Tags: qr

Rating:

*This is a short summary of the full write-up at
<https://smyghalloumi.se/posts/2018-11-01-seccon2018-qr.html>.*

After analyzing the problem one can see that we need to provide the
web service with a single image that produces at least two valid QR
codes with different results under the resizing sequence
500→250→100→50.

Since the service is using the NEAREST operation, it is enough to
find the pixels from the original image that remain after resizing.

A simple test produces the pixels with indices (10i + 7, 10j +
7). So in order to create our image we need to overlay every pixel
from one image into the above indices of the second image:


im1[7::10, 7::10] = im2


Uploading the resulting image to the service gives us back the flag.

Original writeup (https://smyghalloumi.se/posts/2018-11-01-seccon2018-qr.html).