QR codes are designed with alignment and scaling features, not to mention checksums and significant redundancy. They have to be, because you’re taking photos of them with your potato-camera while moving, in the dark, and it’s on a curved sticker on a phone pole. So it came as a complete surprise to us that [Christian Walther] succeeded in making an ambiguous QR code.
Nerd-sniped by [Guy Dupont], who made them using those lenticular lens overlays, [Christian] made a QR code that resolves to two websites depending on the angle at which it’s viewed. The trick is to identify the cells that are different between the two URLs, for instance, and split them in half vertically and horizontally: making them into a tiny checkerboard. It appears that some QR decoders sample in the center of each target square, and the center will be in one side or the other depending on the tilt of the QR code.
Figuring out the minimal-difference QR code encoding between two arbitrary URLs would make a neat programming exercise. How long before we see these in popular use, like back in the old days when embedding images was fresh? QR codes are fun!
Whether it works is probably phone- and/or algorithm-dependent, so try this out, and let us know in the comments if they work for you.
Thanks [Lacey] for the tip!
Kind of a neat concept, but in my testing with three different apps I either simply had trouble reading the QR code or I got the Github link like 90% of the time. It wasn’t like it was roughly 50%. Seems like that’s most people’s experience from the Twitter page.
Yeah, works for me– depending on the angle, distance, lighting, humidity(?), it seems to go nearly evenly between a github page and a mastodon.social page. The QR equivalent of what color is the dress?
I remain, utterly astonished that people blithely point their phones at compltely incomprehensible graphics and bllithely connect to them. Add now we have one that lets you get sent to either one of TWO malware/phish/ sites. Has NO one learned anything over the last 50 years of cybersecurity?
Having been there, I’d say “No”.
That I was thinking too, as soon as I read the title I was like : no, no, no, no another threat we must to face, but apparently you need those lens so is fine I guess.
Well, my iPhone gives me a preview of the link first (or actually just the server address), so I don’t have to connect at all to see it. If I would have had to connect to see the server or URL, I wouldn’t have tried it. Seems prudent enough when you know what you are doing.
Ah well, I am using an iPhone. I won’t claim that it’s impossible to malware-infect an iPhone with an up-to-date iOS. But the possibility is quite unlikely.
Android does the same, at least in the default camera app I have
The app that I use only reads and displays the data in the QR code. It will not open anything unless I tell it to.
Wonder if that can be used to double prank someone? One angle and you get Rick Astley video. Tilt the camera a bit and you get the goatse picture.
This reminds me of records that would play different things occasionally. Simple but brilliant: They just scribed two concentric grooves on the surface of the record. Depending on where you dropped the needle, it would fall into one or the other.
Reminds me a bit of the 3D art done on sidewalks:
(And yes, this link goes to only one site) :-)
https://youtu.be/ms1CbzNNHhA?si=TXD2CQNfdOVSK8kS