Add a fake QR scanner feature #6

Open
opened 2 months ago by Flixbox · 7 comments
Flixbox commented 2 months ago

The real Luca App has a Self Check In feature that allows the user to scan a QR code. It would be nifty if we could use an existing QR scanner library to easily implement our own QR scanner.

Screenshots
http://imgur.com/a/Jk1E5ZE

The real Luca App has a Self Check In feature that allows the user to scan a QR code. It would be nifty if we could use an existing QR scanner library to easily implement our own QR scanner. Screenshots http://imgur.com/a/Jk1E5ZE
errhammr added the
Status: Help wanted
label 2 months ago
Owner

Thanks for the suggestion. This feature might be a little more tricky to implement.

When the location staff scan the QR-Code that is shown in the Lucia app, some software at the location communicates with the checkin servers. When the Lucia app scans a QR-Code at a location, the Lucia app would need to communicate with the checkin servers. I don't think any app can just send any checkin data to the servers.

In the real app the user needs to provide their personal details before being able to use the app. I assume that this registration procedure contains some sort of authentication/authorisation part that makes sure that only properly registered users can check into locations by scanning a QR-Code with the app.

I don't want to write code that circumvents security mechanisms on the checkin servers. That could get me in trouble.

If I find the time to look into the checkin procedure specification and I find an easy way to send fake checkins without breaking security mechanisms, I might add this feature. But please don't get your hopes up too high.

If anyone wants to help out and implement this feature, PRs welcome

Thanks for the suggestion. This feature might be a little more tricky to implement. When the location staff scan the QR-Code that is shown in the Lucia app, some software at the location communicates with the checkin servers. When the Lucia app scans a QR-Code at a location, the Lucia app would need to communicate with the checkin servers. I don't think any app can just send any checkin data to the servers. In the real app the user needs to provide their personal details before being able to use the app. I assume that this registration procedure contains some sort of authentication/authorisation part that makes sure that only properly registered users can check into locations by scanning a QR-Code with the app. I don't want to write code that circumvents security mechanisms on the checkin servers. That could get me in trouble. If I find the time to look into the checkin procedure specification and I find an easy way to send fake checkins without breaking security mechanisms, I might add this feature. But please don't get your hopes up too high. **If anyone wants to help out and implement this feature, PRs welcome**
errhammr added the
Kind: Feature
Priority: Low
labels 2 months ago
Poster

I don't think there's a need to communicate with any servers. The few places I've been at so far have not verified the check-in at all. It would be sufficient to display a generic QR scan process

I don't think there's a need to communicate with any servers. The few places I've been at so far have not verified the check-in at all. It would be sufficient to display a generic QR scan process
Owner

So it would be good enugh to scan a QR code and then show a fake "all good" screen? What does the original app display after scanning a QR code? Can you provide a screenshot of that, please? If personal details are displayed, please redact them in the screenshot ;)

So it would be good enugh to scan a QR code and then show a fake "all good" screen? What does the original app display after scanning a QR code? Can you provide a screenshot of that, please? If personal details are displayed, please redact them in the screenshot ;)
Poster

Sure! I even found the QR code for a random OBI market online.

image

Here's a gallery, I even took a video of the sign-out process.

https://imgur.com/a/JyR12ET

Sure! I even found the QR code for a random OBI market online. ![image](/attachments/881eed11-6361-4a47-8ed9-d42434935d15) Here's a gallery, I even took a video of the sign-out process. https://imgur.com/a/JyR12ET

https://gitlab.com/lucaapp/web/-/issues/1

Is this helpful? It seems that it is currently possible without a problem. But as soon as phone numbers are used, it would not be possible anymore.

https://gitlab.com/lucaapp/web/-/issues/1 Is this helpful? It seems that it is currently possible without a problem. But as soon as phone numbers are used, it would not be possible anymore.

I thought that JavaScript from luci-app.de does the job, the names of the embeded js-files looks promising and AFAICS it works.
Perhaps someone could check whether the locations-luca-counter counts up:

https://luci-app.de/js/html5-qrcode.min.js from https://github.com/mebjas/html5-qrcode
https://luci-app.de/js/rv-crypto.min.js
https://luci-app.de/js/elliptic.min.js from https://github.com/indutny/elliptic
https://luci-app.de/js/sha256.min.js
https://luci-app.de/js/forge.min.js

I thought that JavaScript from luci-app.de does the job, the names of the embeded js-files looks promising and AFAICS it works. Perhaps someone could check whether the locations-luca-counter counts up: https://luci-app.de/js/html5-qrcode.min.js from https://github.com/mebjas/html5-qrcode https://luci-app.de/js/rv-crypto.min.js https://luci-app.de/js/elliptic.min.js from https://github.com/indutny/elliptic https://luci-app.de/js/sha256.min.js https://luci-app.de/js/forge.min.js

This would be a great idea. I'm currently in the Vacation and here works everything with these QR-codes, so Lucia is not a help here anymore.

This would be a great idea. I'm currently in the Vacation and here works everything with these QR-codes, so Lucia is not a help here anymore.
Sign in to join this conversation.
Loading…
There is no content yet.