Merge pull request #2 for release v1.0.0

Release version v1.0.0

Author: Maxelweb

.gitignore

@@ -0,0 +1,144 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+.vscode/settings.json
+
+# Extra
+*.zip
+
+# Dependencies
+**/node_modules
+
+# Log scripts
+**/log-qrgen**
+**/log-appium**
+
+# QRCodeFuzzer
+tools/QRCodeFuzzer/data-tests/**
+!tools/QRCodeFuzzer/data-tests/app-example/

CHANGELOGS.md

@@ -0,0 +1,5 @@
+# QRFuzz Changelogs
+
+**v1.0.0** (2023-03-12)
+
+- Initial public release

LICENSE

@@ -631,8 +631,8 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
+    QRFuzz - A fuzzing toolkit to test malicious QR Codes in Mobile Applications
+    Copyright (C) 2023  Mariano Sciacco, Federico Carboni, Denis Donadel
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    <program>  Copyright (C) <year>  <name of author>
+    QRFuzz Copyright (C) 2023 Mariano Sciacco, Federico Carboni, Denis Donadel
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.

README.md

@@ -1,2 +1,47 @@
-# FuzzQRTestingUNIPD
-Fuzz QR Testing multiple applications - UNIPD
+# QRFuzz
+
+A fuzzing toolkit to test malicious QR Codes in mobile applications.
+
+![QRFuzz banner](docs/images/qrfuzz-banner.png)
+
+**Current release**: v1.0.0 (2023-03-12)
+
+You can find toolkit updates in the [CHANGELOGS](CHANGELOGS.md) page.
+
+## Installation
+
+All the instructions to install the toolkit are inside the [docs / installation](docs/installation.md) page.
+
+## Usage
+
+All the instructions to use the toolkit are inside the [docs / usage](docs/usage.md) page.
+
+## Quick Start
+
+1. Connect an Android Smartphone to a PC and type `adb devices`
+    - Save the `udid` (`device_id`) of the device
+2. Open a new terminal and start Appium
+    - `appium -p 4723`
+3. Open a new terminal and start QRCodeGenerator
+    - `cd tools/QRCodeGenerator`
+    - `python main.py -a <app> -j <json_data_path> -p <position>`
+4. Open a new terminal and start QRCodeFuzzer
+    - `cd tools/QRCodeFuzzer`
+    - `node index.js <app> <data_path> <port> <device_id>`
+5. Once the tests are completed, check the results inside the test directory
+    - `ls tools/QRCodeFuzzer/data-tests/<app_name>`
+
+## Extend the tool
+
+You can find example on how to extend the tool inside the folder of each tool.
+
+- [QRCodeFuzzer](tools/QRCodeFuzzer/README.md)
+- [QRCodeGenerator](tools/QRCodeGenerator/README.md)
+
+## Credits
+
+This project has been developed by students from the University of Padua (UniPD, Italy).
+
+- Federico Carboni
+- Denis Donadel
+- Mariano Sciacco

docs/README.md

@@ -0,0 +1,11 @@
+# QRFuzz Documentation
+
+![QRFuzz banner](images/qrfuzz-banner.png)
+
+## Installation
+
+You can find installation instructions in [installation.md](installation.md).
+
+## Usage
+
+You can find usage instructions in [usage.md](installation.md).

docs/images/qrfuzz-banner.png

@@ -0,0 +1,37 @@
+# Test-bench Installation
+
+![QRFuzz banner](images/qrfuzz-banner.png)
+
+## Debian GNU/Linux installation
+
+> This version has been tested with Debian 10 and 11, as well as RaspbianOS.
+
+1. `cd scripts/debian-installer/`
+2. Execute `./pyhton-installer.sh`
+3. Execute `./appium-installer.sh`
+4. (OPTIONAL) Execute `./bash-variables-installer.sh`
+    - **Note:** This will add ANDROID_HOME to bashrc and a global folder in `~/.npm-global`
+
+## Generic installation for Windows, MacOS, Linux
+
+### Requirements
+
+Check if these programs are already installed in your OS (and install them, if not):
+
+- Python (3.9+) with PIP
+- NodeJS (18.x+) with NPM
+
+### QRCodeFuzzer Installation
+
+1. Open the terminal inside `tools/QRCodeFuzzer`
+2. `npm install`
+
+### QRCodeGenerator Installation
+
+1. Open the terminal inside `tools/QRCodeGenerator`
+2. `pip install -r requirements.txt`
+
+### Appium server
+
+1. Follow the [instructions](https://appium.io/docs/en/about-appium/getting-started/?lang=en) from the official website.
+

docs/images/terminal-tmux-parallel.png

@@ -0,0 +1,95 @@
+# Test-bench Setup & Execution
+
+![QRFuzz banner](images/qrfuzz-banner.png)
+
+To replicate the test-bench, you need a PC with a monitor and a smartphone.
+
+> **Tip:** In order to have everything under control in just one screen, we recommend to use `tmux`.
+
+## Automated Execution
+
+In this approach, you can use scripts to simplify the interactions with the tools provided by the toolkit. These scripts are collected in the `scripts` folder under the name `scripts/test-*`.
+
+### Automated Single Execution
+
+![tmux-single-example](images/terminal-tmux-single.png)
+
+1. Move inside `scripts/test-single`
+2. Open a terminal and configure `tmux` (or open multiple terminals) as shown in the image above (3 terminals).
+3. In the left terminal, execute `./qrgen-terminal.sh -p left -a <app_name> -s <optional:start_position>`.
+4. Position the smartphone so that the QR Code is fully framed by the camera.
+5. In the top right terminal, execute `adb devices` and take note of `device ID`.
+6. In the top right terminal, execute `appium` and take note of port.
+7. In the bottom right terminal, execute `./appium-terminal.sh -p <appium_port> -d <device_id> -a <app_name> -s <optional:start_position>`
+
+If something fails (e.g. xpath / object ID changes in the app), you will receive a prompt from the bottom right terminal to put the app in the scan page and then press any key to continue.
+
+If the app crashes, the QRCodeFuzzer will try to recover the previous test by re-opening the app.
+
+> Tests are saved inside `tools/QRCodeFuzzer/data-tests/<app_name>`
+
+### Automated Parallel Execution
+
+![tmux-parallel-example](images/terminal-tmux-parallel.png)
+
+1. Move inside `scripts/test-single`
+2. Open a terminal and configure `tmux` (or open multiple terminals) as shown in the image above (4 terminals).
+3. In the top left terminal, execute `./qrgen-terminal.sh -p left -a <app_name> -s <optional:start_position>`.
+4. In the top right terminal, execute `./qrgen-terminal.sh -p right -a <app_name> -s <optional:start_position>`.
+5. Position the smartphones so that the QR Code is fully framed by the cameras (one on the left, one on the right).
+6. In the bottom left (or right) terminal, execute `adb devices` and take note of `device ID` of both smartphones.
+7. In another workspace, or in a background window, open two new terminals and execute `appium -p <port_number>`.
+8. In the bottom left terminal, execute `./appium-terminal.sh -p <appium_port_1> -d <device_id_1> -a <app_name> -s <optional:start_position>`
+9. In the bottom right terminal, execute `./appium-terminal.sh -p <appium_port_2> -d <device_id_2> -a <app_name> -s <optional:start_position>`
+
+If something fails (e.g. xpath / object ID changes in the app), you will receive a prompt from the bottom terminals to put the app in the scan page and then press any key to continue.
+
+If the app crashes, the QRCodeFuzzer will try to recover the previous test by re-opening the app.
+
+> Tests are saved inside `tools/QRCodeFuzzer/data-tests/<app_name>`
+
+### Automated Sequential Execution (experimental)
+
+Sequential execution can be useful to execute multiple applications tests.
+The setup is similar to single / parallel execution, with the only constraint that you can pass a `<app_lists_file>` instead of `<app_name>`.
+
+Here's an example with parallel execution (single execution is straight forward):
+
+1. Move inside `scripts/test-sequential`, and create two files `apps-phone-1.txt` and `apps-phone-2.txt`, each containing list of apps to test in new lines.
+2. Open a terminal and configure `tmux` (or open multiple terminals) as shown in the image above (4 terminals).
+3. In the top left terminal, execute `./qrgen-terminal.sh -p left -f <app_lists_file_1> -s <optional:start_position>`.
+4. In the top right terminal, execute `./qrgen-terminal.sh -p right -f <app_lists_file_2> -s <optional:start_position>`.
+5. Position the smartphones so that the QR Code is fully framed by the cameras (one on the left, one on the right).
+6. In the bottom left (or right) terminal, execute `adb devices` and take note of `device ID` of both smartphones.
+7. In another workspace, or in a background window, open two new terminals and execute `appium -p <port_number>`.
+8. In the bottom left terminal, execute `./appium-terminal.sh -p <appium_port_1> -d <device_id_1> -f <app_lists_file_1> -s <optional:start_position>`
+9. In the bottom right terminal, execute `./appium-terminal.sh -p <appium_port_2> -d <device_id_2> -f <app_lists_file_2> -s <optional:start_position>`
+
+## Manual Execution
+
+In this approach, you can directly employ each tool manually.
+
+> **Tip:** Get the `udid` (`device_id`) using `adb devices`.
+
+### Manual Single Execution
+
+1. Start `appium -p 4723` in terminal (even in background)
+2. Start a bash script with `python main.py -a <app> -j <json_data_path> -p <left/right/center> -sf <optional:start_position>` in another terminal
+3. Start a bash script with `node index.js <app> <data_path> <port> <device_id> <optional:start_position>` in a third terminal
+
+### Manual Parallel Execution
+
+1. Start `appium -p 4723` in terminal A (even in background)
+2. Start `appium -p 4724` in terminal B (even in background)
+3. Start a bash script with `python main.py -a <app> -j <json_path>` for terminal 1
+4. Start a bash script with `python main.py -a <app> -j <json_path>` for terminal 2
+5. Start a bash script with `node index.js <app> <data_path> <port> <device_id>` for terminal 3 (same path as terminal 1)
+6. Start a bash script with `node index.js <app> <data_path> <port> <device_id>` for terminal 4 (same path as terminal 2)
+
+## Extra
+
+### Telegram Notifier
+
+The Telegram notifier can be used to get notified about app status changes.
+
+You can find installation and usage instructions in [scripts/telegram-notifier](../scripts/telegram-notifier/README.md) folder.

docs/images/terminal-tmux-single.png

@@ -0,0 +1,7 @@
+# QRFuzz Scripts
+
+![QRFuzz banner](images/qrfuzz-banner.png)
+
+This folder contains the script for the installation and the execution of the toolkit.
+
+Please, refer to the [complete documentation](../docs/README.md) before proceeding.

docs/installation.md

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Appium and Android installer
+
+echo "[QRFUZZ] Installing node, npm, openjdk, android-tools"
+sudo apt update -y
+sudo apt install -y nodejs npm openjdk-11-jre openjdk-11-jdk android-sdk-build-tools android-sdk
+
+echo "[QRFUZZ] Installing appium globally and qr code fuzzer"
+npm install -g appium;
+(cd ../../tools/QRCodeFuzzer/ || exit; npm install)
+
+echo "[QRFUZZ] APPIUM AND ANDROID INSTALLED"