Skip to content

GitLab

Last edited by Mark Stevens
Page history

qrcode bypass

Here’s another way to avoid the QR Code on installation.

This approach would dovetail with an automated build step for encrypting the package files

Currently, when the packages are encrypted, each package is recorded in a manifest.md5 file;

This is just the output of the 'openssl dgst -md5 ‘ output for each encrypted file. MD5(BTAdContentManagerService-1.39.00-22471.apk.enc)= 446f964ef182c191952440e9f409bf15 MD5(BTAnalyticsService-1.41.00-30605.apk.enc)= 7c1639390da39270657864b74315ef70 MD5(BTBrowserNOP-1.39.00-22471.apk.enc)= 771f5dca012113340ea6749430937d06

This information is used to identify the expected package files and to verify that the encrypted files are copied without error.

-- At the time the manifest.md5 is generated, we can also generate QRCode data with a longer expiration. Maybe 3 months to a year, however long we expect a release to be good for.

We then generate a 6-8 character random password and a 6-8 character Challenge Code We use the password to do a second encryption pass on the QR Data and save that chunk at the end of the manifest.md5 file along with the Challenge Code. QRC(NSUVDBsJ3yMHFE7vk40G7tjD+O9GfgUNHIfvSP97X8+mTFjQmMCtHhRJlYDOqZ5D7euK7TWyWxA8L7in8uvzvXDjkHoW4QaqxII7OAegYe3DjxkMWeJRlKF6aQYOjFlleoI6Fmgk8U8vN0cc7Amay0YXXSmzW18SgZP+IUX/YmVHUuc4tWsbbV/faK6Oo0/HDn6PVej16rvcHc1Mn0w6zQ==)= A6CFj11K

The password, challenge code & manifest.md5 data are registered with platform services, so the call center can look up the challenge and give the venue manager the correct Password response that can be used to get the embedded QR Code data.

Usage: If Tablet provisioner app finds the QRC entry : Presents an option to Unlock the tablet in addition to [Scan] Unlock UI presents Support Contact instructions and the Challenge Code Validates the password by decrypting the QRData and verifying it’s contents are valid. Passes the QR-code data to provisioning and continues normally.

— Tablets in long term storage, would need to be refreshed within the expiration window by turning them on and running the Copy Files step with updated files. This could also serve as a way to retire any manifests that are deemed compromised.

With a shorter code, this would also make BLE a convenient option for sharing the pre-cleared information with other tablets that have the same Challenge Code.

generating the code: openssl rand -base64 5 | head -c 5 generates a code like: pBUpo