sprucemist's blog

While there are various steganography tools out there for embedding data within an image, I like tweetable-polyglot-png the most as it doesn't require any special tools for extraction beyond unzip, which is nice for being able to share something covertly via an image.

Well its not strictly true that you need unzip for it, as you can embed any data you want but extraction can be tricky as the tool only puts it into the image. It does make an exception for zip files and formats the final image nicely to allow it be a valid zip archive. So while not necessary I would recommend zipping any data you embed to make extraction easy.

All you need to do to use is run the python script on an image and file to embed. One thing to note is that this only supports png files as it abuses the DEFLATE stream within the IDAT chunk.

python3 pack.py cover.png file.zip output.png

Not any png can be used, the (width * height) - size_of_png expressed in bytes must be positive and at least as big as the file you want to embed.

While finding the ideal cover image that has enough space could be fun, why not create the ideal image ourselves?. With ImageMagick we can just create a basic png without all of the extra stuff that will have oodles of free space.

convert -size 1920x1080 xc:white PNG32:cover.png

We need to specify PNG32 for the output image otherwise ImageMagick will create the image with a 1-bit color palette that doesn't really play nice with other programs. But that aside, we were able to create a png file with 2MB of space for us to embed data! How practical it would actually be for hiding data is a different story however, as others may find it suspicious that a one color 1080p image is 2MB in size. The real fun is that we don't have to use color at all.

convert -size 1920x1080 xc:transparent PNG32:cover.png

This creates a fully transparent image that you can't see at all, except for the space that it takes up. so lets make it a bit smaller to hide under some text or an emote.

conver -size 256x2 xc:transparent PNG32:cover.png

Now this only gives us 220 bytes to work with, but hey its nearly undetectable to people just scrolling by in chat. Now if someones mouse went over the image and they saw the cursor change for a split second or if they searched for files in the chat they might notice something is amiss, but even if they do download it its pretty unlikely they'll think to unzip it. if you really want to take it a step further you can encrypt the zip archive although the encryption strength of zip is quite debatable.