QRQRCrack
Methodology

How QRCrack Generates QR Codes

The standards, libraries, and privacy guarantees behind every QR code on this site. By Aniket Nigam. Verified 2026-04-15.

1. The QR code standard

Every QR code on QRCrack conforms to ISO/IEC 18004, the international standard that defines the symbol shapes, data encoding modes, masking patterns, and Reed-Solomon error correction used by QR codes. The standard covers versions 1 through 40, which range from 21 by 21 modules up to 177 by 177 modules. QRCrack picks the smallest version that fits your input at your chosen error correction level.

ISO/IEC 18004 is the authoritative reference for the binary layout of the symbol, including finder patterns, alignment patterns, timing patterns, and the format and version information regions. Because QRCrack targets this standard directly, any compliant QR reader on any phone or scanner can decode the output. There is no proprietary extension, no tracking pixel embedded in the data, and no encoded account ID.

2. Library and implementation

The core matrix generation uses qrcode.js, a widely audited open source implementation of the ISO/IEC 18004 standard. Source code and issue tracker: github.com/soldair/node-qrcode. QRCrack imports this library into the browser bundle. All QR code matrix computation, pixel rasterisation, and SVG path generation run inside your browser tab, on your device CPU. There is no API endpoint that receives your input, no log line written to a server, and no analytics hook that captures the encoded payload.

Rendering on top of the matrix (colour fills, corner radii, logo embedding, gradient styling) is done with standard Canvas and SVG APIs. Downloads are produced using browser blob URLs, so the final PNG or SVG file never transits the network.

3. Error correction levels

QR codes use Reed-Solomon error correction, which lets a scanner recover the original data even when part of the symbol is damaged, dirty, or covered by a logo. ISO/IEC 18004 defines four levels:

  • L (Low): recovers about 7% of damaged codewords. Smallest symbol, best for clean digital surfaces.
  • M (Medium): recovers about 15% of damaged codewords. A balanced default for most QR codes without logos.
  • Q (Quartile): recovers about 25% of damaged codewords. Good for printed codes that might scuff.
  • H (High): recovers about 30% of damaged codewords. Required for logo embedding, since the logo masks part of the symbol and the error correction reconstructs the rest.

QRCrack defaults to level M when there is no logo, and upgrades to level H whenever you add a centre logo. Higher error correction increases the symbol size, which is why the generator will sometimes produce a denser grid after you drop a logo onto the preview.

4. Format-specific standards

A QR code is just a container for text. What the text means is defined by the format you pick. QRCrack supports the following open standards:

  • WiFi: the WIFI:T:WPA;S:Name;P:Password;; schema originally defined by the Zxing project and now recognised by Android 10+ and iOS 11+ for automatic network joining. QRCrack encodes SSID, password, and authentication type (WPA, WPA2, WEP, or nopass) exactly as specified.
  • vCard: RFC 6350 vCard version 3.0 or 4.0. Fields include FN, N, ORG, TITLE, TEL, EMAIL, URL, and ADR. The output is plain text that every major contact app on iOS, Android, macOS, and Windows can import.
  • UPI deep links: the upi://pay URI scheme published by the National Payments Corporation of India. QRCrack encodes the payee VPA, payee name, transaction amount, and currency. Every compliant UPI app (Google Pay, PhonePe, Paytm, BHIM, CRED) recognises this URI.
  • Bitcoin: BIP 21, the URI scheme at bitcoin:address?amount=0.01. QRCrack supports address, amount, label, and message parameters. Every major wallet (Coinbase, Electrum, BlueWallet, Sparrow) parses this format.
  • URL, email, SMS, phone, geo, calendar, plain text: standard URI schemes defined by RFC 3986, RFC 6068 (mailto), RFC 5724 (sms), RFC 3966 (tel), RFC 5870 (geo), and the iCalendar VEVENT format in RFC 5545.

5. The privacy model

QRCrack is designed so that the server never sees what you encode. The pages are delivered as static HTML with a JavaScript bundle attached. Once the bundle is loaded, the generator runs inside your tab and the only network requests that happen are for fonts, CSS, and optional analytics that track page views (not encoded payloads). You can verify this in your browser dev tools by opening the Network tab and watching the requests while you type.

The only exception is the dynamic QR feature, which by definition requires a redirect endpoint to change destinations over time. That feature is clearly labelled, opt-in, and documented separately. Every other tool on QRCrack, including WiFi, vCard, UPI, Bitcoin, URL, and plain text QR generators, is fully static. Close the tab and no trace of your input remains anywhere.

6. Updates and corrections

This methodology page is reviewed whenever the underlying libraries or standards change. The sitemap carries a lastModified timestamp for each page so search engines and AI assistants can prioritise the freshest version. If you find a technical inaccuracy, email hello@qrcrack.com and the correction will be published with a dated note.

Want API access + no ads? Pro coming soon.