stegdoc 4.0.0 → 5.0.1

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 ReemX
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 ReemX
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,214 +1,200 @@
-# stegdoc
-
-> Hide files inside Office documents with AES-256 encryption and steganography
-
-[![npm version](https://img.shields.io/npm/v/stegdoc.svg)](https://www.npmjs.com/package/stegdoc)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-
-**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within spreadsheets or documents that appear to contain normal server monitoring reports, while optionally being protected with military-grade AES-256-GCM encryption.
-
-## Features
-
-- **Steganography** - Hide data in Excel spreadsheets (hidden sheets) or Word documents
-- **AES-256-GCM Encryption** - Military-grade encryption with PBKDF2 key derivation (100k iterations)
-- **Realistic Decoy Data** - Generated server metrics that make files look like IT monitoring reports
-- **Multi-part Splitting** - Automatically split large files across multiple documents
-- **Smart Compression** - Gzip compression for compressible files, skipped for images/video/archives
-- **Integrity Verification** - SHA-256 hashing detects tampering
-- **Folder Support** - Encode entire directories (automatically zipped)
-- **Interactive Mode** - User-friendly prompts guide you through options
-
-## Installation
-
-```bash
-npm install -g stegdoc
-```
-
-Or run directly with npx:
-
-```bash
-npx stegdoc encode myfile.pdf
-```
-
-## Quick Start
-
-```bash
-# Encode a file with encryption (recommended)
-stegdoc encode secret.pdf -p mypassword
-
-# Decode it back
-stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mypassword
-
-# View file info without decoding
-stegdoc info server_metrics_20251215_1200_A1B2.xlsx
-
-# Verify file integrity
-stegdoc verify server_metrics_20251215_1200_A1B2.xlsx -p mypassword
-```
-
-## Commands
-
-### `encode` - Hide a file in an Office document
-
-```bash
-stegdoc encode <file> [options]
-```
-
-**Options:**
-| Option | Description | Default |
-|--------|-------------|---------|
-| `-o, --output-dir <dir>` | Output directory | Current directory |
-| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max`/`single`/`none` | `5MB` |
-| `-f, --format <format>` | Output format: `xlsx` or `docx` | `xlsx` |
-| `-p, --password <pass>` | Encryption password | None (unencrypted) |
-| `--force` | Overwrite existing files | Prompt |
-| `-q, --quiet` | Minimal output for scripting | Off |
-| `-y, --yes` | Skip interactive prompts | Off |
-
-**Examples:**
-
-```bash
-# Basic encoding (will prompt for options)
-stegdoc encode document.pdf
-
-# Encode with password and Word format
-stegdoc encode document.pdf -p mysecret -f docx
-
-# Split into exactly 3 parts
-stegdoc encode large-video.mp4 -p mysecret -s "3 parts"
-
-# No splitting (single file output)
-stegdoc encode archive.zip -p mysecret -s max
-
-# Encode a folder
-stegdoc encode ./my-folder -p mysecret
-```
-
-### `decode` - Recover the original file
-
-```bash
-stegdoc decode <file> [options]
-```
-
-**Options:**
-| Option | Description | Default |
-|--------|-------------|---------|
-| `-o, --output <path>` | Output file path | Original filename |
-| `-p, --password <pass>` | Decryption password | Prompt if needed |
-| `--force` | Overwrite existing files | Prompt |
-| `-q, --quiet` | Minimal output | Off |
-| `-y, --yes` | Skip prompts, fail if password needed | Off |
-
-**Examples:**
-
-```bash
-# Decode with password
-stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mysecret
-
-# Decode to specific location
-stegdoc decode report.xlsx -p mysecret -o ./recovered/original.pdf
-
-# Multi-part files are auto-detected
-stegdoc decode server_metrics_20251215_1200_A1B2_part1.xlsx -p mysecret
-```
-
-### `info` - View metadata without decoding
-
-```bash
-stegdoc info <file>
-```
-
-Displays:
-- Original filename and size
-- Encryption status
-- Compression status
-- Part information (for split files)
-- Content hash for verification
-
-### `verify` - Validate file integrity
-
-```bash
-stegdoc verify <file> [options]
-```
-
-**Options:**
-| Option | Description |
-|--------|-------------|
-| `-p, --password <pass>` | Verify password is correct |
-
-Checks:
-- Metadata integrity
-- All parts present (for multi-part files)
-- Password validity (if provided)
-
-## How It Works
-
-### Encoding Pipeline
-
-```
-Input File
-    ↓
-[Compression] → gzip (if beneficial)
-    ↓
-[Base64 Encoding]
-    ↓
-[Encryption] → AES-256-GCM (optional)
-    ↓
-[Office Wrapper] → XLSX or DOCX
-    ↓
-[Decoy Layer] → Server metrics data
-    ↓
-Output File(s)
-```
-
-### File Storage
-
-**XLSX Format:**
-- Sheet 1 ("Server Metrics"): Visible decoy data - looks like IT monitoring reports
-- Sheet 2 ("Data"): Hidden sheet containing your encrypted payload
-
-**DOCX Format:**
-- Embedded text with metadata and payload
-- Appears as a system report document
-
-### Encryption Details
-
-- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
-- **Key Derivation**: PBKDF2-SHA256 with 100,000 iterations
-- **Key Size**: 256 bits
-- **IV**: 96 bits (randomly generated)
-- **Salt**: 128 bits (randomly generated)
-- **Authentication**: 128-bit auth tag (GCM provides authenticated encryption)
-
-### Filename Generation
-
-Output files use deterministic, realistic filenames:
-```
-server_metrics_YYYYMMDD_HH00_XXXX.xlsx
-system_report_YYYYMMDD_HH00_XXXX.docx
-```
-
-The date/time and ID are derived from a hash, ensuring files from the same encoding session are related.
-
-## Use Cases
-
-- **Secure file transfer** - Send encrypted files that look like mundane reports
-- **Backup storage** - Store sensitive data in plain sight
-- **Privacy** - Keep personal files private on shared systems
-- **Data portability** - Office documents work everywhere
-
-## Backward Compatibility
-
-Files created with previous versions are fully supported. The tool automatically detects and handles legacy formats.
-
-## Requirements
-
-- Node.js 18.0.0 or higher
-
-## License
-
-MIT License - see [LICENSE](LICENSE) for details.
-
-## Contributing
-
-Contributions are welcome! Please feel free to submit a Pull Request.
+# stegdoc
+
+> Hide files inside Office documents with AES-256 encryption and steganography
+
+[![npm version](https://img.shields.io/npm/v/stegdoc.svg)](https://www.npmjs.com/package/stegdoc)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within realistic server access logs and Hebrew incident reports — no hidden sheets, no suspicious content. Optionally protected with AES-256-GCM encryption.
+
+## Features
+
+- **Log-Based Steganography** — Payload is embedded directly in realistic nginx access log entries (URL tokens, UUIDs, trace IDs). No hidden sheets — the data IS the logs
+- **AES-256-GCM Encryption** — Military-grade encryption with PBKDF2 key derivation (100k iterations)
+- **Brotli Compression** — 15-25% better compression than gzip
+- **Dual Format Support**
+  - **XLSX** — Access log spreadsheet with realistic entries, any file size
+  - **DOCX** — Hebrew RTL incident report with log excerpts, files under 1 MB
+- **Multi-part Splitting** — Automatically split large files across multiple documents
+- **Integrity Verification** — SHA-256 hashing detects tampering
+- **Folder Support** — Encode entire directories (automatically zipped)
+- **Interactive Mode** — User-friendly prompts guide you through options
+- **Legacy Compatibility** — `--legacy` flag produces v4 format for older environments
+- **Backward Compatible** — Reads and decodes all previous format versions
+
+## Installation
+
+```bash
+npm install -g stegdoc
+```
+
+Or run directly with npx:
+
+```bash
+npx stegdoc encode myfile.pdf
+```
+
+## Quick Start
+
+```bash
+# Encode a file with encryption (recommended)
+stegdoc encode secret.pdf -p mypassword
+
+# Decode it back
+stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mypassword
+
+# View file info without decoding
+stegdoc info access_log_20260315_1200_A1B2_part1.xlsx
+
+# Verify file integrity
+stegdoc verify access_log_20260315_1200_A1B2_part1.xlsx -p mypassword
+```
+
+## Commands
+
+### `encode` — Hide a file in an Office document
+
+```bash
+stegdoc encode <file> [options]
+```
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-o, --output-dir <dir>` | Output directory | Current directory |
+| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max` | `5MB` |
+| `-f, --format <format>` | Output format: `xlsx` or `docx` | `xlsx` |
+| `-p, --password <pass>` | Encryption password | None (unencrypted) |
+| `--legacy` | Use v4 format for backward compatibility | Off |
+| `--no-limit` | Bypass DOCX 1 MB size limit | Off |
+| `--force` | Overwrite existing files | Prompt |
+| `-q, --quiet` | Minimal output for scripting | Off |
+| `-y, --yes` | Skip interactive prompts | Off |
+
+**Examples:**
+
+```bash
+# Encode with password (produces access log spreadsheet)
+stegdoc encode document.pdf -p mysecret
+
+# Encode as Hebrew incident report (DOCX)
+stegdoc encode config.json -p mysecret -f docx
+
+# Split into 3 parts
+stegdoc encode large-file.zip -p mysecret -s "3 parts"
+
+# Legacy v4 format (for older environments)
+stegdoc encode data.bin -p mysecret --legacy
+
+# Encode a folder
+stegdoc encode ./my-folder -p mysecret
+```
+
+### `decode` — Recover the original file
+
+```bash
+stegdoc decode <file> [options]
+```
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `-o, --output <path>` | Output file path | Original filename |
+| `-p, --password <pass>` | Decryption password | Prompt if needed |
+| `--force` | Overwrite existing files | Prompt |
+| `-q, --quiet` | Minimal output | Off |
+| `-y, --yes` | Skip prompts, fail if password needed | Off |
+
+**Examples:**
+
+```bash
+# Decode with password
+stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mysecret
+
+# Decode DOCX
+stegdoc decode system_report_20260315_0800_CD42_part1.docx -p mysecret
+
+# Multi-part files auto-detected (just provide part 1)
+stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mysecret
+```
+
+### `info` — View metadata without decoding
+
+```bash
+stegdoc info <file>
+```
+
+### `verify` — Validate file integrity
+
+```bash
+stegdoc verify <file> [-p <password>]
+```
+
+## How It Works
+
+### v5 Pipeline (default)
+
+```
+Input File
+    |
+[Brotli Compression]
+    |
+[AES-256-GCM Encryption] (optional)
+    |
+[Log-Embed Encoding] -- payload distributed across log line fields
+    |
+[Office Wrapper] -- XLSX access logs or DOCX incident report
+    |
+Output File(s)
+```
+
+### Data Channels (per log line)
+
+Each nginx access log entry carries **114 bytes** of payload across 6 channels:
+
+| Channel | Format | Bytes |
+|---------|--------|-------|
+| URL path segment | base64url | 21 |
+| Query param `token` | base64url | 21 |
+| Query param `state` | base64url | 21 |
+| Referer `ref` param | base64url | 21 |
+| X-Request-ID | UUID v4 (hex) | 14 |
+| X-Trace-ID | 32-char hex | 16 |
+
+### Output Formats
+
+**XLSX** — Single "Access Logs" sheet with realistic nginx log entries. Columns: Remote Address, Timestamp, Method, Request, Status, Bytes, Referer, User-Agent, X-Request-ID, X-Trace-ID. No hidden sheets.
+
+**DOCX** — Hebrew RTL incident report with title, executive summary, timeline table, log excerpts in monospace code blocks, root cause analysis, and recommendations. Reports are procedurally generated (15 services x 12 incident types = thousands of unique variants).
+
+### Encryption
+
+- **Algorithm**: AES-256-GCM (Galois/Counter Mode)
+- **Key Derivation**: PBKDF2-SHA256 with 100,000 iterations
+- **Key Size**: 256 bits
+- **IV**: 96 bits (randomly generated per part)
+- **Salt**: 128 bits (shared per session)
+- **Authentication**: 128-bit auth tag
+
+### Filenames
+
+```
+access_log_YYYYMMDD_HH00_XXXX[_partN].xlsx
+system_report_YYYYMMDD_HH00_XXXX[_partN].docx
+```
+
+## Legacy Mode
+
+Use `--legacy` to produce v4 format files (hidden sheet + gzip compression) for environments that haven't upgraded to stegdoc v5:
+
+```bash
+stegdoc encode data.bin -p mypass --legacy
+```
+
+The decoder auto-detects format version — it reads both v4 and v5 files without any flags.
+
+## Requirements
+
+- Node.js 18.0.0 or higher
+
+## License
+
+MIT License — see [LICENSE](LICENSE) for details.

package/package.json

@@ -1,59 +1,59 @@
-{
-  "name": "stegdoc",
-  "version": "4.0.0",
-  "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
-  "main": "src/index.js",
-  "bin": {
-    "stegdoc": "src/index.js"
-  },
-  "scripts": {
-    "start": "node src/index.js",
-    "dev": "node src/index.js",
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "keywords": [
-    "cli",
-    "steganography",
-    "encryption",
-    "aes-256",
-    "xlsx",
-    "docx",
-    "hide",
-    "encode",
-    "decode",
-    "covert",
-    "office",
-    "spreadsheet",
-    "security"
-  ],
-  "author": "ReemX",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ReemX/stegdoc.git"
-  },
-  "bugs": {
-    "url": "https://github.com/ReemX/stegdoc/issues"
-  },
-  "homepage": "https://github.com/ReemX/stegdoc#readme",
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "files": [
-    "src",
-    "LICENSE",
-    "README.md"
-  ],
-  "packageManager": "pnpm@10.19.0",
-  "dependencies": {
-    "adm-zip": "^0.5.16",
-    "chalk": "^4.1.2",
-    "commander": "^14.0.2",
-    "docx": "^9.5.1",
-    "exceljs": "^4.4.0",
-    "fast-xml-parser": "^5.3.3",
-    "file-type": "^16.5.4",
-    "inquirer": "^8.2.6",
-    "ora": "^5.4.1"
-  }
-}
+{
+  "name": "stegdoc",
+  "version": "5.0.1",
+  "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
+  "main": "src/index.js",
+  "bin": {
+    "stegdoc": "src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "dev": "node src/index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "cli",
+    "steganography",
+    "encryption",
+    "aes-256",
+    "xlsx",
+    "docx",
+    "hide",
+    "encode",
+    "decode",
+    "covert",
+    "office",
+    "spreadsheet",
+    "security"
+  ],
+  "author": "ReemX",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ReemX/stegdoc.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ReemX/stegdoc/issues"
+  },
+  "homepage": "https://github.com/ReemX/stegdoc#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "src",
+    "LICENSE",
+    "README.md"
+  ],
+  "packageManager": "pnpm@10.19.0",
+  "dependencies": {
+    "adm-zip": "^0.5.16",
+    "chalk": "^4.1.2",
+    "commander": "^14.0.2",
+    "docx": "^9.5.1",
+    "exceljs": "^4.4.0",
+    "fast-xml-parser": "^5.3.3",
+    "file-type": "^16.5.4",
+    "inquirer": "^8.2.6",
+    "ora": "^5.4.1"
+  }
+}