QR Code Decoder

Decode a QR code image locally — no upload, no third-party API.

Free QR code decoder that reads a dropped or chosen QR image entirely in your browser using the Canvas API. Decodes URL, Wi-Fi, vCard, and plain text payloads. No image is sent anywhere — privacy-first scanning. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

How does QR decoding work?

The decoder converts the image to grayscale, applies an automatic threshold (Otsu's method) to separate dark and light, finds the three corner finder patterns by their 1:1:3:1:1 ratio, samples each module of the grid, removes the data mask, and reads the bitstream into characters.

A QR code decoder reads the data hidden inside a Quick Response code — a URL, a Wi-Fi login, a contact card, or plain text. This tool does it without a camera and without uploading anything: drop an image of a QR code and it is decoded right in your browser.

How it works

QR decoding is a small computer-vision pipeline:

  1. Load and grayscale. The image is drawn onto an HTML canvas and each pixel reduced to a single brightness value.
  2. Binarise. Otsu’s method picks the brightness threshold that best separates dark modules from light ones, turning the image into pure black and white.
  3. Find the code. The three large corner squares — the finder patterns — are located by their characteristic 1:1:3:1:1 run of dark and light, which fixes the grid’s position and module size.
  4. Sample the grid. Each module’s centre is read as a single bit, reconstructing the matrix.
  5. Unmask and read. The format bits reveal which of the eight data masks was applied; reversing it and walking the modules in QR’s zig-zag order yields the bitstream, which is parsed into numeric, alphanumeric, or byte (UTF-8) characters.

What payload types are decoded

The decoder reads the raw text content of any QR code, then labels it by recognised format:

Prefix / patternType labelExample content
http:// or https://URLhttps://example.com/page
WIFI:T:WPA;S:...Wi-Fi networkSSID, security type, password
BEGIN:VCARDContact card (vCard)Name, phone, email
mailto:Email addressmailto:[email protected]
tel:Phone numbertel:+447700900000
geo:Geographic coordinatesgeo:51.5074,-0.1278
Anything elsePlain textA password, a serial number, etc.

Knowing the type at a glance lets you decide what to do before acting on it.

QR codes as a security surface

QR codes are opaque by design — the human eye cannot read the encoded content, which makes them a natural vehicle for phishing. Common attack patterns:

  • Shortened URLs pointing to malicious sites that look legitimate before the redirect
  • Homograph domains where a Unicode character in the URL resembles a familiar brand name
  • Wi-Fi credential harvesting via fake “free Wi-Fi” QR codes in public places
  • Vishing via vCard — a QR-encoded contact that adds a fraudulent number to a phone book

Using the decoder before scanning lets you verify a QR code’s destination on a computer, where you can read the full URL and recognise suspicious domains, rather than tapping it directly on a phone.

Tips for reliable decoding

  • A screenshot of an on-screen QR gives the cleanest read — no camera angle, blur, or glare.
  • For printed codes, a straight-on, high-contrast photograph works well; extreme angles and low resolution are the most common failure causes.
  • Very dense QR codes (large version numbers, many characters) may decode slowly or fail if the image resolution is low — use the highest resolution image you can.
  • The decoder reports an honest failure rather than returning a garbled guess if it cannot find or parse the code.
  • Your image is never uploaded — everything happens in your browser.