A lawsuit filed in California by concert giant AXS has revealed a legal and technological battle between ticket scalpers and platforms like Ticketmaster and AXS, in which scalpers have figured out how to extract “untransferable” tickets from their accounts by generating entry barcodes on parallel infrastructure that the scalpers control and which can then be sold and transferred to customers.
By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
So Ticketmaster and AXS are suing to maintain their monopoly on scalping?
Yes they’re TOTP codes and Ticketmaster gives you the secret. You do in fact have the ticket.
In the blog post, Conduition explains that, essentially, these tickets work in the same way as two-factor authentication codes in authenticator apps. These are called “Time-based One-Time Passwords,” and can be generated offline (like a 2FA code). Ticketmaster basically shares a secret, unique token with the person who bought the ticket. This token allows the Ticketmaster app to generate a “new” ticket every 15 seconds based on the time of day. Once the device has this token, it is possible to generate the tickets no matter whether it’s online or not. As Conduition found, if you’ve bought a ticket, this token can be extracted from within the Ticketmaster app (or, in some cases, from Ticketmaster’s desktop website), exported to a third-party platform, and tickets can then be generated on that third-party platform.
