cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericgeater
Community Champion

Need a QR code decoding tool

Most of you know that QR codes pose risk because its information can't be revealed without being read. A QR code may just be a URL, and my smartphone will produce a yellow stripe which reveals the domain name and TLD, but it does not show any subdomains, or anything behind the slash after the TLD.

 

Does a tool exist which can reveal the entire content of a QR code? I would like to safely show a person all of the data which is stored in a QR code, because they unfortunately believe QR codes are safe.

 

I have a great mechanism to create URL QR codes for this demonstration, but I just need a suitable reader.

 

Thanks!

--
"A claim is as good as its veracity."
6 Replies
CraginS
Defender I

Eric

@ericgeater 

there are several Qr code readers available on both the iPhone App store and Google Play. Have you tried any of them?

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
ericgeater
Community Champion

Yes.  The goal is not to read a QR code.  The goal is to see the components which make up the QR code, almost like a hex editor will reveal information about a file which cannot be seen in its execution or use.

--
"A claim is as good as its veracity."
denbesten
Community Champion

Fundamentally, you want to read the QR code and display its contents without executing / acting-upon it. The biggest trick to avoiding that is to not use your browser's inbuilt QR code reader directly because that puts the output, which could potentially contain JavaScript into the URL field and sometime  clicks "go".

 

As @CraginS suggests, many apps can display without executing.  The one I use does behave that way, but has not been updated in a few years, so I hesitate to recommend it by name.

 

If the information is not confidential, you might consider using a web site that decodes QR codes.  This is particularly useful if the goal is to show the results to others in a way that they can easily reproduce.  Incognito mode can also be useful if there is reason to feel paranoid.

ericgeater
Community Champion

My use case is a person who desires to send QR codes through email.  The recipients would be people who receive security awareness training which strongly discourages them from clicking links and opening attachments.

 

Your idea is not a bad idea, especially since we could simply make false URLs for examples.  I would rather not do this on a smartphone, because I want to point without clicking.

The goal is to explain that QR codes may transmit useful data, but only by permitting behavior we would otherwise discourage.

 

--
"A claim is as good as its veracity."
dcontesti
Community Champion

I know this is not what you are looking for, but found this one interesting.  It's free and intended to assist you in understanding the risks.

 

Free QR Code Phishing Security Test | KnowBe4

 

d

 

 

 

ericgeater
Community Champion

Thank you, @dcontesti!  I'll give it a look right now.

--
"A claim is as good as its veracity."