Show HN: ShadowCat – file transfer through QR Codes in a Browser (opens in new tab)

This method of animated QR data transfer is quite efficient with fountain codes. I had PoC implementation back in the day - Txqr [1] [2]

[1] https://divan.dev/posts/animatedqr/

[2] https://divan.dev/posts/fountaincodes/

Recently I rewrote it in Dart/Flutter and finally implemented RaptorQ codes (way more efficient than Luby used in original Txqr). Testing it internally now, prepareing Appstores/GooglePlay/Web deployment and new article.

This is cool and minimalistic!

I've been noodling on https://qr-send.com which is a slightly more polished version of the "erasure fountain codes + stream of QRs"-idea, inspired by divan's Txqr posts but using Wirehair FEC for the fountain code (basically: you receive ~file size bytes via QR codes and it magically assembles them into the source file regardless of missed codes).

It's an offline-first progressive web app and there are native & wasm builds for the sender. The browser-to-browser transfer falls up to WebRTC when possible because 30 MB/s over wifi beats a 100 kB/s QR stream. The QR scanner is a heavily-optimized WASM build of zbar, scanning at 60 fps on mobile & multiple QRs per frame (but it's finicky! Work in progress.)

Single page file transfer using QR Codes and a browser. Sending device loads a file into the page, gets chunked. Receiver gets all the chunks through a camera, tosses lightly and reassembles, CRC to garnish. Designed to push data from an old phone that had broken comms after it took a swimming lesson in a coffee mug, it's been quite handy.

I also implemented a static web with that idea: https://github.com/anhldbk/get-beam

You should turn on github pages so we can see it live. Seems cool but I’m not at my pc rn

I've wanted to use this for an air-gapped communication device.

I have a device with a camera and a touch-screen that only uses capacitive charging. I type a message. Bytes are encrypted. I hit send. QR codes flash on my screen. I use my PC or my normal phone to receive the encrypted bytes, and transmit them to you. You have the same device. You have your PC or phone flash encrypted QR codes. You use your device to receive, and then decrypt.

I've daydreamed about also buying several different hardware random noise generators. XOR all of their bits together. Save a huge one time pad to each of our devices. And then also use public key crypto on top of it.

I'm not really sure why I want this. But, it's my answer for how to reduce attack surface as much as possible, and have truly secret messages.

I love the focus on giving a second life to old hardware. We often talk about 'local-first' for privacy, but this shows how local-first is also great for hardware longevity. It’s refreshing to see a tool that doesn't require a cloud connection or a functional Bluetooth stack to be useful.

I love this type of stuff. Some years ago I did something similar, but instead of QR Codes it used a convoluted mess of audio frequency modulation to send data through sound between devices. This is much more practical if you have two cameras.

Is there a client that needs to be used to be able to receive files this way? I tried the dedicated QR reader on my iPhone, and the Camera app, and couldn’t get it to assemble the chunks. It will show the encodings one after the other, but nothing else.

Cool stuff. I’m fond of the “single HTML file” deployment option.

Cool! Out of curiosity, since qr-codes can contain binary data -- rather than base64, have you tried inserting the file as-is? That way you could do away with the ASCII separator and have a binary header as well. This would spend less frames for the same amount of data, but I'm not sure if it would be computationally cheaper. The other alternative would be the alphanumeric mode of qr-codes, but then you lose lowercase.

I once heard someone create a QR code scanner to retrieve gigabytes of data, but the biggest problem is that cameras aren't powerful enough to handle it all. Essentially, the QR code needs to be downloaded to the device for loading; relying on the camera to retrieve it is very difficult. Am I wrong about this project? What's your solution?

I've done this exact approach before. It's a good way to exfiltrate data. Post the software on GitHub pages, or a popular CDN that co-hosts other shared libraries and you've got a very difficult to block method.

Really goes to show that it's very difficult to stop a motivated and informed actor.

animated qr + erasure coding is a neat fit here. the interesting ux question is how clearly the receiver shows progress and recovery

We used to be able to send arbitrary files between phones using Bluetooth. Where did that go? We had a bit of a music piracy ring going at school for a time. Good times.

Clever use of QR for file transfer. How does it handle larger files? Is there chunking + reassembly on the receiving end?

I created a file optimizer, one single file. I was wondering if i could work with you to integrate that into your project. Lmk!!

i feel like it should be possible to push this to extremely high bandwidth.

use a 1D code variant with very high FPS to work around the rolling shutter.

What's the length limit? I tried pasting some text and got this message: code length overflow. (85700>18672)

What would make this truly portable is being able to generate this consistently with a short prompt and generate with a local LLM. That way no network calls or file hash can prevent this

Finally real one way data transfer.

Let Ai help you research not write keeps the content human and original