Hacker News new | comments | show | ask | jobs | submit login
Show HN: Transfer files to mobile device by scanning a QR code from the terminal (github.com)
238 points by daw___ 8 months ago | hide | past | web | favorite | 72 comments

Nice! (Shameless plug follows) I use a similar technique in the notify-run Python package for setting up push notifications to an Android device from Python: https://github.com/paulgb/notify.run/blob/master/py_client/R...

Holy shit that's amazing. I've been wanting this service for a while, so badly that I've actually been building something similar for the last few weeks. I'll probably continue, since mine is slightly different in a couple of ways and its an interesting learning experience, but glad this is becoming more of a thing.

Wow, that's interesting! Starred.

From the README:

This program binds a web server to the address of your wifi network interface on a random port, and sets a default handler for it. The default handler serves the content and quits the program when the transfer is complete.

The program prints a QR code that encodes the text:


Most QR apps can detect URLs in decoded text and act accordingly (i.e.: open the URL with the default browser), so when QR the code is scanned the content starts being downloaded by the mobile browser.

Why not add a random suffix? http://{address}:{port}/{32-bytes from /dev/urandom as hex}

If the URL isn't being manually entered (I mean that's the whole point of the QR code right?) then adding some random unguessable text would solve the problem of something else on your network connecting to that port. It doesn't solve the problem entirely as it's still possible to MITM the HTTP connection but it's a tad more difficult.

Thanks, very good point. Initially I thought that shorter the better for URL, but since it doesn't have to be entered then it makes sense to make it a bit longer to be unguessable (and for sake of completeness, the port is randomly decided at each run).

I'd actually rather not have this addition. Despite your marketing this as a desktop > mobile transfer right now there's no reason your app can't be used for desktop > desktop sharing unless you add that random string.

I can see myself using this to move files quickly between a desktop and a laptop or vice versa by ignoring the QR code and just putting in the port.

Alternatively you could try the gfycat method by appending a few adjectives and a noun to create a readable but nonsensical phrase: https://gfycat.com/enlightenedpositiveasianporcupine

But IMHO If security on your own network is so intense that a random app opening temporarily on a random local port is a security concern then this app isn't for you.

That’s what netcat is for!

Host A:

    $ nc -l 12345 < data.txt

Host B:

    $ nc host-a-or-its-ip 12345 > data.txt

Sure that's useful, thanks. Although his app handles both use cases (desktops & phones).

nc is probably already installed on your desktop, though

Or to be less dependent on a specific OS, use a hash of the file's name/path/content?

Sorry, I'm not sure what you mean. How is this dependant on a specific OS?

I think he meant the /dev/urandom part being unix specific

Ah, right, makes sense thank you.

oh, this is clever! i was worried that it would upload my file to a cloud service, or that i would need to install a custom app on my phone.

Thanks! That's the fastest thing I could came up with to solve the problem of moving a tiny little piece of data between my computer and my smartphone without installing apps or physically connecting the device and using `adb`!

An innovative idea, I like it and could think of using it. Actually it would be more helpful if there was a way to transfer multiple files in a reasonable manner. While the server implementation would be trivial, the mass downloading client on the mobile phone is obviously the tricky part. Effective file managament on the mobile phone is even bad on Android, in my experience.

Thanks for your feedback.

> transfer multiple files in a reasonable manner

you mean, for example, choosing the destination directory and things like that?

Well, transfering multiple files most likely means to zip/tarball them together at the server side. But unpacking an archive after downloading it on a mobile OS needs a number of clicks (and an unpacking app), which is cumbersome. In the end, it is probably about a client endpoint for your tool.

This is amazing. Always looking for something like this. The old way I used to do is to run a HTTP server with an upload form in the mobile phone. But this requires an app on phone to run that server.

The idea of QR code is amazing. I'll put this to my news letter next week. Look out for it

Thanks! I use this "disposable" web server approach a lot actually, usually by running `python -m http.server` from the directory that contains the file I want to transfer, and then `wget`'ing the file from another terminal, or opening it as a stream in VLC if the file is a media.

I’ve experimented with this for a while. My clients often have very locked down windows laptops but they oddly allow hand typed powershell scripts to run.

If you “play” a series of qr codes with checksums and record them from a phone and process the video on the phone you can exfil data without tripping any IDS.

Opening a port often requires privileges or can at least trip an IDS. Silly really.

This is what I was hoping but not expecting to see here really.

wouldn't there be some sort of log that the http server utilized the network in some capacity? I have to assume its still opening TCP connections, and using all of the traditional layers below that, all of whose activities are possible to capture.

No http server. Modulate the data to an analog set of pictures (actually text based QR codes) then demodulate the pictures from video. No network needed.

I see, so the relatively low bandwidth of a static QR code is mitigated by a high frame rate.

What your saying is that these machines don't log at the operating system level, in the fashion of a tracelog, but count on bad actors to use COTS implementations of those system level calls, and log the high level events?

Its a good thing that there isn't much overlap between people who understand penetration strategies and people who can write their own software.

Really smart. Was also worried it would be tranfered via some random web server but it’s a really elegant solution. Well done!


Looks useful and fun, however it does not seem to work correctly with ipv6 on mac? I obtain:

    2018/03/22 18:46:55 listen tcp: address fe80::XX:XXXX:XXX:XXXX:57532: too many colons in address

Oh, thanks for reporting, I didn't test it with IPv6s yet; will file an issue.

workaround if you don't need IP6:

System Preferences > Network > [click your ethernet or wifi adapter on left, unlock padlock if needed] > Click Advanced on right > Click TCP/IP tab > NONE, or Configure IPv6: Link-local only

I actually already have this setting enabled. But it will still give you an ipv6 address and even though I do have a local ipv4 address on this interface, the application will pick up the ipv6.

The problem seems to come from the fact that the port is just appended to the address, but with an ipv6 you have to surround it with brackets


what exactly am I giving up, by doing this?


Great project! I'm working on one that's somewhat related, it's basically cross-platform AirDrop (though only for laptops). Seems like mine could really benefit from a method of getting files to phones like this, and yours could benefit from not needing a wireless network like Flying Carpet. http://github.com/spieglt/flyingcarpet

Oh, that looks interesting and definitely related! Starred, will have a look soon.

Here is a small issue: https://github.com/claudiodangelis/qr-filetransfer/blob/mast...

I don't know if it is the barcode scanner app (I use the one from zxing, a very popular choice), or the Android implementation (LG, Android 7), but here is a description of what happens:

As soon as I scan the barcode, it is copied to the clipboard. Then something goes to check if the URL is working (the barcode app? android clipboard? not sure). Since you exit after the first request, my browser never gets the chance to download the file. If I remove the os.Exit(), I get it working (and then terminate qr-filetransfer via ctrl+c).

Anyhow, very nice work. Kudos!

Hi, this has been already reported, many thanks for the headsup. The reason of that os.Exit(0) is to let the user not to care about quitting the tool after the transfer has been completed. There might be pending pull requests that fix this problem, I'm going to review later today.

Users response to this tool is really overwhelming, lots of interesting ideas and solutions have been already provided in the last 24 hours!

did something similar with features like upload,view files before download and file creation time (shameless plug :P ) https://github.com/kamilkabir9/LDrop


Looks like a cool project! Only quickly glanced at the code but couldn’t find it: where does this transfer files to on an iOS device? Does it even work with iOS?

Hi, thanks! Yes, it works on iOS, it works on every device that has a QR reader and a regular internet browser.

The workflow is easy: 1. the tool spawns a disposable web server 2. the tool prints a QR code that encodes an URL that points to the server 3. the device scans the QR, the scanned text is the URL 4. the tool turns off the disposable server as soon as the transfer is complete

Excellent idea, agreed.

iOS doesn't have built-in QR reader. So good QR app just should open recognized URL, and then suggest application which will be used to open the file.

Could anyone recommend such app? Tried "Scan" (iOS app), doesn't work for me: has problems recognizing qr code (probably because of my terminal fonts/background) and doesn't suggest app to open file even if QR code is recognized.

Hi, I'm hearing of issues about QR codes unable to be scanned; can you please try scanning the code that I posted in this comment and tell me if it works? :


I'm trying to collect as much info as possible to identify the cause. Thanks!

It does, actually! If you have the camera app open and have a qr code in view, the link comes up as a banner which you can tap.

You've changed my life. It works! (and it reads qr-terminalshare's QR just perfectly)

Judging from the gif it just makes a webserver and makes a QR code pointing to that url. That should work on any platform.

Doesn't work here. As soon as I scan the QR code with my phone, I'm prompted by the barcode-scanner app to open the URL (192.168.15.whatever) on the browser, but at the time this happens qr-filetransfer is already closed and not listening anymore, it has closed immediately when the QR code was read.

How does it happen I cannot know.

Oh, sorry to hear! I have no idea at the moment, do you mind opening an issue on Github? I can take care of opening an issue myself tomorrow if you can't.



Had tried it 3 times, with 3 failures.

Tried once again after posting this comment and it worked. Who knows where the software goes.

That's pretty cool. I wonder if it could be adapted to use something like Nextcloud to avoid the requirement of being on the same wifi.

The workflow would be something like: Upload to Nextcloud (it would need to ask username/password) => Get Nextcloud URL (eg via WebDAV) => Create QR code.

On the same ZeroTier network would work.

I'm sorry, I have no experience with Nextcloud :-/

How is this not called qrcp? :/

That is not bad! I might consider renaming it.

Just throwing it out there. Really like the idea. Clean and simple. Good job!

nice, thanks.

would be nice if it could allow pipes. example to send the clipboard:

$ pbpaste | qr-filetransfer 2018/03/22 15:06:48 At least one argument is required

That's an interesting point. Maybe the tool could create a temporary file with the data piped to it.

But for now I think you should stick with:

pbpaste > /tmp/clipboard.txt && qr-filetransfer /tmp/clipboard.txt

Thanks for the idea, I'm tracking it in github.

hmm. i'd rather not. generally don't want the clipboard going to disk. thanks though.

Pipe to /dev/shm/filename


why not

   pbpaste | qr-filetransfer /dev/stdin

Or even just

    qr-filetransfer <(pbpaste)

This is not going to work unfortunately, the program expects the arguments to be paths.

<() expands to a path:

    $ echo <(true)

Ah, you are absolutely right

Very similar to the eay Expo works

Very similar to the way Expo works

awesome project

:-) thanks

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact