Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Steganography and PNGs
Search
Brian de Heus
October 12, 2019
0
57
Steganography and PNGs
How to hide arbitrary data in PNGs and have image CDNs host it for you.
Brian de Heus
October 12, 2019
Tweet
Share
More Decks by Brian de Heus
See All by Brian de Heus
Kubernetes 101 - A practical introduction into Kubernetes
briandeheus
0
72
Service communication made easy
briandeheus
1
71
A Docker Swarm Love Story
briandeheus
0
88
Featured
See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
Become a Pro
speakerdeck
PRO
29
5.5k
KATA
mclloyd
32
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Code Review Best Practice
trishagee
70
19k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
Transcript
Free Unlimited Storage With This One Weird Trick! System Administrators
Hate Him!
steganography /stɛɡəˈnɒɡrəfɪ/ noun 1. the practice of concealing messages or
information within other non-secret text or data.
Herodotus
Admiral Jeremiah Denton
Message Under The Stamp
Brian de Heus briandotjp
Append After End Byte +
Binary Storage
Least Significant Bit Source: https://www.peerlyst.com/posts/the-threat-of-digital-steganography-cloaked-malware-to-u-s-critical-infrastructure-systems-ian-barwise-m-s-cissp-ceh-cnda
None
PNG Portable Network Graphics
None
signature 8 bytes chunk size 4 bytes chunk type 4
bytes chunk data n bytes chunk crc 4 bytes chunk size 4 bytes chunk type 4 bytes chunk data n bytes chunk crc 4 bytes chunk size 4 bytes chunk type 4 bytes chunk data n bytes chunk crc 4 bytes
Critical Chunks IHDR PLTE* IDAT IEND
Ancillary Chunks bKGD cHRM dSIG eXIf gAMA hIST iCCP iTXt
pHYs sBIT sPLT sRGB sTER tEXt tIME tRNS zTXt
criticality scope reserved safety CRITICAL non-critical PUBLIC private ALWAYS UPPERCASE
DON’T COPY safe to copy
I H D R CRITICAL PUBLIC DON’T COPY
e X I f non-critical PUBLIC safe to copy
None
Make my own chunks!
p u N k non-critical private safe to copy
None
+
Chunk size: 13 Chunk type: IHDR CRC: 9a768270 Chunk size:
218087 Chunk type: IDAT CRC: e11d26bc Chunk size: 0 Chunk type: IEND CRC: ae426082 Hiding 27 kB ( 28208 bytes) Injecting punk chunk Punk chunk injected Reached EOF
Chunk size: 13 Chunk type: IHDR CRC: 9a768270 Chunk size:
218087 Chunk type: IDAT CRC: e11d26bc Chunk size: 28208 Chunk type: puNk CRC: 8cccb594 Chunk size: 0 Chunk type: IEND Reached EOF
http://i.imgur.com/Qk5BP19.png
Demo Time!
Lesson 1 Do not trust user input
Lesson 2 Do not trust anyone
Lesson 3 Doge meme isn’t dead wow much brave such
opinion
Thanks!!