Your generous donations help keep this site online! Click here to support
How to Neuter a :Cat
If you're already familiar with the device and its privacy implications, you can skip right down to the Neutering section :)

Info & Controversy 

Neuter your :Cat!
(disable the serial number with a simple hardware modification) 

(disable its primitive "encryption" with another simple hardware mod.) 

Confuse a USB Cat, too!
Yes, it exists

The Digital Convergence Cable
is just a regular old audio cable

The future of CueCat

DigitalConvergence has officially bitten the dust. Now what?

Get alternative interface software for your :Cat

Misc. Links

Intro & Controversy

As you may know, there are now free/inexpensive barcode scanning devices out in the wild. As you may NOT know, each of these devices contains with it a potential privacy hazard--a Globally Unique Identifier (GUID), a "secret code" that is assigned to each scanner when it is produced, that can be used by the parent company to tell your scanner apart from any other, and, in theory, to track your personal scanning, buying, reading and yes, even TV-viewing habits, and tie this information to a profile on you based on your scanner's GUID.

First, let's start with a little background: The scanners, referred by some in the user community as CluelessCats or, more commonly, "Colon Cats" (due not only to the odd punctuation of the actual product's name, but also to recent actions taken against users by its maker), connect to your PC's between its keyboard and keyboard port. The devices allow the user to swipe in the bar codes on books, product packaging, magazines, catalogs, coupons and ads to be taken to a Web site related to the product (swiping a book ISBN may take you to, for example). Best of all, these devices are currently being given away FOR FREE at selected electronics stores and through the mail. However, as you have probably guessed--just about anything "FREE" should set off warning bells--there is a dark side to all of this. There are three major issues of contention surrounding the barcode scanning device:

Tracking and profiling

The intent of the manufacturer is that companies will pay to license the ability to create barcodes in the :Cat's "special" format with their Web address embedded in them, and that advertisers will pay for ads and targeting info relating to data gathered by the software that interprets the scanned barcodes.

As mentioned, each scanner contains a unique serial number or GUID, contained on a programmable chip within the device. The software provided with the device must be "unlocked" before use, by providing information such as your name, age, ZIP code, demographics and a valid email address (hmm...) in order to receive a unique unlock code. In fact, it is in theory possible to tie each scanner from the factory to an actual name and address in meatspace:

If you doubt an ulterior motive to the barcode scanner, see these excerpts from the company's other site (which has since been taken down [pointed to the Cuecat site], for probably obvious reasons), DigitalDemographics:

DigitalDemographics' parallel mission is to gather demographic and psychographic information from our :CRQ users, subscribers, and :CueCat device users. Our goal is two-fold.
It goes on to say:
A cumulative databank is a compelling information tool. Ours is powered by multiple sources:
See the C|Net news article about the :Cat's privacy issues, and a related story about how their database of peoples' private info was bared to the world, and the extremely lax privacy measures that were in place to protect this personal data. While the company claims (don't they all) that malicious hackers hacked in and stole it, the fact remains that the company stored users' personal information unencrypted, in a plain text, world-readable page on their Web site! (The discoverer, as well as the relevant security groups, would like to re-iterate that this was NOT a "hack", but merely someone discovering a gaping oversight in the site's security--the server practically begged for the file to be looked at). The information has now been tucked away more securely, and the company has offered a free $10 gift certificate to those affected in attempt to pacify users who are now receiving spam at the addresses obtained from the exposed files.

A questionable End User License Agreement (EULA)
"If you give me a claw hammer and I crack nuts with it; have I violated any of your rights?" - jodo, in a Slashdot forum

Since the scanner device is designed and given away in order to make the parent company money, it's safe to assume they don't want people using the free scanners in ways other than intended, including as a product-inventory or cataloguing tool, night light, doorstop, flashlight, motion detector, etc....or especially using it without their user-tracking software. To this end, the company has been constantly expanding and re-wording the License Agreement bundled with the device. Originally a standard software license to prevent unauthorized copying, redistribution and disassembly of the decoder software, the EULA has since been modified several times and now includes a section implying that the free scanner hardware is also covered by this license. The revised license goes on to say that the hardware is not actually "given" to the recipient, but only leased--and that the company can demand the return of the device at any time. There are several problems with this license that make its validity highly questionable:

We can do anything we want to with it. We can destroy it, we can pee on it, we can set it on fire, we can strap gi joes and 74 bottle rockets to it and boldly send it where no cat-shaped bar code reader has gone before. We paid for it (granted it cost $0), it's ours. - dizee, Slashdot poster

Legal Threats against non-Windows users

As it turns out, the makers of the barcode scanner only provide interface software for Windows--the software that captures your name and email address, ties it to your scanner's serial number, tracks your preferences, etc. Some of those who received a scanner in the mail don't use Windows, and so wrote their own software to capture the device's input to the computer. The company responded by firing off loads of cease-and-desist lawyer letters warning Linux developers that Bad Things would happen if they didn't take down all their software right away. Specifically, the letters made vague references to Intellectual Property violations, without saying how any IP has been compromised by writing an interface program from scratch (known as "clean-room engineering"), or even what IP (copyright, trademark, patent, etc) had supposedly been violated. Again, there are specific problems with the C&D threats that can be enumerated:

Looks like just another bunch of crybabies with their panties in a knot because people aren't playing with their toys the way they intended, the way that makes them money.

Linux advocates and others using non-approved interface software with the device contend that it was the manufacturer's own stupid idea to give away free scanners, then try to retroactively force the recipients into contracts. (I for one am not complaining--I applaud them for letting me stop by Radio Shack to pick up FREE electronics; the photosensor and ultrabright LEDs these things contain will come in very handy for my senior design project :)

See the related Slashdot discussion, and the home of one of the original drivers, which includes a copy of the letter.

Neuter your :Cat
"The kindest cut of all"

This information is for the version that connects to your Keyboard. There is now a USB version of CueCat; and as far as I can determine, the "neutering" instructions are the same (the new :Cat also uses a 93C46-series EEPROM). The USB :Cat is covered in more detail below.

"Neutering" the :Cat scanner by disabling its serial number is fairly easy. If you like to take stuff apart, it'll be fun, too. If you're careful, this process is completely harmless to the :Cat (they have 9 lives, don't ya know)...but remember, if you happen to screw up and destroy your :Cat in the process, you can always get another one, they're free :)
Note: As with any electronic device, make sure the power is disconnected before performing any surgery on the :Cat.
Update: As long as your :Cat's under the knife, see below on enabling a hidden anti-encryption setting with a different small modification to the :Cat.

Materials required:

The first thing you need to do is remove the 2 or 4 screws (depending on which version you have) that hold the case together. Yank it apart, and remove the smaller screws that hold the circuit board onto the case. This lets you get to the underside of the circuit board, where the surgery will be performed. The underside of the board may look somewhat like this.

There are several models of the scanner out there, each slightly different--so yours may not look exactly like shown above. The board above is most easily recognized by the "epoxy blob" in the center (older versions have a square Toshiba microcontroller chip in place of the blob), and the words "(TM+H Rev 0.3)" printed on the other side of the board.
You may want to check out another page, "Getting your CueCat declawed", especially if your board looks different from the one above. This page contains a lot of technical descriptions, EE's out there will really eat it up <g>.

I will cover 2 different methods of disabling the serial number, both of which are fairly simple.

Have a good look at the circuit board above. While yours may look slightly different, all versions of the device have the same/similar ID chip on it. (Update: Newer revisions of the board have a strange 5-pin chip in the place of the 8-pin EEPROM, but it does the same thing. You can probably kill the serial# on this bad boy using the same methods below, or just pry the whole chip off the board.)

This is the chip marked with the red arrow above. It is an 8-pin device and, while you can't see it on the scan above, the number on the chip will be something similar to :

Think of it as all one number--it is simply split across multiple lines to fit on the chip. Again, the exact numbering may be different on your :Cat--but 93_46 should show up on the chip somewhere. The blue and green stuff above is not part of the number--the green represent the pins of the chip, and the blue dot represents a small dimple on the top of the chip (this will be explained later). As seen in HiTex' Chip Directory, the 93C46 series chips are EEPROMs, or reprogrammable memory chips. (These are programmed at the :Cat factory to contain a unique code.) The pinout is available here. As you can see, pin 2 is the chip's clock signal, 3 is data in, and 4 is data out--each of these pins are necessary to transmit the code! (Getting ideas yet?). To determine which pin is which, start at the small dimple on the top of the chip (this indicates Pin 1) and go counterclockwise around the chip. I've marked the dimple with a blue dot in the image above, as in the diagram below.
8 7 6 5
| | | |
|      |
|.     |
| | | |
1 2 3 4
Pins 2, 3, and 4 are marked in red.

Method 1:
This is probably the easiest method. Using your weapon of choice (pen-knife, razor blade, X-Acto knife, etc.), pry any one of the three marked pins off the circuit board so it doesn't make contact. Or, slice through the shiny green trace that connects the pin to the rest of the circuit. On my own :Cat I severed pin 2 (CLK), but it may be easier to reach a prying tool underneath pin 4 since it is on the end of the chip. Once this is done, your :Cat's serial number will be reported as ------------------.

Method 2:

[Click here for the scanned image]

This is my preferred method, since it sets your serial number to 000000000000000000 (which may be easier for decoder programs to accept as a valid serial number). I've tested this to work on the 0.3 revision of the :Cat, but can't guarantee success for other versions. Pin 4 of the serial chip is connected to what appears to be a small hole through the board. These holes are actually connections to the other side of the board. Place one end of a wire into the "hole" attached to Pin 4, as shown. Attach the other end of the wire to "hole" shown, which leads into the epoxy blob (controller chip). The hole shown is recommended (since I've tested it to work with this connection), but others may also work. This effectively shorts the output of the serial chip to a predefined value--that is, whatever voltage is on the conductive "hole" the other end of the wire is attached to. (Update: Upon further investigation it turns out this is in fact a ground node, and you can achieve this effect by connecting the wire from the EEPROM to any ground [that is for you non-engineers, anyplace that is connected to the "-" terminal of the board containing the red LED lights]) Depending on the thickness of your wire, it may or may not fit snugly into the holes--try to find some that fits snugly, bend it so that it will not be knocked loose while putting the case back on the :Cat, and glue the wire securely so that it can't come loose and short out other things. If you can solder the wire where it belongs, even better, but it'll be tricky.
If following the image above, make sure you don't have the board upside-down, or it will be a lot harder finding the right hole to jumper to :)

Remember to use an alternative input program / driver for the :Cat, and not the one supplied. Even though the hardware serial has been taken care of, the serial number in the supplied software may be transmitted for the same effect.

For reference, here are some sample scans (using showing the GUID information removed. Each was produced by scanning the ISBN from the back of a particular book.

Unmodified :Cat
Serial: 000000005763846002
Type: IB5
Code: 978068484914051500

Clock pin severed
Serial: ------------------
Type: IB5
Code: 978068484914051500

Data-Out pin shorted to Controller pin
Serial: 000000000000000000
Type: IB5
Code: 978068484914051500
NB: If you are getting inverted upper/lower case with Code 128 / 3 of 9 barcodes after performing a modification, switching the CAPS LOCK on will clear it up. The cause of this problem is unknown.

Another hardware modification, this one makes the :Cat decrypt its own output, without ANY software required :)
All it takes is one little wire.

For this modification you will need:

Note: As with any electronic device, make sure the power is disconnected before performing any surgery on the :Cat.

[Click here for the scanned image]

If you can do the "Neuter" procedure above, you can certainly perform this one too--but if you go this route, the "Neuter" will not even be necessary because the :Cat will output only a raw, un-encrypted barcode (no serial# or any such nonsense). I don't claim any credit for this; I just found a detailed explanation of Jeff Dobkin's discovery and decided to try it out myself. What you need to do is wire the +5V going to the LEDs and other logic to a certain pin on the board. (Note: I've only tried this on the (TM+H Rev 0.3) version because that's the one I've got, but have heard that a similar procedure works on other models. Experiment with the row of holes to see what works on yours :) While the board layouts may differ, the hole connected to R29 seems to always give the proper results.

There are several places on the board to get +5V. Probably the easiest is the +5V pin of the EEPROM, which conveniently provides a hole for you to stick a wire into (marked with 2 red arrows in the image). Another good place, if you care to use a soldering gun, is to simply solder one end of your wire to the big "+" on the LED (red light) board. Anything marked +5V here can be used. Now, put the other end of the wire thru the hole marked ("Hit me with +5V"), and your :Cat will output plain old un-encoded barcodes with no special software (and/or lawyers) required. Remember, if you got this cursed thing in the mail, it is your property to do with as you please, including stick wires into it like a Voodoo Doll. (Incidentally, if you got it from a Radio Shack, and they don't find out what you're up to, it is your property to do with as you please!  "Cop didn't see it, I didn't do it", I like to say.)

"Unmodified" :Cat scan, for reference:
(Note: Not technically "unmodified"; this is the same :Cat I already neutered to remove the serial number.)

After modification:

(In case anyone is wondering, this particular barcode is from a pack of CD-Rs that just happened to be within arm's reach of my computer :)

Probably the hardest thing is finding a good piece of wire, one that is narrow enough to fit into these holes but wide enough not to slip out, in addition to being insulated. I've found a piece of wire twist-tie works nicely, just cut to the desired length and slice off the paper/plastic on the ends to expose the wire. Slide these ends thru the holes, and kink them where the come out the other side so that they can't slip back out (& to ensure good electrical contact). Soldering would be ideal here, but since it's a hassle and not everyone has a soldering gun, the wire alone should be adequate.

Note carefully the side of the board you are looking at compared to the image above, and make sure they match. If the procedure is not working, experiment! The Rev. 2.1 board may actually be backwards from this, as explained in this guest article.

You'll note that there are a number of these useless-looking holes all lined up in a pretty row, you ask, "so what do the REST of them do?". Just for fun, I hit the rest of 'em with +5 (and GND) to see what would happen. A hole I applied the 5V to (which I've marked with a blue dot) 2 away from the "magic one" returned the following strange results when scanning the same package multiple times:

Each of these is of course a different swipe...running them thru returns something like:

Serial: ------------------
Type: PCD
Code: 5

Rather mysterious to be getting different results from scanning the same barcode. My own wild speculation is that these values relate somehow to the scanning speed or a "read quality" indication, and could be used to set R13 [amplifier gain?] at the factory). It seems to be change from one scan to the next, and does not return values on every scan. Anyone care to hazard a guess?
As for the other holes, none did anything very interesting--either they had no effect, or the scanner stopped working completely until the short was removed. Grounding them had no effect at all.

Note: The HO+E revision uses a different method. Chris writes the following:
I have the HO+E version of the cuecat and i wanted to tell you that i found the proper pins for shorting out the encryption. I simply shorted J2 (Led +5) with the feed for R29 (Two holes to the left of what is shown for your version of cuecat). I hope that this info can help you/others who have this version as i think this version is harder to find info for.
See also: Quick CueCat Modification Solutions - details the hack for three major CueCat board revisions. Also, an offer to hack your 'cat and mail it back for a reasonable fee.

USB CueCats
They look and act like your ordinary CueCat, except plug into your computer's USB port. The only difference is the USB :Cats enter a "sleep mode" after several minutes when not being used--the light in its nose will shut off, blinking quickly every ~ 3/4 seconds. If it sees a reflection of its own pulses during this time (e.g. from holding the nose to paper, as if to scan a barcode) it will "wake up" and be ready to scan again.

"Cat Scans" - The USB CueCat board

Contrary to the included documentation, the USB CueCat will work with Windows 95 OSR2. You will have to download a driver update first. Detailed instructions are here, but I should forwarn you of a problem I experienced with the instructions listed (aside from it basically saying, "Don't bother with win95, it won't work") : After downloading the first file (USBSUPP.ZIP) the CueCat worked on my '95 machine, but after installing the second file (USBUPD2.ZIP) it stopped working. If it works fine after installing the first file, and does not exhibit other problems, I see no need to install the other file.

Also remember to enable USB in your BIOS, if it isn't already. If the :Cat is plugged in but doesn't ever light up (even at the BIOS screen) this is the most likely culprit.

Anyway, there is a way to hack this :Cat to remove the serial # (same as the keyboard version), and also a hack to decode its output (just like the keyboard version). I have received a report of the "neuter" procedure causing the :Cat to reverse the case of alphabetical characters from Code128 barcodes.

To remove encryption: Find the chip marked HMS91C7316 (on the bottom side of the :Cat) and carefully cut/pry pin 5 to disconnect it from the board, as with the Neuter procedure. For those unfamiliar with pin numberings, see the diagram below.

16 15 14 13 12 11 10 9
|  |  |  |  |  |  |  |
|      K130A033      |
|     HMS91C7316     |
|o       0027        |
|  |  |  |  |  |  |  |
1  2  3  4  5  6  7  8

The blue dot represents a small circular dimple you should see on the top of the chip, which indicates Pin 1. Simply count counter-clockwise around the chip from Pin 1 for the numbers of all the other pins. Pin 5 is marked in red. Now the USB CueCat will output plain, unencrypted barcode data.

Digital Convergence Cable
 You may have got one, you may not...but they are at most Radio Shacks now. The Digital Convergence Cable, an audio patch cable that runs from your TV's audio-out to your computer soundcard's line-in. That's right folks, it's just an audio cable, nothing more. Move along people, nothing to see here. No chips or filters to hack around with or rip out for your Senior Design Project.

All in all, it is a decent quality mono audio cable, about 25 ft. long, with a male/female combination RCA plug (as a pass-thru) at one end and a stereo plug at the other end, the kind found on most headphones and just about anything that plugs into a soundcard. Don't let that stereo plug fool you though--it is a mono cable, with only 2 conductors all the way down the wire. Yes, I cut it open and checked, because a stereo cable would be really nice.  Here is the cable, with one plug sliced off and wire end stripped.

The standard privacy warnings apply (and then some!) to using this cable for its intended purpose of reading CueCat audiocodes from your TV set--this is a good way to tell a notoriously loose-lipped company what kind of TV shows you watch, but doesn't convey to you, Dear Consumer, anything useful in return. (What? TV commercials can send links to rich-media adverts right to my computer? Wowie-gee-willikers, Batman! Sign me up right away!)  Not to mention needlessly tie up gobs of CPU horsepower, while the CueCat software performs realtime Fourier transforms(??) on the incoming audio in the vain hopes of finding a split-second DC audiocode in it somewhere.

This of course doesn't stop you from not installing their software, and using the cable to copy amusing audio clips to/from your computer, or attaching a microphone to it to record sound up to 25' away. Attach a carbon mic and clip it to your bird feeder :)

The future of CueCat
Now that DigitalConvergence is out of business (whether or not they have the balls to admit it), and Radioshack has run out (maybe), where do you get CueCats? Will they ever be useful? Will DigitalConvergence live to sue again?
Many of DigitalConvergence's assets, including the remaining inventory of about 3 million PS/2 :Cats and 1/2 million USB :Cats, were purchased by Electro Mavin, which now sells them for a median of $6 each (between $1 and $15, depending on type and quantity). Additional :Cats can be found auctioned on EBay and similar sites, or at some of the lesser-trafficked Radio Shack stores (for US residents, anyway). To my knowledge, DigitalConvergence still retains the patents and design info, which has not been released. Not as though it would be *that* hard to engineer from scratch ;)
It was a good time of hacking them, but when you get down to it I think we've hit the limit of how far CueCat hacking can go. So far, you can turn them into regular barcode readers, add a power switch for mobile computing, or strip out most of the guts and make them into flashlights. You can't turn them into clock-radios or anything like that, but they're still useful for cataloguing your CDs, library checkout, inventory, point of sale...and parts. (Someone I know is harvesting LEDs and photodiodes out of them for a top-secret freespace optics project. Shh!)
And don't worry folks, those lawyers won't be bothering us any more. As much as they don't want to admit it, DigitalConvergence took a "dirt nap", and I don't think they'll be coming back.

Alternative software / drivers

Important: You may be able to use the :Cat as a normal (unencrypted) barcode reader without any special software at all! If you don't mind taking your :Cat apart, see this page explaining the "secret" anti-encryption jumper right on the :Cat's board (and/or the quickie instructions above).

Alternative CueCat drivers
Mirror list containing drivers and other info.

Software to create your own :Cat barcodes


"Cat and Mouse Games" Essay (Dr. Dobb's Journal)
"Stupid Companies" Essay, many :Cat links
Disable :Cat's encryption right on the board!
"Cat" Scanning device may track users online
CueCat users' information let out of the bag
Consumer details exposed on CueCat site
Getting your CueCat declawed
Slashdot Coverage and more and more
CueCat Software Spies on You!
CueCat: Corporate and Clueless (ZDnet rant)
Quick CueCat Modification Solutions - Instructions for performing the "Decode" hack on the three major boards, and offers to do it for you for a small fee.

"All trademarks are hereby acknowledged as the property of their respective holders."
Lawsuits suck ass.

Permission is hereby granted to make copies of this page & related files, and/or mirror these materials on other servers.