Recently I rewrote it in Dart/Flutter and finally implemented RaptorQ codes (way more efficient than Luby used in original Txqr). Testing it internally now, prepareing Appstores/GooglePlay/Web deployment and new article.
kig 20 hours ago [-]
This is cool and minimalistic!
I've been noodling on https://qr-send.com which is a slightly more polished version of the "erasure fountain codes + stream of QRs"-idea, inspired by divan's Txqr posts but using Wirehair FEC for the fountain code (basically: you receive ~file size bytes via QR codes and it magically assembles them into the source file regardless of missed codes).
It's an offline-first progressive web app and there are native & wasm builds for the sender. The browser-to-browser transfer falls up to WebRTC when possible because 30 MB/s over wifi beats a 100 kB/s QR stream. The QR scanner is a heavily-optimized WASM build of zbar, scanning at 60 fps on mobile & multiple QRs per frame (but it's finicky! Work in progress.)
rao-v 7 hours ago [-]
What is the fastest you can transfer data from ~10 meters away using a modern phone front camera and screen? Surely 100 kB/s is slow?
kig 4 hours ago [-]
Depends on the zoom. With this setup you can transfer about 0.1 B/s per pixel of 60 FPS video. So a 65" screen and 1080p camera at 10 meters away would max out at 2 kB/s with the normal lens (26mm equiv) or 45 kB/s with the tele lens (120mm equiv.)
I'm cooking something faster but depends on the job situation and funding whether I have time to spend on it.
Napkin math: QR codes encode 0.75 bits per module, each module needs about 3 pixels of camera resolution, and the temporal resolution is quite dodgy as well, maybe 0.25 * min(cameraHz, screenHz). So if everything is perfect, 44 kB/s at 60Hz per a 500x500 pixel patch. I've seen ~250 kB/s when a 1920x1080@60 transfer is working well. At 4k@30, you might reach 0.5 MB/s. If you throw in the 2x subsampled UV channels to transfer data as well, you might get an extra 50%.
dschep 20 hours ago [-]
This looks like a nice polished implementation of the idea, but when I try and use it, I get to "file complete" but then.. nothing? And I see no way to report a problem or bug.
kig 3 hours ago [-]
Thanks for trying it, sounds like a bug I've been running into for a couple days where the wasm stream decoder does a bad memory access. I made some buffer lifetime fixes, next up a more complete stress test and fuzzing to see if I can pinpoint it.
cl3misch 20 hours ago [-]
That sounds amazing!
The WebRTC "fallback" basically means the QR code is just a handshake when both devices are on the same network?
kig 5 hours ago [-]
The handshake details are passed alongside the data so that if a direct connection is successful, the network races the optical transfer.
unprovable 1 days ago [-]
Single page file transfer using QR Codes and a browser. Sending device loads a file into the page, gets chunked. Receiver gets all the chunks through a camera, tosses lightly and reassembles, CRC to garnish. Designed to push data from an old phone that had broken comms after it took a swimming lesson in a coffee mug, it's been quite handy.
HanClinto 23 hours ago [-]
If the phone had broken comms, how did you get the code onto the phone to run?
rmunn 9 hours ago [-]
Not OP, but I'm guessing by running the code on itself, i.e. turning the code into a QR code (or a series of them), then scanning those QR codes on the phone and reassembling them using a text-editing app on the phone.
unprovable 7 hours ago [-]
With great difficulty...
Chant-I-CRW 22 hours ago [-]
In ye olden days we used cables to sync all of our apps and data to our phones.
wongarsu 22 hours ago [-]
But why not move the data over that cable? Some kind of iOS thing that made that more complicated than pushing an app to the phone?
harkaniemi 7 hours ago [-]
This is wild. I made an identical program 24 hours ago. Mine just transfers text files
pajamasam 1 days ago [-]
Interesting idea! A demo video would be great :)
lukew3 1 days ago [-]
You should turn on github pages so we can see it live. Seems cool but I’m not at my pc rn
I've wanted to use this for an air-gapped communication device.
I have a device with a camera and a touch-screen that only uses capacitive charging. I type a message. Bytes are encrypted. I hit send. QR codes flash on my screen. I use my PC or my normal phone to receive the encrypted bytes, and transmit them to you. You have the same device. You have your PC or phone flash encrypted QR codes. You use your device to receive, and then decrypt.
I've daydreamed about also buying several different hardware random noise generators. XOR all of their bits together. Save a huge one time pad to each of our devices. And then also use public key crypto on top of it.
I'm not really sure why I want this. But, it's my answer for how to reduce attack surface as much as possible, and have truly secret messages.
unprovable 5 hours ago [-]
So two parts to a reply - first is, you don't need the encryption per se, but you can add that in the case that you give it some key and then it's encrypted. I don't see the value unless you're using this to generate frames for a video, which isn't current functionality but totally doable.
Second part, Charlie Bennet said "the only entropy source is one you can trust" and the best entropy source is quantum fluctuations, so we built a fully open source phase diffusion QRNG at Quantum Village and released it. Link: https://github.com/QuantumVillage/EntropyLoop
skinfaxi 1 days ago [-]
> I have a device with a camera and a touch-screen that only uses capacitive charging. I type a message. Bytes are encrypted. I hit send. QR codes flash on my screen. I use my PC or my normal phone to receive the encrypted bytes, and transmit them to you. You have the same device.
Why do you need a separate device for this and not just an airgapped computer?
MattCruikshank 1 days ago [-]
Me, in my life, I have a PC that's connected to the internet. I have a phone that's connected to the internet.
I want another device, which I imagine to be a Pi or Esp32 or something with a camera and a touchscreen display, and capacitive charging. After I program it and give it the public/private keypair and the OTP, I imagine physically breaking off a USB port, or sealing one with some hardening resin.
I don't want an entire airgapped computer. Maybe you do, that's fine. For me, I'd love it to be a credit-card sized doodad.
1 days ago [-]
reaperducer 23 hours ago [-]
I have a device with a camera and a touch-screen that only uses capacitive charging. I type a message. Bytes are encrypted. I hit send. QR codes flash on my screen. I use my PC or my normal phone to receive the encrypted bytes, and transmit them to you. You have the same device. You have your PC or phone flash encrypted QR codes. You use your device to receive, and then decrypt.
I specifically want this device to have no input or output hardware that could be used without my knowledge. IrDA could absolutely be used without my knowledge.
reaperducer 15 hours ago [-]
IrDA could absolutely be used without my knowledge.
Having actually used IrDA on Sony, Nokia, and Ericsson devices, no it couldn't.
In the real world, two IrDA devices have to be very specifically aligned, and also brought within just a few inches of each other. There's no way data transfer would happen without your knowledge.
MattCruikshank 11 hours ago [-]
I blame the intentionally cheap receiving optics. Researchers have reconstructed a TV signal from a hotel room with closed blinds, by very accurately measuring the ambient light intensity of the room (as shown on the blinds.)
Knowing that, I doubt that someone with even moderate funding would have difficulty receiving a signal from any of the transmitters you mention.
But, in all honesty, if you put a physical cap on the transmitter and receiver, maybe I'm wrong.
But in the other hand, none of the devices I currently own have one of your transmitters, and they all have screens and cameras, so...
Thanks for the dialogue and for sharing your experiences.
very nice list! Can I suggest adding my https://phntm.sh as well? itis a zero-knowledge file transmission system.
Levitating 20 hours ago [-]
I am not the author, you could leave a comment on the gist instead.
okandship 6 hours ago [-]
animated qr + erasure coding is a neat fit here. the interesting ux question is how clearly the receiver shows progress and recovery
unprovable 5 hours ago [-]
There is a toggle where you can show what chunks have been received. This is also where the 'show specific chunk' function comes in... the receiver can see "oh, I'm only missing chunk 125, so just show me that" etc. etc.
hootz 1 days ago [-]
I love this type of stuff. Some years ago I did something similar, but instead of QR Codes it used a convoluted mess of audio frequency modulation to send data through sound between devices. This is much more practical if you have two cameras.
xnx 1 days ago [-]
> a convoluted mess of audio frequency modulation
Like a modem
hootz 1 days ago [-]
I guess lmao, but much more rudimentary, less reliable and with loads of issues, as it had to blast piercing sounds through a speaker and then capture those with a microphone. But it was pretty cool when it worked!
skinfaxi 1 days ago [-]
Did you explore using frequencies outside the range of human hearing?
hootz 1 days ago [-]
No, but that's a cool idea. I think the main problem is that consumer hardware usually gets kinda inconsistent outside our hearing range.
deletedie 1 days ago [-]
Apple uses this approach when pairing some devices for verification e.g. setting up HomePods using an iPhone
reaperducer 23 hours ago [-]
Did you explore using frequencies outside the range of human hearing?
Amazon had modems very much like this in its little buttons that you could stick to your refrigerator and automatically order different items. When setting up the device, you could only hear the little clicks as it turned on and off.
I loved the technology. Hated that the prices changed all the time and you never knew what price you were going to pay ahead of time.
alex_suzuki 1 days ago [-]
Cool stuff. I’m fond of the “single HTML file” deployment option.
unprovable 8 hours ago [-]
Cheers!
tripflag 1 days ago [-]
Cool! Out of curiosity, since qr-codes can contain binary data -- rather than base64, have you tried inserting the file as-is? That way you could do away with the ASCII separator and have a binary header as well. This would spend less frames for the same amount of data, but I'm not sure if it would be computationally cheaper. The other alternative would be the alphanumeric mode of qr-codes, but then you lose lowercase.
hoansdz 1 days ago [-]
I once heard someone create a QR code scanner to retrieve gigabytes of data, but the biggest problem is that cameras aren't powerful enough to handle it all. Essentially, the QR code needs to be downloaded to the device for loading; relying on the camera to retrieve it is very difficult. Am I wrong about this project? What's your solution?
bensyverson 1 days ago [-]
I've done a POC with the native QR reading code on iOS. The short answer is: it's not a problem at all, and you can drive very large QR codes for more efficient transfer.
rirze 22 hours ago [-]
You could also do it the menial way; create multiple QR codes that can connect together. Not very practical for everyone except the very-motivated.
0cf8612b2e1e 22 hours ago [-]
Why not record with a standard high quality webcam and do the QR processing later? That’s how I would exfiltrate a large volume of data.
thedougd 1 days ago [-]
I've done this exact approach before. It's a good way to exfiltrate data. Post the software on GitHub pages, or a popular CDN that co-hosts other shared libraries and you've got a very difficult to block method.
Really goes to show that it's very difficult to stop a motivated and informed actor.
skinfaxi 1 days ago [-]
If you can connect to Github pages couldn't you exfil that way? This takes 2 mins for 100KB.
thedougd 22 hours ago [-]
Not quietly. Uploads are commonly monitored by data loss prevention (DLP) solutions, especially when MITM is being used for corporate proxy.
Downloading a tiny JS from a CDN, or accessing a GitHub page is mostly noise, especially if obfuscated well.
skeptic_ai 23 hours ago [-]
Npm install qr-made-up-name
Can show qr in console. How do you stop that?
thedougd 22 hours ago [-]
I'm likely being overly specific, but blocking npm downloads, installation on corporate devices, etc is trivial in a restrictive corporate environment.
m_m_carvalho 17 hours ago [-]
Clever use of QR for file transfer. How does it handle larger files? Is there chunking + reassembly on the receiving end?
acrophiliac 23 hours ago [-]
What's the length limit? I tried pasting some text and got this message: code length overflow. (85700>18672)
unprovable 8 hours ago [-]
QR code has limits, use the file transfer to chunk it. :)
econ 17 hours ago [-]
Finally real one way data transfer.
jaysyrk 22 hours ago [-]
I created a file optimizer, one single file. I was wondering if i could work with you to integrate that into your project. Lmk!!
Aleesha_hacker 22 hours ago [-]
Let Ai help you research not write keeps the content human and original
encom 21 hours ago [-]
We used to be able to send arbitrary files between phones using Bluetooth. Where did that go? We had a bit of a music piracy ring going at school for a time. Good times.
villgax 1 days ago [-]
What would make this truly portable is being able to generate this consistently with a short prompt and generate with a local LLM. That way no network calls or file hash can prevent this
[1] https://divan.dev/posts/animatedqr/
[2] https://divan.dev/posts/fountaincodes/
Recently I rewrote it in Dart/Flutter and finally implemented RaptorQ codes (way more efficient than Luby used in original Txqr). Testing it internally now, prepareing Appstores/GooglePlay/Web deployment and new article.
I've been noodling on https://qr-send.com which is a slightly more polished version of the "erasure fountain codes + stream of QRs"-idea, inspired by divan's Txqr posts but using Wirehair FEC for the fountain code (basically: you receive ~file size bytes via QR codes and it magically assembles them into the source file regardless of missed codes).
It's an offline-first progressive web app and there are native & wasm builds for the sender. The browser-to-browser transfer falls up to WebRTC when possible because 30 MB/s over wifi beats a 100 kB/s QR stream. The QR scanner is a heavily-optimized WASM build of zbar, scanning at 60 fps on mobile & multiple QRs per frame (but it's finicky! Work in progress.)
I'm cooking something faster but depends on the job situation and funding whether I have time to spend on it.
Napkin math: QR codes encode 0.75 bits per module, each module needs about 3 pixels of camera resolution, and the temporal resolution is quite dodgy as well, maybe 0.25 * min(cameraHz, screenHz). So if everything is perfect, 44 kB/s at 60Hz per a 500x500 pixel patch. I've seen ~250 kB/s when a 1920x1080@60 transfer is working well. At 4k@30, you might reach 0.5 MB/s. If you throw in the 2x subsampled UV channels to transfer data as well, you might get an extra 50%.
The WebRTC "fallback" basically means the QR code is just a handshake when both devices are on the same network?
I have a device with a camera and a touch-screen that only uses capacitive charging. I type a message. Bytes are encrypted. I hit send. QR codes flash on my screen. I use my PC or my normal phone to receive the encrypted bytes, and transmit them to you. You have the same device. You have your PC or phone flash encrypted QR codes. You use your device to receive, and then decrypt.
I've daydreamed about also buying several different hardware random noise generators. XOR all of their bits together. Save a huge one time pad to each of our devices. And then also use public key crypto on top of it.
I'm not really sure why I want this. But, it's my answer for how to reduce attack surface as much as possible, and have truly secret messages.
Second part, Charlie Bennet said "the only entropy source is one you can trust" and the best entropy source is quantum fluctuations, so we built a fully open source phase diffusion QRNG at Quantum Village and released it. Link: https://github.com/QuantumVillage/EntropyLoop
Why do you need a separate device for this and not just an airgapped computer?
I want another device, which I imagine to be a Pi or Esp32 or something with a camera and a touchscreen display, and capacitive charging. After I program it and give it the public/private keypair and the OTP, I imagine physically breaking off a USB port, or sealing one with some hardening resin.
I don't want an entire airgapped computer. Maybe you do, that's fine. For me, I'd love it to be a credit-card sized doodad.
Congratulations. You just invented IrDA: https://en.wikipedia.org/wiki/IrDA
Having actually used IrDA on Sony, Nokia, and Ericsson devices, no it couldn't.
In the real world, two IrDA devices have to be very specifically aligned, and also brought within just a few inches of each other. There's no way data transfer would happen without your knowledge.
Knowing that, I doubt that someone with even moderate funding would have difficulty receiving a signal from any of the transmitters you mention.
But, in all honesty, if you put a physical cap on the transmitter and receiver, maybe I'm wrong.
But in the other hand, none of the devices I currently own have one of your transmitters, and they all have screens and cameras, so...
Thanks for the dialogue and for sharing your experiences.
Like a modem
Amazon had modems very much like this in its little buttons that you could stick to your refrigerator and automatically order different items. When setting up the device, you could only hear the little clicks as it turned on and off.
I loved the technology. Hated that the prices changed all the time and you never knew what price you were going to pay ahead of time.
Really goes to show that it's very difficult to stop a motivated and informed actor.
Downloading a tiny JS from a CDN, or accessing a GitHub page is mostly noise, especially if obfuscated well.