He's very enthusiastic about sharing his tricks too. I spent the day hanging out with him at Troopers in March and we spent a lot of time discussing the structure of PDFs.
In fact, he set a fun challenge - can you produce a PDF file that is different every time it's opened? e.g. a bingo card generator.
The back of his business cards have cut down introductions versions of his posters, so everyone takes something away from meeting him. It's fun watching people decide which one they want.
To make a real quine, you'd have to know a fixpoint (block) of AES. By appropriate choice (easy to compute) of IV and plaintext this could then be extended into an arbitrary length "quine". From my quick googling there doesn't seem to be any known fixpoints.
Indeed, and it takes quite some memory, and it's for me the first extension ever which actually crashed at some points (I'm using Chrome with a dozen other extensions installed).
Novelty aside, if you encrypt to the same image, what was the point of encrypting? Can you hide something in the metadata that wouldn't have been visible until decryption?
This would be a great form of Steganography. [1] Obviously, not having it return the same image, but something different. Encrypting a given file into a valid image file (like a meme.) It would pass by many things without raising suspicion, and require private knowledge (key, iv) to recover the alternate payload. It might even be plausibly deniable.
While I agree in principle, this is a 310x146 pixel, 1-bit image that's 360KB in size. It's pretty obvious that there's a payload in there somewhere.
For comparison, recompressed as a normal PNG, it's 9.5KB, and even saving it as a 32-bit BMP is less than half the original size (at around 176KB). I don't know how this kind of thing "scales", but if I'm asked to download a 50MB PNG, I get suspicious. I'm pretty sure anyone you'd want to employ this against would be at least that sophisticated.
The 360K filesize is because I wanted to update the image to include the real iv in the image, which is based on the filesize. The only way to do that was to leave the PNG uncompressed (so the filesize remained constant), making the PNG you see 180K plus a duplicate reverse encrypted version appended at the end of the file, making the total 360K.
I see, although that is still about 20x larger than the normal equivalent. What I'm saying is two-fold; with this technique, simply checking the image's metadata and comparing to the size gives you an easy way to identify interesting images, the ones likely to contain a hidden messages. And second, this kind of "low signal to noise" ratio seems to be applicable to most steganography techniques. If I need to send 50MB of junk (and convincing junk at that) to get 1MB of message through, I'm going to have to question the value the stego provides (since it provides even more data and evidence that there's something to hide, especially if it's easily identifyable, as in this case). Still interesting, just not quite as awesome as everyone seems to think.
One challenge here is that some services will mess with uploaded images. For example an image I created at one point for a puzzle got messed up because the image host was smart enough to figure out that multiple pallet entries were mapped to the same color and removed/remapped the redundant entries. This saved a ton of image size with no visual difference. Undecodable junk after the end of an image is also in the "can be safely removed" and so may not survive being transmitted via an image host or even email.
That might also work in its favour as how would an eavesdropper know that the same png on cloud a marked clean would exist on cloud b with a secret message encoded? They'd have to assume that each instance of the same meme is unique and that significantly reduces the effectiveness of automated search tools.
To be honest, rarjpegs (rars attached after jpeg file contents, properly unarchives by any software) have been used in the imageboards for a long time and are super-simple to create (cat file.jpg file.rar > file.jpg).
It's actually rather interesting, if someone attaches some illegal content into rarjpeg, will it automatically make you a criminal after you see it (and store it onto your hard drive)?
Talking about illegal information is an inherently difficult task because illegal information is, as I see it, an illogical concept. With time, we can only hope that laws regarding information transmission loosen up.
Think of it as the distribution of illegal information that is illegal. And the idea of a "illegal number" is extremely misleading. Every number can represent any content under the right encoding. It's also nearly infinitely unlikely anyone would stumble across the data own their own by chance.
If you honestly think you are downloading a pirated book concatenated to an image of a cute kitten, and it tirns out to be an image of a cute kitten with an image of child sexual abuse, which you then delete, you are probably okay in England. You may need a lawyer and the disruption from the investigation could be severe.
The visual image is the same, but the actual file is different. It basically stores a reverse encrypted (decrypted) version of the image as appended junk data.
Youtube Link: http://youtu.be/wbHkVZfCNuE
Previous discussion: https://news.ycombinator.com/item?id=7771568