I'm currently testing an application which uses QR codes to identify products. Now if I scan the QR code with any reader and generate a new QR code with the read text, it differs from the original QR code.
The app is capable of telling the original from the regenerated QR. Only the original QR code is accepted. I assume this is a SQRC, with a reading restriction, which identifies the QR as valid for the app.
I can't find much detail on the technology behind this, but the app does not connect to the internet to read the QR code so the reading occurs locally. This means that I should theoretically be able to identify the private information on the QR code.
I've reversed the app but I'm not sure what to look for. How do SQRC work and how may can I identify the function?
