ANDROID

Home  Android  How To Hack Using QR Codes

How To Hack Using QR Codes

Posted by Categories
SHUBHAM ANDROID, SECURITY, WINDOWS

Tags
HACK USING QR CODES, HACKING QR CODES, HACKING USING QR CODES, HOW TO HACK USING QR CODES
QR codes are used everywhere in the world. From product packaging to airline boarding passes from
government documents to mobile phones. In the modern world QR codes have become the bread and
butter. But are they as safe as everyone claims? Can there be malicious QR codes? Is hacking QR codes
possible? Can we make custom QR codes?

Well, the truth is QR codes can easily fool humans because we cannot understand the contents of a QR
code. Unlike malicious software and phishing links. Malicious and regular QR codes are indistinguishable
to naked eyes. And it is relatively easy to make malicious custom QR Codes.

Thanks to security flaws in many of these scanning devices, it’s now possible to exploit common
vulnerabilities and exploits packed into custom QR codes. You might be wondering how easy it is to hack
these QR codes. How easy it might be for you to learn to hack with QR codes.

Look no further we will show you exactly how to hack devices using QR codes.

These malicious QR codes are easy to make. Most importantly, there are easy scripts and tools to make
malicious QR codes.

DISCLAIMER: This is an educational article meant to aware and educates readers about the hacks. Do not
use this tool or website on any website. Do not apply or execute any method or use tools without concern
of the party. We want to make readers aware of active threats and how they work. Use this article only for
educational purposes.

Table of contents
What Are QR Codes?
Hacking scanners and devices with QR codes
Secret Method: Making Custom Payloads in QR Code
Commonly asked questions about QR gen

Q1. Is this tool legal to use?

What Are QR Codes?

QR codes are the machine-readable data formats that are used to transfer data between devices
automatically with a single scan. They are useful for automation and anything that needs to be scanned
automatically.
Before QR codes, there used to be linear barcodes that stored data in lines. Then over the years, QR codes
became more and more complex with each passing day.

First-generation was line codes, as shown below:

The second generation was 2nd and 3rd gen codes, as shown below:
As you can see from the images, the complexity of QR codes has increased, so has the amount of data it
can contain. A single QR code can hold up to 4,296 ASCII characters.

This might not seem like much, but it can let you do a lot of naughty stuff.

Many phone manufacturers like MI have started giving the use of the ability to share Wi-Fi passwords using
QR codes as convenient as it may sound it can leave devices exposed to QR code scams.

This works because anyone finding on the QR code would find themselves connected to the Wi-Fi network.
But the real question is what would happen if the network was malicious in the first place

WIFI:S:<SSID>;T:<WPA|WEP|>;P:<password>;H:<true|false|>;

Because humans cannot differentiate between Malicious and regular QR codes without scanning them. It
becomes challenging for regular users to be secure from malicious QR codes. Not to mention, there are no
antivirus programs for QR codes.

So let’s start hacking Qr codes

We will be checking out two different types of hacks:

1. Hacking Scanners with QR GEN

2. Making malicious QR codes with QRGEN

Hacking scanners and devices with QR codes

The hacking tool we will be using today is QR gen. It is a Python tool that can help us make malicious QR
codes. It also has a lot of readymade exploits which we can use to our advantage. But I would recommend
using it on Kali Linux just because of the ease of access and functionality.

Python is by default installed in Linux If you are using any otherwise then you will have to install Python and
the required dependencies in case you are using any other operating system.

Step 1: Cloning the tool

Clone the Github repository using the following command:

git clone https://github.com/h0nus/QRGen

Step 2: Now type the following commands:

 cd QRGen
ls

Step 3: Now install all the software requirements for this tool.

pip3 install -r requirements.txt

Step 4: If that did not work, then use this alternative command.

python3 -m pip install -r requirements.txt

Step 5: Now, run the script by typing python3 qrgen.py.

python3 qrgen.py

As you can see, it’s pretty easy to see what this tool can do. And how easily hackers can exploit QR codes.

Step 6: There are the following readymade exploits available in QR gen:

 Step 7: We will choose one of them. So let’s go with option 2. Command injection. I will use the
following command to select my choice: python3 qrgen.py -l 2A bunch of QR codes will be generated
and stored in the green folder.

To see your generated payloads, type cd genqr to change to the directory and type ls.

cd genqr
ls

Or just open the QR gen folder. As you can probably see, each of these images has a hidden command. On
your system, you can try them using a mobile scanner. Each QR code is automatically generated and has a
different hidden command. But what if you wanted to make custom payloads.
Secret Method: Making Custom Payloads in QR Code
Step 1: To encode a custom payload, we first need to create a text file which contains the payload. Do
note it can only take simple payloads and not complicated payloads. So I decided to create a simple
text file in the QRGen folder

cd QRGen
nano exploit.txt

Step 2: In that text file, we can put our payload or phishing URL. The one below is facebook.com. Just
for simplicity, I`m using this

www.facebook.com
 Step 3: We can save the file by pressing Control X, then hit Y and Enter to confirm your save. Now, you
should see a text file. Type ls to confirm

ls

Step 4: To write your payload to a QR code, we need to use the -w flag. I am assuming you named the
file exploit.txt.

As you can see below, you need to be in the QRGen directory for this to properly work. Also, the txt file
needs to be in QRGen directory.

cd
python3 qrgen.py -w '/username/QRGen/genqr/exploit.txt'
 Step 5: For my facebook.com URL, it generates the QR code below. You can find this in QRGen folder.

As you can see scanning QR codes without knowing what they contain can lead to disasters. Also, there
are no anti-virus systems to prevent malicious QR codes.

These malicious QR codes can make the user visit phishing pages or download malicious software and
apps. Many scanning apps directly open files without checking the contents. Some even execute
commands. So the next time you are scanning QR codes beware.
Commonly asked questions about QR gen

Q1. Is this tool legal to use?

Yes, hack using qr codes are only meant for testing purposes please do not use it for any legal reasons.

Q2. Can anyone use this tool?

Yes anyone who has a PC with Python installed and use it it can also be installed on Raspberry Pi if
needed, but you want to speak to show the QR code if you know what I mean

Q3. Can I hack WhatsApp using this hack?

That is a different exploit – WhatsApp web exploits; this exploit is slightly different and is meant for a
different purpose.

Q4. Can I make Custom QR codes without this tool?

Of course, you can. There are many tools available. Feel free to test them out.

Hope you liked hacking QR codes. Thanks for reading. Do donate and share the article.

Tag: hack using qr codes, hacking qr codes, hacking using qr codes, how to hack using qr codes
Share:    

Shubham
 Previous post Next post

How to Hack Windows with Notepad - 18 How to hack Facebook by creating a

Hacks you Need to Try custom Phishing page
April 2, 2021 April 15, 2021

YOU MAY ALSO LIKE

SQLMap: Your Comprehensive Guide to HTTrack: Your Easy Guide to Web Scraping W
Database Security Testing 14 October, 2023 V
15 October, 2023 1

LEAVE A REPLY

Your email address will not be published. Required fields are marked *
Comment *

Name * Email * Website *

POST COMMENT

NOTICE TO READERS

We have affiliate links and ads from amazon and other partners on the site that help us earn money to
cover the cost of hosting and maintenance of the website. Content on the website is for educational
and informational purposes only. If you have any complaints regarding content or copyrights kindly
contact us on [email protected]

[email protected]
    

COMPANY

About Us

Contact

Write a Guest Post

LINKS

Privacy

Terms

SUPPORT

Disclaimer

Advertise With Us

FAQs

All rights Reserved 2023 || For any issues contact: [email protected]

Privacy Terms