In diary entry "Sextortion Email Variant: With QR Code", I had to decode a QR code. I didn't mention it in my diary entry, but I used an online service to decode the QR Code (I didn't want to use my smartphone).
But what if you don't want to use any online service?
You can also use a Python module: python-qrtools. I installed it on Ubuntu 18 with the following command:
sudo apt-get install python-qrtools
And then I used a simple Python program like this one:
qr = qrtools.QR()
We received the sextortion email with QR code as a .msg file. These files can be analyzed with oledump.py:
Plugin plugin_msg can help with locating the streams that contain the attachments (images):
The beginning of the content of the attachment data streams indicates that these are .png files: \x89PNG.
Grepping for PNG reveals that stream 3, 11 and 19 contain the .png files:
Extracting the .png attachments to disk:
Decoding the QR code:
Images 1 and 2 don't contain a QR code (False), but image 3 does (True), and the Bitcoin address is displayed.