The best use of QR codes
-
[email protected]replied to [email protected] last edited by
Idk I use a Pixel with
GrapheneOS Camera App -
Multiple stage, multiple QR codes RCE.
-
This was a few years ago (so I hope there have been patches since then) but I watched a video which was trying to make an entire game within a QR code: they don't have to just be links, they can be binaries that some devices will immediately run without question!
-
[email protected]replied to [email protected] last edited by
Quite the opposite. That video by mattkc (iirc) repeatedly and unequivocally says that to make this work, he made his pc save the binary and explicitly run it using a python script, because doing it natively would be fucking insane
-
[email protected]replied to [email protected] last edited by
The way I see it there are two options:
-
You’re in a car and driving past that vehicle. If you don’t have your phone ready already, you won’t get it out in time and won’t be able to scan the code. You didn’t read the code and didn’t need to (because you weren’t rubbernecking).
-
You’re in a car with your phone already out (because you’re expecting a crash) or you’re a pedestrian who takes out their phone to film the crash site. You do read the code and you should see it, because you’re rubbernecking.
-
-
[email protected]replied to [email protected] last edited by
I was more thinking about, not driving the car myself, but being driven as a passenger
Although it's obviously a safety issue, when people turn away their focus to checkout a crash - no discussion about that - I was more thinking about the ethical issue of gaffing at injured people
-
[email protected]replied to [email protected] last edited by
Might have more luck displaying the https://en.m.wikipedia.org/wiki/EURion_constellation
-
AwkwardLookMonkeyPuppetreplied to [email protected] last edited by
So... Everything is a meme now? Screenshots of random text posts are memes?
-
[email protected]replied to [email protected] last edited by
That's custom software on custom firmware, which is very extraneous to the average consumer...
-
[email protected]replied to [email protected] last edited by
You're right, I must have been thinking of something else. Happily I can't find any chatter about actual malware in QR codes (it's all redirecting to malicious websites), though obviously there's always the possibility of a new exploit being discovered.
-
[email protected]replied to [email protected] last edited by
The 3DS used to be hacked using a QR code that was scanned using the game cubic ninja (it used QR codes as a medium for sharing levels). The interpreter had a basic memory safety bug, so you could trigger a ROP chain using a malformed QR code to get ACE. This was of course voluntary by the user (and cubic ninja was hard to get because it was not a commercial success) but that qualifies, I guess.
Then they found out the 3ds browser uses a WebKit version from 2003 and nowadays you just go to a website lol
-
I'd be flattered if someone wanted to film me with their phone.
-
[email protected]replied to [email protected] last edited by
Jobs @[email protected] got fired from:
-
[email protected]replied to [email protected] last edited by
ACE on a WiiU is just as easy, at least with the Wii you had to use a game!
-
[email protected]replied to [email protected] last edited by
So what? That only prevents people from editing the photo in certain programs like Adobe Photoshop.
-
[email protected]replied to [email protected] last edited by
ICBM launch control operator
-
[email protected]replied to [email protected] last edited by
- Submariner
-
[email protected]replied to [email protected] last edited by
Professional Mornington Crescent player
-
Well that's one layer, but when you decode a url, you're probably going to get a url, and then it's going to go to that url
So now you just made them to to a website. What's there? Whatever you want. Maybe you ask them for Facebook/Google/GitHub or whatever authorization to see their name and email, which a lot of people would do. Then redirect them to a page saying "now I know who you are, delete the photo, <user>"
Or you could send them a payload based on fingerprinting their request, you could give them a fake page to steal their password, etc