zsteg 0.2.12 → 0.2.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b50a98cd405613a299041cc60c497f4f9a73a099e3112f44b27dee3fddf4831d
-  data.tar.gz: 8c58dd150ce32f42cc381a67592eded9c9c38e7dc0c4026642ec4773081f4bea
+  metadata.gz: 517af804bb6892894d053fe80139d31ca23746c02c42f33dd5574bf25e41f8c2
+  data.tar.gz: 399a3f35dc307eb44d1b3e4cb776e32887428d25f311b42a8facb33ecb8ba7f0
 SHA512:
-  metadata.gz: 726aa00d6e7cc127072b7dbebe5418d668bc7d62dd119267ab05341b96d63ca71ce23cb2e2cb189e5b59cb8cbd48c09700d736b0d581b32b1feeb30a9ac3b390
-  data.tar.gz: 22811b2e9c2ffc3e4ce09aa67d3a65c7dd3636d84740b09664e80dca20d02456f5632214a7df8354affac0f9e8ffd7ccaeb466606608f3bd8e1222ca3dec34c9
+  metadata.gz: cf416358da42bab09505d7f54d3e5df0b9e26cc4b29e3b6e0aa73bb13900c7367d5e941298917bb6286a6e8b5f430eca36547a4f66efd4d06b3c2a8316b17ffd
+  data.tar.gz: 49f2ac63384acc20790882c5542375b655c4462a6099d0ba999fe300ca91766c9d65ec08f2288f9e628c6c11b552f91490ae24be55c6ffbd96b0c94998a64002

data/Gemfile

@@ -1,7 +1,7 @@
 source "http://rubygems.org"
 
-gem "zpng", ">= 0.4.4"
-gem "iostruct"
+gem "zpng", ">= 0.4.6"
+gem "iostruct", ">= 0.7.0"
 gem "prime"
 
 group :development do

data/Gemfile.lock

@@ -1,13 +1,36 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    builder (3.2.4)
+    activesupport (7.1.6)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      mutex_m
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0)
+    addressable (2.8.8)
+      public_suffix (>= 2.0.2, < 8.0)
+    base64 (0.3.0)
+    benchmark (0.5.0)
+    bigdecimal (4.0.1)
+    builder (3.3.0)
+    cgi (0.5.1)
+    concurrent-ruby (1.3.6)
+    connection_pool (2.5.5)
+    date (3.5.1)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    diff-lcs (1.5.0)
-    faraday (1.10.0)
+    diff-lcs (1.6.2)
+    drb (2.2.3)
+    erb (4.0.4)
+      cgi (>= 0.3.3)
+    faraday (1.10.4)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -20,19 +43,21 @@ GEM
       faraday-retry (~> 1.0)
       ruby2_keywords (>= 0.0.4)
     faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
+    faraday-em_synchrony (1.0.1)
     faraday-excon (1.1.0)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.4)
-      multipart-post (~> 2)
-    faraday-net_http (1.0.1)
+    faraday-multipart (1.2.0)
+      multipart-post (~> 2.0)
+    faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    forwardable (1.3.3)
-    git (1.13.1)
+    forwardable (1.4.0)
+    git (2.3.3)
+      activesupport (>= 5.0)
       addressable (~> 2.8)
+      process_executer (~> 1.1)
       rchardet (~> 1.8)
     github_api (0.19.0)
       addressable (~> 2.4)
@@ -41,8 +66,12 @@ GEM
       hashie (~> 3.5, >= 3.5.2)
       oauth2 (~> 1.0)
     hashie (3.6.0)
-    highline (2.0.3)
-    iostruct (0.0.4)
+    highline (3.1.2)
+      reline
+    i18n (1.14.8)
+      concurrent-ruby (~> 1.0)
+    io-console (0.8.2)
+    iostruct (0.7.0)
     juwelier (2.4.9)
       builder
       bundler
@@ -55,15 +84,19 @@ GEM
       rake
       rdoc
       semver2
-    jwt (2.4.1)
+    jwt (2.10.2)
+      base64
     kamelcase (0.0.2)
       semver2 (~> 3)
-    mini_portile2 (2.8.1)
-    multi_json (1.15.0)
+    logger (1.7.0)
+    mini_portile2 (2.8.9)
+    minitest (5.26.1)
+    multi_json (1.19.1)
     multi_xml (0.6.0)
-    multipart-post (2.2.3)
-    nokogiri (1.14.2)
-      mini_portile2 (~> 2.8.0)
+    multipart-post (2.4.1)
+    mutex_m (0.3.0)
+    nokogiri (1.17.2)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     oauth2 (1.4.11)
       faraday (>= 0.17.3, < 3.0)
@@ -71,49 +104,60 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
-    prime (0.1.2)
+    prime (0.1.4)
       forwardable
       singleton
-    psych (4.0.4)
+    process_executer (1.1.2)
+    psych (5.3.1)
+      date
       stringio
-    public_suffix (4.0.7)
-    racc (1.6.2)
-    rack (3.0.4.1)
+    public_suffix (6.0.2)
+    racc (1.8.1)
+    rack (3.2.4)
     rainbow (3.1.1)
-    rake (13.0.6)
-    rchardet (1.8.0)
-    rdoc (6.4.0)
+    rake (13.3.1)
+    rchardet (1.10.0)
+    rdoc (7.1.0)
+      erb
       psych (>= 4.0.0)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+      tsort
+    reline (0.6.3)
+      io-console (~> 0.5)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.7)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.6)
     ruby2_keywords (0.0.5)
+    securerandom (0.3.2)
     semver2 (3.4.2)
-    singleton (0.1.1)
-    stringio (3.0.2)
+    singleton (0.3.0)
+    stringio (3.2.0)
     thread_safe (0.3.6)
-    zpng (0.4.4)
+    tsort (0.2.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    zpng (0.4.6)
+      iostruct (>= 0.7.0)
       rainbow (~> 3.1.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  iostruct
+  iostruct (>= 0.7.0)
   juwelier
   prime
   rspec
-  zpng (>= 0.4.4)
+  zpng (>= 0.4.6)
 
 BUNDLED WITH
-   2.3.12
+   2.4.22

data/README.md

@@ -28,26 +28,32 @@ Usage
 
     Usage: zsteg [options] filename.png [param_string]
     
+        -a, --all                        try all known methods
+        -E, --extract NAME               extract specified payload, NAME is like '1b,rgb,lsb'
+    
+    Iteration/extraction params:
+        -o, --order X                    pixel iteration order (default: 'auto')
+                                         valid values: ALL,xy,yx,XY,YX,xY,Xy,bY,...
         -c, --channels X                 channels (R/G/B/A) or any combination, comma separated
                                          valid values: r,g,b,a,rg,bgr,rgba,r3g2b3,...
-        -l, --limit N                    limit bytes checked, 0 = no limit (default: 256)
         -b, --bits N                     number of bits, single int value or '1,3,5' or range '1-8'
                                          advanced: specify individual bits like '00001110' or '0x88'
-            --lsb                        least significant BIT comes first
-            --msb                        most significant BIT comes first
+            --lsb                        least significant bit comes first
+            --msb                        most significant bit comes first
         -P, --prime                      analyze/extract only prime bytes/pixels
+            --shift N                    prepend N zero bits
+            --step N                     step
             --invert                     invert bits (XOR 0xff)
-        -a, --all                        try all known methods
-        -o, --order X                    pixel iteration order (default: 'auto')
-                                         valid values: ALL,xy,yx,XY,YX,xY,Xy,bY,...
-        -E, --extract NAME               extract specified payload, NAME is like '1b,rgb,lsb'
+            --pixel-align                pixel-align hidden data
+    
+    Analysis params:
+        -l, --limit N                    limit bytes checked, 0 = no limit (default: 256)
     
             --[no-]file                  use 'file' command to detect data type (default: YES)
             --no-strings                 disable ASCII strings finding (default: enabled)
         -s, --strings X                  ASCII strings find mode: first, all, longest, none
                                          (default: first)
         -n, --min-str-len X              minimum string length (default: 8)
-            --shift N                    prepend N zero bits
     
         -v, --verbose                    Run verbosely (can be used multiple times)
         -q, --quiet                      Silent any warnings (can be used multiple times)
@@ -85,23 +91,6 @@ Examples
 
     # zsteg wbstego/wbsteg_noenc_even.bmp 1b,lsb,bY -v
 
-    imagedata           .. file: FoxPro FPT, blocks size 1, next free block index 65537
-        00000000: 00 01 00 01 00 00 00 01  00 00 00 00 00 00 00 00  |................|
-        00000010: 00 00 00 00 00 00 00 00  00 00 00 01 00 01 01 00  |................|
-        00000020: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-        00000030: 00 01 01 01 00 01 00 00  00 00 00 00 01 01 00 01  |................|
-        00000040: 01 00 01 01 00 01 00 01  00 01 01 01 01 00 00 00  |................|
-        00000050: 00 00 00 01 01 01 01 00  01 00 01 00 00 00 00 01  |................|
-        00000060: 00 00 01 01 01 00 00 01  00 01 01 01 00 01 00 00  |................|
-        00000070: 01 01 01 00 01 00 00 00  00 00 01 01 01 00 00 00  |................|
-        00000080: 00 01 00 01 00 00 01 01  01 01 00 00 00 01 01 00  |................|
-        00000090: 00 01 00 01 00 01 01 00  01 00 00 01 00 01 00 00  |................|
-        000000a0: 00 01 01 01 00 01 00 01  01 01 00 01 00 00 00 01  |................|
-        000000b0: 01 00 01 00 00 01 00 01  00 01 01 01 00 00 00 00  |................|
-        000000c0: 01 00 00 00 00 01 00 00  01 01 00 00 01 00 00 00  |................|
-        000000d0: 00 00 01 00 00 01 01 01  00 01 01 00 00 01 00 01  |................|
-        000000e0: 01 01 01 01 01 01 01 00  00 00 00 00 01 00 00 00  |................|
-        000000f0: 00 01 01 01 00 00 01 00  00 00 01 01 00 01 00 01  |................|
     b1,lsb,bY           .. <wbStego size=22, data="xtSuperSecretMessage\n", even=true, mix=true, controlbyte="t">
         00000000: 51 00 00 16 00 00 74 0d  b5 78 1e a1 39 74 e8 38  |Q.....t..x..9t.8|
         00000010: 53 c6 56 94 75 d1 a5 70  84 c8 27 65 fe 08 72 35  |S.V.u..p..'e..r5|

data/TODO

@@ -11,6 +11,8 @@
 [ ] advices on what tool to use
 [ ] SilentEye
 [ ] chunks length check, as in pngcheck
+[ ] hiding data in iCCP
+[ ] hiding data before/after ICC apply
 
 [ ] CLI: self-describe
 

data/VERSION

@@ -1 +1 @@
-0.2.12
+0.2.14

data/cmp_png.rb

@@ -5,7 +5,7 @@ require 'awesome_print'
 images = ARGV.map{ |fname| ZPNG::Image.load(fname) }
 raise "need at least 2 images" if images.size < 2
 
-limit = 20
+limit = 100
 alpha_used = images.any?(&:alpha_used?)
 channels = alpha_used ? %w'r g b a' : %w'r g b'
 

data/lib/zsteg/checker/steganography_png.rb

@@ -0,0 +1,36 @@
+# coding: binary
+module ZSteg
+  class Checker
+    module SteganographyPNG
+
+      URL = "https://github.com/pedrooaugusto/steganography-png"
+
+      # https://github.com/pedrooaugusto/steganography-png/blob/2a0e038c135e41438b4c2c93821227a2289b4203/scanlines/scanlines.go#L234
+      #
+      # The secret metadata is stored in the last bytes of the last scanline in the form of:
+      #   17 107 [bitloss] [secret size - 4 bytes] [secret type] [secret type length]
+      #   17 107     1             4096             "text/plain"          10
+      
+      class Result < IOStruct.new("nCNa*", :magic, :bitloss, :secret_size, :secret_type, struct_name: 'SteganographyPNG')
+        def valid?
+          magic == 0x116b && (1..8).include?(bitloss)
+        end
+
+        def to_s
+          super.sub(/>$/,'').bright_red
+        end
+      end
+
+      def self.check_image image, _params = {}
+        ls = image.scanlines.last
+        data = ls.decoded_bytes
+        secret_type_length = data[-1].ord
+        return nil if secret_type_length > data.size - 8
+        data = data[ -secret_type_length-8 .. -2 ]
+        # data.size to prevent "want 8 bytes, got 7" IOStruct warning when secret_type_length == 0
+        r = Result.read(data, data.size)
+        r.valid? && [r, URL]
+      end
+    end
+  end
+end

data/lib/zsteg/checker/wbstego.rb

@@ -11,7 +11,7 @@ module ZSteg
         "Rijndael",  # 4
       ]
 
-      class Result < IOStruct.new "a3a3a*", :size, :ext, :data, :even, :hdr, :enc, :mix, :controlbyte
+      class Result < IOStruct.new("a3a3a*", :size, :ext, :data, :even, :hdr, :enc, :mix, :controlbyte, struct_name: 'wbStego')
         attr_accessor :color
 
         def initialize *args
@@ -39,7 +39,6 @@ module ZSteg
 
         def to_s
           s = inspect.
-              sub("#<struct #{self.class.to_s}", "<wbStego").
               gsub(/, \w+=nil/,'')
 
           color = @color

data/lib/zsteg/checker/zlib.rb

@@ -21,6 +21,7 @@ module ZSteg
       # http://blog.w3challs.com/index.php?post/2012/03/25/NDH2k12-Prequals-We-are-looking-for-a-real-hacker-Wallpaper-image
       # http://blog.w3challs.com/public/ndh2k12_prequalls/sp113.bmp
       def self.check_data data
+        data = data.force_encoding('ASCII-8BIT')
         return unless idx = data.index(/\x78[\x9c\xda\x01]/n)
 
         zi = ::Zlib::Inflate.new

data/lib/zsteg/checker.rb

@@ -3,6 +3,11 @@ require 'stringio'
 require 'zlib'
 require 'set'
 
+require 'zsteg/checker/scanline_checker'
+require 'zsteg/checker/steganography_png'
+require 'zsteg/checker/wbstego'
+require 'zsteg/checker/zlib'
+
 module ZSteg
   class Checker
     attr_accessor :params, :channels, :verbose, :results
@@ -46,20 +51,20 @@ module ZSteg
 
     private
 
-    # catch Kernel#print for easier verbosity handling
-    def print *args
-      Kernel.print(*args) if @verbose >= 0
-    end
-
-    # catch Kernel#printf for easier verbosity handling
-    def printf *args
-      Kernel.printf(*args) if @verbose >= 0
-    end
-
-    # catch Kernel#puts for easier verbosity handling
-    def puts *args
-      Kernel.puts(*args) if @verbose >= 0
-    end
+#   # catch Kernel#print for easier verbosity handling
+#    def print *args
+#      Kernel.print(*args) if @verbose >= 0
+#    end
+#
+#    # catch Kernel#printf for easier verbosity handling
+#    def printf *args
+#      Kernel.printf(*args) if @verbose >= 0
+#    end
+#
+#    # catch Kernel#puts for easier verbosity handling
+#    def puts *args
+#      Kernel.puts(*args) if @verbose >= 0
+#    end
 
     public
 
@@ -71,6 +76,7 @@ module ZSteg
         check_extradata
         check_metadata
         check_imagedata
+        check_chunks
       end
 
       if @image.format == :bmp
@@ -92,12 +98,26 @@ module ZSteg
       Array(params[:order]).uniq.each do |order|
         (params[:prime] == :all ? [false,true] : [params[:prime]]).each do |prime|
           Array(params[:bits]).uniq.each do |bits|
-            p1 = @params.merge :bits => bits, :order => order, :prime => prime
-            if order[/b/i]
-              # byte iterator does not need channels
-              check_channels nil, p1
+            if params[:pixel_align] == :all
+              [false, true].each do |pixel_align|
+                # skip cases when output will be identical for pixel_align true/false
+                next if pixel_align && (8%bits) == 0
+                p1 = @params.merge bits: bits, order: order, prime: prime, pixel_align: pixel_align
+                if order[/b/i]
+                  # byte iterator does not need channels
+                  check_channels nil, p1
+                else
+                  channels.each{ |c| check_channels c, p1 }
+                end
+              end
             else
-              channels.each{ |c| check_channels c, p1 }
+              p1 = @params.merge bits: bits, order: order, prime: prime
+              if order[/b/i]
+                # byte iterator does not need channels
+                check_channels nil, p1
+              else
+                channels.each{ |c| check_channels c, p1 }
+              end
             end
           end
         end
@@ -124,6 +144,16 @@ module ZSteg
       process_result @image.imagedata, h
     end
 
+    def check_chunks
+      @image.chunks.each_with_index do |chunk, idx|
+        next unless chunk.respond_to?(:size) && chunk.respond_to?(:data)
+        next unless chunk.size && chunk.data
+        next if chunk.size < 5 || chunk.is_a?(ZPNG::TextChunk) || chunk.is_a?(ZPNG::Chunk::IDAT)
+        h = { :title => "chunk:#{idx}:#{chunk.type}", :show_title => true }
+        process_result chunk.data, h
+      end
+    end
+
     def check_extradata
       # accessing imagedata implicitly unpacks zlib stream
       # zlib stream may contain extradata
@@ -150,6 +180,13 @@ module ZSteg
         show_title title, :bright_red
         process_result data, :special => true, :title => title
       end
+
+      if r = SteganographyPNG.check_image(@image, @params)
+        @found_anything = true
+        title = "image"
+        show_title title, :bright_red
+        process_result nil, title: title, result: r
+      end
     end
 
     def check_metadata
@@ -220,6 +257,8 @@ module ZSteg
           end
         end
 
+      bits_tag << "p" if params[:pixel_align]
+
       title = [
         bits_tag,
         channels,
@@ -268,21 +307,26 @@ module ZSteg
     def process_result data, params
       verbose = params[:special] ? [@verbose,1.5].max : @verbose
 
-      if @cache[data]
-        if verbose > 1
-          puts "[same as #{@cache[data].inspect}]".gray
-          return true
-        else
-          # silent return
-          return false
+      result = nil
+      if data
+        if @cache[data]
+          if verbose > 1
+            puts "[same as #{@cache[data].inspect}]".gray
+            return true
+          else
+            # silent return
+            return false
+          end
         end
-      end
 
-      # TODO: store hash of data for large datas
-      @cache[data] = params[:title]
+        # TODO: store hash of data for large datas
+        @cache[data] = params[:title]
 
-      if result = data2result(data, params)
-        @results << result
+        if result = data2result(data, params)
+          @results << result
+        end
+      elsif !(result = params[:result])
+        raise "[?] No data nor result"
       end
 
       case verbose
@@ -309,7 +353,7 @@ module ZSteg
       else
         show_result result, params
       end
-      if data.size > 0 && !result.is_a?(Result::OneChar) && !result.is_a?(Result::WholeText)
+      if data && data.size > 0 && !result.is_a?(Result::OneChar) && !result.is_a?(Result::WholeText)
         # newline if no results and want hexdump
         puts if !result || result == []
         limit = (params[:limit] || @params[:limit]).to_i

data/lib/zsteg/cli/cli.rb

@@ -11,14 +11,39 @@ module ZSteg
     def run
       @actions = []
       @options = {
-        :verbose => 0,
-        :limit => Checker::DEFAULT_LIMIT,
-        :order => Checker::DEFAULT_ORDER
+        verbose: 0,
+        limit: Checker::DEFAULT_LIMIT,
+        order: Checker::DEFAULT_ORDER,
+        step: 1, 
+        ystep: 1, 
       }
       optparser = OptionParser.new do |opts|
         opts.banner = "Usage: zsteg [options] filename.png [param_string]"
         opts.separator ""
 
+        opts.on "-a", "--all", "try all known methods" do
+          @options[:prime] = :all
+          @options[:order] = :all
+          @options[:pixel_align] = :all
+          @options[:bits]  = (1..8).to_a
+          # specifying --all on command line explicitly enables extra checks
+          @options[:extra_checks] = true
+        end
+
+        opts.on "-E", "--extract NAME", "extract specified payload, NAME is like '1b,rgb,lsb'" do |x|
+          @options[:verbose] = -2 # silent ZPNG warnings
+          @actions << [:extract, x]
+        end
+
+        #################################################################################
+        opts.separator "\nIteration/extraction params:"
+        #################################################################################
+
+        opts.on("-o", "--order X", /all|auto|[bxy,]+/i,
+                "pixel iteration order (default: '#{@options[:order]}')",
+                "valid values: ALL,xy,yx,XY,YX,xY,Xy,bY,...",
+        ){ |x| @options[:order] = x.split(',') }
+
         opts.on("-c", "--channels X", /[rgba,1-8]+/,
                 "channels (R/G/B/A) or any combination, comma separated",
                 "valid values: r,g,b,a,rg,bgr,rgba,r3g2b3,..."
@@ -28,14 +53,14 @@ module ZSteg
           @options[:extra_checks] = false
         end
 
-        opts.on("-l", "--limit N", Integer,
-                "limit bytes checked, 0 = no limit (default: #{@options[:limit]})"
-        ){ |n| @options[:limit] = n }
-
         opts.on("-b", "--bits N", "number of bits, single int value or '1,3,5' or range '1-8'",
                 "advanced: specify individual bits like '00001110' or '0x88'"
         ) do |x|
           a = []
+          if x[-1] == 'p'
+            @options[:pixel_align] = true
+            x = x[0..-2]
+          end
           x = '1-8' if x == 'all'
           x.split(',').each do |x1|
             if x1['-']
@@ -50,10 +75,10 @@ module ZSteg
           @options[:extra_checks] = false
         end
 
-        opts.on "--lsb", "least significant BIT comes first" do
+        opts.on "--lsb", "least significant bit comes first" do
           @options[:bit_order] = :lsb
         end
-        opts.on "--msb", "most significant BIT comes first" do
+        opts.on "--msb", "most significant bit comes first" do
           @options[:bit_order] = :msb
         end
 
@@ -62,31 +87,20 @@ module ZSteg
           # specifying prime on command line disables extra checks
           @options[:extra_checks] = false
         end
-        opts.on "--invert", "invert bits (XOR 0xff)" do
-          @options[:invert] = true
-        end
 
-#        opts.on "--pixel-align", "pixel-align hidden data (EasyBMP)" do
-#          @options[:pixel_align] = true
-#        end
+        opts.on("--shift N", Integer, "prepend N zero bits"){ |x| @options[:shift] = x }
+        #opts.on("--step N",  Integer, "step")               { |x| @options[:step] = x }
+        opts.on("--invert", "invert bits (XOR 0xff)")       { @options[:invert] = true }
 
-        opts.on "-a", "--all", "try all known methods" do
-          @options[:prime] = :all
-          @options[:order] = :all
-          @options[:bits]  = (1..8).to_a
-          # specifying --all on command line explicitly enables extra checks
-          @options[:extra_checks] = true
+        opts.on "--pixel-align", "pixel-align hidden data" do
+          @options[:pixel_align] = true
         end
 
-        opts.on("-o", "--order X", /all|auto|[bxy,]+/i,
-                "pixel iteration order (default: '#{@options[:order]}')",
-                "valid values: ALL,xy,yx,XY,YX,xY,Xy,bY,...",
-        ){ |x| @options[:order] = x.split(',') }
+        #################################################################################
+        opts.separator "\nAnalysis params:"
+        #################################################################################
 
-        opts.on "-E", "--extract NAME", "extract specified payload, NAME is like '1b,rgb,lsb'" do |x|
-          @options[:verbose] = -2 # silent ZPNG warnings
-          @actions << [:extract, x]
-        end
+        opts.on("-l", "--limit N", Integer, "limit bytes checked, 0 = no limit (default: #{@options[:limit]})"){ |n| @options[:limit] = n }
 
         opts.separator ""
 
@@ -112,10 +126,6 @@ module ZSteg
           @options[:min_str_len] = x
         end
 
-        opts.on "--shift N", Integer, "prepend N zero bits" do |x|
-          @options[:shift] = x
-        end
-
         opts.separator ""
         opts.on "-v", "--verbose", "Run verbosely (can be used multiple times)" do |v|
           @options[:verbose] += 1
@@ -203,6 +213,9 @@ module ZSteg
           h[:bit_order] = :msb
         when /^(\d)b$/, /^b(\d+)$/
           h[:bits] = parse_bits($1)
+        when /^(\d)bp$/, /^b(\d+)p$/
+          h[:bits] = parse_bits($1)
+          h[:pixel_align] = true
         when /\A[rgba]+\Z/
           h[:channels] = [x]
         when /\Axy|yx|yb|by\Z/i
@@ -231,6 +244,17 @@ module ZSteg
         @img.extradata[$1.to_i]
       when /imagedata/
         @img.imagedata
+      when /\Achunk:(\d+):(.+)\Z/
+        # chunk with type check
+        idx, type = $1.to_i, $2
+        chunk = @img.chunks[idx]
+        raise "chunk ##{idx}: expected #{type} type, but got #{chunk.type}" if chunk.type != type
+        chunk.data
+      when /\Achunk:(\d+)\Z/
+        # chunk without type check
+        idx, type = $1.to_i, $2
+        chunk = @img.chunks[idx]
+        chunk.data
       else
         h = decode_param_string name
         h[:limit] = @options[:limit] if @options[:limit] != Checker::DEFAULT_LIMIT

data/lib/zsteg/extractor/byte_extractor.rb

@@ -32,8 +32,8 @@ module ZSteg
             else
               8.times{ |i| byte |= (a.shift<<(7-i))}
             end
-            #printf "[d] %02x %08b\n", byte, byte
             data << byte.chr
+            #a = []
             if data.size >= @limit
               print "[limit #@limit]".gray if @verbose > 1
               break
@@ -77,12 +77,15 @@ module ZSteg
             [@image.height-1, 0, -1]
           end
 
+        xstep *= params[:step] if params[:step]
+        ystep *= params[:ystep] if params[:ystep]
+
         # cannot join these lines from ByteExtractor and ColorExtractor into
         # one method for performance reason:
         #   it will require additional yield() for EACH BYTE iterated
 
         if type[0,1].downcase == 'b'
-          # ROW iterator
+          # ROW iterator (natural)
           if params[:prime]
             idx = 0
             y0.step(y1,ystep){ |y| x0.step(x1,xstep){ |x|

data/lib/zsteg/extractor/color_extractor.rb

@@ -6,7 +6,7 @@ module ZSteg
 
       def color_extract params = {}
         channels = Array(params[:channels])
-        #pixel_align = params[:pixel_align]
+        pixel_align = params[:pixel_align]
 
         ch_masks = []
         case channels.first.size
@@ -42,28 +42,28 @@ module ZSteg
             color = @image[x,y]
 
             ch_masks.each do |c,bidxs|
+              bidxs = bidxs[a.size-8..] if pixel_align && a.size + bidxs.size > 8
               value = color.send(c)
               bidxs.each do |bidx|
                 a << value[bidx]
               end
             end
-            #p [x,y,a.size,a]
 
             while a.size >= 8
               byte = 0
-              #puts a.join
+              # a0 = a.dup
               if params[:bit_order] == :msb
                 8.times{ |i| byte |= (a.shift<<i)}
               else
                 8.times{ |i| byte |= (a.shift<<(7-i))}
               end
-              #printf "[d] %02x %08b\n", byte, byte
+              # printf "[d] %-10s -> %-10s : %s %02x %08b  x=%d y=%d\n", a0.join, a.join, byte.chr.inspect, byte, byte, x, y
               data << byte.chr
               if data.size >= @limit
                 print "[limit #@limit]".gray if @verbose > 1
                 throw :limit
               end
-              #a.clear if pixel_align
+              a.clear if pixel_align && a.size < 8
             end
           end
         end

data/lib/zsteg/result.rb

@@ -8,8 +8,9 @@ module ZSteg
       end
     end
 
-    class OpenStego < IOStruct.new "CVCCCC",
-      :version, :data_len, :channel_bits, :fname_len, :compress, :encrypt, :fname
+    class OpenStego < IOStruct.new("CVCCCC",
+                                   :version, :data_len, :channel_bits, :fname_len, :compress, :encrypt, :fname,
+                                   struct_name: 'OpenStego')
 
       def self.read io
         super.tap do |r|
@@ -18,7 +19,7 @@ module ZSteg
       end
 
       def to_s
-        super.sub(/^<Result::/,'').sub(/>$/,'').bright_red
+        super.sub(/>$/,'').bright_red
       end
     end
 

data/lib/zsteg.rb

@@ -9,10 +9,6 @@ require 'zsteg/checker'
 require 'zsteg/result'
 require 'zsteg/file_cmd'
 
-require 'zsteg/checker/wbstego'
-require 'zsteg/checker/scanline_checker'
-require 'zsteg/checker/zlib'
-
 require 'zsteg/masker'
 
 require 'zsteg/analyzer'

data/spec/checker_spec.rb

@@ -17,9 +17,9 @@ describe Checker do
           end
         end
 
-        it "should be quiet by default" do
-          @out.should == ""
-        end
+#        it "should be quiet by default" do
+#          @out.should == ""
+#        end
 
         it "returned results should be equal to #results" do
           @results.should == @checker.results

data/spec/plte_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe "samples/plte1.png" do
+  subject{ cli(sample("plte1.png")) }
+  it { should include("Zip archive data") }
+
+  describe "--extract" do
+    it "should extract zip file from PLTE with type check" do
+      r = cli(sample("plte1.png"), "--extract", "chunk:1:PLTE")
+      md5(r).should == 'e125f0f322fd1e99050dba688968385c'
+    end
+    it "should extract zip file from PLTE without type check" do
+      r = cli(sample("plte1.png"), "--extract", "chunk:1")
+      md5(r).should == 'e125f0f322fd1e99050dba688968385c'
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,9 +1,14 @@
 #coding: binary
 $:.unshift(File.expand_path("../lib", File.dirname(__FILE__)))
 require 'zsteg'
+require 'digest/md5'
 
 SAMPLES_DIR = File.expand_path("../samples", File.dirname(__FILE__))
 
+def md5 data
+  Digest::MD5.hexdigest(data)
+end
+
 def each_sample glob="*.png"
   Dir[File.join(SAMPLES_DIR, glob)].each do |fname|
     yield fname.sub(Dir.pwd+'/','')
@@ -40,6 +45,7 @@ def cli *args
         else
           ZSteg::CLI
         end
+      args << "-qqq"
       args << "--no-color" unless args.any?{|x| x['color']}
       orig_stdout, out = $stdout, ""
       begin

data/spec/steganography_png_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+# https://github.com/pedrooaugusto/steganography-png
+each_sample("steganography-png/*.png") do |fname|
+  describe fname do
+    it "should reveal secret message" do
+      r = cli fname, "--limit", "64", "-a", "--no-file"
+      r.should include("SteganographyPNG")
+      r.should include(ZSteg::Checker::SteganographyPNG::URL)
+      r.should_not include("ZSteg::Checker::SteganographyPNG")
+    end
+  end
+end

data/zsteg.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: zsteg 0.2.12 ruby lib
+# stub: zsteg 0.2.14 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "zsteg".freeze
-  s.version = "0.2.12"
+  s.version = "0.2.14"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Andrey \"Zed\" Zaikin".freeze]
-  s.date = "2023-02-14"
+  s.date = "2026-01-28"
   s.email = "zed.0xff@gmail.com".freeze
   s.executables = ["zsteg".freeze, "zsteg-mask".freeze, "zsteg-reflow".freeze]
   s.extra_rdoc_files = [
@@ -36,6 +36,7 @@ Gem::Specification.new do |s|
     "lib/zsteg/analyzer.rb",
     "lib/zsteg/checker.rb",
     "lib/zsteg/checker/scanline_checker.rb",
+    "lib/zsteg/checker/steganography_png.rb",
     "lib/zsteg/checker/wbstego.rb",
     "lib/zsteg/checker/zlib.rb",
     "lib/zsteg/cli/cli.rb",
@@ -58,11 +59,13 @@ Gem::Specification.new do |s|
     "spec/mask_spec.rb",
     "spec/newbiecontest_spec.rb",
     "spec/openstego_spec.rb",
+    "spec/plte_spec.rb",
     "spec/polictf2012_spec.rb",
     "spec/prime_spec.rb",
     "spec/r3g2b3_spec.rb",
     "spec/simple_spec.rb",
     "spec/spec_helper.rb",
+    "spec/steganography_png_spec.rb",
     "spec/wbstego_spec.rb",
     "spec/wechall_spec.rb",
     "spec/zlib_spec.rb",
@@ -73,7 +76,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "http://github.com/zed-0xff/zsteg".freeze
   s.licenses = ["MIT".freeze]
-  s.rubygems_version = "3.3.7".freeze
+  s.rubygems_version = "3.2.33".freeze
   s.summary = "Detect stegano-hidden data in PNG & BMP files.".freeze
 
   if s.respond_to? :specification_version then
@@ -81,14 +84,14 @@ Gem::Specification.new do |s|
   end
 
   if s.respond_to? :add_runtime_dependency then
-    s.add_runtime_dependency(%q<zpng>.freeze, [">= 0.4.4"])
-    s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<zpng>.freeze, [">= 0.4.6"])
+    s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.7.0"])
     s.add_runtime_dependency(%q<prime>.freeze, [">= 0"])
     s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
     s.add_development_dependency(%q<juwelier>.freeze, [">= 0"])
   else
-    s.add_dependency(%q<zpng>.freeze, [">= 0.4.4"])
-    s.add_dependency(%q<iostruct>.freeze, [">= 0"])
+    s.add_dependency(%q<zpng>.freeze, [">= 0.4.6"])
+    s.add_dependency(%q<iostruct>.freeze, [">= 0.7.0"])
     s.add_dependency(%q<prime>.freeze, [">= 0"])
     s.add_dependency(%q<rspec>.freeze, [">= 0"])
     s.add_dependency(%q<juwelier>.freeze, [">= 0"])

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zsteg
 version: !ruby/object:Gem::Version
-  version: 0.2.12
+  version: 0.2.14
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-14 00:00:00.000000000 Z
+date: 2026-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: zpng
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.4
+        version: 0.4.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.4
+        version: 0.4.6
 - !ruby/object:Gem::Dependency
   name: iostruct
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.7.0
 - !ruby/object:Gem::Dependency
   name: prime
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +108,7 @@ files:
 - lib/zsteg/analyzer.rb
 - lib/zsteg/checker.rb
 - lib/zsteg/checker/scanline_checker.rb
+- lib/zsteg/checker/steganography_png.rb
 - lib/zsteg/checker/wbstego.rb
 - lib/zsteg/checker/zlib.rb
 - lib/zsteg/cli/cli.rb
@@ -130,11 +131,13 @@ files:
 - spec/mask_spec.rb
 - spec/newbiecontest_spec.rb
 - spec/openstego_spec.rb
+- spec/plte_spec.rb
 - spec/polictf2012_spec.rb
 - spec/prime_spec.rb
 - spec/r3g2b3_spec.rb
 - spec/simple_spec.rb
 - spec/spec_helper.rb
+- spec/steganography_png_spec.rb
 - spec/wbstego_spec.rb
 - spec/wechall_spec.rb
 - spec/zlib_spec.rb
@@ -161,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.2.33
 signing_key:
 specification_version: 4
 summary: Detect stegano-hidden data in PNG & BMP files.