NEWS
QR Code reconstruction
Summary and Impact
The German TV station hr (Hessischer Rundfunk) posted a report on “Luca”, a contact tracing app that makes use of QR codes. Since the pictures of the QR codes in the video report weren’t blurred properly, we were able to reconstruct one using the image editing tool GIMP1. Here, we wanted to detail the tricks we learned while reconstructing the QR code. This requires no technical knowledge and is something that every hobby photographer should be capable of.
Problem Description
In the video report, we were able to find two pictures of the same QR code in which different parts of it were obstructed. To recover the complete QR code we needed to combine the two images. For CTFs one can usually make use of tools like QRazyBox, but in this case it sadly wasn’t able to recognize ours.
Reconstruction using GIMP
- Determine the height of the QR code in dots (37x37 in this case)
- Load your first picture into GIMP and adjust the canvas to multiples of the QR code dot height/width (Image->Canvas Size)
- Properly rotate and transform the image using the perspective tool (Shift+P) to perfectly move the QR code edges into the canvas edges.
- If parts of the image differ significantly in brightness or contrast (e.g. the “Laden” box in our second picture) you should adjust the brightness of these parts to match that of the rest of the image (Colors->Brightness-Contrast).
- Apply a threshold to make the image b/w. Make sure that you don’t accidentally add or remove any of the dots.
- Applying “High Pass” or “Sharpen (Unsharp Mask)” (Filters->Enhance) filters or increasing the image contrast can be helpful here to get a more accurate black and white image.
- Applying “High Pass” or “Sharpen (Unsharp Mask)” (Filters->Enhance) filters or increasing the image contrast can be helpful here to get a more accurate black and white image.
- Scale the QR code down (without any interpolation) to the size you determined in step 1. (37x37 in this case)
- Apply another threshold filter to fix up any gray pixels.
- You can now repeat the same with your second picture and, depending on the quality
- directly insert parts of it into the first image to complete it, or
- fix up the image using the Pencil Tool(N) with a brush size of 1.
The above steps made it easy for us to reconstruct the QR code and will aid us, and hopefully you, in any future challenges!
OPSEC is hard
We recommend to properly and consistently black out at least parts of abusable QR codes in pictures that are to be broadcast. If the bottom left corner of the QR code had been consistently blacked out, recovery of the full code would have, at the very least, required more skill and time. Notably, photo editing skills would no longer suffice. These heightened requirements also act as a deterrence factor.
About X41 D-SEC GmbH
X41 is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.
Fields of expertise in the area of application security are security centered code reviews, binary reverse engineering and vulnerability discovery. Custom research and IT security consulting and support services are core competencies of X41.