Merge pull request #17 from Maxelweb/feature/bugfix

Feature/bugfix
Maxelweb · Feb 2, 2022 · 8f0bd5a · 8f0bd5a
2 parents 4a60a9f + c37c0d5
commit 8f0bd5a
Show file tree

Hide file tree

Showing 37 changed files with 917 additions and 2,463 deletions.
diff --git a/.github/workflows/python-checker.yml b/.github/workflows/python-checker.yml
@@ -5,7 +5,7 @@ on:
     branches: 
     - master
     paths:
-    - 'QRCodeGenerator/**'
+    - 'FakeGreenPassGenerator/**'
   pull_request:
     branches: 
     - 'feature/**'
@@ -15,7 +15,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     env: 
-      working-dir: ./QRCodeGenerator
+      working-dir: ./FakeGreenPassGenerator
       generation-dir: genqr
 
     steps:
@@ -31,7 +31,7 @@ jobs:
         working-directory: ${{env.working-dir}}
       - name: execute python script
         run: |
-          python main.py -l 0
+          python main-generator.py -l 0
         working-directory: ${{env.working-dir}}
       - name: check correct image creation
         run: find -L ${{env.generation-dir}} -name "*.png"

diff --git a/FakeGreenPassGenerator/README.md b/FakeGreenPassGenerator/README.md
@@ -1,5 +1,33 @@
-# QRGen / GreenPass
+## Fake Green Pass Generator
 
-- This program has been edited to generate more malevolous QR-codes
-+ Green pass generation funcitons
-- Credits to h0nus/QRGen
+This program aims to generate or visualize QR codes of fake green pass with malicious payloads. The payload is generated from dictionaries inside the `words/` folder of this project. Moreover, we can easily change payloads from the python script, as well as type of injection directly as an option from the terminal.
+
+
+### Installation and Requirements
+
+- Python 3.9+ and `pip`
+    - For the first time run `pip install -r requirements.txt` to install all the mandatory dependencies
+
+### Usage
+
+1. Move inside this folder with the terminal
+
+#### QR Code Visualizer
+
+2. Execute `python main-display.py -l <wordlist-number>` (single wordlist) or `python main-display.py -a` (all wordlists)
+
+> From here, the QR code will change accordingly to the execution of the Appium Client.
+
+#### QR Code Generator
+
+2. Execute `python main-generator.py -l <wordlist-number>` (single wordlist) or `python main-generator.py -w <path-to-custom-wordlist>` (custom wordlist)
+
+
+### Development
+
+You can import `passgen.py` and `qrgen.py` as modules for other main scripts depending on your needs.
+
+### Credits
+
+**Original credits to h0nus/QRGen** for the QR code generation part of malformed payloads made using a dictionary. 
+Edited version made by @Maxelweb (Mariano Sciacco) and @Kero2375 (Federico Carboni) for Advanced Topics in Computer and Network Security @ UniPD (2021-22).
diff --git a/FakeGreenPassGenerator/main-display.py b/FakeGreenPassGenerator/main-display.py
@@ -11,6 +11,9 @@
 import pyqrcode
 import tkinter as tk
 
+_qr_error = 'L'
+_qr_scale = 7
+
 update_time = 500
 fuzzer_file = "../QRCodeFuzzer/data/fuzzer.json"
 qr_imgs = []
@@ -107,8 +110,8 @@ def main():
     file = FileHandler()
 
     def genqr(text="test"):
-        qrcode = pyqrcode.create(text, error='L')
-        return tk.BitmapImage(data = qrcode.xbm(scale=7))
+        qrcode = pyqrcode.create(text, error=_qr_error)
+        return tk.BitmapImage(data = qrcode.xbm(scale=_qr_scale))
 
     def gengp():
         msg = get_cose(get_pass(payloads[file.iterator]))
@@ -141,7 +144,7 @@ def close():
         window.destroy()
 
     window = tk.Tk()
-    window.title("Display FakeGreenPass")
+    window.title("FakeGreenPass - QR Code Visualizer")
     window.geometry("800x800")
     window.configure(background='white')
 

diff --git a/FakeGreenPassGenerator/main-generator.py b/FakeGreenPassGenerator/main-generator.py
@@ -37,7 +37,7 @@ def cmd():
         usage=f"main.py -l [number]\nusage: main.py -w [/path/to/custom/wordlist]\n\nPayload lists: \n {fuzz_type}",
         epilog="Pay attention everywhere, even in the dumbest spot",
     )
-    sgroup = parser.add_argument_group("Options for QRGen")
+    sgroup = parser.add_argument_group("Options for FuzzQR")
     sgroup.add_argument(
         "--list",
         "-l",

diff --git a/FakeGreenPassGenerator/passgen.py b/FakeGreenPassGenerator/passgen.py
@@ -15,6 +15,7 @@
 from cose.keys.curves import Ed25519
 from cose.keys import OKPKey
 from base64 import b64decode
+from datetime import *
 
 PRIVKEY = b"9d370d925476752486ab0e4a8e088228e493da12d1586fafae9f35880dbcfe03"
 HEADER = b""
@@ -29,8 +30,8 @@
 
 # TODO: test with current today date
 
-# yesterday = datetime.timestamp(datetime.now()) - 86400
-# tomorrow = datetime.timestamp(datetime.now()) + (7 * 86400)
+yesterday = datetime.timestamp(datetime.now()) - 86400
+tomorrow = datetime.timestamp(datetime.now()) + (7 * 86400)
 
 def get_pass(data: str):
     return {
@@ -55,11 +56,11 @@ def get_pass(data: str):
                     "nam": {
                         "fnt": data,
                         "fn": data,
-                        "gnt": "SNOW",
-                        "gn": "SNOW",
+                        "gnt": data,
+                        "gn": data,
                     },
                     "ver": "1.3.0",
-                    "dob": "2000-01-01",
+                    "dob": "2022-01-32",
                 }
             },
         }

diff --git a/FakeGreenPassGenerator/requirements.txt b/FakeGreenPassGenerator/requirements.txt
@@ -6,4 +6,5 @@ flynn
 cose
 PyPDF2 
 pyzbar
-pypng
+pypng
+pyqrcode
diff --git a/FakeGreenPassGenerator/words/test.txt b/FakeGreenPassGenerator/words/test.txt
@@ -1,3 +1,9 @@
-' or 1='1
-test
-huge-testing'@@@@@
+ඞ
+福星
+禄星禄星禄星
+福 – fú,禄 – lù, 寿
+జ్ఞా
+జ్ఞాజ్ఞా
+జ్ఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞాఞాజ్ఞా
+⚫
+👍👍
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,4 +6,5 @@ flynn @@
     cose
     PyPDF2
     pyzbar
-    pypng
+    pypng
+    pyqrcode