[NEW] Green Pass Generator

[Maxelweb]

Possible source: https://github.com/ps1dr3x/greenpass-generator/

Checker with feedback on why is not valid: https://floysh.github.io/DCC-green-pass-decoder/

[Maxelweb]

Add green-pass-gen branch (https://github.com/Maxelweb/QRCodeAnalysisCNS/tree/green-pass-gen) from @Kero2375

Renamed to feature/gp-gen

[Maxelweb]

Error example in decoder

⚠️ This is not an EU Digital COVID Certificate TypeError: Invalid attempt to destructure non-iterable instance. In order to be iterable, non-array objects must have a [Symbol.iterator]() method.

Decoded text: 

HC1:6BFA 9B8OYUOUS3:+H:ISJMOZIO4GS$L005SD7GXO1JVG4FAUNHBFRKZ4UUPI-NXKN9UB3%R$S0$ ON7E*$QF:262S%$O.HO%DKCRJW07DY0XMU%DU/1T:BQ0WF7B9PVP0:DCXPYG86RPM+C7P9XDIXZC5UA*N0GR108E+Q1C-PBLPHA65+4-3LUZK.IBFE2YK9WYD40SSU4ZB8 DUK.5S6O1DQ3NLZOE VH+OP JGXFQQW654PQ+5CK4*U1NERFGE7E8UR1*68M45WAGIM7-FQ/AATAM0:A*NMKN9UZ2 49TGN5C5 46P TCYS2XPZT0QSU-$VM*7+AR:6NU0Q-:DB02K24I/H%0P44J$8O2G7N.GBKKGO9EWAN:OLX8BV94O9LB2+BTI%0QSB+5N5$U*822TEMXH+*E%7JWXAN49U4IT1L+7FZX9PNDPHQCX4TI79UPK+FFIT:ASFJL/PUCEHB*NA3C7%FQT3E2S/1KX.KBTN$0UQTAE 3E7LH18EKDA FT2O$2UVXO7 S$WV-5BG:RC0B6+15P7FAU:V4*QH

[Maxelweb]

When generating the QR Code and trying the decoder.py i get:

root@a59344dde06d:/app# python decoder.py

'HC1:6BFQ$9408:NA9S29PUDBBSQ6HQPCF4MEGPC3KHIJ6E4BO*I4:*MLY6B-62HD1+O$2SC:BASD%VL6BN2X8FAJ3UBYFR*-VU*5VFJ7E4AHT0US7BCP8TB/8+ALO*4JYUI7QC UGVU3ABNQ2DHE1ASHB6J/4WRVU6T9PU+ZC B5M5JUC1:7F691-56T96TGR+-799GK$NR8LWA4 11CGQY20V8DTAW*5JYM910R.NA9002U8/98RC5VAIT223U83X8VGDLGICHS5DJX91U0U+3CD81E-J6*GU0T/86U.U6/4ULA6X3*ZJ:O15+5KWHZQBOZH7CHY4MXO122PZ1A41SV3RSRE*JUH N2J0:DDJ.LDLF61S:-Q4:QZZ5O9FQ%I2:9AH4FU6H CLJ576O9A1AR5S0N56OR%7Q410BC45MRPE4EUUBF8+MA25869ZUO *5%WV$64361%NC9F9XFH%M1.ZNPXE3+30%RQUHJCHWMI$REASRS/ASIBT3NPRHU*JF3HNRD%ZTESIW4M2NHX829PP6GKZ/0ZWP:6C%HBY6N19M 14.-DL0I-FWC9O3$F*XQLYN+:SQMFRZ3JNNLQAC3WTWM+-TYF90:VYTSKDS43U9TLA2ATYG-LD5.R37S:1BOOTK-D:5G WVF/19WC+1'

Traceback (most recent call last):
  File "/app/decoder.py", line 59, in <module>
    (_, (headers1, headers2, cbor_data, signature)) = flynn.decoder.loads(qr_data)
ValueError: too many values to unpack (expected 2)
root@a59344dde06d:/app# 

using this qr code:

if I remove the first underscore from (_, (...)) works perfectly

[Maxelweb]

Possible brute force script (old post): https://github.com/ehn-dcc-development/hcert-spec/issues/103#issuecomment-952657744

[Maxelweb]

@Kero2375, Decoder still not working, but VerificaC19 works.

We found 2 bugs:

• We advanced till the signature verification step, which obviously fails, but now we can get to see Name and Birth date
• We found a bug with the date, where it goes in overflow and you can make addition based on the numbers inserted (ex. 2000-01-32 is converted in 2000-02-01), but the app does NOT crash

[Maxelweb]

We'll try from here some more dict for android: https://github.com/google/fuzzing/tree/master/dictionaries

[Maxelweb]

Add documentation on feature/bugfix in the readme.md

[Maxelweb]

No crash for now, we'll try this: https://github.com/danielmiessler/SecLists/tree/master/Fuzzing

[Maxelweb]

FuzzQR Results

@donadelden

We published our results in the following link, under the folder CNS-RESULTS: https://cns.dev.debug.ovh/ We have tried different approaches with different dictionaries (symbols, mixed ascii characters, long strings and so on). We reported 5 experiments in total with the following structure:

• screen/ containing all the screenshot to see the results from the scan
• test.txt which are the words tested
• qrcodes-error.txt if some QR was too big to scan or the smartphone was unable to recognize that particular QR, so it has been skipped.

Anyway, we were unable to make the app crash, though our toolkit is effectively working with no problem at all. We are reporting in the feature/bugfix branch also the readmes containing the instructions on how to install and execute our script. Moreover, we are also writing the paper on overleaf with a deeper explanation of our toolkit.

[donadelden]

Good job, guys! For the final essay, remember to use a nice template (e.g., IEEE Transactions) and insert everything you did (the analysis on the Green Pass scanner, the "bug" you found on the date, the design and implementation of the fuzzer, some possible future works, and so on). And then, feel free to ask me for a feedback before submitting it ;)

[Maxelweb]

Good job, guys! For the final essay, remember to use a nice template (e.g., IEEE Transactions) and insert everything you did (the analysis on the Green Pass scanner, the "bug" you found on the date, the design and implementation of the fuzzer, some possible future works, and so on). And then, feel free to ask me for a feedback before submitting it ;)

Yes, absolutely. Here's the link to the overleaf project (readonly): https://it.overleaf.com/read/kvzbmwgtysms Also, we thought about a possible name of the toolkit: FuzzQR. Sounds good?

[donadelden]

Yes, really good! I briefly checked the paper and it seems well structured up to this point. Also, you can remove my name from the authors :) Thanks!