NahamCon CTF 2024 Walkthrough: QRRRRRRRR

ctf Jun 11, 2024

Okay so this one will be short but sweet. This warmup question is titled: QRRRRRRRR.

Downloading the file, we see a QR code. These are really common and can direct you to sites or just give you information. Heck, you can even play games in them.

It's important to note how a QR code is laid out, which is shown below.

So those large corner patterns are required, which means that this isn't a normal QR code just disassembled or moved around. So thinking what only requires one large position pattern would be: a Micro QR. These can be as small as 11x11 squares and don't need all three position markers. Let's try downloading an app that can read them and see what it gives us. For this, I downloaded the Scandit barcode reader, since it has a lot of versatility in reading QR codes, DPM codes, and various other industrial standards of codes.

I simply opened the app, told it to scan for any code, and let it fire.

So there we have it. Micro QR code that contains a flag. No reassembly in paint required.

This challenge is great for learning basic research skills. In cybersecurity, defenders or attackers often won't know everything about a particular system, protocol, or concept. Initially, I only knew that QR codes had three alignment markers and was unaware of Micro QR codes. Through investigation, I learned far more about QR codes and their different forms. Learning these research skills in a relaxed environment prepares you for quickly

Tags