▄▀▀▀▀▀▀▀▀▀▀▄▀▀▀▀▀▀▀▀▀▀▄▀▀▀▀▀▀▀▀▀▀▄▀▀▀▀▀▀▀▀▀▀▄▀▀▀▀▀▀▀▀▀▄▄▀▀▀▀▀▀▀▀▀▀▄
█ ▀▀▀███████ ▀▀▀███████ ▀▀▀███████ ▀▀▀███████ ▀▀▀██████▄ ▀▀▀███████ █
█ ▀▀▀ ▀▀▀ █▓█ ▀▀▀ ▀▀▀ █▓█ ▀▀▀ █▓█ ▀▀▀ ▄▄▄▄▄▄▄▀
█ ▀▀▀ ▀▀▀ █▓█ ▀▀▀ ▀▀▀ █▓█ ▀▀▀ █▓█ ▀▀▀ █
█ ▀▀▀ ▀▀▀ █▒█ ▀▀▀ ▀▀▀ █▒█ ▀▀▀ █▒█ ▀▀▀ ▀▀▀▀▀▀▄
█ ▀▀▀█████▓░ ▀▀▀██▓░█▒█ ▀▀▀ ▀▀▀██▓░█▒█ ▀▀▀ █▒█ ▀▀▀█████▓░ █
█ ▀▀▀ ▄▄▄▄▄▄ ▀▀▀ ▄▄ █░█ ▀▀▀ ▀▀▀ ▄▄ █░█ ▀▀▀ █░█ ▀▀▀ ▄▄▄▄▄▄▀
█ ▀▀▀ █ █ ▀▀▀ ██ █░█ ▀▀▀ ▀▀▀ ██ █░█ ▀▀▀ █░█ ▀▀▀ █▄▄▄▄▄▄
█ ▀▀▀ █ █ ▀▀▀ ██ █ █ ▀▀▀▄▄▄▄▄▄▄ ▀▀▀ ██ █ █ ▀▀▀▄▄▄▄█ █ ▀▀▀▄▄▄▄▄▄▄ █
▀▄▀▀▀▄▀ ▀▄▀▀▀▄▀▀▄▀▀▀▄▀▀▀▀▀▀▀▀▀▀▄▀▀▀▄▀▀▄▀▀▀▄▀▀▀▀▀▀▀▀▀▄▄▀▀▀▀▀▀▀▀▀▀▄▀
▀▀▀ ▀▀▀ ▀▀▀ ▀▀▀▀▀▀▀▀▀▀ ▀▀▀ ▀▀▀ ▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀
Facade is a tool and library for embedding, extracting and detecting arbitrary payloads in PNG files. (In certain cases, icon files too!) It is currently capable of adding arbitrary payloads to PNG and certain icon files in the following ways:
- Concatenation: Data can be arbitrarily appended to the end of a PNG file without disrupting the image data. This is the "quick and dirty" solution to adding payload data to a given PNG image, although extraction of the data is just as easy as adding it without the use of this tool.
tEXt
sections: A feature of PNG files istEXt
sections, which is PNG metadata to add arbitrary text to images. Typically, this metadata includes information about, for example, the software used to create the image. Facade base64 encodes payloads with a given keyword into these sections in order to still meet the text requirement of these sections. This is ideal if you wish to stick the payload in the PNG chunk data, but can be obvious when viewed in a hex editor.zTXt
sections: On top of atEXt
section, PNG images also featurezTXt
sections, which are zlib-compressedtEXt
sections. These, too, are base64-encoded before compression in order to conform to the text standard. This technique is a little less obvious, as the data is compressed and looks like any other binary data featured in the image (such as anIDAT
section).- Steganography: The final technique employed by facade is steganography in the image data itself. Specifically, it uses the least-significant-bit technique across 4 bits of the color channels to encode arbitrary data into the image. This is much less obvious than the other techniques from a binary image standpoint, but might produce visible noise within your target image. Additionally, unlike the previous techniques, it's limited by the size of the image in pixels, and requires a specific pixel format to work. Luckily, RGB and RGBA are very standard pixel configurations for most PNG images!
You may be wondering how all this applies to icon files. Well, on modern Windows, icon files can have a PNG entry! Meaning we can embed arbitrary payloads in certain icon files as well!
On top of being able to embed these payloads, the console application is also capable of extracting and detecting these payloads within images.
This readme specifically covers the binary release of facade. For the library portion, see the library readme or, better yet, the library documentation.
Facade uses the argparse library as a Git submodule, so it's not quite as straight-forward as cloning the repository, but it's still easy:
$ git clone https://github.com/frank2/facade.git
$ cd facade
$ git submodule update --init
This should be all you need to do to initialize the repository for the build step.
Facade has been compiled and tested against the following compilers:
- Microsoft Visual Studio 2019 (aka MSVC)
- gcc/g++ 10.2.1
- clang 9.0.1
Once you've completed the acquire step, install CMake for your platform, go to the root directory of the project and run the following commands:
$ mkdir build
$ cd build
$ cmake ../
$ cmake --build ./
You will most likely want to compile with optimizations to speed up the processing of PNG files. PNG data on large images is very processor-intensive when encoding images. For Windows, you can build a release build this way:
$ cmake --build ./ --config Release
For Unix-based systems, it's a little more complicated, as you have to build the make system with the build type. Do it this way:
$ cmake -DCMAKE_BUILD_TYPE=Release ../
$ cmake --build ./
For Unix-based systems, you can add a final step once the tool has been built:
$ cmake --install ./
This will install zlib (if not present on the system already), libfacade and the facade binary. If you don't want it in the default directories, build the project with a prefix in mind. The default is /usr/local
.
$ cmake -DCMAKE_INSTALL_PREFIX="/your/local/directory" ../
$ cmake --build ./
$ cmake --install ./
This will install the library and binary to /your/local/directory/lib
and /your/local/directory/bin
respectively.
For both operating systems, you can configure the binary and the library to used shared objects, which are DLLs on Windows.
$ cmake -DLIBFACADE_BUILD_SHARED=ON ../
$ cmake --build ./
Using the facade tool is pretty straight-forward. There are three main modules:
- create
- detect
- extract
For example, to create a steganographic payload within a PNG image, you can do this:
$ facade create -i image.png -o stego.png -s payload.bin
To see whether or not this stego payload is in the image, you can do this:
$ facade detect -s stego.png
And finally, to extract the stego payload from the image, you can do this:
$ facade extract -i stego.png -o ./extract-path -s
More detailed usage can be found by issuing the --help
argument on each subcommand.