fuzzqrcodeunipd
QR Code Fuzzer Toolkit for Green Pass Checkers - Computer & Network Security Course @ UniPD
Science Score: 54.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
✓Academic publication links
Links to: scholar.google -
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (13.3%) to scientific vocabulary
Keywords
Repository
QR Code Fuzzer Toolkit for Green Pass Checkers - Computer & Network Security Course @ UniPD
Basic Info
Statistics
- Stars: 8
- Watchers: 1
- Forks: 2
- Open Issues: 0
- Releases: 4
Topics
Metadata Files
README.md
FuzzQR
QR Code Fuzzer Toolkit for Green Pass Checkers and Smartphone Apps
Abstract
In recent years, QR codes become popular for different applications such as Green Pass checking, used for COVID- 19 swab and vaccination verification. The personal QR code is scanned with a smartphone application that certifies whether the Green Pass is valid or not. Though, QR codes can be manipulated by adding malicious code inside the payload. Hence, we developed a toolkit, FuzzQR, for testing multiple QR codes in an automated way on a particular set of fuzzing strings that may crash the target app. In our experiments, we tested VerificaC19 on Android with 5 dictionaries of words containing symbols and ASCII characters. Our tests on 344 words showed that our toolkit correctly scanned 98.6% of the given QR Codes, with an average scan time of 3-4 seconds. Moreover, FuzzQR can be adapted for applications on both Android or iOS and custom dictionaries of fuzzing strings.
Advanced Topics in Computer & Network Security Course (prof. Mauro Conti) @ UniPD 2021-2022
Download the paper
You can find the paper of this project here: Download FuzzQR-Paper (PDF, 2.5 MB)
Build status
Installation and usage
Checkout each folder with the respective README.md file for the instructions.
docscontains documentation on green passes and the paper of this projectextracontains extra script and git submodules of the used libraries
Progress
2022-02-02
- General bugfix
- Moved old scripts inside
/extra
2022-01-27
- Appium client and QR code visualizer are working
- Test on new fuzzing dictionaries
2022-01-15
- QR Code fuzzer for the Android app using Appium
- Fake Green Pass generator
2021-12-28
Try to hack the QRCode library or operations before the sign checking
- Analysis on QR Code Literature
- General analysis on VerificaC19 app (on Android)
- Script creation to generate malevolous QR codes
Credits
The extra tools and libraries used for this projects are inside extra/ folder. Credits are given to the respective authors.
This project was developed by:
- Federico Carboni
- Mariano Sciacco
- Denis Donadel (project leader)
If you want to cite this project in your paper, follow the citation guidelines for this repository.
Owner
- Name: Mariano Sciacco
- Login: Maxelweb
- Kind: user
- Location: Padova, Veneto, Italy
- Website: marianosciacco.it
- Twitter: maxelweb
- Repositories: 34
- Profile: https://github.com/Maxelweb
MD student in Computer Science, Bachelor's degree in Computer Science, University of Padua, Italy
Citation (CITATION.cff)
cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: Sciacco
given-names: Mariano
- family-names: Carboni
given-names: Federico
title: "FuzzQR - QR Code Fuzzing Toolkit for Smartphone apps"
version: 1.0.1
date-released: 2022-02-06
GitHub Events
Total
Last Year
Dependencies
- 217 dependencies
- mocha ^9.1.3 development
- webdriverio ^7.16.13
- Pillow *
- PyPDF2 *
- argparse *
- base45 *
- cose *
- flynn *
- pypng *
- pyqrcode *
- pyzbar *
- qrcode *
- Pillow *
- argparse *
- qrcode *