bruce30262/bmphide.py Secret

## bmphide.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-

# Usage: ./bmphide.py ./in.bmp ./secret ./out.bmp

from PIL import Image
import sys

def e(bb, bk):
    for idx in xrange(8):
        flag = 0
        if ((bb>>(idx&0x1f))&1)  == ((bk>>(idx&0x1f))&1):
            flag = 1

        if flag == 1:
            bb = bb & (~(1<<(idx&0x1f))) & 0xff
        else:
            bb = bb | ((1<<(idx&0x1f)) & 0xff)
    assert (bb & ~0xff) == 0
    return bb

def g(idx):
    bb =  ((idx+1) * 0x126B6FC5) & 0xff
    k = ((idx+2) * 0xC82C97D) & 0xff
    return e(bb, k)

def b(bb, r):
    for _ in xrange(r):
        b2 = int((bb&128)/128) & 0xff
        bb = ((bb*2)&0xff) + b2
    return bb

def d(bb, r):
    for _ in xrange(r):
        b2 = (bb & 1) * 128
        bb = (int(bb/2) & 0xff) + b2
    return bb

def h(data):
    array = [0]*len(data)
    num = 0
    for idx in xrange(len(data)):
        num2 = g(num)
        num+=1
        num3 = ord(data[idx])
        num3 = e(num3, num2)
        num3 = b(num3, 7)
        num4 = g(num)
        num+=1
        num3 = e(num3, num4)
        num3 = d(num3, 3)
        array[idx] = num3
    return array

def i(bitmap, d, out):
    '''
    j(103) = 0x00
    j(231) = 0x1
    j(27) = 0xf8
    j(228) = 0x7
    j(230) = 0x3
    j(25) = 0xfc
    j(100) = 0x6

    '''
    num = 0x0
    width, height = bitmap.size
    for x in xrange(0x0, width):
        for y in xrange(0x0, height):
            flag = False
            if num > (len(d) - 0x1):
                flag = True
            if flag:
                break
            pix = bitmap.getpixel((x, y))
            R, G, B, A = pix

            red = (R & 0xf8) | (d[num] & 0x7) # hide first 3 bit
            green = (G & 0xf8) | ((d[num] >> 0x3) & 0x7) # hide second 3 bit
            blue = (B & 0xfc) | ((d[num] >> 0x6) & 0x3) # hide last 2 bit
            bitmap.putpixel((x, y), (red, green, blue, 0))
            num += 0x1
    bitmap.save(out)

bitmap = Image.open(sys.argv[1]).convert('RGBA')
data = open(sys.argv[2], "rb").read()
data2 = h(data)
i(bitmap, data2, sys.argv[3])

print "Done."

## crack.py
#!/usr/bin/env python

# Usage: ./crack.py ./image.bmp

from PIL import Image
import sys

def e(bb, bk):
    for idx in xrange(8):
        flag = 0
        if ((bb>>(idx&0x1f))&1)  == ((bk>>(idx&0x1f))&1):
            flag = 1

        if flag == 1:
            bb = bb & (~(1<<(idx&0x1f))) & 0xff
        else:
            bb = bb | ((1<<(idx&0x1f)) & 0xff)
    assert (bb & ~0xff) == 0
    return bb

def crack_e(dd, r):
    for i in xrange(256):
        if e(i, r) == dd:
            return i
    return None

def g(idx):
    bb =  ((idx+1) * 0x126B6FC5) & 0xff
    k = ((idx+2) * 0xC82C97D) & 0xff
    return e(bb, k)

def b(bb, r):
    for _ in xrange(r):
        b2 = int((bb&128)/128) & 0xff
        bb = ((bb*2)&0xff) + b2
    return bb

def crack_b(dd, r):
    for i in xrange(256):
        if b(i, r) == dd:
            return i

def d(bb, r):
    for _ in xrange(r):
        b2 = (bb & 1) * 128
        bb = (int(bb/2) & 0xff) + b2
    return bb

def crack_d(dd, r):
    for i in xrange(256):
        if d(i, r) == dd:
            return i

bitmap = Image.open(sys.argv[1]).convert('RGBA')

width, height = bitmap.size
data2 = []

# extract data2
num = 0
for x in xrange(width):
    for y in xrange(height):
        R, G, B, A = bitmap.getpixel((x, y))
        d1 = R & 7
        d2 = G & 7
        d3 = B & 3
        data = (d3<<6) | (d2<<3) | d1
        data2.append(data)
        num += 1

# recover message
real_datas = []
o_num = 0
for idx, dd in enumerate(data2):
    if idx % 10000 == 0: # For tracking our cracking progress
        print idx
    if idx == 219702: # data length. This can be extracted from the image header
        break
    num3d = crack_d(dd, 3)
    num4e = g(o_num+1)
    num3e = crack_e(num3d, num4e)
    #if not num3e:
    #    print "real data len:", idx
    #    break
    assert g(o_num+1) == num4e
    num3b = crack_b(num3e, 7)
    num2 = g(o_num)
    real_data = crack_e(num3b, num2)
    assert real_data != None
    assert g(o_num) == num2
    real_datas.append(real_data)
    o_num += 2

out =  ''.join(chr(c) for c in real_datas)

with open("flag.bmp", "wb") as f:
    f.write(out)

print "Done"
	#!/usr/bin/env python
	# -- coding: utf-8 --

	# Usage: ./bmphide.py ./in.bmp ./secret ./out.bmp

	from PIL import Image
	import sys

	def e(bb, bk):
	for idx in xrange(8):
	flag = 0
	if ((bb>>(idx&0x1f))&1) == ((bk>>(idx&0x1f))&1):
	flag = 1

	if flag == 1:
	bb = bb & (~(1<<(idx&0x1f))) & 0xff
	else:
	bb = bb \| ((1<<(idx&0x1f)) & 0xff)
	assert (bb & ~0xff) == 0
	return bb

	def g(idx):
	bb = ((idx+1) * 0x126B6FC5) & 0xff
	k = ((idx+2) * 0xC82C97D) & 0xff
	return e(bb, k)

	def b(bb, r):
	for _ in xrange(r):
	b2 = int((bb&128)/128) & 0xff
	bb = ((bb*2)&0xff) + b2
	return bb

	def d(bb, r):
	for _ in xrange(r):
	b2 = (bb & 1) * 128
	bb = (int(bb/2) & 0xff) + b2
	return bb

	def h(data):
	array = [0]*len(data)
	num = 0
	for idx in xrange(len(data)):
	num2 = g(num)
	num+=1
	num3 = ord(data[idx])
	num3 = e(num3, num2)
	num3 = b(num3, 7)
	num4 = g(num)
	num+=1
	num3 = e(num3, num4)
	num3 = d(num3, 3)
	array[idx] = num3
	return array

	def i(bitmap, d, out):
	'''
	j(103) = 0x00
	j(231) = 0x1
	j(27) = 0xf8
	j(228) = 0x7
	j(230) = 0x3
	j(25) = 0xfc
	j(100) = 0x6

	'''
	num = 0x0
	width, height = bitmap.size
	for x in xrange(0x0, width):
	for y in xrange(0x0, height):
	flag = False
	if num > (len(d) - 0x1):
	flag = True
	if flag:
	break
	pix = bitmap.getpixel((x, y))
	R, G, B, A = pix

	red = (R & 0xf8) \| (d[num] & 0x7) # hide first 3 bit
	green = (G & 0xf8) \| ((d[num] >> 0x3) & 0x7) # hide second 3 bit
	blue = (B & 0xfc) \| ((d[num] >> 0x6) & 0x3) # hide last 2 bit
	bitmap.putpixel((x, y), (red, green, blue, 0))
	num += 0x1
	bitmap.save(out)

	bitmap = Image.open(sys.argv[1]).convert('RGBA')
	data = open(sys.argv[2], "rb").read()
	data2 = h(data)
	i(bitmap, data2, sys.argv[3])

	print "Done."
	#!/usr/bin/env python

	# Usage: ./crack.py ./image.bmp

	from PIL import Image
	import sys

	def e(bb, bk):
	for idx in xrange(8):
	flag = 0
	if ((bb>>(idx&0x1f))&1) == ((bk>>(idx&0x1f))&1):
	flag = 1

	if flag == 1:
	bb = bb & (~(1<<(idx&0x1f))) & 0xff
	else:
	bb = bb \| ((1<<(idx&0x1f)) & 0xff)
	assert (bb & ~0xff) == 0
	return bb

	def crack_e(dd, r):
	for i in xrange(256):
	if e(i, r) == dd:
	return i
	return None

	def g(idx):
	bb = ((idx+1) * 0x126B6FC5) & 0xff
	k = ((idx+2) * 0xC82C97D) & 0xff
	return e(bb, k)

	def b(bb, r):
	for _ in xrange(r):
	b2 = int((bb&128)/128) & 0xff
	bb = ((bb*2)&0xff) + b2
	return bb

	def crack_b(dd, r):
	for i in xrange(256):
	if b(i, r) == dd:
	return i

	def d(bb, r):
	for _ in xrange(r):
	b2 = (bb & 1) * 128
	bb = (int(bb/2) & 0xff) + b2
	return bb

	def crack_d(dd, r):
	for i in xrange(256):
	if d(i, r) == dd:
	return i

	bitmap = Image.open(sys.argv[1]).convert('RGBA')

	width, height = bitmap.size
	data2 = []

	# extract data2
	num = 0
	for x in xrange(width):
	for y in xrange(height):
	R, G, B, A = bitmap.getpixel((x, y))
	d1 = R & 7
	d2 = G & 7
	d3 = B & 3
	data = (d3<<6) \| (d2<<3) \| d1
	data2.append(data)
	num += 1

	# recover message
	real_datas = []
	o_num = 0
	for idx, dd in enumerate(data2):
	if idx % 10000 == 0: # For tracking our cracking progress
	print idx
	if idx == 219702: # data length. This can be extracted from the image header
	break
	num3d = crack_d(dd, 3)
	num4e = g(o_num+1)
	num3e = crack_e(num3d, num4e)
	#if not num3e:
	# print "real data len:", idx
	# break
	assert g(o_num+1) == num4e
	num3b = crack_b(num3e, 7)
	num2 = g(o_num)
	real_data = crack_e(num3b, num2)
	assert real_data != None
	assert g(o_num) == num2
	real_datas.append(real_data)
	o_num += 2

	out = ''.join(chr(c) for c in real_datas)

	with open("flag.bmp", "wb") as f:
	f.write(out)

	print "Done"