Attempt to pack all pieces of Shakespeare into Twitter's small image
Students of the Department of Computer Science, who was experimenting with "How much raw data can be packed in Twitter posts?" Succeeded to summarize the data of all works of Shakespeare into one small image did. It is like a cryptic state that "a piece of small picture contains more information than it looks", but if you exploit it it could be used for spreading malware.
This Tiny Picture on Twitter Contains the Complete Works of Shakespeare - Motherboard
https://motherboard.vice.com/en_us/article/bj4wxm/tiny-picture-twitter-complete-works-of-shakespeare-steganography
You can unzip this tiny image on Twitter to reveal the complete works of Shakespeare - The Verge
https://www.theverge.com/2018/11/1/18051514/twitter-image-steganography-shakespeare-unzip-me
This tweet David Buchanan posted on October 28, 2018. A small image written as "UNZIP ME" contains all the works of Shakespeare.
Assuming this all works out, the image in this tweet is also a valid ZIP archive, containing a multipart RAR archive, containing the complete works of Shakespeare.
- D а і і В с ο аnаn (@ David 3141593) October 29, 2018
This technique also survives twitter's thumbnailer: P pic.twitter.com/P0Owq 9 abRC
Buchanan explained that you can see the work by downloading "https://pbs.twimg.com/media/DqteCf6WsAAhqwV.jpg", unpacking the ZIP file, then decompressing the RAR file ......
curl ' https://t.co/okjL8IFtAL '> https://t.co/ulP8nPkbY8 && unzip https://t.co/ulP8nPkbY8 && unrar x shakespeare.part001.rar
- D а і і В с ο аnаn (@ David 3141593) October 29, 2018
In fact I tried it. First open "https://pbs.twimg.com/media/DqteCf6WsAAhqwV.jpg" and download it by right click.
I will attempt to decompress using " Explzh ". Right click on the image and select "Open from Explzh" ... ...
Certainly one image contained a lot of RAR files.
However, if you try to decompress the RAR file as it is, an error is displayed.
Select 'Repair ZIP, RAR, ACE Archive' from 'Tools' ... ...
Right click again to "open"
Since the HTML file appeared, I tried clicking ...
The page " The Complete Works of William Shakespeare " appeared. It is possible to read all works of Shakespeare from here.
According to Buchanan, Twitter will extract a lot of metadata when uploading images on SNS, but it will leave it as it is about the ICC profile . So, Buchanan saved archive files of ZIP and RAR in the ICC profile. "What I did is to write a script to parse the JPG file and insert the ICC metadata." "Because the necessary ZIP header needs to be in the correct place, this metadata was carefully made "Buchanan says."
Originally, Buchanan is experimenting that "How much raw data can be stuffed into the tweet?", And it seems that it came to the idea of "embedding a ZIP file in the image" with that flow. It took me several months to write the script.
However, if you exploit this technology, there is a danger of being used for spreading malware. Buchanan reports this technology to Twitter, but Twitter seems that Twitter does not regard this as a bug.
I tried reporting this techinque to twitter's bug bounty program, but it's # notabug . Fair enough, but that just means we can have some fun with it
- D а і і В с ο аnаn (@ David 3141593) October 29, 2018
Related Posts:
in Note, Posted by darkhorse_log