A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using Steganography.
Steganography is the act of hiding information or messages inside objects that are not themselves secret. This allows people to covertly distribute messages, files, and other types of data in files or data that appear to be non-secretive in nature.
In a recent experiment, security researcher Dаvіd Вucһаnаn created a JPEG image of Shakespeare that also included a RARed copy of his complete works in HTML format. Buchanan went on to further show that this image could also be uploaded to Twitter, which would create a thumbnail that continued to contain the embedded RAR file.
Assuming this all works out, the image in this tweet is also a valid ZIP archive, containing a multipart RAR archive, containing the complete works of Shakespeare.
— Dаvіd Вucһаnаn (@David3141593) October 29, 2018
This technique also survives twitter's thumbnailer :P pic.twitter.com/P0Owq9abRC
Вucһаnаn was able to do this by creating a script that converted the multi-part RAR file into an ICC profile, which was then embedded into a picture of Shakespeare. ICC profiles are data fields in an image that detail the characteristics and color of an input device, so that the colors are displayed properly when outputted.
As ICC profiles are stored in JPEGs in 64KB chunks, Вucһаnаn decided to use a RAR file as he could split the RAR archive into multiple files that were set to a particular size. In this case, each part of the multi-part RAR file would be set to 64kb.
"ICC profiles are stored in chunks of approximately 64kb," Вucһаnаn told BleepingComputer via Twitter direct message. "So I had to split the data into correspondingly sized chunks and a multi-part RAR archive seemed like a good way to do that"
When asked if he tested this method to distribute malware, he felt it would be more useful as a way of sending secret messages.
"I'm not sure it's useful as an AV evasion technique in itself. However, it would make a good covert distribution channel."
Extracting Complete Works of Shakespeare
To extract the Complete Works of Shakespeare the created thumbnail, you simply need to download the image, rename it to a zip file, extract the zip file, and then extract the extracted RAR files.
To do this, you can use the following command in Linux:
curl 'https://pbs.twimg.com/media/DqteCf6WsAAhqwV.jpg' > lol.zip && unzip lol.zipThis command would download the thumbnail as lol.zip and then unzip the lol.zip file. This would leave you with a multi-part RAR file, where each part had a maximum size of 64kb.
To extract the RAR files you would use the unrar x shakespeare.part001.rar command, which would extract a shakespeare.html file as shown below
Unfortunately, when I tried to perform this extraction using 7Zip in Windows, it gave me errors when renaming the JPEG to a zip file and trying to extract it.
For this to work properly, you may need to be using the same versions of Zip and RAR as the creator of the image.
Comments
mngerhold - 4 years ago
This worked for me using the latest 32-bit 7zip for Windows - amazing! Saved for a rainy day, when I can start reading it all....
Zenor - 4 years ago
Those are not errors you received in 7Zip but warnings that can be safely ignored, it should have still successfully extracted the RAR files. The warnings are due to extraneous data that is required to make the file a valid JPEG.
Lawrence Abrams - 4 years ago
Was still unable to use 7Zip to further extract the RAR files
darknite323 - 4 years ago
Works fine on my PC, running Win7 64bit, 7zip 18.05, no errors reported, extracts both the .zip and the .rar files fine.
Foused - 1 year ago
This personality will remain in history forever, I am sure of this, because even 400 years after his death, Shakespeare remains relevant in the 21st century. Since you are interested in this topic, you should like the article https://www.nosweatshakespeare.com/blog/shakespeares-21st-century-popularity/ from which you will learn a lot of facts about him. Today he is popular because he understands how the human mind works as well - or better than any other writer.