Fun Facts About Wal-Mart (Winter, 2001-2002) -------------------------------------------- By A.W.M. This is just a follow-up to the article entitled "Hacking Retail Hardware." It provides a little more detail on the technical aspects of Wal-Mart. Customer Activated Terminal Wal-Mart refers to the debit pin pads/mag strip reader as a CAT - Customer Activated Terminal. Pressing the top-left button and Enter will only restart the CAT. Restarting the CAT can also be accomplished by removing the Enter button and making metal contact with the silicon chip below in the right-bottom corner. As far as the "Enter Password" prompt goes, many a password have I tried (1234, the store number, WALMART using the equivalent number keys, WALUSA1, etc.). After an incorrect password has been entered, it just finishes the rebooting process. I'm assuming the password will give you access to some kind of administrator menu. Also, the software stored in the CAT can be reinstalled through the register by using a key-flick and entering "18" and pressing the action code button. However, a valid operator needs to be signed on (read below). This also updates the register configuration. Other action codes: * 1 complete transaction void * 2 department sales statistics * 3 operator/terminal statistics * 4 department totals * 6 price inquiry mode * 9 training mode * 10 operator productivity * 14 memory usage * 18 register config update * 55 reload AT&T prepaid card * 60 print electronic journal data for previous transaction * 61 reprint previous receipt * 69 online cashier training * 91 transaction code lookup Wal-Mart Registers There is a universal sign-on for all Wal-Mart stores. However, I am reluctant to release that information. The user and password are the same for that operator. This operator number gives you access to the register (including permissions to perform overrides with the IBM 9952 or MM42 key or signing on to the register and performing a transaction to open the drawer). It also gives you access to the POS controller stored in the back room, which lets you do many, many interesting things: printing detailed confidential sales reports, changing the store name that appears on the top of the receipt, the trailer message on the bottom of receipts, layaway events (jewelry, firearms, optical, Christmas), and much more! Also - some interesting things about the registers: * There are USB ports on the back. * They use standard Ethernet cards in their registers; very often there are cables located in the lawn and garden and on the sidewalk for portable registers. They may use TCP/IP or something more proprietary; this needs more investigation. Unplugging Ethernet cable from a register activates "OFFLINE" mode. ("*OFF" will be in the corner of the screen.) All operator numbers are accepted with a key-flick and all supervisor numbers are accepted with a key-flick. * There are two interesting keys on the keyboard you can use when not signed in: S1 and S2. Pressing S1 and entering a number from 1-9 and then S2 will perform a function. I don't know all the numbers. There are ones that will give you messages about hardware problems, system diagnostics, terminal number, etc. SMART System There is also a universal login to the SMART (Smart Merchandising through Applied Retail Technology) system with user name "MANAGER" but I don't know the password. The SMART system gives you access to Perpetual Inventory, Keep It Stocked, Be A Merchant, etc. You can do price changes, scheduling, ordering, electronic journal (every transaction in the store in the last month (!), full details including whole credit card numbers), etc. This is a very powerful system. Users only have access to options granted to them by the store manager or co-manager. However, management tends to leave themselves signed on at various locations.... You can access the SMART system through the service desk using a computer running Windows 3.1. It gives you a menu: "WARRANTY, REPAIR, SMART SYSTEM." After clicking SMART SYSTEM, it opens a telnet session. It logs in as a user called "return." Pressing Ctrl+C after the login but before the system loads the SMART system executable will drop you to a $ prompt. uname reveals NCR and the version number. You can read /etc/passwd, which will give you root and other system users' encrypted passwords. You may also want to try and su a user called ptc with password ptc. The SMART system can also be used at the console located in the invoicing office, or at various dumb terminals in the back. The SMART system can also be accessed through the use of portable devices known as "Telxons" or "960s" depending on who you ask. (www.telxon.com has lots of details, but few technical specifics.) They run DOS... and you can access a DOS prompt. You get a menu like this when nobody is logged on: SMART PHARMACY CONFIG If someone is logged on, even better. You can explore! The ALPHA button lets you type in letters. When it's off it gives you access to function keys. * F1 help * F2 available commands * F3 exit * F4 accept * F7 previous screen * F8 forward * F10 finalize * F12 cancel Arrow keys control selection of menu, enter accesses (duh!). Press F3 several times and you'll get back to the main (SMART, PHARMACY, CONFIG) menu. Select SMART, press Ctrl+C a few times (ALPHA key on, CTRL is in the corner), and it will ask "Terminate Batch Job? (Y/N)." Press Y. You are now at a DOS prompt. There should be an A: and a B: drive. You can key in almost any character using a combination of Function/Shift/Ctrl/Alt keys. Now, to get back to the main menu, hold Function, Enter, and the ON button. Press the ON button several times when holding Function and Enter. This is, I guess, the equivalent of Ctrl+Alt+Delete. You can probably do an "exit" as well, but I haven't tried. Pharmacy Computers The pharmacy uses an RS/6000 running AIX or INFORMIX. However, at the login prompt entering "smart" (no password) gives you access to the SMART system. The pharmacy RS/6000 has a modem for prescription downloading(?) or something else, thus, remote access to the SMART system. How about marking down that Playstation 2 you ve been wanting? Or ordering 100 pallets of M&Ms? Oh, the possibilities! Sensormatic Handheld Deactivator This is what the door greeters use when the EAS (Electronic Article Surveillance) system detects an activated source tag. Theoretically, after an item is rung over the scanner, it should go by the deactivator and deactivate. But this is often not the case. The deactivator looks like a metal detector type thing. When locked into its base usually found at the service desk, the password is 1234 or the store number (found on the top of a receipt with the ST: prefix; e.g. 0347). Enter 5 to enable Manual Deactivate; press the gray button over a tag and it deactivates it. 6 is search mode doesn't deactivate, only searches. 3 is admin mode 1234 or store number is the password. This device completely stops working after two hours of being disconnected from the base to protect against someone stealing it. The base is usually screwed into the wall or service desk counter.