Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/auyer/steganography
Steganography is a library written in Pure go to allow simple LSB steganography on images. It is capable of both encoding and decoding images. It can store files of any format. This library is inspired by Stego by EthanWelsh, a command line utility with the same purpose.
go get -u github.com/auyer/steganography
Original | Encoded |
---|---|
The second image contains the first paragraph of the description of a stegosaurus on Wikipedia, also available in examples/message.txt as an example.
package main
import (
"bufio"
"image/png"
"io/ioutil"
"github.com/auyer/steganography"
)
Write mode is used to take a message and embed it into an image file using LSB steganography in order to produce a secret image file that will contain your message.
Note that the minimum image size is 24 pixels for one byte. For each additional byte, it is necessary 3 more pixels.
inFile, _ := os.Open("input_file.png") // opening file
reader := bufio.NewReader(inFile) // buffer reader
img, _ := png.Decode(reader) // decoding to golang's image.Image
w := new(bytes.Buffer) // buffer that will recieve the results
err := steganography.Encode(w, img, []byte("message")) // Encode the message into the image
if err != nil {
log.Printf("Error Encoding file %v", err)
return
}
outFile, _ := os.Create("out_file.png") // create file
w.WriteTo(outFile) // write buffer to it
outFile.Close()
note: all error checks were removed for brevity, but they should be included.
Length mode can be used in order to preform a preliminary check on the carrier image in order to deduce how large of a file it can store.
sizeOfMessage := steganography.GetMessageSizeFromImage(img) // retrieves the size of the encoded message
Read mode is used to read an image that has been encoded using LSB steganography, and extract the hidden message from that image.
inFile, _ := os.Open(encodedInputFile) // opening file
defer inFile.Close()
reader := bufio.NewReader(inFile) // buffer reader
img, _ := png.Decode(reader) // decoding to golang's image.Image
sizeOfMessage := steganography.GetMessageSizeFromImage(img) // retrieving message size to decode in the next line
msg := steganography.Decode(sizeOfMessage, img) // decoding the message from the file
fmt.Println(string(msg))
note: all error checks were removed for brevity, but they should be included.
For a complete example, see the examples/stego.go file. It is a command line app based on the original fork of this repository, but modified to use the Steganography library.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.