594 private links
I recently got a copy of my "digital covid certificate". (You can get yours at covidbevis.se).
The certificate contains a rather dense-looking QR code, so naturally I was curious as to what data it contained.
With the help of Binary Eye, I could see that whatever the QR code encoded was not stored in clear-text.
Searching the web, I encountered this blog post by Austrian hacker Tobias Girstmair.
He has written a Python script that deconstructs the QR code into its data fields.
I installed it and used it to read out the values from a JPG screenshot of my QR code (I have randomised or hidden some data to protect privacy):
$ git clone https://git.gir.st/greenpass.git/
$ cd greenpass
$ python3.8 -m venv venv,
$ source venv/bin/activate
$ pip3 install flynn base45 PyPDF2 pyzbar Pillow
$ sudo apt install libzbar0
$ python3 greenpass.py myqrcode-screenshot.jpg
QR Code Issuer : SE
QR Code Expiry : 2021-09-29 15:00:00
QR Code Generated : 2021-07-01 15:00:00
Vaccination Group
Unique Certificate Identifier: UVCI : URN:UVCI:01:SE:EHM/V10050020P8X
Country of Vaccination : SE
Dose Number : 1
ISO8601 complete date: Date of Vaccination : 2021-06-01
Certificate Issuer : Swedish eHealth Agency
Marketing Authorization Holder : ORG-100030215
vaccine medicinal product : EU/1/20/1528
Total Series of Doses : 2
disease or agent targeted : 840539006
vaccine or prophylaxis : J07BX03
Date of birth : 1982-02-01
Surname(s), forename(s)
Surname : <>
Forename : <>
Standardised surname : <>
Standardised forename : <>
Schema version : 1.3.0
The script worked when supplying a screenshot, but threw an error when I tried supplying the HC1 hash itself. In any case, I congratulate Tobias on a very nice piece of investigative work, allowing citizens all over the EU to inspect the data they share when using their COVID vaccination certificate.