Slashdot Mirror
New Service Converts Torrents Into PNG Images
jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak:
"We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
.
Trolling is a art,
I still think the solution is to change TPB to a TpayB. Allow us to pay $1 for a movie and allow studios to save face and jump in. More hiding like this will just put the Congressmen in action to filter. If this path is chosen, we will all be living in wifi-caves before long.
No "steganography" tag yet?
Slashdot, I'm disappointed in you. :P
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits.
you mean the pirates are going to continue to beat out "the man" and get away with it?
I'm just utterly shocked.
doesn't re-scale or tag your uploaded images first!
"I bless every day that I continue to live, for every day is pure profit."
And find ways to get aways with it.
huh?
huh?
"Hey folks, go to http://imagehostingsite.com/animals/cutebear.png to get The.Black.Hole.1979.dvdrip.xvid.torrent"
goatse.png->The.Black.Hole.1979.dvdrip.xvid.torrent
You know what to do...
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If the conversion process is resilient enough, it might not depend upon the image having an identical binary format.
My blog
I can download all of my pirated torrents and view pr0n in one convenient step? If so, this is one brilliant Nutt!
"The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
Ok, ok, I do understand that a browser plugin adds some convenience, but how about a stand-alone version (native executable, or maybe something like a Java, Python, Perl, or Lisp program [which would be cross-platform]), which I can just run either as a GUI, or even a command line. . .
png2torrent in.png out.torrent
(heck, the original torrent filename might be stored in the png, so you might only need to specify the input file, and optionally an output path/filename if you want to change the name or extract to a different directory).
Maybe a drag-and-drop icon on the desktop - drag the png to the icon, and it automatically creates the torrent on the desktop.
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image). Or alternatively, to implement software which destroys the included torrent before putting the image online.
The Tao of math: The numbers you can count are not the real numbers.
If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.
Give me Classic Slashdot or give me death!
OMG, who uses PNG files?! The compression routine is rubbish! I'm going to use this technology, but I'm going to convert the files to JPEG before I upload them. When people see how much smaller the file is that they have to download, they'll quickly move over to my way of thinking.
Summation 2
...on the contents of certain imageboards...
Filename extensions are a form of metadata, and I don't think it sets a good precedent to lie in the metadata for a file. It's bad enough that we have Windows hiding filename extensions from the user, and encouraging people to just double-click on a file to launch the associated app. This just seems like asking for more problems, as people try to double-click on mjthriller.png and it launches - and crashes - IE.
http://alternatives.rzero.com/
Here's an example. It's the OpenOffice.org 3.1.0 win32 torrent taken from the OO.o site.
Couldn't you just use the comments section of a .tif file instead? At least then the picture could still look like kittens instead of a broken magic eye.
I'm half tempted to pop it open myself and add a feature that inserts a text description into the encoded PNG. Really, I don't think it would be too hard (hell, it could just have a few flag bits that tell the interpreter how much of the image needs to be cropped to remove the description.)
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
Lack of transparency support for your PNGs won't let those bastards see through the image to your thinly veiled P2P activity! Looks like IE6 just won the browser war.
Take a .png of the Mona Lisa and convert it to a torrent and it downloads several thousand hours of voice notes by Da Vinci... and porn
"The Y chromosome is genetic. The odds are very good that if you are male then your father was too." -Internet Commenter
Both Azureus and uTorrent support it, maybe even more. For example in uTorrent, right click any torrent and choose "Copy Magnet URI" and use it in Open Location dialog. The torrent file is downloaded thru DHT network.
I think that commenter was being super sarcastic.
I wonder if this would be useful if the torrent data was also encrypted with your own secret key and then converted to an image. ...or a we just chasing our own tail?
Only the person with the secret key could then decode the image to find teh filez.
I don't know if it's detected by forum though.
ren *.torrent *.png
wouldnt?
(on windows...)
--AlexC
Just because I dont agree with climate change doesnt make me a troll
A while ago it was a common thread on 4chan to have torrents hidden within rar files appended to jpgs. This lead to massive amount of virus infected files being uploaded. 4chan banned images that it could detect rar headers within. I can imagine similar practices would be up and about on other image boards as well.
Most torrent files for feature length 1080p releases, especially those with DTS sound, are quite a bit larger than 250kB.
That would be the joke, going over your head.
Once you realize it is lossless you might even see a benefit
I think the lossless versus lossy bit was the crux of the joke. Converting the torrents to jpeg would lossily compress the torrent, thus breaking it upon decompression.
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
Some drink at the fountain of knowledge. Others just gargle.
if the images involved are on RIAA etc websites - just a thought. mind you.
I'll be impressed when they start hiding torrents in EXE files, like with hydan. Bloated installer archives (Nvidia drivers being a good example) should make for nice carriers for this. Or even better, expand to making it possible to hide the info in any kind of file.
I built a utility that can be used for the same purpose back in april. http://cosmodro.me/blog/2009/apr/11/smuggle-improved/
It's a small flash movie that can encode files into pngs and decode them back. It's not limited to torrents, so you can encode any file that's less than about 16MB.
------- Driver carries less than 64K of cache.
He was being ironic.
Whoooosh!!!
They see me trollin', they hatin'...
Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.
Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).
This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.
So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.
So now, what this is telling me is that you can post porn videos INSIDE porn pictures? mind boggling!
Why can't a forum owner scan all uploaded images for torrents using the same technology?
And not worry about the *transport?*
The Torrent file is just a little bit of text information, but what about the actual transfer, where huge amounts of data are transferred with the endpoints just flapping in the breeze, waiting for some authority figure to take notice? This is the 21st century. Shouldn't some cryptographic scheme be in place making it impossible for things like governments and XXAA's to take any interest in what goes on in the torrent transfer?
-fb Everything not expressly forbidden is now mandatory.
There's no way to send PMs here AFAICT, so here goes:
- Censorship is obscene.
Show goatse to your children, and let me know how that goes for you. i hope you don't have children. Or, make it your computer wall paper at work.
- Patriotism is bigotry.
Which would mean that loving your family is bigotry. Patriotism is nothing like bigotry (or racism). Bigotry and racism are about fear. Patriotism is about pride and love. Some people take patriotism too far and into the realm of nationalism, patriotism's evil little brother. Don't confuse the two.
- Slashdot 2.0 sucks.
Opinions are not facts and should not be expressed as such. Try something more adult, like... "I don't like Slashdot 2.0 because of X and Y".
And no, i won't be reading your whiny ass response. Try to learn and grow. Maybe be a bit less cynical.
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
I'm sure the process creates works of intrinsic art of themselves, new works.
Help stamp out iliturcy.
I'm suprised no-one has mentioned this, but Spore Creation files are PNGs with a picture of the creation, with the data needed to create it in the game hidden in the alpha channel. This scheme, obviously, just generates a blurry group of pixels, but I wonder if you could change it somehow so the png looks like its contents... Like text of what's in the .torrent.
250k? Instead of images, they should move to a file that's naturally larger and gives them more room to work... like movies! I can't wait until one movie is hidden inside another. Like I can download "The Fast and the Furious" but it's actually got "3:10 to Yuma" inside. Then maybe they can make a VLC plugin so when I open the container movie I see the hidden movie instead.
Somebody quick, get XZibit on this right away!
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
MAFIAA: We'll sue torrent hosters.
Web Site Operators: Make sure to convert all images that are uploaded and embed a stenographic message of "This image has been processed by (web site name here)"
Result: The Encoded torrent info is destroyed due to the subsequent stenography applied to the image.
I expect that code to be in drupal and damn near every CMS within the next month to avoid the MAFIAA.
-=[ Who Is John Galt? ]=-
Seven informative responses and not a mod point to spend. Maybe every logged in user should get a half mod point to spend every day. If two of those seven spent a tenth as long modding as talking, the misunderstanding would be corrected and closed.
Do these guys even know how Bittorrent works? A .torrent file is useless without a tracker. What tracker are these files using? Whatever THAT host is, why isn't it just hosting the .torrent files?
If you encode a .torrent into a PNG, invert the colors in Photoshop and decode the image back again, you get the torrent download and save alot of bandwidth.
Does this solution seem worthless to anybody else? It is less convenient to the users who have to download it, and it is full of potential problems, such as image hosting sites scanning their images for stuff like this and banning them, or simply resizing or compressing the images, and therefore corrupting the hidden data.
This solution is less convenient than the current one, which is to upload a torrent to a torrent hosting service, such as TPB or MiniNova, and then providing a link.
[PNG is] a bit like a barcode, only with more capacity since it's 2D and colour.
PNG also supports internal textual metadata. Example: Adobe Fireworks "... by default also stores meta data for layers, animation, vector data, text and effects [in PNG]."
- http://en.wikipedia.org/wiki/Portable_Network_Graphics
-kgj
WARNING! Your toddlers might violate a Patent! http://preview.tinyurl.com/22yk38
My parents have evidence of my prior art dating back to the mid 1980s on VHS-C. I'd show you but the cassette adapter is broken.
I can put my ed2k and magnet links right in here. No problem at all. :)
ed2k://|file|[DivX - ENG] Monty Python And The Holy Grail 1975.avi|734478336|DD25EDAE3F63726F19C9B86CE4F117DE|/
What a great technology from... 2000! ^^
In my opinion, BitTorrent was a huge step backwards. Imagine if Bram Cohen had created some darknet (which would be the logical next step) with the same success instead.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
well don't forget to include a description in plain text so it's search able. You could however post that in another comment with a link back to the hex torrent comment.
Some drink at the fountain of knowledge. Others just gargle.
Yes, it's detectable. But I think a lot of site maintainers have better things to do, than continuously work on the image-that's-not-used-as-an-image format du jour. If an image file decodes as an image file, then as a programmer I am done worrying about it, except for maybe secondary things, like "does the width cause it to fuck up the layout so that it needs rescaling?" It doesn't take much to sneak this by me. And that's not technical incompetence (flame me for my real mistakes (there are lot) but not this); it's just that blocking images based on possible meanings of their pixels, isn't something worth spending infinite time on.
Programmers are not going to play whack-a-mole. Turn this into whack-a-mole, and you've beaten me. I whitelist image files that behave like image files. I am not going to maintain (i.e. spend recurring time on) a blacklist.
At that point, maybe a human moderator might decide, "This image makes no sense," and see it as spam or something, and delete it. But that person isn't someone who keeps up with all the latest tech fluff and isn't going to know it's a torrent. The software could know it's a torrent and explain it to the moderator, but like I said, I'm not going to bother, because once I set down that road, it's a continuous job to keep up, and that's time I could spend doing real work instead.
If the hosting site doesn't have human moderators that are looking at the images and saying, "I don't get it, this was a discussion thread about lawnmowers, why did some user post a comment containing a picture of random colorful snow?" then it's not going to get blocked.
Parent is correct, also, a little software based on steghide does exactly what is mentionned here... It would be just a matter of putting everything in a firefox extension and you could have something much better than hid.im (although it is a good idea)
I really like the idea where, instead of a blob of color with no real meaning, you could use a representative image, like a movie-poster image...
You can concatenate anything onto the end of a GIF image and still have a valid file without any limit on payload size. The classic example is to append a zip file which keeps its "headers" at the end of the file and doesn't measure any offsets from the beginning. This allows you to attach anything to a GIF without having to have special tools to extract the payload.
I am becoming gerund, destroyer of verbs.
Would let you host them anonymously on freenet without the trouble of how to run a regular tracker on there.
There you can post descriptions to your hearts content.
---- Booth was a patriot ----
You just wiped my buddy's mind!
- Hiro
It would be easy enough to require an obscene amount of processing power to find the image. Simply run the image through an encryption algorithm 100 times. The end user could wait a few minutes to decrypt the image, but there's no way a website could do that.
Another way to do it is to include a decryption key as a captcha in the image.
A better option would be to encode the torrent's magnet URL into a QR code and the distribute that.
As mentioned by others, what are potentially reasonable methods for keying the input data to prevent trivial decoding, while providing decent usability?
One half assed way would be encoding using the DNS name of the intended image hosting service as a kind of salt, which would allow the firefox plugin to quickly pick up the salt based on the URL, but that wouldn't really help prevent the image hoster from decoding the image, only when the image is stored on an unintended server with a different DNS name. To preent the original image hoster from doing trivial decoding, there would have be some sort of contextual separation of the salt/key, maybe a comment tag or field which contains the actual text key. I suppose for a firefox plugin, right click an image to activate the plugin, and then you would be prompted to select a section of text for the key.
Another related idea is being able to use a preexisting image and modify/distort it. The problem with this is there would need to be a reference unmodified image to detect and determine the distortions and reverse them to decode the data. Because of the payload size issue, it would have to be a fairly large image to begin with, which is somewhat unattractive.
Host-proof hosting concepts really are hard to implement in reality.
OK OK, I won't mod him down like I was going to. But JESUS CHRIST goombah99, take a extra minute and proofread your post next time and fix all the errors! There's apparently something of value in there, but trying to read it makes my brain bleed.
One simple rule for its versus it's
I heard you like pr0n so I put pr0n in your pr0n, so you can watch pr0n while you download pr0n.
I imagine image hosting sites will have a hell of a time if you encrypt the torrent portion and add the key to the image. Imagine slapping a captcha on the image which is used to decode the contents.
At the moment people are afraid that companies can track them down using IP logs, contacting ISPs to obtain their details and then trying to sue. But that could easily change if someone came up with a worm which participates in p2p sharing on infected machines and imitates various p2p clients.
It would give really strong argument to people trying to defend themselves from these companies, by saying they had infection.
What do you think?
sweet, now on 4chan (and 12chan) not only will CP be hidden in a torrent, but a torrent will be hidden in CP...
life is good
Be seeing you...
Has nobody heard of them? http://en.wikipedia.org/wiki/QR_Code An established standard for encoding text as an image. Bonus is - any current smart phone with the right app can recognise qrcodes. There's dozens of open source libraries to encode and decode them.
Just post the output of 'gpg -a --store something.torrent'. On forum will block ascii text