Maxelweb / FuzzQRCodeUNIPD

QR Code Fuzzer Toolkit for Green Pass Checkers - Computer & Network Security Course @ UniPD
GNU General Public License v3.0
8 stars 2 forks source link

[NEW] QR Code Fuzzer #12

Closed Maxelweb closed 2 years ago

Maxelweb commented 2 years ago

branch: feature/qr-fuzzer

Automatic QR Code fuzzer to try with VerificaC19. QR Code are automatically scanned using an instance of the app.

Maxelweb commented 2 years ago
Maxelweb commented 2 years ago

You must setup the $ANDROID_HOME environment variable pointing at Android SDK and do npm install inside the QRCodeFuzzer folder. After that, follow these steps:

  1. Start Android emulator
  2. Start Appium server using appium in a terminal
  3. Execute node index.js

Remember to place verificac19.apk inside that folder, as it will be automatically installed by Appium.


Possible exeperiment setup

  1. Now we must change the code in index.js to make the application wait for updates
    • (important, at the very first setup, the mode in Settings should be set to Automatic in order to ensure auto-updates of the certificates).
  2. After getting the update, we must set the verification type to BASE.
  3. Then click to Scansiona il QR Code
  4. Then start a loop with the camera going through different QR Codes (using the virtual camera host controlled by another script from gstreamer and v4l2loopback). After each occurence, we must simulate the back button to get back to the camera. We can decide to humanly supervise this operation or to take a screenshot immediately before hitting the back button (to save the results of this approach).
Maxelweb commented 2 years ago

Current bug: verificac19 does not want to update rules and data, it is stuck in "Aggiornamento in corso...", must investigate so as to use the android emulator (being not downloaded or build from official sources in my case, might be that the problem).

We will try with the one from Federico.

Maxelweb commented 2 years ago

Current bug: verificac19 does not want to update rules and data, it is stuck in "Aggiornamento in corso...", must investigate so as to use the android emulator (being not downloaded or build from official sources in my case, might be that the problem).

We will try with the one from Federico.

Trying to install the original app through the play store using an android emulator leads to a working app. I tried to install the external apk after uninstalling the official app from the store. Perhaps we need to use the DEBUG mode in order to make it work properly.

@Kero2375 As soon as possible, attach here the APK of the debug version of the app.


Appium is working correctly, though we are gonna need the appium-inspector to understand what activity to parse and what to simulate inside the app: https://github.com/appium/appium-inspector

Current problem to fix (not finding .MainActivity, but it is normal, we have to analyze the app): https://bitcrumble.com/649ce798/?hl=34

Maxelweb commented 2 years ago

New problem (almost resolved):

image

EDIT: thanks stackoverflow ❤️ https://stackoverflow.com/questions/951021/what-is-the-javascript-version-of-sleep

Maxelweb commented 2 years ago

Just tested with @Kero2375, QRCodeFuzzing works ™️

Maxelweb commented 2 years ago

Proof of concept 1

https://user-images.githubusercontent.com/34033090/149995710-3923e34c-9500-4d86-aad9-d721a1722385.mp4

We created 2 scripts that synchronize the automated test on the smartphone with the QR code visualization.

  1. Display FakeGreenPass, written in Python, executes a window that dynamically changes the qr code shown based on the update status required by the other script. The QR code is generated on-demand, thus we do not have to operate through files.
  2. Appium Automated Test, written in NodeJS, iterate n times (where n is the number of total QR codes to scan) through the app by automatically clicking certain items on the screen. After recognizing the QR code this takes a screenshot and save it as an image file.

The common file used to sync the script is a JSON file (data/fuzzer.json):

In the end, we tested over 1000 QR codes, and 90% of the times the screenshot is working correctly. Now we are trying to calibrate the timing and the QR code error correction and size to get the phone to operate in a quicker way.

image

We also added a main-generate.py script to generate the GreenPass as for the GenQR script. Meanwhile, main-display.py is used to run through every qr code.

Future TODOs

@Kero2375 @donadelden

Maxelweb commented 2 years ago

Ok, some bugfix made for the future todos.

Maxelweb commented 2 years ago

Add documentation on feature/bugfix in the readme.md