Overly Chatty Penguins

The Ready Room => Off Topic => Topic started by: SwiftSpear on January 03, 2005, 11:53:34 PM

Title: WTF is going on here?
Post by: SwiftSpear on January 03, 2005, 11:53:34 PM

(http://www.hl2world.com/bbs/images/avatars/124353434341cb925cb258b.gif)

A normal image X?  nope.  This thing is formatted as a gif but change the file name to .rar and open in winrar and you will find a hidden image within (the hidden image is lame, don't worry about it).   Basicly I'm have this image and the worst directions the world has ever conceived on how to create it from here (http://www.hl2world.com/bbs/viewtopic.php?t=21911&postdays=0&postorder=asc&start=30)  (one of the posts from the guy who is using the X as his avatar) and I'm trying to figure out how this is done...  :huh:

Title: WTF is going on here?
Post by: SheenaYanai on January 04, 2005, 03:03:41 AM

i have not looked into that board yet....  because i wont get spoiled..  ive done some own research





it does not care if you change its ending to jpeg or gif or bmp..its opening anyways..lol  i have never seen something like that.. this is clearly not a picture, its a  file that is able to get interpretated by image filters.. i think this file must containing raw data image informations so i thought this must be clearly visible in something else than a image editor...so i have opend it in notepad
i doubt he can do the same with a more complex picture, ive looked at the structure of this gif/jpg with notepad it looks like nothing ive seen before..  
this is the gif/rar file .
its like you put ontop of rar information raw image data.
you can clearly see the blocks wich containing the image data...thats something i have not seen before on a image file of any kind..it looks like it would work just with very small files.look at the "omg.jpg" tag. its already containing informations about the packet image, its a block of rar data below raw image data.  something that wont work usually without matching both image informations to fit together somehow in pixelcount,colors , size, and crc size..
anything would go pewpie without matching..  winrar, or the image viewer

Title: WTF is going on here?
Post by: SheenaYanai on January 04, 2005, 03:07:40 AM

ive opend the packet image aswell, and it got the same unique structure..except the rar block on the bottom is missing..  this picture shows how one of his blank jpg without rar information looks like.
this is not what a regular jpg should look like..it contains no jpeg file marker.  
it contains no file type information at all ..  just the file ending says it could be opend with programs that are able to handle jpeg informations.
.just programs wich dont check the file marker , and do a raw read of the data , like browsers and paint.  
it reminds me at the way to merge 2 exe files together..  i have seen a application thats able to merge images together ...or another file encryption program that was able to hide a whole rar folder in a jpg file , just more complex .
i think its like that, just less complex, and this dood got really to care about the pixelcount of both images.
and its helluva small..  the same picture created with photoshop would create a way bigger data block...

Title: WTF is going on here?
Post by: SheenaYanai on January 04, 2005, 03:52:48 AM

another interresting thing on that file is, that windows thinks it contains *.ico data, but its interpretating the file different, so the X is turning into a black box...
this looks also similar to the method of compiling icon data into exe files....  
ok..another theory is, the whole file got compiled, i just dont know what compiler would create such a strange structure

Title: WTF is going on here?
Post by: SheenaYanai on January 04, 2005, 04:53:57 AM

:blink:
ok..ive looked at this link...and i cant believe that it is that hard....because the guy who did this is a complete moron ..  its maybe just a lil piece of stupid program...
 ^_^  dont want to waste more time with this

Title: WTF is going on here?
Post by: SwiftSpear on January 04, 2005, 01:28:45 PM

Ya, I'm increasingly begining to think that he just found that example on some other forum or something and stole it...  His directions for how to do it are compleatly unintellegeble.  I'd still like to know how it was done though  <_<

Title: WTF is going on here?
Post by: Black Mage on January 05, 2005, 12:46:48 AM

so ... one bitmap is put through winrar and another file that could pass for a bitmap is spit out?
i'm going to go play with it for a few minutes

Title: WTF is going on here?
Post by: CForrester on January 05, 2005, 01:14:34 AM

I figured out how to do it. It's incredibly easy.

(http://www.brainferrets.com/other/toiletseat_lamp.jpg)

Rename that to .rar and open it in WinRAR.

Here's how to do it:

1) Get a hex editor. I use Hex Workshop.
2) RAR anything you like.
3) Open a JPG and the RAR in a hex editor.
4) Hit Ctrl+A on the RAR in the hex editor, then Ctrl+C
5) In the JPG in the hex editor, paste what you just copied to the end of the file and save it.

Et voila.

Title: WTF is going on here?
Post by: Black Mage on January 05, 2005, 01:19:02 AM

the original had the public image stored somewhere between the header and the compressed private image. your way is too easy.
(awesome and a half way to add credits to a file though ... or hidden messages)

Title: WTF is going on here?
Post by: SheenaYanai on January 05, 2005, 01:33:19 AM

but does it survive rescaling and editing?    :lol:
not so safe

Title: WTF is going on here?
Post by: devicenull on January 05, 2005, 09:43:15 AM

This actual process is called stenography.  There are many applications that will do things similar to this, however the hidden file will be _totally_ hidden, and only accessable with another program and a decryption key. Its fun :)

Your browser is ignoring what the file says it is, and going by the extension.  The image processor knows what data its looking for, and ignores what it isnt.  Same with winrar, because I seem to think for some reason that rar files have excellent error-correction functions.

Title: WTF is going on here?
Post by: Diablus on January 05, 2005, 08:25:51 PM

my head almost esploded while attempting to read this thread :blink:

Title: WTF is going on here?
Post by: -Lancer- on January 06, 2005, 04:52:23 PM

WTF are you all talking about!!! all i see is an X on a white screen! Why is there a toilet seat on the mailbox, WTH IS GOING ON!!?!?!??!

Title: WTF is going on here?
Post by: SwiftSpear on January 06, 2005, 05:54:47 PM

Quote

WTF are you all talking about!!! all i see is an X on a white screen! Why is there a toilet seat on the mailbox, WTH IS GOING ON!!?!?!??!

[snapback]38097[/snapback]

Save either of the two posted images to you desktop and then change the extention (.gif for the first .jpg for the second) to .rar

open up the rar the same way you would open any other rar and look at the compressed file inside to see the magic hidden image...  OOOooooo!

Title: WTF is going on here?
Post by: Crispy on January 07, 2005, 09:50:21 AM

Well this thread went initially over my head until I realised how I could use it myself.

As some of you may already know, I'm making an RPG Source Mod. When I get the Website up I want to stick some of the storyline up (the less important stuff in the public arena and the more integral stuff in a private section for team references only). Since I never trust anyone, being able to post the text as an image and then go through a process similar to this would be able to hide some sort of "I made this first" message within the picture, so that if anyone was tempted to take it off to another Mod, I'd know I'd have an easy time proving it was my idea that they had totally ripped off.

1. Is this possible, and how failsafe could it be (nothing ever is 100% failsafe)

2. Could I also do something to the images to make them unreadable once off the website (ie somehow only properly readable by IE, so that when they were read by another image editing program, they would have something like a huge black square over everything, this would be incredibly useful).

If one of you script-daddies could find out I'd definitely stick your name in the credits...

Title: WTF is going on here?
Post by: CForrester on January 07, 2005, 01:58:28 PM

You could do that by adding credits in plaintext to the end of the file, but that would be obvious if they open it up in a hex editor. You could also do the RAR trick and add it to the end, but both of these methods present a problem: If it's edited at all, you lose it. I'm not sure how to do the other method, but that's apparently permanent. ;)

Title: WTF is going on here?
Post by: Legionnaired on January 07, 2005, 02:06:52 PM

Quote

You could do that by adding credits in plaintext to the end of the file, but that would be obvious if they open it up in a hex editor. You could also do the RAR trick and add it to the end, but both of these methods present a problem: If it's edited at all, you lose it. I'm not sure how to do the other method, but that's apparently permanent. ;)

[snapback]38163[/snapback]

Don't forget that just doing a good old printscreen and copy-paste is a surefire way to rip it off.

Just do a PDF, and if you're really concerned about it, print it out and get a notary to notarize it, with your real name and date. You can do this at any bank for a less than nominal fee, and it's pretty much all the legal protection you'll need against a mod-ripping nub.

Though, them ganking your source code doesn't pose threat of lost profits to you anyway. So you can't do anything legally about it if you wanted to.

Title: WTF is going on here?
Post by: CForrester on January 07, 2005, 02:41:54 PM

For a cheaper method, you could just print it all out and mail it to yourself.