zsteg 0.0.0

data/lib/zsteg/result.rb

@@ -0,0 +1,90 @@
+module ZSteg
+  module Result
+
+    class Struct < ::Struct
+      def to_s
+        inspect.sub('#<struct ZSteg::', '<')
+      end
+    end
+
+    class OpenStego < IOStruct.new "CVCCCC",
+      :version, :data_len, :channel_bits, :fname_len, :compress, :encrypt, :fname
+
+      def self.read io
+        super.tap do |r|
+          r.fname = io.read(r.fname_len) if r.fname_len
+        end
+      end
+
+      def to_s
+        super.sub(/^<Result::/,'').sub(/>$/,'').red
+      end
+    end
+
+    class Text < Struct.new(:text, :offset)
+      def to_s
+        "text: ".gray + (offset == 0 ? text.inspect.red : text.inspect)
+      end
+    end
+
+    # whole data is text
+    class WholeText < Text; end
+
+    # part of data is text
+    class PartialText < Text; end
+
+    class Zlib < Struct.new(:data, :offset)
+      def to_s
+        "zlib: data=#{data.inspect.red}, offset=#{offset}"
+      end
+    end
+
+    class OneChar < Struct.new(:char, :size)
+      def to_s
+        "[#{char.inspect} repeated #{size} times]".gray
+      end
+    end
+
+    class FileCmd < Struct.new(:title, :data)
+      COLORMAP = {
+        /bitmap|jpeg|pdf|zip|rar|7z/i => :red,
+        /DBase 3 data/i               => :gray
+      }
+
+      def to_s
+        if title[/UTF-8 Unicode text/i]
+          begin
+            t = data.force_encoding("UTF-8").encode("UTF-32LE").encode("UTF-8")
+          rescue
+            t = data.force_encoding('binary')
+          end
+          return "utf8: " + t
+        end
+        COLORMAP.each do |re,color|
+          if title[re]
+            if color == :gray
+              return "file: #{title}".send(color)
+            else
+              return "file: " + title.send(color)
+            end
+          end
+        end
+        "file: " + title.yellow
+      end
+    end
+
+    class Camouflage < Struct.new(:hidden_data_len, :host_orig_len)
+      def initialize(data)
+        self.hidden_data_len = (data[0x1a,4] || '').unpack('V').first
+        if data.size > 300 && data[-4,4] == "\x20\x20\x20\x20"
+          # orignal length of host file
+          self.host_orig_len = data[-281,4].unpack('V').first
+        end
+      end
+
+      def to_s
+        super.red
+      end
+    end
+  end
+end

data/pngsteg.gemspec

@@ -0,0 +1,65 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "pngsteg"
+  s.version = "0.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Andrey \"Zed\" Zaikin"]
+  s.date = "2013-01-06"
+  s.email = "zed.0xff@gmail.com"
+  s.executables = ["pngsteg"]
+  s.files = [
+    "Gemfile",
+    "Gemfile.lock",
+    "Rakefile",
+    "VERSION",
+    "bin/pngsteg",
+    "lib/pngsteg.rb",
+    "lib/pngsteg/checker.rb",
+    "lib/pngsteg/cli.rb",
+    "lib/pngsteg/extractor.rb",
+    "samples/flower.png",
+    "samples/flower_rgb1.png",
+    "samples/flower_rgb2.png",
+    "samples/flower_rgb3.png",
+    "samples/flower_rgb4.png",
+    "samples/flower_rgb5.png",
+    "samples/flower_rgb6.png",
+    "spec/samples_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = "http://github.com/zed-0xff/pngsteg"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.24"
+  s.summary = "Detect stegano-hidden data in PNG files"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<zpng>, [">= 0.2.1"])
+      s.add_development_dependency(%q<rspec>, [">= 2.8.0"])
+      s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.8.4"])
+      s.add_development_dependency(%q<awesome_print>, [">= 0"])
+    else
+      s.add_dependency(%q<zpng>, [">= 0.2.1"])
+      s.add_dependency(%q<rspec>, [">= 2.8.0"])
+      s.add_dependency(%q<bundler>, [">= 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.8.4"])
+      s.add_dependency(%q<awesome_print>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<zpng>, [">= 0.2.1"])
+    s.add_dependency(%q<rspec>, [">= 2.8.0"])
+    s.add_dependency(%q<bundler>, [">= 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.8.4"])
+    s.add_dependency(%q<awesome_print>, [">= 0"])
+  end
+end
+

data/samples/README

@@ -0,0 +1,4 @@
+flower*.png   - http://punkroy.drque.net/PNG_Steganography/Steganography3.php
+cats.png      - RuCTF2012 - steg400 - http://darkbyte.ru/2012/46/ructf-2012-quals-writeup-cats/
+opensteg*.png - http://openstego.sourceforge.net/
+Code.png      - http://blog.secoverflow.org/gchq-can-you-crack-it-writeup/

data/spec/camouflage_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+each_sample("camouflage*.png") do |fname|
+  describe fname do
+    it "should detect Camouflage" do
+      cli(fname).should include("Camouflage")
+    end
+  end
+end

data/spec/cats_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe "cats.png" do
+  subject{ cli(sample("cats.png")) }
+
+  its(:size){ should < 4_000 }
+
+  it "should get 2nd cat" do
+    should include("Second cat is Marussia")
+  end
+
+  it "should get 3rd cat" do
+    should include("Hello, third kitten is Bessy")
+  end
+
+  it "should get 4th cat" do
+    should include("Fourth and last cat is Luke")
+  end
+
+  it "should get hint" do
+    should include("Good, but look a bit deeper...")
+  end
+end

data/spec/flowers_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+each_sample("flower_*.png") do |fname|
+  describe fname do
+    it "should reveal secret message" do
+      cli(
+        fname, "--limit", "64", "--bits", "1,2,3,4,5,6"
+      ).should include("SuperSecretMessage")
+    end
+  end
+end

data/spec/openstego_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+each_sample("openstego_*png") do |fname|
+  describe fname do
+    subject{ cli(fname) }
+
+    it { should include("OpenStego") }
+  end
+end
+
+# filenames of hidden files
+
+describe "samples/openstego_q2.png" do
+  subject{ cli(sample("openstego_q2.png")) }
+  it { should include("flag.txt") }
+end
+
+describe "samples/openstego_send.png" do
+  subject{ cli(sample("openstego_send.png")) }
+  it { should include("secret.jpg") }
+end

data/spec/simple_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe "samples/Code.png" do
+  subject{ cli(sample("Code.png")) }
+  it { should include("QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR\n78jKLw==".inspect) }
+end
+
+describe "samples/stg300.png" do
+  subject{ cli(sample("stg300.png")) }
+  it { should include("Congrats") }
+  it { should include("4E34B38257200616FB75CD869B8C3CF0") }
+end
+
+describe "samples/06_enc.png" do
+  subject{ cli(sample("06_enc.png")) }
+  it { should include("Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod") }
+end
+
+describe "samples/montenach-enc.png" do
+  subject{ cli(sample("montenach-enc.png")) }
+  it { should include("48300:TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBp") }
+end

data/spec/spec_helper.rb

@@ -0,0 +1,39 @@
+$:.unshift(File.expand_path("../lib", File.dirname(__FILE__)))
+require 'zsteg'
+require 'zsteg/cli'
+
+SAMPLES_DIR = File.expand_path("../samples", File.dirname(__FILE__))
+
+def each_sample glob="*.png"
+  Dir[File.join(SAMPLES_DIR, glob)].each do |fname|
+    yield fname.sub(Dir.pwd+'/','')
+  end
+end
+
+def sample fname
+  File.join(SAMPLES_DIR, fname)
+end
+
+def cli *args
+  @@cli_cache ||= {}
+  @@cli_cache[args] ||=
+    begin
+      orig_stdout, out = $stdout, ""
+      begin
+        $stdout = StringIO.new(out)
+        ZSteg::CLI.new(args).run
+      ensure
+        $stdout = orig_stdout
+      end
+      out
+    end
+end
+
+RSpec.configure do |config|
+  config.before :suite do
+    Dir[File.join(SAMPLES_DIR, "*.7z")].each do |fname|
+      next if File.exist?(fname.sub(/\.7z$/,''))
+      system "7z", "x", fname, "-o#{SAMPLES_DIR}"
+    end
+  end
+end

data/spec/wbstego_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+each_sample("wbsteg*.bmp") do |fname|
+  describe fname do
+    subject{ cli(fname) }
+
+    it { should include("wbStego") }
+    it { should include("SuperSecretMessage") }
+  end
+end

data/spec/zlib_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+
+describe "samples/ndh2k12_sp113.bmp" do
+  subject{ cli(sample("ndh2k12_sp113.bmp"), "-o", "all") }
+  it { should include("%PDF-1.4") }
+end

metadata

@@ -0,0 +1,198 @@
+--- !ruby/object:Gem::Specification
+name: zsteg
+version: !ruby/object:Gem::Version
+  prerelease: 
+  version: 0.0.0
+platform: ruby
+authors:
+- Andrey "Zed" Zaikin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :runtime
+  name: zpng
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+    none: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+    none: false
+- !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :runtime
+  name: awesome_print
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+- !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :runtime
+  name: iostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+- !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :development
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.8.0
+    none: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.8.0
+    none: false
+- !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :development
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+    none: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+    none: false
+- !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :development
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.4
+    none: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.4
+    none: false
+description: 
+email: zed.0xff@gmail.com
+executables:
+- zsteg
+extensions: []
+extra_rdoc_files:
+- README.md
+- README.md.tpl
+- TODO
+files:
+- Gemfile
+- Gemfile.lock
+- README.md
+- README.md.tpl
+- Rakefile
+- TODO
+- VERSION
+- bin/zsteg
+- cmp_bmp.rb
+- cmp_png.rb
+- lib/zsteg.rb
+- lib/zsteg/checker.rb
+- lib/zsteg/checker/wbstego.rb
+- lib/zsteg/cli.rb
+- lib/zsteg/extractor.rb
+- lib/zsteg/extractor/byte_extractor.rb
+- lib/zsteg/extractor/color_extractor.rb
+- lib/zsteg/file_cmd.rb
+- lib/zsteg/result.rb
+- pngsteg.gemspec
+- samples/06_enc.png
+- samples/Code.png
+- samples/README
+- samples/camouflage-password.png
+- samples/camouflage.png
+- samples/cats.png
+- samples/flower.png
+- samples/flower_rgb1.png
+- samples/flower_rgb2.png
+- samples/flower_rgb3.png
+- samples/flower_rgb4.png
+- samples/flower_rgb5.png
+- samples/flower_rgb6.png
+- samples/montenach-enc.png
+- samples/ndh2k12_sp113.bmp.7z
+- samples/openstego_q2.png
+- samples/openstego_send.png
+- samples/stg300.png
+- samples/wbsteg_noenc.bmp
+- samples/wbsteg_noenc_17.bmp
+- samples/wbsteg_noenc_even.bmp
+- samples/wbsteg_noenc_even_17.bmp
+- spec/camouflage_spec.rb
+- spec/cats_spec.rb
+- spec/flowers_spec.rb
+- spec/openstego_spec.rb
+- spec/simple_spec.rb
+- spec/spec_helper.rb
+- spec/wbstego_spec.rb
+- spec/zlib_spec.rb
+homepage: http://github.com/zed-0xff/zsteg
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3565268342721586308
+  none: false
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+  none: false
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Detect stegano-hidden data in PNG & BMP files.
+test_files: []