stegdoc 5.0.0 → 5.0.1

package/README.md

@@ -5,18 +5,22 @@
 [![npm version](https://img.shields.io/npm/v/stegdoc.svg)](https://www.npmjs.com/package/stegdoc)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within spreadsheets or documents that appear to contain normal server monitoring reports, while optionally being protected with military-grade AES-256-GCM encryption.
+**stegdoc** is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within realistic server access logs and Hebrew incident reports — no hidden sheets, no suspicious content. Optionally protected with AES-256-GCM encryption.
 
 ## Features
 
-- **Steganography** - Hide data in Excel spreadsheets (hidden sheets) or Word documents
-- **AES-256-GCM Encryption** - Military-grade encryption with PBKDF2 key derivation (100k iterations)
-- **Realistic Decoy Data** - Generated server metrics that make files look like IT monitoring reports
-- **Multi-part Splitting** - Automatically split large files across multiple documents
-- **Smart Compression** - Gzip compression for compressible files, skipped for images/video/archives
-- **Integrity Verification** - SHA-256 hashing detects tampering
-- **Folder Support** - Encode entire directories (automatically zipped)
-- **Interactive Mode** - User-friendly prompts guide you through options
+- **Log-Based Steganography** — Payload is embedded directly in realistic nginx access log entries (URL tokens, UUIDs, trace IDs). No hidden sheets — the data IS the logs
+- **AES-256-GCM Encryption** — Military-grade encryption with PBKDF2 key derivation (100k iterations)
+- **Brotli Compression** — 15-25% better compression than gzip
+- **Dual Format Support**
+  - **XLSX** — Access log spreadsheet with realistic entries, any file size
+  - **DOCX** — Hebrew RTL incident report with log excerpts, files under 1 MB
+- **Multi-part Splitting** — Automatically split large files across multiple documents
+- **Integrity Verification** — SHA-256 hashing detects tampering
+- **Folder Support** — Encode entire directories (automatically zipped)
+- **Interactive Mode** — User-friendly prompts guide you through options
+- **Legacy Compatibility** — `--legacy` flag produces v4 format for older environments
+- **Backward Compatible** — Reads and decodes all previous format versions
 
 ## Installation
 
@@ -37,30 +41,31 @@ npx stegdoc encode myfile.pdf
 stegdoc encode secret.pdf -p mypassword
 
 # Decode it back
-stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mypassword
+stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mypassword
 
 # View file info without decoding
-stegdoc info server_metrics_20251215_1200_A1B2.xlsx
+stegdoc info access_log_20260315_1200_A1B2_part1.xlsx
 
 # Verify file integrity
-stegdoc verify server_metrics_20251215_1200_A1B2.xlsx -p mypassword
+stegdoc verify access_log_20260315_1200_A1B2_part1.xlsx -p mypassword
 ```
 
 ## Commands
 
-### `encode` - Hide a file in an Office document
+### `encode` — Hide a file in an Office document
 
 ```bash
 stegdoc encode <file> [options]
 ```
 
-**Options:**
 | Option | Description | Default |
 |--------|-------------|---------|
 | `-o, --output-dir <dir>` | Output directory | Current directory |
-| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max`/`single`/`none` | `5MB` |
+| `-s, --chunk-size <size>` | Split size: `5MB`, `25MB`, `3 parts`, `max` | `5MB` |
 | `-f, --format <format>` | Output format: `xlsx` or `docx` | `xlsx` |
 | `-p, --password <pass>` | Encryption password | None (unencrypted) |
+| `--legacy` | Use v4 format for backward compatibility | Off |
+| `--no-limit` | Bypass DOCX 1 MB size limit | Off |
 | `--force` | Overwrite existing files | Prompt |
 | `-q, --quiet` | Minimal output for scripting | Off |
 | `-y, --yes` | Skip interactive prompts | Off |
@@ -68,29 +73,28 @@ stegdoc encode <file> [options]
 **Examples:**
 
 ```bash
-# Basic encoding (will prompt for options)
-stegdoc encode document.pdf
+# Encode with password (produces access log spreadsheet)
+stegdoc encode document.pdf -p mysecret
 
-# Encode with password and Word format
-stegdoc encode document.pdf -p mysecret -f docx
+# Encode as Hebrew incident report (DOCX)
+stegdoc encode config.json -p mysecret -f docx
 
-# Split into exactly 3 parts
-stegdoc encode large-video.mp4 -p mysecret -s "3 parts"
+# Split into 3 parts
+stegdoc encode large-file.zip -p mysecret -s "3 parts"
 
-# No splitting (single file output)
-stegdoc encode archive.zip -p mysecret -s max
+# Legacy v4 format (for older environments)
+stegdoc encode data.bin -p mysecret --legacy
 
 # Encode a folder
 stegdoc encode ./my-folder -p mysecret
 ```
 
-### `decode` - Recover the original file
+### `decode` — Recover the original file
 
 ```bash
 stegdoc decode <file> [options]
 ```
 
-**Options:**
 | Option | Description | Default |
 |--------|-------------|---------|
 | `-o, --output <path>` | Output file path | Original filename |
@@ -103,103 +107,89 @@ stegdoc decode <file> [options]
 
 ```bash
 # Decode with password
-stegdoc decode server_metrics_20251215_1200_A1B2.xlsx -p mysecret
+stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mysecret
 
-# Decode to specific location
-stegdoc decode report.xlsx -p mysecret -o ./recovered/original.pdf
+# Decode DOCX
+stegdoc decode system_report_20260315_0800_CD42_part1.docx -p mysecret
 
-# Multi-part files are auto-detected
-stegdoc decode server_metrics_20251215_1200_A1B2_part1.xlsx -p mysecret
+# Multi-part files auto-detected (just provide part 1)
+stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mysecret
 ```
 
-### `info` - View metadata without decoding
+### `info` — View metadata without decoding
 
 ```bash
 stegdoc info <file>
 ```
 
-Displays:
-- Original filename and size
-- Encryption status
-- Compression status
-- Part information (for split files)
-- Content hash for verification
-
-### `verify` - Validate file integrity
+### `verify` — Validate file integrity
 
 ```bash
-stegdoc verify <file> [options]
+stegdoc verify <file> [-p <password>]
 ```
 
-**Options:**
-| Option | Description |
-|--------|-------------|
-| `-p, --password <pass>` | Verify password is correct |
-
-Checks:
-- Metadata integrity
-- All parts present (for multi-part files)
-- Password validity (if provided)
-
 ## How It Works
 
-### Encoding Pipeline
+### v5 Pipeline (default)
 
 ```
 Input File
-    ↓
-[Compression] → gzip (if beneficial)
-    ↓
-[Base64 Encoding]
-    ↓
-[Encryption] → AES-256-GCM (optional)
-    ↓
-[Office Wrapper] → XLSX or DOCX
-    ↓
-[Decoy Layer] → Server metrics data
-    ↓
+    |
+[Brotli Compression]
+    |
+[AES-256-GCM Encryption] (optional)
+    |
+[Log-Embed Encoding] -- payload distributed across log line fields
+    |
+[Office Wrapper] -- XLSX access logs or DOCX incident report
+    |
 Output File(s)
 ```
 
-### File Storage
+### Data Channels (per log line)
+
+Each nginx access log entry carries **114 bytes** of payload across 6 channels:
+
+| Channel | Format | Bytes |
+|---------|--------|-------|
+| URL path segment | base64url | 21 |
+| Query param `token` | base64url | 21 |
+| Query param `state` | base64url | 21 |
+| Referer `ref` param | base64url | 21 |
+| X-Request-ID | UUID v4 (hex) | 14 |
+| X-Trace-ID | 32-char hex | 16 |
+
+### Output Formats
 
-**XLSX Format:**
-- Sheet 1 ("Server Metrics"): Visible decoy data - looks like IT monitoring reports
-- Sheet 2 ("Data"): Hidden sheet containing your encrypted payload
+**XLSX** — Single "Access Logs" sheet with realistic nginx log entries. Columns: Remote Address, Timestamp, Method, Request, Status, Bytes, Referer, User-Agent, X-Request-ID, X-Trace-ID. No hidden sheets.
 
-**DOCX Format:**
-- Embedded text with metadata and payload
-- Appears as a system report document
+**DOCX** — Hebrew RTL incident report with title, executive summary, timeline table, log excerpts in monospace code blocks, root cause analysis, and recommendations. Reports are procedurally generated (15 services x 12 incident types = thousands of unique variants).
 
-### Encryption Details
+### Encryption
 
 - **Algorithm**: AES-256-GCM (Galois/Counter Mode)
 - **Key Derivation**: PBKDF2-SHA256 with 100,000 iterations
 - **Key Size**: 256 bits
-- **IV**: 96 bits (randomly generated)
-- **Salt**: 128 bits (randomly generated)
-- **Authentication**: 128-bit auth tag (GCM provides authenticated encryption)
+- **IV**: 96 bits (randomly generated per part)
+- **Salt**: 128 bits (shared per session)
+- **Authentication**: 128-bit auth tag
 
-### Filename Generation
+### Filenames
 
-Output files use deterministic, realistic filenames:
 ```
-server_metrics_YYYYMMDD_HH00_XXXX.xlsx
-system_report_YYYYMMDD_HH00_XXXX.docx
+access_log_YYYYMMDD_HH00_XXXX[_partN].xlsx
+system_report_YYYYMMDD_HH00_XXXX[_partN].docx
 ```
 
-The date/time and ID are derived from a hash, ensuring files from the same encoding session are related.
+## Legacy Mode
 
-## Use Cases
+Use `--legacy` to produce v4 format files (hidden sheet + gzip compression) for environments that haven't upgraded to stegdoc v5:
 
-- **Secure file transfer** - Send encrypted files that look like mundane reports
-- **Backup storage** - Store sensitive data in plain sight
-- **Privacy** - Keep personal files private on shared systems
-- **Data portability** - Office documents work everywhere
-
-## Backward Compatibility
+```bash
+stegdoc encode data.bin -p mypass --legacy
+```
 
-Files created with previous versions are fully supported. The tool automatically detects and handles legacy formats.
+The decoder auto-detects format version — it reads both v4 and v5 files without any flags.
 
 ## Requirements
 
@@ -207,8 +197,4 @@ Files created with previous versions are fully supported. The tool automatically
 
 ## License
 
-MIT License - see [LICENSE](LICENSE) for details.
-
-## Contributing
-
-Contributions are welcome! Please feel free to submit a Pull Request.
+MIT License — see [LICENSE](LICENSE) for details.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "stegdoc",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
   "main": "src/index.js",
   "bin": {