https://kotlinlang.org logo
Join Slack
Powered by
I've started a new project: PixelSafe, a steganogr...
# feed
s
I've started a new project: PixelSafe, a steganography tool that hides data within the pixels of a PNG image. Steganography is a technique for concealing information in plain sight, which is useful for secure communication, digital watermarking, or embedding hidden messages - such as something like a KeePass database. I recently discovered this technology and decided to explore building it in the browser using Kotlin/WASM. 😊 I've now completed a working prototype and am pleased with the progress so far. Check it out on https://stefan-oltmann.de/pixelsafe/ Source (AGPL): https://github.com/StefanOltmann/pixelsafe
🚀 3
K 13
A bit of background: I started building this tool while experimenting with Junie to see how well it could handle the task — hoping it might be able to one-shot me something cool. 😄 Unfortunately, it turned out that the technology isn't quite there yet. Junie struggled with properly setting up the Gradle configuration for the dependencies, so I had to step in and assist. From there, I was left with a lot of non-functional dummy code, accompanied by comments like “In a real application, we would need to…,” but it couldn’t handle the actual implementation. It especially had trouble understanding how the FileKit library works and couldn’t figure out how to handle SKIA. I burned through two AI Pro quotas (one from my All Products Pack and another from the voucher) without making much progress. In the end, I had to take matters into my own hands. While the code Junie generated had the right idea, it wasn’t functional, so I had to refactor it manually. Grok helped me track down a bug in the logic related to bit-shifting. I’m hopeful that with some time, Junie will be able to nail my next project on the first try. 😄
f
Very cool! Could the image handle some small modifications without losing the hidden data? For example: • Being cropped a bit • Being scaled • Going through WhatsApp’s image compression Very cool idea! Thanks for sharing
s
Thanks for your feedback! 🙂 Unfortunately, cropping, scaling, or compressing the image would destroy the hidden data. The LSB (Least Significant Bit) algorithm works by slightly modifying the RGB values of pixels so that their least significant bit matches the data we want to hide. For example, if the red value of the first pixel is 255 but we need to encode a "0" bit, we would change it to 254. Cropping or scaling the image would scramble this carefully embedded information. However, you can safely modify pixels that aren't used for hiding data. Since the hidden information is stored in the first few rows at the top of the image, you could make changes to pixels farther down, like those in the middle or bottom areas.
Take this sample from the unit test: It's safe to modify anything except for the first rows marked in red.
👌 1
k
If I forget which image in my album contains my KeePass database, are there any tools available that can detect which image contains steganography data?
s
Good question. I guess I'd develop PixelSafe into a file manager for that, so it can scan the a chosen folder for those files. Every steganography tool saves the data a bit different and most do it crypted. The idea is that steganography is not detectable from the outside. PixelSafe reads the first few least significant bits of the image and checks if the signature bytes ("PixelSafe") are matched.
If I introduce encryption it will read the first few bits, decrypt them using a given password and then check if there is a match.
o
Nice project 👍 It reminds me Python classes, where we programmed a Braincopter interpreter, which is able to hide Brainfuck program in PNG images and then also execute it 😄
😄 2
k
My thoughts are, that the PNG image format is best used for things like diagrams, where you have large areas of the same colour. But adding steganography to that may make it look obvious. Steganography is invisible in actual photographs (e.g. of nature landscapes) where each pixel is typically different from all neighbouring pixels. But then if I saw such a photograph formatted as PNG instead of JPG, I would be suspicious, as PNG would use much more storage space than JPG (possibly by a factor of 10 or more). But then you can't use steganography on JPG files because that's a lossy compression format.
s
You can use steganography in JPG files; just not on the pixels. I saw a tool that hides it in the ICC color profile, which has a lot of numbers, too. That even survives uploading to most social media. > But adding steganography to that may make it look obvious. Not to the viewer. See my mostly white test image. You can't see the difference, because it's so subtle. So you can take a screenshot of anything and hide your data in that. PNG screenshots are not suspicious. Take a screenshot of something with a lot of detail like this slack conversation and even the larger file size will seem to most people normal. Steganography can only detected by special steganalysis tools that look for those unusual patterns created by steganography. But who uses that without good reason? For people getting access to your data to look around for crypted files like a KeePass container they can try to break open a screenshot of a slack conversation will go unnoticed. That's the idea behind steganography.
Maybe I will implement the technique to hide data inside a JPG color profile, too. Sounds interesting. 🤔
Try PixelSafe on your files and see if you can tell the difference. 🙂
Can you spot the ladybug in this? 🙂 Look closely. 😉
f
Found it 😛 I truly couldn’t tell by just looking at the original picture
💯 1
s
That's what's so fascinating about this technique. Fascinating enough to make my own tool for it. 😄
It's interesting that Slack strips metadata and alters JPG files, but leaves PNG files unchanged. 🤔
f
We should nest a few PNG inside eachother haha
😄 2
s
That's possible ^^ You can even nest the same PNG inside again. Just to have a backup. 😄
A backup that's easily broken. Wouldn't rely on that. 😄 Maybe as a poor mans watermark. ^^
f
It’s like Base64; For the average person, it looks like gibberish; To the trained-eye, it’s merely obfuscation.
💯 1
s
Most steganography tools add encryption on top. I'll add that later, too.
k
Encryption should be an optional parameter though
💯 1
s
Yes.
f
If people want encryption, they should just use a zip with password 😛
👍 1
s
Encryption makes steganography harder to detect. Right now steganalysis tools just need to add the "PixelSafe" signature to their list. 😄
😅 1
5 Views
Open in Slack
PreviousNext
Powered by