stegdoc 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 ReemX
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,214 @@
+# stegdoc
+
+> Hide files inside Office documents with AES-256 encryption and steganography
+
+[![npm version](https://img.shields.io/npm/v/stegdoc.svg)](https://www.npmjs.com/package/stegdoc)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within spreadsheets or documents that appear to contain normal server monitoring reports, while optionally being protected with military-grade AES-256-GCM encryption.
+
+## Features
+
+- **Steganography** - Hide data in Excel spreadsheets (hidden sheets) or Word documents
+- **AES-256-GCM Encryption** - Military-grade encryption with PBKDF2 key derivation (100k iterations)
+- **Realistic Decoy Data** - Generated server metrics that make files look like IT monitoring reports
+- **Multi-part Splitting** - Automatically split large files across multiple documents
+- **Smart Compression** - Gzip compression for compressible files, skipped for images/video/archives
+- **Integrity Verification** - SHA-256 hashing detects tampering
+- **Folder Support** - Encode entire directories (automatically zipped)
+- **Interactive Mode** - User-friendly prompts guide you through options
+
+## Installation
+
+```bash
+npm install -g stegdoc
+```
+
+Or run directly with npx:
+
+```bash
+npx stegdoc encode myfile.pdf
+```
+
+## Quick Start
+
+```bash
+# Encode a file with encryption (recommended)
+stegdoc encode secret.pdf -p mypassword
+
+# Decode it back
+stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mypassword
+
+# View file info without decoding
+stegdoc info server_metrics_20251215_1200_A1B2.xlsx
+
+# Verify file integrity
+stegdoc verify server_metrics_20251215_1200_A1B2.xlsx -p mypassword
+```
+
+## Commands
+
+### `encode` - Hide a file in an Office document
+
+```bash
+stegdoc encode <file> [options]
+```
+
+**Options:**
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-o, --output-dir <dir>` | Output directory | Current directory |
+| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max`/`single`/`none` | `5MB` |
+| `-f, --format <format>` | Output format: `xlsx` or `docx` | `xlsx` |
+| `-p, --password <pass>` | Encryption password | None (unencrypted) |
+| `--force` | Overwrite existing files | Prompt |
+| `-q, --quiet` | Minimal output for scripting | Off |
+| `-y, --yes` | Skip interactive prompts | Off |
+
+**Examples:**
+
+```bash
+# Basic encoding (will prompt for options)
+stegdoc encode document.pdf
+
+# Encode with password and Word format
+stegdoc encode document.pdf -p mysecret -f docx
+
+# Split into exactly 3 parts
+stegdoc encode large-video.mp4 -p mysecret -s "3 parts"
+
+# No splitting (single file output)
+stegdoc encode archive.zip -p mysecret -s max
+
+# Encode a folder
+stegdoc encode ./my-folder -p mysecret
+```
+
+### `decode` - Recover the original file
+
+```bash
+stegdoc decode <file> [options]
+```
+
+**Options:**
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-o, --output <path>` | Output file path | Original filename |
+| `-p, --password <pass>` | Decryption password | Prompt if needed |
+| `--force` | Overwrite existing files | Prompt |
+| `-q, --quiet` | Minimal output | Off |
+| `-y, --yes` | Skip prompts, fail if password needed | Off |
+
+**Examples:**
+
+```bash
+# Decode with password
+stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mysecret
+
+# Decode to specific location
+stegdoc decode report.xlsx -p mysecret -o ./recovered/original.pdf
+
+# Multi-part files are auto-detected
+stegdoc decode server_metrics_20251215_1200_A1B2_part1.xlsx -p mysecret
+```
+
+### `info` - View metadata without decoding
+
+```bash
+stegdoc info <file>
+```
+
+Displays:
+- Original filename and size
+- Encryption status
+- Compression status
+- Part information (for split files)
+- Content hash for verification
+
+### `verify` - Validate file integrity
+
+```bash
+stegdoc verify <file> [options]
+```
+
+**Options:**
+| Option | Description |
+|--------|-------------|
+| `-p, --password <pass>` | Verify password is correct |
+
+Checks:
+- Metadata integrity
+- All parts present (for multi-part files)
+- Password validity (if provided)
+
+## How It Works
+
+### Encoding Pipeline
+
+```
+Input File
+    ↓
+[Compression] → gzip (if beneficial)
+    ↓
+[Base64 Encoding]
+    ↓
+[Encryption] → AES-256-GCM (optional)
+    ↓
+[Office Wrapper] → XLSX or DOCX
+    ↓
+[Decoy Layer] → Server metrics data
+    ↓
+Output File(s)
+```
+
+### File Storage
+
+**XLSX Format:**
+- Sheet 1 ("Server Metrics"): Visible decoy data - looks like IT monitoring reports
+- Sheet 2 ("Data"): Hidden sheet containing your encrypted payload
+
+**DOCX Format:**
+- Embedded text with metadata and payload
+- Appears as a system report document
+
+### Encryption Details
+
+- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
+- **Key Derivation**: PBKDF2-SHA256 with 100,000 iterations
+- **Key Size**: 256 bits
+- **IV**: 96 bits (randomly generated)
+- **Salt**: 128 bits (randomly generated)
+- **Authentication**: 128-bit auth tag (GCM provides authenticated encryption)
+
+### Filename Generation
+
+Output files use deterministic, realistic filenames:
+```
+server_metrics_YYYYMMDD_HH00_XXXX.xlsx
+system_report_YYYYMMDD_HH00_XXXX.docx
+```
+
+The date/time and ID are derived from a hash, ensuring files from the same encoding session are related.
+
+## Use Cases
+
+- **Secure file transfer** - Send encrypted files that look like mundane reports
+- **Backup storage** - Store sensitive data in plain sight
+- **Privacy** - Keep personal files private on shared systems
+- **Data portability** - Office documents work everywhere
+
+## Backward Compatibility
+
+Files created with previous versions (whitener) are fully supported. The tool automatically detects and handles legacy formats.
+
+## Requirements
+
+- Node.js 18.0.0 or higher
+
+## License
+
+MIT License - see [LICENSE](LICENSE) for details.
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.

package/bootstrap.js

@@ -0,0 +1,33 @@
+// bootstrap.js - Decode whitener DOCX
+const fs = require('fs');
+const JSZip = require('jszip');
+
+const docxPath = process.argv[2];
+if (!docxPath) {
+  console.log('Usage: node bootstrap.js <file.docx>');
+  process.exit(1);
+}
+
+JSZip.loadAsync(fs.readFileSync(docxPath)).then(zip => {
+  return zip.file('word/document.xml').async('string');
+}).then(xml => {
+  const matches = xml.match(/<w:t[^>]*>([^<]*)<\/w:t>/g) || [];
+  let text = '';
+  matches.forEach(m => {
+    let t = m.replace(/<w:t[^>]*>/, '').replace(/<\/w:t>/, '')
+      .replace(/&quot;/g, '"').replace(/&apos;/g, "'")
+      .replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&amp;/g, '&');
+    text += t;
+  });
+
+  const metaIdx = text.indexOf('WHITENER_METADATA:');
+  const sepIdx = text.indexOf('---', metaIdx);
+  const meta = JSON.parse(text.substring(metaIdx + 18, sepIdx).trim());
+  const base64 = text.substring(sepIdx + 3).trim();
+
+  fs.writeFileSync(meta.originalFilename, Buffer.from(base64, 'base64'));
+  console.log(`Decoded: ${meta.originalFilename}`);
+}).catch(err => {
+  console.error('Error:', err.message);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "stegdoc",
+  "version": "1.0.0",
+  "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
+  "main": "src/index.js",
+  "bin": {
+    "stegdoc": "src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "dev": "node src/index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "cli",
+    "steganography",
+    "encryption",
+    "aes-256",
+    "xlsx",
+    "docx",
+    "hide",
+    "encode",
+    "decode",
+    "covert",
+    "office",
+    "spreadsheet",
+    "security"
+  ],
+  "author": "ReemX",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ReemX/stegdoc.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ReemX/stegdoc/issues"
+  },
+  "homepage": "https://github.com/ReemX/stegdoc#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "src",
+    "bootstrap.js",
+    "LICENSE",
+    "README.md"
+  ],
+  "packageManager": "pnpm@10.19.0",
+  "dependencies": {
+    "adm-zip": "^0.5.16",
+    "chalk": "4.1.2",
+    "commander": "^14.0.2",
+    "docx": "^9.5.1",
+    "exceljs": "^4.4.0",
+    "fast-xml-parser": "^5.3.2",
+    "file-type": "^21.1.1",
+    "inquirer": "^13.0.1",
+    "ora": "5.4.1"
+  }
+}

package/src/commands/decode.js

@@ -0,0 +1,201 @@
+const path = require('path');
+const fs = require('fs');
+const chalk = require('chalk');
+const ora = require('ora');
+const { readDocxBase64 } = require('../lib/docx-handler');
+const { readXlsxBase64 } = require('../lib/xlsx-handler');
+const { validateMetadata, isMultiPart } = require('../lib/metadata');
+const { detectFormat, formatBytes, generateContentHash } = require('../lib/utils');
+const { decrypt, unpackEncryptionMeta } = require('../lib/crypto');
+const { decompress } = require('../lib/compression');
+const { promptPassword, promptOverwrite } = require('../lib/interactive');
+const { extractContent, findMultiPartFiles, mergeBase64Chunks } = require('../lib/file-utils');
+
+/**
+ * Read file based on format
+ * @param {string} filePath - Path to file
+ * @param {string} format - File format
+ * @returns {Promise<object>} Read result
+ */
+async function readFile(filePath, format) {
+  if (format === 'xlsx') {
+    return await readXlsxBase64(filePath);
+  } else {
+    return await readDocxBase64(filePath);
+  }
+}
+
+/**
+ * Decode a DOCX/XLSX file back to original format
+ * @param {string} inputFile - Path to input file
+ * @param {object} options - Command options
+ * @param {string} options.output - Output file path
+ * @param {string} options.password - Decryption password
+ * @param {boolean} options.force - Overwrite existing files without asking
+ * @param {boolean} options.quiet - Minimal output
+ */
+async function decodeCommand(inputFile, options) {
+  const quiet = options.quiet || false;
+  const spinner = quiet ? { start: () => {}, succeed: () => {}, fail: () => {}, info: () => {}, warn: () => {}, text: '' } : ora('Starting decoding process...').start();
+
+  try {
+    // Detect format from extension
+    const format = detectFormat(inputFile);
+    if (!format) {
+      throw new Error('Unknown file format. Supported formats: .xlsx, .docx');
+    }
+
+    spinner.text = `Reading ${format.toUpperCase()} file...`;
+
+    // Read the first file
+    const readResult = await readFile(inputFile, format);
+    const { encryptedContent, encryptionMeta, metadata } = extractContent(readResult, format);
+
+    // Validate metadata
+    validateMetadata(metadata);
+
+    const isEncrypted = metadata.encrypted || (encryptionMeta && encryptionMeta.length > 0);
+    const isCompressed = metadata.compressed || false;
+
+    spinner.succeed && spinner.succeed(`${format.toUpperCase()} file read successfully`);
+
+    if (!quiet) {
+      console.log(chalk.cyan(`  Original file: ${metadata.originalFilename}`));
+      console.log(chalk.cyan(`  Original size: ${formatBytes(metadata.originalSize)}`));
+      console.log(chalk.cyan(`  Encrypted: ${isEncrypted ? 'Yes' : 'No'}`));
+      console.log(chalk.cyan(`  Compressed: ${isCompressed ? 'Yes' : 'No'}`));
+    }
+
+    // Check password for encrypted files - prompt if not provided and not in quiet mode
+    if (isEncrypted && !options.password) {
+      if (quiet || options.yes) {
+        throw new Error('Password is required for encrypted files. Use -p or --password to specify.');
+      }
+      // Prompt for password interactively
+      options.password = await promptPassword();
+    }
+
+    // Determine output path and check overwrite
+    const outputPath = options.output || path.join(process.cwd(), metadata.originalFilename);
+
+    if (fs.existsSync(outputPath) && !options.force) {
+      if (quiet || options.yes) {
+        throw new Error(`File already exists: ${outputPath}. Use --force to overwrite.`);
+      }
+      // Prompt for overwrite confirmation
+      const shouldOverwrite = await promptOverwrite(outputPath);
+      if (!shouldOverwrite) {
+        console.log(chalk.yellow('Operation cancelled.'));
+        process.exit(0);
+      }
+    }
+
+    // Check if multi-part
+    let finalBase64;
+
+    if (isMultiPart(metadata)) {
+      spinner.start && (spinner.text = `Multi-part file detected (${metadata.totalParts} parts)`);
+
+      // Find all parts
+      const inputDir = path.dirname(inputFile);
+      const allParts = findMultiPartFiles(inputDir, metadata.hash, format, metadata.totalParts);
+
+      if (allParts.length !== metadata.totalParts) {
+        throw new Error(
+          `Missing parts! Found ${allParts.length} of ${metadata.totalParts} parts. ` +
+          `Make sure all parts are in the same directory.`
+        );
+      }
+
+      spinner.succeed && spinner.succeed(`Found all ${metadata.totalParts} parts`);
+
+      // Read all parts
+      const chunks = [];
+
+      for (let i = 0; i < allParts.length; i++) {
+        const partSpinner = quiet ? spinner : ora(`Reading part ${i + 1} of ${metadata.totalParts}...`).start();
+        const partResult = await readFile(allParts[i].path, format);
+        const { encryptedContent: partContent } = extractContent(partResult, format);
+        chunks.push(partContent);
+        partSpinner.succeed && partSpinner.succeed(`Part ${i + 1} read`);
+      }
+
+      // Merge chunks
+      spinner.text = 'Merging parts...';
+      const mergedContent = mergeBase64Chunks(chunks);
+      spinner.succeed && spinner.succeed('Parts merged successfully');
+
+      // Decrypt if needed
+      if (isEncrypted) {
+        spinner.text = 'Decrypting content...';
+        const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+        finalBase64 = decrypt(mergedContent, options.password, iv, salt, authTag);
+        spinner.succeed && spinner.succeed('Content decrypted');
+      } else {
+        finalBase64 = mergedContent;
+      }
+    } else {
+      // Single file - Decrypt if needed
+      if (isEncrypted) {
+        spinner.text = 'Decrypting content...';
+        const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+        finalBase64 = decrypt(encryptedContent, options.password, iv, salt, authTag);
+        spinner.succeed && spinner.succeed('Content decrypted');
+      } else {
+        finalBase64 = encryptedContent;
+      }
+    }
+
+    // Decompress if needed
+    let fileBuffer;
+    if (isCompressed) {
+      spinner.text = 'Decompressing...';
+      const compressedBuffer = Buffer.from(finalBase64, 'base64');
+      fileBuffer = await decompress(compressedBuffer);
+      spinner.succeed && spinner.succeed(`Decompressed: ${formatBytes(compressedBuffer.length)} → ${formatBytes(fileBuffer.length)}`);
+    } else {
+      fileBuffer = Buffer.from(finalBase64, 'base64');
+    }
+
+    // Verify integrity if content hash is available
+    if (metadata.contentHash) {
+      spinner.text = 'Verifying integrity...';
+      const actualHash = generateContentHash(fileBuffer);
+
+      if (actualHash !== metadata.contentHash) {
+        throw new Error('Integrity check failed! The file may be corrupted or tampered with.');
+      }
+      spinner.succeed && spinner.succeed('Integrity verified (SHA-256 match)');
+    }
+
+    // Write to file
+    spinner.text = 'Writing output file...';
+
+    // Ensure output directory exists
+    const outputDir = path.dirname(outputPath);
+    if (!fs.existsSync(outputDir)) {
+      fs.mkdirSync(outputDir, { recursive: true });
+    }
+
+    fs.writeFileSync(outputPath, fileBuffer);
+
+    spinner.succeed && spinner.succeed('Decoding complete!');
+
+    if (!quiet) {
+      console.log();
+      console.log(chalk.green.bold('✓ File decoded successfully!'));
+      console.log(chalk.cyan(`  Original: ${metadata.originalFilename}`));
+      console.log(chalk.cyan(`  Output: ${outputPath}`));
+      console.log(chalk.cyan(`  Size: ${formatBytes(fileBuffer.length)}`));
+      if (isMultiPart(metadata)) {
+        console.log(chalk.cyan(`  Parts merged: ${metadata.totalParts}`));
+      }
+    }
+  } catch (error) {
+    spinner.fail && spinner.fail('Decoding failed');
+    console.error(chalk.red(`Error: ${error.message}`));
+    process.exit(1);
+  }
+}
+
+module.exports = decodeCommand;