Reversing SMART Health Cards

https://twitter.com/mareMtl/status/1393264869726621696

High Level Analysis

Note: We will be analysing this fictive QR code in this post.

Decode QR Code
shc:/567629095243206034602924374044603122295953265460346029254077280433602870286471674522280928613331456437653141590640220306450459085643550341424541364037063665417137241236...
SMART Health Cards Framework

Analysing the SHC Framework

We can now analyse the SHC Framework on GitHub to try reading the blob of digits. We will focus on the index.ts file that can be used to generate a SMART Health Card.

  1. Create a JWS payload with the patient information.
  2. Sign the JWS.
  3. Transform JWS into a numeric QR.
  4. Generate the QR code.
https://datatracker.ietf.org/doc/html/rfc7515#section-3
  • Why are we subtracting 45 to the decimal value of each char?
  • What does .flatMap((c) => [Math.floor(c/10), c % 10]) do?

Writing a decoder

First, we need to revert the changes from the toNumericQr call. To do so, we will:

  1. Split all the digits in groups of two characters.
  2. Convert each group to an integer.
  3. Add 45 to retrieve to the original char code
  4. Cast it as a char.

Data Analysis

Some interesting information can be found such as the full name and date of birth of the patient.

"entry": [{
"fullUrl": "resource:0",
"resource": {
"resourceType": "Patient",
"name": [{
"family": "Anyperson",
"given": [
"Johnathan",
"Biggleston III"
]
}],
"birthDate": "1951-01-20"
}
},
'vaccineCode': {
'coding': [{
'system': 'http://hl7.org/fhir/sid/cvx',
'code': '207'
}]
},
"occurrenceDateTime": "2021-01-29",
"performer": [{
"actor": {
"display": "ABC General Hospital"
}
}],
"lotNumber": "Lot #0000001"
https://www.cdc.gov/vaccines/programs/iis/COVID-19-related-codes.html

Conclusion

Since there’s some personal information in the QR code, you should share it only with trusted entities. Also, I would avoid to print it on a T-shirt. 😉

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store