Closed Maxelweb closed 2 years ago
Add green-pass-gen
branch (https://github.com/Maxelweb/QRCodeAnalysisCNS/tree/green-pass-gen) from @Kero2375
Renamed to feature/gp-gen
Error example in decoder
⚠️ This is not an EU Digital COVID Certificate
TypeError: Invalid attempt to destructure non-iterable instance. In order to be iterable, non-array objects must have a [Symbol.iterator]()
method.
Decoded text:
HC1:6BFA 9B8OYUOUS3:+H:ISJMOZIO4GS$L005SD7GXO1JVG4FAUNHBFRKZ4UUPI-NXKN9UB3%R$S0$ ON7E*$QF:262S%$O.HO%DKCRJW07DY0XMU%DU/1T:BQ0WF7B9PVP0:DCXPYG86RPM+C7P9XDIXZC5UA*N0GR108E+Q1C-PBLPHA65+4-3LUZK.IBFE2YK9WYD40SSU4ZB8 DUK.5S6O1DQ3NLZOE VH+OP JGXFQQW654PQ+5CK4*U1NERFGE7E8UR1*68M45WAGIM7-FQ/AATAM0:A*NMKN9UZ2 49TGN5C5 46P TCYS2XPZT0QSU-$VM*7+AR:6NU0Q-:DB02K24I/H%0P44J$8O2G7N.GBKKGO9EWAN:OLX8BV94O9LB2+BTI%0QSB+5N5$U*822TEMXH+*E%7JWXAN49U4IT1L+7FZX9PNDPHQCX4TI79UPK+FFIT:ASFJL/PUCEHB*NA3C7%FQT3E2S/1KX.KBTN$0UQTAE 3E7LH18EKDA FT2O$2UVXO7 S$WV-5BG:RC0B6+15P7FAU:V4*QH
When generating the QR Code and trying the decoder.py
i get:
root@a59344dde06d:/app# python decoder.py
'HC1:6BFQ$9408:NA9S29PUDBBSQ6HQPCF4MEGPC3KHIJ6E4BO*I4:*MLY6B-62HD1+O$2SC:BASD%VL6BN2X8FAJ3UBYFR*-VU*5VFJ7E4AHT0US7BCP8TB/8+ALO*4JYUI7QC UGVU3ABNQ2DHE1ASHB6J/4WRVU6T9PU+ZC B5M5JUC1:7F691-56T96TGR+-799GK$NR8LWA4 11CGQY20V8DTAW*5JYM910R.NA9002U8/98RC5VAIT223U83X8VGDLGICHS5DJX91U0U+3CD81E-J6*GU0T/86U.U6/4ULA6X3*ZJ:O15+5KWHZQBOZH7CHY4MXO122PZ1A41SV3RSRE*JUH N2J0:DDJ.LDLF61S:-Q4:QZZ5O9FQ%I2:9AH4FU6H CLJ576O9A1AR5S0N56OR%7Q410BC45MRPE4EUUBF8+MA25869ZUO *5%WV$64361%NC9F9XFH%M1.ZNPXE3+30%RQUHJCHWMI$REASRS/ASIBT3NPRHU*JF3HNRD%ZTESIW4M2NHX829PP6GKZ/0ZWP:6C%HBY6N19M 14.-DL0I-FWC9O3$F*XQLYN+:SQMFRZ3JNNLQAC3WTWM+-TYF90:VYTSKDS43U9TLA2ATYG-LD5.R37S:1BOOTK-D:5G WVF/19WC+1'
Traceback (most recent call last):
File "/app/decoder.py", line 59, in <module>
(_, (headers1, headers2, cbor_data, signature)) = flynn.decoder.loads(qr_data)
ValueError: too many values to unpack (expected 2)
root@a59344dde06d:/app#
using this qr code:
if I remove the first underscore from (_, (...))
works perfectly
Possible brute force script (old post): https://github.com/ehn-dcc-development/hcert-spec/issues/103#issuecomment-952657744
@Kero2375, Decoder still not working, but VerificaC19 works.
We found 2 bugs:
We'll try from here some more dict for android: https://github.com/google/fuzzing/tree/master/dictionaries
Add documentation on feature/bugfix in the readme.md
No crash for now, we'll try this: https://github.com/danielmiessler/SecLists/tree/master/Fuzzing
@donadelden
We published our results in the following link, under the folder CNS-RESULTS
: https://cns.dev.debug.ovh/
We have tried different approaches with different dictionaries (symbols, mixed ascii characters, long strings and so on).
We reported 5 experiments in total with the following structure:
screen/
containing all the screenshot to see the results from the scantest.txt
which are the words testedqrcodes-error.txt
if some QR was too big to scan or the smartphone was unable to recognize that particular QR, so it has been skipped.Anyway, we were unable to make the app crash, though our toolkit is effectively working with no problem at all. We are reporting in the feature/bugfix
branch also the readmes containing the instructions on how to install and execute our script. Moreover, we are also writing the paper on overleaf with a deeper explanation of our toolkit.
Good job, guys! For the final essay, remember to use a nice template (e.g., IEEE Transactions) and insert everything you did (the analysis on the Green Pass scanner, the "bug" you found on the date, the design and implementation of the fuzzer, some possible future works, and so on). And then, feel free to ask me for a feedback before submitting it ;)
Good job, guys! For the final essay, remember to use a nice template (e.g., IEEE Transactions) and insert everything you did (the analysis on the Green Pass scanner, the "bug" you found on the date, the design and implementation of the fuzzer, some possible future works, and so on). And then, feel free to ask me for a feedback before submitting it ;)
Yes, absolutely. Here's the link to the overleaf project (readonly): https://it.overleaf.com/read/kvzbmwgtysms Also, we thought about a possible name of the toolkit: FuzzQR. Sounds good?
Yes, really good! I briefly checked the paper and it seems well structured up to this point. Also, you can remove my name from the authors :) Thanks!
Possible source: https://github.com/ps1dr3x/greenpass-generator/
Checker with feedback on why is not valid: https://floysh.github.io/DCC-green-pass-decoder/