN or PIN that is used to log into this computer, but it is one of them. There is a database stored on this computer which contains all employee SSNs as well, so if you can hack it, you might be able to get this database. I am not sure whether or not this computer is connected to the main computer, but it seems likely. If you don't want to be interrupted while hacking a computer, this is the one to choose.
There is always the employee log. This is accessed through one of those black boxes mounted on the walls. Usually, there are three or four of them throughout the store. Find one which is in a low-traffic area and start playing around with it. The employee 5-digit PINs are used to punch in and out, although the machine will accept any number you give it. If you have a valid employee PIN, you can punch them in or out at your leisure, although they will no doubt notice this on their paycheck and ask about it.
Records are kept in writing about when an employee comes in and leaves, so other than being a small bother, this has little effect. Look on the top of the machine. There are four long, gray buttons. The only one which I remember the function of offhand is the one on the far left. Hit this button, then enter an employee PIN. You will get a menu which allows you to recall the punch history, amongst other things. Play around with the other buttons on top to your liking.
Note that I do not condone hacking if you are going to steal money or cause problems with Shaw's systems. The employee whose SSN or PIN you use could get into a lot of trouble, or even fired, if you are not caught yourself.
Don't steal money from the drawers. Don't be an idiot. Happy (and safe) hacking to you all!