Skip to content

re-ws.pl

ReverseEngineering WorkStation

  • Home
  • Tutorials
  • Random
  • About

[Import]Decoding Aztec code from polish vehicle registration certificate

Posted on September 4, 2017 - September 7, 2017 by Kamil (aka. v3l0c1r4pt0r)

NOTE: This post was imported from my previous blog – v3l0c1r4pt0r.tk. It was originally published on 1st August 2015.

About a year ago I interested in mysterious 2D code placed in my car’s registration certificate. After quick research on Google it turned out to be even more mysterious because nobody knew how to decode it. There was even no official document like act or regulation that describes the code somehow. People knew that the code is Aztec code and that’s it. Some companies shared web and Android apps to decode this. And all of them was sending base64 to some server and receive decoded data.

Of course for me it wasn’t rewarding so I started my research on it. After initially scanning the code I’ve seen long string that I immediately recognized as base64. The real fun started after that, because stream I’ve got after that was so strange that at first I had no idea what to do. Upon closer examination it was clear that this data is not damaged but encoded in somewhat strange way. Few days later I was almost sure that this is not encoding but rather compression, because some unique parts of stream was easily readable by human. About a month of learning about compression, looking for even most exotic decompression tools and I was left with almost nothing. I had only weak guess on how decompression parameters could be encoded. I gave up…

Polish vehicle registration certificate (source: pwpw.pl)

About a year later I tried one more time. This time I was a bit more lucky. I found a program that decodes the code. Again. But this time was different. I shut down my network connection to make sure. And it worked! So now a bit of reverse engineering and it’s done. I will skip any details because I do not want to piss off the company which created this, even though I was right and I HAD right to do this.

As usual the source code is available on my Github profile. There is also a bit more information about whole scanning/decoding process. If you like to know more technical details about the algorithm or how to decode the data, everything can be found in README file in the repo.

Posted in UncategorizedTagged Aztec, English, Reverse Engineering

Post navigation

[Import]CP210x (USB to TTL adapter) for Android devices
[Import]SDC file format description – Errata

15 Comments

  1. Tom says:
    August 2, 2015 at 15:04

    Stealing algorithms from other binaries is a crime and admitting to it is just stupid. I’ve collected all the evidence of this (screenshots, text) and I will report a crime.

    PS. I just hope all those expensive reverse engineering tools you own are legal, because I will mention that too to check the licenses.

    Reply
    1. v3l0c1r4pt0r says:
      August 3, 2015 at 12:04

      Hi Troll,
      I am lucky to not live in a country with a highly oppressive government like United States so I had right to publish algorithm bought for taxes I paid. Moreover reverse engineering is legal in Poland for compatibility purposes. It’s a pity that you were not brave enough to give me your real email and IP address (not TOR exit node) so we could discuss more about it.
      Cheers,
      v3l0c1r4pt0r 🙂

      Reply
      1. gutk says:
        September 18, 2015 at 15:10

        Hi,

        I noticed that not every binary data is “unpacked” correctly. In some cases I got errors (iconv invalid argument) or blank output file. Could you explain what it depends on?

        Cheers

        Reply
  2. maciej says:
    September 28, 2015 at 16:11

    Hi,

    I had error : ./delz: copy offset before start of buffer -3
    What I do wrong ?

    Please help for newbie

    Reply
    1. v3l0c1r4pt0r says:
      September 28, 2015 at 21:20

      Any decompression error is caused by invalid input. Are you sure you provided binary file as input, not its base64 encoded form?

      Reply
      1. maciej says:
        September 29, 2015 at 10:47

        I have output from scaner (vwMAANtYAAJDAP8….) next I convert it to binary file And had error decompression 🙁

        Reply
        1. Mt says:
          October 15, 2015 at 23:42

          same problem here 🙁

          I also have zeto app and for given string from scaner
          zetodecode.bin 1wMAANtYAAJDAP8xAH….

          It returns nice data.

          @v3l0c1r4pt0r I’d be glad if u provide steps necessary to use your library with strings from scaner.

          Thanks!!

          Reply
          1. v3l0c1r4pt0r says:
            October 16, 2015 at 11:00

            Exact steps depends on platforms you use. On Linux you should use base64 program to decode output from scanner and write it to separate file. Then it will ready to decompress. As I have written in the post above, instructions can be found on github README file. There you can also find basic overview of the whole process.

  3. maciej says:
    October 20, 2015 at 01:17

    It was invalid input. Code work perfect

    Reply
  4. Alex says:
    October 10, 2017 at 08:28

    Hi, nice works, indeed!

    One question, i do not understand well the process to scan and convert in base64 the image. What you guys are you using to scan the Aztec code and convert it to a binary file ? Which scanner ? Which converter to base64 ?

    Reply
    1. v3l0c1r4pt0r says:
      October 10, 2017 at 18:12

      Personally, I was using Atena Aztec Reader app on Android to get base64-encoded data. Then ordinary Linux base64 program works just fine. Unfortunately, still there is no complete solution. However, I heard that there are some open source libraries that are able to read Aztecs from picture, so creating it should be now possible, basing only on free code.

      Reply
  5. John says:
    July 6, 2018 at 20:25

    Czy mozesz gdzieś wstawić ponownie swoją prace. Ponieważ widzę że panowie od biznesu uznali że to ich od i poblokowali.

    Reply
    1. v3l0c1r4pt0r says:
      July 7, 2018 at 12:37

      A, raz kozie śmierć. Niech wszyscy widzą: https://webcache.googleusercontent.com/search?q=cache:eHfVLiICOr4J:https://github.com/v3l0c1r4pt0r/delz/blob/master/src/lz.c+&cd=9&hl=pl&ct=clnk&gl=pl&client=firefox-b-ab
      Póki jeszcze nie wprowadzili żadnej ACTy, mogę sobie linkować 🙂

      Skoro już to jest publicznie dostępne, to przy okazji apel ode mnie: reuploadujcie! Prędzej czy później z cache’a to zniknie. Ja nie planuję tracić czasu na chodzenie po sądach z jakimiś firemkami co to uważają, że kupili sobie państwo na własność.

      Reply
  6. Klaus says:
    July 6, 2021 at 12:35

    Wrzuc link jeszcze raz bo juz pewnie PELock zablokowal DMCA

    Reply
  7. Marek says:
    October 19, 2021 at 18:55

    Ktokolwiek by szukał jak zdekodować kod aztec z dowodu rejestracyjnego – tutaj link do repo: https://github.com/dex4er/drpdecompress/

    W skrócie – ciąg jest zakodowany algorytmem UCL: http://www.oberhumer.com/opensource/ucl/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Tags

Android assembly busybox C CAN can-hacking cc-factory cmake compiler docker Dreamspark electronics English gcc hacking hardware JavaCard JCOP kernel KiCAD library Linux PC PCB pinout PKI polski programming Python radio Raspberry Pi Reverse Engineering RTL-SDR SDC SDM SDR smart card software tor tty UART UEFi Windows X.509 Xperia Pro

Recent Posts

  • PHP build for use bundled in Android applications
  • Running graphical apps inside Docker containers
  • Plugin architecture demo for Python projects
  • Authorizing adb connections from Android command line (and making other service calls from cli)
  • How to recover torrent from rtorrent meta files

Recent Comments

  • pomi on Playing with GF-07 GPS device
  • pomi on Playing with GF-07 GPS device
  • Hamdy Abumgata on Playing with GF-07 GPS device
  • Mousum Gogoi on Playing with GF-07 GPS device
  • Eason on Sniffing USB traffic with DSLogic logic analyzer into pcap file

Categories

  • News
  • Random
  • Reversing LKV373A
  • Setting up new v3 Hidden Service with ultimate security
  • Tutorials
  • Uncategorized
  • Understanding JCOP

Links

  • Me @ github
  • LKV373A Wiki
  • DevTomek

Archives

  • December 2024
  • November 2024
  • May 2024
  • July 2023
  • October 2022
  • August 2022
  • July 2021
  • June 2021
  • May 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • February 2019
  • November 2018
  • October 2018
  • June 2018
  • May 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • September 2017

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly powered by WordPress | Theme: micro, developed by DevriX.