ImageSecret v1.0 out now

Discussion in 'privacy technology' started by Stefan Froberg, Aug 4, 2017.

  1. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Little software that let's encode/decode and hide data inside 32-bit PNG images.

    Based of the idea that RockLobster (thanks!) gave in
    https://www.wilderssecurity.com/thr...rump-the-laws-of-mathematics-turnbull.395421/

    Short (and poor) description...better one will follow in future...
    https://www.orwell1984.today/imagesecret.html

    Window binary (tested only with Win7)
    https://www.orwell1984.today/ImageSecret_1.0.zip

    Source code (You need if want to use this on Linux)
    https://www.orwell1984.today/ImageSecret_1.0_src.zip

    also available throught Tor

    http://ukp5un24mpxbqcpu.onion/imagesecret.html
    http://ukp5un24mpxbqcpu.onion/ImageSecret_1.0.zip
    http://ukp5un24mpxbqcpu.onion/ImageSecret_1.0_src.zip
     
    Last edited by a moderator: Aug 4, 2017
  2. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Hmmm....
    Tests looks promising.
    No PLTE chunk (8-bit color palette) in the encoded png output, just as it should be.
    :)
    upload_2017-8-6_23-51-37.png

    Here is our invisible bird (but not going to give the key file this time, you have crack it yourself)
    Picture starts
    y.png
    Picture ends
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    So it's all transparent?
     
  4. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yes it's all transparent but this will only fool human eye.
    (for example you could easily put that image over any other image or background image and nobody would know it was there unless, say, checking html source for example)

    But even after removing the transparency (setting alpha to 100%) you would still need to decode the pixel image and what im interested is, how easy it will be without right key file.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It's cool. But I like steganography better, I think, because it's harder to know that there's hidden information. But maybe there's some way to combine the approaches. Over my head, though.
     
  6. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Any chance of a version for XP?
     
  7. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yea, this could be considered as "poor man's steganography".

    Or in second thought no. Because in steganography you need two files, the carrier file and the data file itself while here the thing you see *is* the data, altought in a scrambled, not easily recognize form.

    In steganography, if the adversary happens to have the original, untambered carrier file (let's say picture of garfield heh...) and a second, steganography tampered of the same file where just few bits have been altered (too subtle for human eye to recognize but still enough to contain some information), then it's really just trivial case to take, say, sha1 hash from both files and compare.

    If they don't match then adversary knows that there is something fishy in the second file and will start to rip it apart.

    However, in this approach that don't work. There is no original file that could be compared against, the thing you see is the original data but in weird form. :)

    And if/when I get chance to add those graphical transform filters, (or maybe RockLobster would like to do...please?) they would look beautifully weird abstract art files....

    So this is kinda steganography but not exactly I think ...
     
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    That would need to install second, older Qt5 version to my comp (Qt 5.6)
    (please see "Platform Releases" from https://wiki.qt.io/PlatformSupport)

    But... I try to get some room to my hard drive for it and some room for virtual XP and test this thing with XP too

    Hopefully I can find my Windows XP install CD ....
     
  9. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Windows XP version now ready (god it was slow in virtualbox... :eek:).

    As always, either from
    https://www.orwell1984.today/imagesecret.html
    or
    http://ukp5un24mpxbqcpu.onion/imagesecret.html
     
  10. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Thanks for making the XP version Stefan.
    I have tried it and it crashes 'ImageSecret.exe has encountered a problem and needs to close. We are sorry for the inconvenience.'
    on pressing of the 'use this palette' button 'save file' button 'open image' button 'save image' button

    'Generate Palette' button seems ok ' Alpha Visibility' tickbox and slider seem ok 'Load Palette' seems ok 'save palette' seems ok 'open file' seems ok

     
  11. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yea, I should have set the "use this palette button" in disabled state and only enable it when user has actually generated new palette (either random or linear). Also those other buttons crash if the user clicks them but then cancels and does not select anything from the file dialog.

    Will fix soon
     
  12. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Okay, fixed now and should not crash when pressing those buttons and aborting file selection in filedialog. Also did some other minor changes (please see included ChangeLog.txt) like merging "Save Palette" and "Use Palette" to single "Use and Save this Palette" button, which is enabled only when user generates random palette.

    And here are the filenames (not allowed to post direct links here) and their checksums

    SHA1 checksums
    ----------------------------------------------------------------
    23802c0ddb6851ba1505568c87a3ece4f40e5b4a ImageSecret_1.1_src.zip
    81f3dd0e330dd183ec92ea6b53cc57fd0beda479 ImageSecret_1.1_XP.zip
    3bffbaf05341ac9d70a6b4eac606243abcfce204 ImageSecret_1.1.zip
     
  13. guest

    guest Guest

    Regarding direct links, you can embedd the links in [CODE] or [PLAIN]-tags.

    https://www.orwell1984.today/ImageSecret_1.1_src.zip
    https://www.orwell1984.today/ImageSecret_1.1_XP.zip
    https://www.orwell1984.today/ImageSecret_1.1.zip
     
  14. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Ah, thanks :)
     
  15. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Hi Stefan.
    Thanks very much. I'm sorry that I have not replied to your post but I didn't see the post notification because I don't log in that often.
    I tried the updated XP version and it worked with a large-ish pdf file of 5.29 MB (5,552,895 bytes)
    the encrypted file size was 12.8 MB (13,441,242 bytes) The image that I ended up with was a sort of speckly random .png

    I didn't set anything in ImageSecret, I just used as I found it. It was quite slow on my XP sp3 pc taking about 10 seconds between each percent move to encrypt and decrypt but the final file saving was as normal and the file decrypted and saved to a useable file.

    I'll test it with some of the other settings when I get some
    time. Thanks sdmod

    ps I'm curious.
    If I encrypted the file using the XP version of ImageSecret and sent it to someone who has the standard version of ImageSecret would the file decrypt and re-constitute as normal?


     
    Last edited: Aug 23, 2017
  16. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yes, there is a severe overhead in terms of both size and speed because it uses base64 encoding before actually generating the png file. For some reason I couldn't make it work with binary files without using base64 (plain txt files worked fine tought with or without it) so that's why I choose to use it. I will investigate it further if possible to encode/decode without base64.

    Also, the input type of the file or the palette used has some impact in the size. Encoding/decoding plain text files with the default palette (default.txt) or one of the other pre-generated palettes (red.txt, blue.txt or green.txt) seems to produce most smallest png files sofar. And binary files give worst results.

    Also I noticed something else too that might effect speed and size:
    1. PNG files support lossless deflate compression but I don't actually know if the png images produces by Qt are using it. Have to check it out.
    2. I could probably try to compress the base64 output before feeding it to encoding method and so reduce encoding time and file size.
    3. encoding algorithm loop seems to be too ineffective (too many if checks inside loop).
    4. Win7 version uses Qt 5.9 while Win XP uses Qt 5.6 (last version supported for that platform) so maybe that has some speed impact but even worse, the Win7 version still used only 32-bit code because 32-bit compiler ......

    Well, lets find out :)
    Below is an encoded image of pdf file that contains instructions howto make your own tube radio. Encoding was done with win7 version of imagesecret.

    I will private message you the key file I used to encode it so that you can decode it with XP version and see if it can be saved as correct pdf file.

    Code:
    https://www.orwell1984.today/radio.png
    
     
  17. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Thanks Stefan,
    Decoded and viewed your radio pdf file fine in XP but when I went to send you one back...using the ImageSecret 1.1 XP version program and creating random palette "Use and Save this Palette" button...on trying to save after naming the palette .txt file the program crashed. 'ImageSecret.exe has encountered a problem and needs to close. We are sorry for the inconvenience.'

    sdmod


     
    Last edited: Aug 23, 2017
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Also happened on Windows 8.1 x64.
     
  19. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Ah, yes another bug and I can reproduce it too.
    I didn't take into account that user might randomly generate palette before having any data available (that is, opened any file beforehand). Currently, the opening of file or loading new palette will immediately start encoding process.

    I think simplest way to fix this would be to add separate "Encode" button that is only enabled when there is actually data available (user has already opened file for encoding) and palette ready (but there always is because default.txt is always loaded when program starts)

    Will fix soon (and also try to speed up encoding/decoding too).
    Thanks for reporting sdmod and Mister X :)
     
  20. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Now knowing that, I was able to complete the process on my xp but as you say it would be better as a one two three sort of process made simply for the basic model idiot like myself




    Yes, greyed out create palette until original file loaded would work fine.

    or



    maybe a 1 2 3 on the gui

    1) First load your original file you want to encrypt

    2) create palette and save and use it to encode original file

    3 Save Encoded image png and unique palette to image folder in program or choose folder

    and another one two three for decoding

    Something along those lines using your own words.

    PS

    I'm still not really sure what show base64 is for or how to use it ?

    Ah! I see it is an ascii representation of the file


    sdmod

    PPS
    A small point that I'd like to make is, if anyone is serious about sendng information or data to another person in confidence security and privacy the certain words like 'orwell1984.today' 'secret' or 'private' might draw unwanted attention to them.
    I saying this there is no implied negative criticism and I like your ideas and your program.



     
    Last edited: Aug 24, 2017
  21. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    If you write math code in C it should speed it up a lot or for even faster performance use fortran which is uber fast for number crunching. Like 20 times faster than say, java for example.
     
  22. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Thanks! :)

    I was maybe lil too much in provocative mood when I choosed that particular domain name :D
    (but I also think that the name really does fit into the current trend of the time: mass spying done by UK, USA, China, Russia and maybe soon by EU and without giving one **** to citizens lives)

    And that's also why I only offer HTTPS and onion versions of the site. No plain HTTP, ever. (and No cookies. No flash/java plugins or other tracking ****. Ever).

    So at least visitors to that site are relatively safe and private, especially if adding my VPS server ip address to your hostfile so that no DNS requests coming out from your side when you visit and download stuff fom there.

    But nothing lost really if the big brother comes knocking and shuts down that VPS. I or someone else will simply rent another VPS from some other country and but the stuff there.

    The thing is open source (GPL v2 to be exact, I will later add the needed LICENSE file and other stuff...) and anyone can now do whatever he/she wants with local downloaded copy of the source code, as long as keeps posting any code changes to public.

    Change it, improve it, mirror the site, put the stuff to p2p networks .... it's out and there is really nothing, sort of shutting down the entire Internet, that BB can do about it.

    BTW, I am not entirely sure how strong this thing is right now. The algorithm is very simple and maybe even naive, and I wish that someone with cryptography background would take a look. Especially, if this really is very easy to crack, then there is not really any point to try to improve it and me wasting my time.
     
  23. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Im not sure that C would help, I mean, it does use the C++ code now and it's really nothing more than superset of C.
    And the encoding process in entirely here:
    Code:
    for(int index = 0; index < n;++index)     {
            progress.setValue(index);
            if (progress.wasCanceled()) {
                        return;
            }
    
            if(index < buffer_length) {
    
                if(alphaInvisibility && alpha < 255) {
                    QRgb    tmp =  defaultPalette.at(this->input.at(index));
                    int     red = qRed(tmp);
                    int     green = qGreen(tmp);
                    int     blue = qBlue(tmp);
                    pixel[index] = qRgba(red,green,blue,alpha);
                } else {
                    pixel[index] = defaultPalette.at(this->input.at(index));
                }
    
            } else {
                // do nothing
            }
        }
    
    There isn't much calculations to do. Just few if checks (but the if checks are done for *every* damn pixel, so that really must change)

    Maybe using 64-bit compiler and optimizations (GCC Auto-vectorization maybe?) for win7 version and 32-bit compiler and it's optimizations for XP version could improve the situation little.
     
  24. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Oh yeah I see what u mean now I didn't realize buffer length is the amount of Pixels but how else to do that.... So what is the value of n in the main loop?
    What does this line do?
    defaultPalette.at(this->input.at(index));
     
    Last edited: Aug 24, 2017
  25. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    n is just image width * image height;

    Originally, I tought that I had to handle it that way because I was not sure what would happen if there was less data than the actual image size. But now I see that Qt QImage class just fill the ending hole with transparency so it will not be problem and the whole n variable can be completely eliminated as well as the now useless if(index < buffer_length) check. Also the alpha visibility check should be moved to out of the loop.
    Here's the improved code.

    Code:
    if(alphaInvisibility && alpha < 255) {
            for(unsigned index = 0; index < buffer_length;++index)     {
                progress.setValue(index);
                if (progress.wasCanceled()) {
                            return;
                }
                QRgb    tmp =  defaultPalette.at(this->input.at(index));
                int     red = qRed(tmp);
                int     green = qGreen(tmp);
                int     blue = qBlue(tmp);
                pixel[index] = qRgba(red,green,blue,alpha);
            }
        } else {
            for(unsigned index = 0; index < buffer_length;++index)     {
                    progress.setValue(index);
                    if (progress.wasCanceled()) {
                            return;
                    }
                pixel[index] = defaultPalette.at(this->input.at(index));
            }
        }
    
    How fast is this then? On my machine with 30 MB pdf as input, the encoding timing for that piece of code was:
    TIME: 6 m 399 s 399286 ms

    Hmmm.... 6 minutes, Not good.

    Next, I went and commented out the progress dialogs from the code
    Code:
    /*
                    progress.setValue(index);
                    if (progress.wasCanceled()) {
                            return;
                    }
    */
    
    And the result?
    TIME: 0 m 0 s 68 ms

    68 milliseconds :eek::eek::eek:
    Clearly there is something wrong with Qt QProgressDialog :mad:
    Or maybe it simply just can't keep up with the fast loop and update itself fast enough and so slow the whole encoding/decoding process?

    Or maybe I have to do all the encoding/decoding in separate thread and then try to update and keep up the progress dialog in main GUI thread ? (and I absolutely hate working with threads .... )

    Anyway, good news is...next version encoding and decoding will be blindingly fast, even for large files :)
    Bad news is, we might lose the encoding/decoding progress dialog :(

    that converts the ready made base64 input buffer to pixel data by using defaultPalette (which contains the default.txt values unless changed by loading/creating custom palette) as lookup table.
    Because each byte has values from 0 - 255 and the palette size is 256 there is one-to-one correspondence.

    So in effect for each base64 encoded byte in the loop:

    - Check the base64 encoded byte value ( this->input.at(index) )
    - Use that value as index to lookup to palette ( defaultPalette.at( )
    - Draw the pixel ( pixel[index] )
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.