Skip to content

Commit

Permalink
Merge pull request #3 from spritz-group/develop
Browse files Browse the repository at this point in the history
Release version v1.0.1
  • Loading branch information
Maxelweb authored Mar 16, 2023
2 parents cd269de + ae102dd commit 6e86c6a
Show file tree
Hide file tree
Showing 6 changed files with 71 additions and 14 deletions.
4 changes: 4 additions & 0 deletions CHANGELOGS.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# QRFuzz Changelogs

**v1.0.1** (2023-03-16)

- Re-added VerificaC19 inspector and builder from previous tests

**v1.0.0** (2023-03-12)

- Initial public release
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ A fuzzing toolkit to test malicious QR Codes in mobile applications.

![QRFuzz banner](docs/images/qrfuzz-banner.png)

**Current release**: v1.0.0 (2023-03-12)
**Current release**: v1.0.1 (2023-03-16)

You can find toolkit updates in the [CHANGELOGS](CHANGELOGS.md) page.

Expand Down
16 changes: 5 additions & 11 deletions tools/QRCodeFuzzer/inspectors/verificac19.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,19 @@ class Inspector {
app_package = "it.ministerodellasalute.verificaC19";
app_activity = "it.ministerodellasalute.verificaC19.ui.SplashScreenActivity";

// Note: only the first QR gives a different error (that is QR not recognized because does not start with the URL required).

async goToScan(driver) {
// let scan = await driver.findElement("xpath", '/hierarchy/android.widget.FrameLayout/android.widget.LinearLayout/android.widget.FrameLayout/android.widget.FrameLayout/android.widget.FrameLayout/android.view.ViewGroup/android.widget.FrameLayout/android.widget.ScrollView/android.view.ViewGroup/androidx.recyclerview.widget.RecyclerView[1]/android.view.ViewGroup[1]');

let scan = await driver.findElement("id", 'posteitaliane.posteapp.appbpol:id/access_qr');
let scan = await driver.findElement("id", 'it.ministerodellasalute.verificaC19:id/qrButton');
await driver.elementClick(scan.ELEMENT);
}

async getResultView(driver) {
return await driver.findElement("id", "posteitaliane.posteapp.appbpol:id/md_titleFrame");
return await driver.findElement("id", "it.ministerodellasalute.verificaC19:id/certificate_valid");
}

async goBackToScan(driver) {
let ok = await driver.findElement("id", 'posteitaliane.posteapp.appbpol:id/md_buttonDefaultPositive');
await driver.elementClick(ok.ELEMENT);

// let scan = await driver.findElement("id", 'posteitaliane.posteapp.appbpol:id/access_qr');
// await driver.elementClick(scan.ELEMENT);
driver.back();
// let ok = await driver.findElement("id", 'it.ministerodellasalute.verificaC19:id/close_button');
// await driver.elementClick(ok.ELEMENT);
}

}
Expand Down
55 changes: 55 additions & 0 deletions tools/QRCodeGenerator/app_specific/verificac19.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
from zlib import compress
from binascii import unhexlify
from base45 import b45encode
from flynn import encoder as flynn_encoder
from flynn import decoder as flynn_decoder
from cose.messages import Sign1Message
from cose.headers import Algorithm, KID
from cose.algorithms import EdDSA
from cose.keys.curves import Ed25519
from cose.keys import OKPKey
from base64 import b64decode
from datetime import *

# --------------------
# Green Pass Builder for VerificaC19
# Script edited from ps1dr3x (github.com/ps1dr3x/greenpass-generator)
# --------------------

PRIVKEY = b"9d370d925476752486ab0e4a8e088228e493da12d1586fafae9f35880dbcfe03"
HEADER = b""

yesterday = datetime.timestamp(datetime.now()) - 86400
tomorrow = datetime.timestamp(datetime.now()) + (7 * 86400)

def get_pass(payload: str):
return {payload}

def get_cose(data):
return Sign1Message(
phdr={Algorithm: EdDSA, KID: b64decode("NJpCsMLQco4=")},
payload=flynn_encoder.dumps(data)
)

def add_cose_key(msg, privkey):
privkey = unhexlify(privkey)
key = OKPKey(crv=Ed25519, d=privkey, optional_params={"ALG": "EDDSA"})
msg.key = key
return msg

def flynn(signed_encoded, header=b""):
(_, (header_1, header_2, cbor_payload, sign)) = flynn_decoder.loads(signed_encoded)
if header:
header_1 = header
return flynn_encoder.dumps((header_1, header_2, cbor_payload, sign))

def b45(msg):
return b45encode(compress(msg))

def get_qr(p):
msg = get_cose(get_pass(p))
msg = add_cose_key(msg, PRIVKEY)
msg = flynn(msg.encode(), HEADER)
msg = b45(msg)
msg = b"HC1:" + msg
return msg
3 changes: 2 additions & 1 deletion tools/QRCodeGenerator/qr_builder.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
from app_specific.verificac19 import get_qr

class qrbuilder:
""" QR Builder Class
Expand Down Expand Up @@ -86,7 +87,7 @@ def messages(payload: str):
return "https://support.google.com/messages/?p=web_computer#?c=" + payload

def verificac19(payload: str):
return payload
return get_qr(payload)

def line(payload: str):
return payload # "https://line.me/R/ti/g/"+payload
5 changes: 4 additions & 1 deletion tools/QRCodeGenerator/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
qrcode~=7.4.2
Pillow~=9.4.0
Pillow~=9.4.0
base45~=0.4.4
flynn~=1.0.0b2
cose~=0.9.dev8

0 comments on commit 6e86c6a

Please sign in to comment.