Almost two years ago, Safaricom Ltd extended the scratch card code from 12 digits to 16 in-order to increase the computational time required to break the code thereby making them more secure. However, system theory acknowledges that systems expose their weaknesses at points of change. I set to find out if the move to higher dimensionality introduced a weakness in the scratch card hidden reload number. To begin the analysis I formulated the following assumptions to guide me in the process.

- The grouping of the hidden reload number into four digits does not reveal the mechanics of the number generator.
- Increasing the hidden reload number by a factor of four digits provides more data for statistical analysis.
- The hidden reload numbers are separated into groups of four digits only for the purposes of ease of reading.
- The hidden reload number represents a 16 digit number generated by a random number generator.

With the assumptions in place I set to curate the data set, my collection of scratch cards came in handy *(448 in number).* In understanding each digit has relevance with its position, I created a data set with 16 variables each holding the positional value of the digits as shown below with an additional column of sum of the digits.

Now, here is where everything get’s interesting, mapping the sum of digits produces a near perfect normal distribution as shown below. According to the Central Limit Theorem, the sum of *n* independent and identically distributed random variables tend to be normally distributed as *n *becomes sufficiently large. In layman language, it simply means we have proved that the digits are indeed randomly generated which confirms my third and fourth assumptions.

Next, I asked the question, what if within the digits there is a pair that is linearly or otherwise dependent. So, I set my favorite software WEKA to find any rules within the data in a process known as association mining. Running the apriori algorithm with default settings produced results shown below:

From the results I knew I was onto something, there is a relation between the third and sixth digit with a confidence interval of 1 *(meaning the rule always works)*. To better understand the relation I loaded the dataset to R statistical analysis software and used the plot() function to visually inspect the relation between the two variables. The diagram below made me go Bazinga! It is a linear equation.

If X > 0, Y=X-1, otherwise Y = 9. Simply put, if the third number in the scratch card is greater than 0 then the sixth number is the third number minus one, but if the third number is 0 then the sixth number is 9. Pick up any card and test the formula, in a cryptanalytic sense, I’ve broken part of the code used to generate the hidden reload number of Safaricom scratch cards.

Download the dataset here https://www.dropbox.com/s/dvkpoq35u9bmy2t/Hidden.csv?dl=0

WTF! you mean its a fact?

Lemme try it out, have gat bamba 10. lol

LikeLike

Its a fact,true statistics.Still working on 14 digits.

LikeLike

i have nt understood please sent me how i can now create the digits after your assumption…

LikeLike

sir,,could you tell me which course should i undertake and in which university …..would like to speak the same language as you…..”weka,,R,,Sas,, blablabla…otherwise it won’t be amiss saying .u r great nigga..

LikeLike

also give me hints on what should i expect 2b .aft the course…thanks

LikeLike

how can i get the codes nigga???

LikeLike

cool kid. there is only one question. when i look at the equation i wonder how if you reverse the equation given a random digit, the result is always fascinating. so why not split the numbers and see the magic. Safaricom wishes we assume the number is one but actually there is more than one generator whose a logarithm is quit simple.

LikeLike

[…] data of his Airtel scratch card collection and asked if I could perform a similar analysis to the Safaricom blog post. I was up to the ask and opted to apply a couple of techniques I’ve been trying […]

LikeLike

Am nearly gettin 3 other digits and i guess it won’t take me 3 yrs before i break the codes…You can join me into this new orgnization am creating (M.U.I.T.I) Members United In Technology Innovation…follow me in fb #aul Muiti,whatsapp +254701729321,Email paulmuiti9@gmail.com and u will learn much more.

LikeLike

what about the formula of the overall digits………….thanks am almost there @

LikeLike

congrats! i will like u to inbox me the real procedure that u used to crack the credit cards.

LikeLike

Hi…. Enjoyed this blog …… Do you still go on with the analysis?

LikeLike

Yes, I still do.

LikeLike

I’m a hacker too….wtf we collabo and do this together…email ezramwangi3@gmail.com…got some projects 2

LikeLike

Okay, send e-mail to the Get in Touch tab.

LikeLike

Criasly i dont understand all this concepts..

LikeLike

I really like it and have a great interest in computer security, and ethical hacking, but please guys don’t take this for granted. Do it only for educational purpose, not anything else.

LikeLike

Thank you, it’s all ethical.

LikeLike

u really challenged me and i went on to find other more relationship between the digits and guess what am almost there…i jus need a couple of hours to reveal the whole thing!

LikeLike

That was big mental exploration….am an undergraduate in applied statistics and by at most 2years I will make this my main case study.

LikeLike

Go ye and explore. Thanks.

LikeLike

hey orwa, I think this is interesting, have you ever recharged your sim using this idea

LikeLike

Not yet.

LikeLike

hit my email dude,,i have private conversation

LikeLike

can this work by used airtime scrach cards

LikeLike

Yes.

LikeLike

whatsapp me just text hacker my number is 0707210794

LikeLike

hello….I think I got it….after several months of analysis.I finaly found out the alogarithm behind generating the codes.

LikeLike

Do share your analysis.

LikeLike

Hey orwa since I first read this article I have been in its hant bt not yet yeild….any proceedings in your side or any more steps ….???

LikeLike

Hi Hulk,

Unfortunately I haven’t had the time to perform further analysis. It’s my hope that others can pick up from my analysis and make progress.

Regards

LikeLike

Share your analysis I have also broken another part after collection of 50 Safaricom used recharge cards

LikeLike

All my analysis is shared on this blog. Do share yours!

LikeLike

Hello guy I am currently doing my post graduate in Applied Statistics and have recently been wondering about the whole concept behind the randomization of the numbers used in credit cards as well as scratch cards. It is very awesome to find other people such as myself who are trying to break the code. I employ you to continue analyzing the whole concept and as I join in the research may we work towards success.

LikeLike

Thank you Michael for the encouraging words.

LikeLike

[…] about 2500 mentions on Twitter and the blog stats were on steroids – you can read about this here. I guess this was me living up to my […]

LikeLike

Not yet got the concept…….

Whatsapp +254710398529

LikeLike

Please send me the access at kanyiri01@gmail.com

LikeLike

Which access?

LikeLike

can i get the app to my phone i like this teachings .nice one.

LikeLike

Which app?

LikeLike

Blackowa you think the theory is still in place and working

LikeLike

Yes, it is.

LikeLike

based on all cards or just specific cards

LikeLike

Based on all scratch cards.

LikeLike

Ok Thank you..But i tried once and i could not make so i dont know why but may be i didnt get the theory well..May be you can explain to me Abit sir if you are willing to..i mean the third and sixth theory or may be another theory if there is

LikeLike

how, show me.

LikeLike

BLACKORWA,GOT ANOTHER BIG STUFF SOMEWHERE,WISH TO SHARE AND SEE WAY FORWARD, WHATSAPP 0717723863

LikeLike

Just share via e-mail.

LikeLike

I have now discovered the sequence of the first eight digits of the scratch card.

step 1

take cards that are attached and of the same denomination.

step 2

compare digits 1,3 &6

step 3

compare digits 2 , 4 & 7

step 4

compare digits 5&8

LikeLike

wow it is interesting how it works you really a top rank genious ,please share the ideas with me.

LikeLike

So if I work out the digits that will be a valid credit?

LikeLike

Yes

LikeLike

Get in touch with me on my email. We need to talk. Love your work.

LikeLike

Drop a message on the Get in Touch page. Thank you.

LikeLike

Get in touch with me on my email. I love your work. We need to talk.

LikeLike

i like this Orwa, send me your number, we work it out together 0702036850

LikeLike

HI? how is it going.. im interested

LikeLike

I love your work let’s talk on e-mail

doguti1260@gmail. com

kindly email me

LikeLike

hello guys…we need to form a group on whatsapp.my contact is 0707857731

LikeLike

my account got blocked

LikeLike

Which account?

LikeLike

Please I have not understood now email me on hw to create the other digits other than the 3rd and 6th..

Email dlamarau85@gmail.com.. Please send

LikeLike

Please inbox me

LikeLike

help me understand please i have understood abt 3rd & 6th digits..

bt how can i now make a credt i mean hw to deal with the remaining digits

LikeLike

Hey Sterno help me please understand this

LikeLike

Since you posted this, they have acquisitioned an algorithm from a German Company and other safeguards such as regional 16- digit codes, minimising the number of attempts and only activating the cards once it has reached the destination. Attempting to bruteforce their security network is hard man. The Chinese tried and were caught. The data set is invalid at the moment.

LikeLike

Interesting developments

LikeLike

Waaoh! That’s really #Magical. But, I really like it Men. It’s on your way to have the equation, to meet the #Solution challenge.

It’s #Awesome

Keep Up.

LikeLike

[…] Breaking Safaricom Scratch Card Code | BLACKORWA – Breaking Safaricom Scratch Card Code. … if the third number in the scratch card is … I’ve broken part of the code used to generate the hidden reload number of … […]

LikeLike

gud wrk

LikeLike

Atlast I Got There, My First Way Out Worked, Am Currently Enjoying 500 Airtime

LikeLike

Great

LikeLike

genius!!

LikeLike

Haha Crazy Geeks in Kenya and yet they say Africans have no knowledge people like you should stand up and show what you can do… A flying car should originate from Kenya I see we have the right people.

LikeLike

Just asking… Can you know how to create safaricom bundles?

LikeLike

Have not figured that out yet

LikeLike