zsteg 0.0.1 → 0.1.0

data/lib/zsteg/checker/wbstego.rb

@@ -145,6 +145,9 @@ module ZSteg
           result ||= Result.read(data)
           result.color = force_color if result && force_color
           result
+
+        rescue
+          STDERR.puts "[!] wbStego: #{$!.inspect}".red
         end
 
       end

data/lib/zsteg/checker/zlib.rb

@@ -0,0 +1,41 @@
+require 'zlib'
+
+#coding: binary
+module ZSteg
+  class Checker
+    module Zlib
+
+      MIN_UNPACKED_SIZE = 4
+
+      class Result < Struct.new(:data, :offset)
+        MAX_SHOW_SIZE = 100
+
+        def to_s
+          x = data
+          x=x[0,MAX_SHOW_SIZE] + "..." if x.size > MAX_SHOW_SIZE
+          "zlib: data=#{x.inspect.bright_red}, offset=#{offset}, size=#{data.size}"
+        end
+      end
+
+      # try to find zlib
+      # http://blog.w3challs.com/index.php?post/2012/03/25/NDH2k12-Prequals-We-are-looking-for-a-real-hacker-Wallpaper-image
+      # http://blog.w3challs.com/public/ndh2k12_prequalls/sp113.bmp
+      def self.check_data data
+        return unless idx = data.index(/\x78[\x9c\xda\x01]/)
+
+        zi = ::Zlib::Inflate.new
+        x = zi.inflate data[idx..-1]
+        # decompress OK
+        return Result.new x, idx if x.size >= MIN_UNPACKED_SIZE
+      rescue ::Zlib::BufError
+        # tried to decompress, but got EOF - need more data
+        return Result.new x, idx
+      rescue ::Zlib::DataError, ::Zlib::NeedDict
+        # not a zlib
+      ensure
+        zi.close if zi && !zi.closed?
+      end
+
+    end # Zlib
+  end # Checker
+end # ZSteg

data/lib/zsteg/{cli.rb → cli/cli.rb}

@@ -1,7 +1,7 @@
 require 'optparse'
 
 module ZSteg
-  class CLI
+  class CLI::Cli
     DEFAULT_ACTIONS = %w'check'
 
     def initialize argv = ARGV
@@ -22,7 +22,11 @@ module ZSteg
         opts.on("-c", "--channels X", /[rgba,1-8]+/,
                 "channels (R/G/B/A) or any combination, comma separated",
                 "valid values: r,g,b,a,rg,bgr,rgba,r3g2b3,..."
-        ){ |x| @options[:channels] = x.split(',') }
+        ) do |x|
+          @options[:channels] = x.split(',')
+          # specifying channels on command line disables extra checks
+          @options[:extra_checks] = false
+        end
 
         opts.on("-l", "--limit N", Integer,
                 "limit bytes checked, 0 = no limit (default: #{@options[:limit]})"
@@ -32,6 +36,7 @@ module ZSteg
                 "advanced: specify individual bits like '00001110' or '0x88'"
         ) do |x|
           a = []
+          x = '1-8' if x == 'all'
           x.split(',').each do |x1|
             if x1['-']
               t = x1.split('-')
@@ -41,6 +46,8 @@ module ZSteg
             end
           end
           @options[:bits] = a.flatten.uniq
+          # specifying bits on command line disables extra checks
+          @options[:extra_checks] = false
         end
 
         opts.on "--lsb", "least significant BIT comes first" do
@@ -52,7 +59,13 @@ module ZSteg
 
         opts.on "-P", "--prime", "analyze/extract only prime bytes/pixels" do
           @options[:prime] = true
+          # specifying prime on command line disables extra checks
+          @options[:extra_checks] = false
+        end
+        opts.on "--invert", "invert bits (XOR 0xff)" do
+          @options[:invert] = true
         end
+
 #        opts.on "--pixel-align", "pixel-align hidden data (EasyBMP)" do
 #          @options[:pixel_align] = true
 #        end
@@ -60,6 +73,9 @@ module ZSteg
         opts.on "-a", "--all", "try all known methods" do
           @options[:prime] = :all
           @options[:order] = :all
+          @options[:bits]  = (1..8).to_a
+          # specifying --all on command line explicitly enables extra checks
+          @options[:extra_checks] = true
         end
 
         opts.on("-o", "--order X", /all|auto|[bxy,]+/i,
@@ -68,9 +84,34 @@ module ZSteg
         ){ |x| @options[:order] = x.split(',') }
 
         opts.on "-E", "--extract NAME", "extract specified payload, NAME is like '1b,rgb,lsb'" do |x|
+          @options[:verbose] = -2 # silent ZPNG warnings
           @actions << [:extract, x]
         end
 
+        opts.separator ""
+
+        opts.on "--[no-]file", "use 'file' command to detect data type (default: YES)" do |x|
+          @options[:file] = x
+        end
+
+        # TODO
+#        opts.on "--[no-]binwalk", "use 'binwalk' command to detect data type (default: NO)" do |x|
+#          @options[:binwalk] = x
+#        end
+
+        opts.on "--no-strings", "disable ASCII strings finding (default: enabled)" do |x|
+          @options[:strings] = false
+        end
+        opts.on "-s", "--strings X", %w'first all longest none no',
+          "ASCII strings find mode: first, all, longest, none",
+          "(default: first)" do |x|
+          @options[:strings] = x[0] == 'n' ? false : x.downcase.to_sym
+        end
+        opts.on "-n", "--min-str-len X", Integer,
+          "minimum string length (default: #{Checker::DEFAULT_MIN_STR_LEN})" do |x|
+          @options[:min_str_len] = x
+        end
+
         opts.separator ""
         opts.on "-v", "--verbose", "Run verbosely (can be used multiple times)" do |v|
           @options[:verbose] += 1
@@ -123,7 +164,7 @@ module ZSteg
       if File.directory?(fname)
         puts "[?] #{fname} is a directory".yellow
       else
-        ZPNG::Image.load(fname)
+        ZPNG::Image.load(fname, :verbose => @options[:verbose]+1)
       end
     rescue ZPNG::Exception, Errno::ENOENT
       puts "[!] #{$!.inspect}".red
@@ -167,6 +208,24 @@ module ZSteg
       h
     end
 
+    def _extract_data name
+      case name
+      when /scanline/
+        Checker::ScanlineChecker.check_image @img
+      when /extradata:imagedata/
+        @img.imagedata[@img.scanlines.map(&:size).inject(&:+)..-1]
+      when /extradata:(\d+)/
+        # accessing imagedata implicitly unpacks zlib stream
+        # zlib stream may contain extradata
+        @img.imagedata
+        @img.extradata[$1.to_i]
+      else
+        h = decode_param_string name
+        h[:limit] = @options[:limit] if @options[:limit] != Checker::DEFAULT_LIMIT
+        Extractor.new(@img, @options).extract(h)
+      end
+    end
+
     ###########################################################################
     # actions
 
@@ -175,14 +234,7 @@ module ZSteg
     end
 
     def extract name
-      if ['extradata', 'data after IEND'].include?(name)
-        print @img.extradata
-        return
-      end
-
-      h = decode_param_string name
-      h[:limit] = @options[:limit] if @options[:limit] != Checker::DEFAULT_LIMIT
-      print Extractor.new(@img, @options).extract(h)
+      print _extract_data(name)
     end
 
   end

data/lib/zsteg/{mask_cli.rb → cli/mask.rb}

@@ -3,7 +3,7 @@ require 'set'
 require 'digest/md5'
 
 module ZSteg
-  class MaskCLI
+  class CLI::Mask
     DEFAULT_ACTIONS = %w'mask'
 
     COMMON_MASKS = [
@@ -234,7 +234,8 @@ module ZSteg
 
     def masks2fname masks
       masks = masks.dup.delete_if{ |k,v| !CHANNELS.include?(k) }
-      bname = @fname.sub(/#{Regexp.escape(File.extname(@fname))}$/,'')
+      ext   = File.extname(@fname)
+      bname = @fname.chomp(ext)
       color = nil
       raise "TODO" if masks.values.all?(&:nil?)
       if masks.values.uniq.size == 1
@@ -256,10 +257,11 @@ module ZSteg
             else nil
             end
         end
-        tail = a.join(".")
+        tail = a.join("_")
       end
 
-      fname = [bname, tail, "png"].join('.')
+      # we always export as PNG
+      fname = [bname, "mask_#{tail}", "png"].join('.')
       fname = File.join(@options[:dir], File.basename(fname)) if @options[:dir]
       [fname, color]
     end

data/lib/zsteg/cli/reflow.rb

@@ -0,0 +1,241 @@
+require 'optparse'
+require 'stringio'
+require 'set'
+
+module ZSteg
+  class CLI::Reflow
+    DEFAULT_ACTIONS = %w'reflow'
+
+    def initialize argv = ARGV
+      @argv = argv
+      @cache = {}
+      @wasfiles = Set.new
+    end
+
+    def run
+      @actions = []
+      @options = {
+        :verbose   => 0,
+      }
+      optparser = OptionParser.new do |opts|
+        opts.banner = "Usage: #{File.basename($0)} [options] filename.png [param_string]"
+        opts.separator ""
+
+        opts.on( "-W", "--width X", "reflow to specified width(s)",
+                                    "single value: '999', range: '100-200'",
+                                    "or comma-separated: '100,200,300-350'"
+        ) do |x|
+#          if @options[:heights]
+#            STDERR.puts "[!] width _OR_ height can be set".red
+#            exit 1
+#          end
+          @options[:widths] = parse_dimension(x)
+        end
+
+        opts.on "-H", "--height X", "reflow to specified height(s)" do |x|
+#          if @options[:widths]
+#            STDERR.puts "[!] width _OR_ height can be set".red
+#            exit 1
+#          end
+          @options[:heights] = parse_dimension(x)
+        end
+
+        opts.separator ""
+
+        opts.on "-a", "--all", "try all possible sizes (default)" do
+          @options[:try_all] = true
+        end
+
+        opts.separator ""
+
+        opts.on "-O", "--outfile FILENAME", "output single result to specified file" do |x|
+          @options[:outfile] = x
+        end
+
+        opts.on "-D", "--dir DIRNAME", "output multiple results to specified dir" do |x|
+          @options[:dir] = x
+        end
+
+        opts.separator ""
+        opts.on "-v", "--verbose", "Run verbosely (can be used multiple times)" do |v|
+          @options[:verbose] += 1
+        end
+        opts.on "-q", "--quiet", "Silent any warnings (can be used multiple times)" do |v|
+          @options[:verbose] -= 1
+        end
+        opts.on "-C", "--[no-]color", "Force (or disable) color output (default: auto)" do |x|
+          Sickill::Rainbow.enabled = x
+        end
+      end
+
+      if (argv = optparser.parse(@argv)).empty?
+        puts optparser.help
+        return
+      end
+
+      @actions = DEFAULT_ACTIONS if @actions.empty?
+
+      argv.each do |arg|
+        if arg[','] && !File.exist?(arg)
+          @options.merge!(decode_param_string(arg))
+          argv.delete arg
+        end
+      end
+
+      argv.each_with_index do |fname,idx|
+        if argv.size > 1 && @options[:verbose] >= 0
+          puts if idx > 0
+          puts "[.] #{fname}".green
+        end
+        next unless @image=load_image(@fname=fname)
+
+        @actions.each do |action|
+          if action.is_a?(Array)
+            self.send(*action) if self.respond_to?(action.first)
+          else
+            self.send(action) if self.respond_to?(action)
+          end
+        end
+      end
+    rescue Errno::EPIPE
+      # output interrupt, f.ex. when piping output to a 'head' command
+      # prevents a 'Broken pipe - <STDOUT> (Errno::EPIPE)' message
+    end
+
+    def parse_dimension s
+      s.split(',').map do |x|
+        case x
+        when /\A\d+\Z/        # single value
+          x.to_i
+        when /-/              # range
+          Range.new(*x.split('-').map(&:to_i)).to_a
+        end
+      end.flatten.uniq
+    end
+
+    def load_image fname
+      if File.directory?(fname)
+        puts "[?] #{fname} is a directory".yellow
+      else
+        ZPNG::Image.load(fname)
+      end
+    rescue ZPNG::Exception, Errno::ENOENT
+      puts "[!] #{$!.inspect}".red
+    end
+
+    ###########################################################################
+    # actions
+
+    def reflow
+      if @image.format != :bmp
+        STDERR.puts "[!] only BMP format supported for now!"
+        return
+      end
+
+      sl = @image.scanlines.first
+      @bpp = sl.bpp
+      @old_significant_sl_bytes = (sl.width*sl.bpp/8.0).ceil
+      @old_total_sl_bytes       = sl.size
+
+      if @options[:heights]
+        @options[:heights].each do |h|
+          t = 1.0*@image.width*@image.height/h
+          t.floor.upto(t.ceil).each do |w|
+            next if @options[:widths] && !@options[:widths].include?(w)
+            _reflow w,h
+          end
+        end
+      elsif @options[:widths]
+        @options[:widths].each do |w|
+          h = @image.width*@image.height/w
+          _reflow w,h
+        end
+      else
+        # enum all
+        2.upto(@image.width*@image.height/2) do |w|
+          h = @image.width*@image.height/w
+          _reflow w,h
+        end
+      end
+    end
+
+    private
+
+    def _gen_fname w,h
+      ext = @fname[/\.\w{3}$/].to_s
+      fname = "%s.reflow_%05dx%05d%s" % [@fname.chomp(ext), w, h, ext]
+      fname = File.join(@options[:dir], File.basename(fname)) if @options[:dir]
+      fname
+    end
+
+    def _reflow w,h
+      fname = @options[:outfile] || _gen_fname(w,h)
+      raise "already written to #{fname}" if @wasfiles.include?(fname)
+      @wasfiles << fname
+
+      new_significant_sl_bytes = (w*@bpp/8.0).ceil
+      padding = "\x00" * (4-new_significant_sl_bytes%4)
+      padding = "" if padding.size == 4
+
+#      p @old_significant_sl_bytes
+#      p @old_total_sl_bytes
+#      p new_significant_sl_bytes
+#      p padding
+
+      puts "[.] #{fname} .."
+      File.open(@fname, "rb") do |fi|
+        File.open(fname, "wb") do |fo|
+          # 2 bytes - "BM" signature
+          # 4 bytes - the size of the BMP file in bytes
+          # 2 bytes - reserved
+          # 2 bytes - reserved
+          fo.write fi.read(2+4+2+2)
+
+          # 4 bytes - imagedata offset
+          data = fi.read(4)
+          imagedata_offset = data.unpack('V').first
+          fo.write data
+
+          # 4 bytes - BITMAPINFOHEADER.biSize    (keep)
+          # 4 bytes - BITMAPINFOHEADER.biWidth   (rewrite)
+          # 4 bytes - BITMAPINFOHEADER.biHeight  (rewrite)
+          data = fi.read(4+4+4)
+          fo.write(data[0,4] + [w,h].pack("V2")) # write new size
+
+          # copy remaining header bytes
+          fo.write fi.read(imagedata_offset-fi.tell)
+
+          # FIXME: if scanline sizes differ in BITS, not bytes...
+
+          # scanline padding needs to be respected...
+          imagedata = StringIO.new
+          @image.height.times do
+            data = fi.read @old_total_sl_bytes
+            imagedata << data[0, @old_significant_sl_bytes]
+            #p data[@old_significant_sl_bytes..-1]
+          end
+          imagedata << fi.read # read extradata, if any
+
+          imagedata.rewind
+          imagedata_start = fo.tell
+          h.times do
+            fo << imagedata.read(new_significant_sl_bytes)
+            fo << padding
+          end
+          file_size = fo.tell
+          imagedata_size = fo.tell - imagedata_start
+          fo << imagedata.read # write extradata, if any
+
+          # write new BITMAPFILEHEADER.bfSize
+          fo.seek 2
+          fo.write [file_size].pack('V')
+
+          # write new BITMAPINFOHEADER.biSizeImage
+          fo.seek 14+20 # BITMAPFILEHEADER::SIZE + 20
+          fo.write [imagedata_size].pack('V')
+        end
+      end
+    end
+
+  end
+end