New Service Converts Torrents Into PNG Images 297
jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak:
"We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
The race is on... (Score:5, Funny)
The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
.
Re: (Score:2)
Wouldn't really work. This isn't true steganography; it just generates an image based on the torrent file. tag should be "!steganography" not "steganography"
Re: (Score:2)
Wouldn't really work. This isn't true steganography; it just generates an image based on the torrent file. tag should be "!steganography" not "steganography"
It's more steganography than it is "renaming a .torrent file to a .png", that some people seem to think it is. Sure it's just some nice, but fairly simple encoding of a file into an image, but it's quite a neat idea. Give the guy some credit.
Why not just use slashdot instead? (Score:5, Insightful)
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
Re: (Score:2)
There you go, no more hosting services filtering out
Re:Why not just use slashdot instead? (Score:5, Interesting)
Parent is wise. It would be easy for any image hosting site to detect something like this. They would just have to scan it as they receive it. Nobody wins when you just encode it using a simple straightforward and one-time algorithm.
What the authors need to do is provide some sort of key to decoding the torrent file. Instead of creating an entire image of it, they should instead take a standard image, and use some cypher method that would slightly distort the it (blur, stretch, etc.) in some way that would allow recovery of the torrent data. Then it wouldn't be obvious to the naked eye and you could just post the information necessary to decode the information from some other location. But is this worth the effort when torrents are still easy to find? Probably not yet, but in the future it may be.
Re:Why not just use slashdot instead? (Score:5, Funny)
I take it you've never actually tried to use slashdot's search function.
Re:Why bother to hide it at all? (Score:5, Funny)
And if the xxAA gets the torrent from the image, they're illegally circumventing a technical protection measure!
Re: (Score:3, Insightful)
This is probably what uuencode is for.
Re: (Score:3, Funny)
The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
goatse.png->The.Black.Hole.1979.dvdrip.xvid.torrent
Well, that explains why in the UK piracy is down [arstechnica.com].
If I were a congressman, what would I do? (Score:3, Interesting)
Re: (Score:2, Informative)
Re: (Score:2)
What? (Score:5, Insightful)
No "steganography" tag yet?
Slashdot, I'm disappointed in you. :P
Re:What? (Score:5, Funny)
It's hidden in their header png.
Re:What? (Score:4, Insightful)
It's not steganography. It's an explicit PNG encoding of a torrent file. It's not a PNG of a kitten with a torrent hidden within so a casual viewer wouldn't realise.
Comment removed (Score:5, Informative)
Re: (Score:2)
Because that technique is for hiding a payload.
This technique is not a hiding technique. It's just a technique for getting past content-type based filters.
Still limited (Score:5, Insightful)
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits [sooke.bc.ca].
Re:Still limited (Score:5, Funny)
Obviously you have never visited 4chan.
Re: (Score:3, Insightful)
Most people prefer to keep things that way.
Re:Still limited (Score:5, Funny)
Yes, someone should invent a method for posting images on the internet and associating text with them.
Re: (Score:2)
Yes, someone should invent a method for posting images on the internet and associating text with them.
You let me know when someone invents something that pirates can search easily, but the RIAA can't.
What I got out of this is that they're obfuscating information to hide it. If they're just turning .torrents into images to post to forums, then, well I don't get its usefulness. I don't know of many forums that allow you to upload images but don't allow you to post a link to a URL, which could just point to the torrent.
Re: (Score:2)
to make that work someone would also have to invent a Text and Associated Image Peruser client and also a standard Peruser protocol.
Re: (Score:2)
if only there was user contributed website that contained listings of most media content!
Re: (Score:2)
Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits [sooke.bc.ca].
That was my initial reaction as well.
Instead of a .torrent file you've got a PNG, but I'm not sure how much that helps anyone.
I don't think the complaint was ever that the information contained in the .torrent file was somehow infringing copyright or breaking laws... I believe the argument has been made that there's nothing actually copyrighted/illegal in the .torrent file itself, and judging from the results of recent court cases that argument doesn't seem to be working terribly well. The PNG still conta
Re: (Score:2)
Some torrent sites already filter out HBO shows and American origin IP addresses. If TPB goes 100% legit then this becomes an easy way to distribute .torrents if you already have a twitter account and access to twitpic, just without the ability to browse by number of seeders/leechers. EZTV and a few others already post all their torrents to twitter for when the site goes down (their site is down currently).
Re: (Score:2)
I think the purpose of this is that you can put up a torrent, go to your favourite forum, and say "Hey, here's the .torrent for (some content)".
Forums generally provide a means to embed pictures, but not other filetypes, such as torrents.
Re: (Score:2)
You don't need an indexing site to host your torrent. You need an indexing site to help peers find your torrent.
And if you just want to post torrents to a forum that doesn't allow arbitrary uploads, encode the thing to ASCII with yEnc.
Re: (Score:2)
Doesn't that make the forum an indexing site? Hell, I know of a few trackers (mvgroup.org for instance) that simply use forums for indexing and distributing .torrents.
wait wait wait... (Score:5, Funny)
I'm just utterly shocked.
Re:wait wait wait... (Score:4, Insightful)
All "The Man" needs to do is modify the image. Which is rather common practice anyways.
1. Insuring images are scaled properly.
2. Reconverted so the images will fit in the Database.
3. Insure you just have the image not a hack.
4. lossy compression to save storage space.
Re: (Score:3, Insightful)
Here we go with another technological arms race. How many image hosting sites will run the converter on all uploaded images and automatically reject those that contain an embedded file? Or just remove the steg and retain the basic image...
So the next step will be some sort of keyed steg, with the keys distributed on some sort of centralised webserver.... oh no, actually that might break. But luckily keys are quite small and can be widely distributed as long as the image sites don't get a hold of them. It's
Re: (Score:2)
Don't forget a big whoops when a legitimate image file matches one of their filters and gets deleted, or when this becomes full blown steganography (which I'm sure it has by the time of this writing)
Re: (Score:2)
How do you know it contains a hidden file? I've written a file<->PNG converter, it's rather simple and you can do a large number of things to obfuscate it (reorder the bits, etc.) but overall, you can't really tell it's a 'file' unless you actually look at it. I think you're thinking of stenography, which this is not. This is changing the bits of the file into RGB values. PNG's lack of compression allows even conversion on the other side.
Re: (Score:2)
Are your images PNGcrush-able? What happens if you PNGcrush the image?
Re: (Score:2)
I don't know what PNGcrush does but I'm 99% willing to bet it would break my procedure. There's probably tons of things I could do to optimize it, too. One thing I don't know if this service does, though, is use the alpha channel to make the dimensions of the picture smaller.
Re: (Score:2)
Er, I should say I don't know PNGcrush works, as I do know what it does.
Re: (Score:2)
I think you're thinking of stenography.
I don't think he is [wikipedia.org].
Re: (Score:2)
Re: (Score:2)
you mean the pirates are going to continue to beat out "the man" and get away with it?
I believe Mr. Universe [wikipedia.org] expressed those very sentiments.
Re: (Score:3, Funny)
you mean the pirates are going to continue to beat out "the man" and get away with it?
I'm just utterly shocked.
Oh just wait, PNG's won't be around much longer.
Remember folks, when PNG's are outlawed only outlaws will have PNG's.
Re: (Score:2)
Probably the forum owners are not motivated to filter these.
Maybe their hosting company would. But probably only at the behest of some law enforcement power.
So what this is really doing is setting up a situation where if the governments tries to legislate, there's a response that goes, "wait a minute, you want us to scan and block *pictures*?
Just make sure your image hosting site... (Score:5, Insightful)
doesn't re-scale or tag your uploaded images first!
Re: (Score:2)
. . . or automatically convert the image to a .jpg.
Might Not Be a Problem (Score:2, Insightful)
Re: (Score:2)
Hmm, a binary picture like this one [ipernity.com]?
(Just a picture of a wrecked building run through a threshold filter)
Re: (Score:2)
The article doesn't go into detail, but since it's PNG, that suggest they're using ancillary chunks (iTXt/tEXt/zTXt) to store the torrent data. If that's the case, pngcrush or converting to another image format would kill the torrent.
Given the sample images shown on the article, I'd say it's more likely that they are using pixel data to encode the information. If this is the case then lossless conversion to another format wouldn't ruin it, but conversion to JPG would almost certainly scramble the bits.
I could try downloading a torrent of album covers and end up with an anal bum cover!
Re: (Score:2)
I don't think the content will be affected by tag modifications.
These are pretty small images (one of the samples is 380x32) so rescaling isn't going to happen unless it's a deliberate attack on this technique. But there are far easier attacks if you're explicitly trying to block this exact technique.
Does that mean... (Score:2, Funny)
Why browser plugins? (Score:4, Interesting)
"The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
Ok, ok, I do understand that a browser plugin adds some convenience, but how about a stand-alone version (native executable, or maybe something like a Java, Python, Perl, or Lisp program [which would be cross-platform]), which I can just run either as a GUI, or even a command line. . .
png2torrent in.png out.torrent
(heck, the original torrent filename might be stored in the png, so you might only need to specify the input file, and optionally an output path/filename if you want to change the name or extract to a different directory).
Maybe a drag-and-drop icon on the desktop - drag the png to the icon, and it automatically creates the torrent on the desktop.
Re: (Score:2)
It's open source, go for it. :)
Re: (Score:2)
What does the code do except from change the filetype extension from .torrent to .png and back and what is stopping me from doing that manually? Renaming manually 'example.torrent' to 'example.png' isn't exactly a hassle.
That's not what this does, otherwise forum software would reject it for not being an image. This software actually makes an IMAGE which is composed of the contents of the torrent, and can be converted back to a torrent file. It's nost just a rename of the file extension.
It's not lying - it IS actually an image, it just so happens to contain other data, if you look at it the right way. Try reading up on Steganography [wikipedia.org] (no, it's not really steganography, because its obvious it contains other day) - but hopefu
Re: (Score:2)
What does the code do except from change the filetype extension from .torrent to .png and back and what is stopping me from doing that manually?
It turns it into a valid PNG: something a PNG viewer can load.
The result looks like a horizontal strip of random pixels, size nx32 pixels (where n varies), with a block on the left that looks like "hid.im" in white on black.
http://www.hid.im/system/pngs/6/original/torrent.png?1246950724 [www.hid.im]
Re: (Score:2)
When in the hell did Slashdot sink this low? I thought there were even moderately technically people that posted here, not people that understand computers less than my mom does.
Won't work well (Score:2)
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image). Or alternatively, to implement software which destroys the included torrent before putting the image online.
Re:Won't work well (Score:5, Insightful)
All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image).
Which just makes for an arms race, and one where the pirates can be more reactive than the authorities. Create new encoding methods, encode into different formats (MP3, JPEG, HTML, whatever).
Re: (Score:3, Insightful)
Which is totally inconvenient for user that has to keep up with it... *AA wins with every step of arms race because users need to adapt.
Andre regardless of images, there is more trouble: But they still need channel to share those files with public ... and to organize them and allow searching ... or you end up with closed communities of people who share them between themselves and network with other similar communities, which hinders casual torrent downloading.
Which basically means *AA gets what they wanted
Re: (Score:2)
You can't destroy the torrent before putting the image online, because it's not steganography. You're not embedding the torrent data in an existing image, you're converting the torrent data into a visual representation.
The images just look like random colored patterns when viewed normally.
=Smidge=
Re: (Score:2)
I run a small Internet forum supported solely from member donations. We allow image attachments. The forum software we use is old, but the community is used to it and frankly it works fine for our purposes. If we were required to filter images for possible torrents hidden inside it would likely require that we: 1) Change forum software - a big time sink and something that would possibly cost us money or 2) Require us to invest in some sort of torrent filtering software (again time to set up and money to
Re: (Score:2)
I'd certainly need to be required--by law--to do that if I were the owner of any sort of image hosting website. "Try to decode the torrent" means time and computing power on my side, and for absolutely no benefit to me or my business. In fact rejecting images is actually bad for my business; it's actively pushing users away, all for the benefit of some mega-corp that isn't me and that frankly I don't care a
What's the point? (Score:3, Insightful)
If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.
Re:What's the point? (Score:4, Informative)
Say, MIME ...?
I think you mean base64.
As for hiding it, I think that's sort of the point behind this scheme.
Re: (Score:3, Insightful)
If the public can find it, so can the middleman. What am I missing?
Re: (Score:2)
Like this?
MIME-Version: 1.0
Content-Type: application/x-bittorrent
d8:announce30:http://tracker.prq.to/announce13:announce-listll30:http://tracker.prq.to/announceel44:http://vip.tracker.thepiratebay.org/announceel40:http://tracker.thepiratebay.org/announceel45:http://open.tracker.thepiratebay.org/announceee7:comment30:--- www.Yestorrent.com ---13:comment.utf-830:--- www.Yestorrent.com ---10:created by13:BitComet/0.9613:creation datei1237154572e8:encoding5:UTF-84:infod5:filesld6:lengthi5478058e
PNGs?! (Score:5, Funny)
OMG, who uses PNG files?! The compression routine is rubbish! I'm going to use this technology, but I'm going to convert the files to JPEG before I upload them. When people see how much smaller the file is that they have to download, they'll quickly move over to my way of thinking.
Re: (Score:2)
instead of difficult compression algorithms, I've a better solution for embedding text information in ascii porn. I'll share it as soon as the patent is granted.
Re: (Score:2)
Try lzip instead, you can get close to 100% compression that way, depending on how you specify the command line.
An example.. (Score:5, Informative)
Re: (Score:2)
It's a shame the default size isn't 100x100 pixels or 125x125... a more common size, particularly for VBB avatars and whatnot. 32x* will be considerably easier to filter/block by hosts.
Re: (Score:2)
Re: (Score:3, Funny)
Wow! It's a schooner.
Alternatively (Score:2, Interesting)
Re: (Score:2)
Couldn't you just use the comments section of a .tif file instead? At least then the picture could still look like kittens instead of a broken magic eye.
Most forums only allow PNG and JPEG, not TIFF. Nice thought though.
Excellent, it's open source. (Score:2, Informative)
Re: (Score:2)
IE6 FTW! (Score:2, Funny)
The REAL Da Vinci Code (Score:3, Funny)
4chan banned similiar images (Score:5, Interesting)
Re: (Score:2)
Except that this looks just like image data... Because it is! There's no 'appended' file. It's converted into image data, then reconverted at the end user. It will be a lot harder to detect this.
Re:4chan banned similiar images (Score:4, Interesting)
Nonsense. You just run it through the exact same torrent-data-extractor process that the end-user would use.
Why limit it to torrents? (Score:5, Informative)
I built a utility that can be used for the same purpose back in april. http://cosmodro.me/blog/2009/apr/11/smuggle-improved/
It's a small flash movie that can encode files into pngs and decode them back. It's not limited to torrents, so you can encode any file that's less than about 16MB.
Not really steganography... (Score:4, Insightful)
Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.
Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).
!steganography (Score:4, Insightful)
This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.
So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.
full rounded pr0n (Score:3, Funny)
Forums can use it too (Score:3, Insightful)
Why can't a forum owner scan all uploaded images for torrents using the same technology?
Similar to Spore (Score:4, Interesting)
Re: (Score:3, Interesting)
Re: (Score:2)
It is funny you say this, because corporate copyright holders have done just that and a huge number of people went "WAIT! That is not fair!11!!1!". Copyright legislation, law suits, DRM, etc are all adaptations to the reality created by people who have no morals or ethics and casually violate copyright law.
Re: (Score:2)
Re: (Score:2)
Also you know very damn well that people object to the fact that t
Re: (Score:2)
Re: (Score:2)
We have compassion for you, the anonymous internet troll. We pirate so that you can troll us with something other than the GNAA.
Re: (Score:2)
You misunderstand. It *is* a PNG. Load it with a PNG viewer and you'll see a fuzz of random looking pixels.
But it can be translated into a .torrent.
It's a bit like a barcode, only with more capacity since it's 2D and colour.
Re: (Score:2)
It's still a valid PNG, so it shouldn't crash IE when you open it. Based on the examples then it looks ugly as hell (it's more "render the file as-is but interpret as RGBA colours in a PNG" than "discretely hide the important data in some way" ala Spore's creature photos), but it is still an image.
That said, I wouldn't trust some versions of IE not to choke on standard 32-bit PNGs anyway :D
Re: (Score:2)
Re: (Score:2, Informative)
Instead, what they're doing here is encoding the data contained in a torrent file as valid image data. I'm not sure exactly what technique they're using, but the process is essentially analogous (though surely more complex) to treating each bit as a
Re: (Score:3, Informative)
Filename extensions are a form of metadata, and I don't think it sets a good precedent to lie in the metadata for a file. It's bad enough that we have Windows hiding filename extensions from the user, and encouraging people to just double-click on a file to launch the associated app. This just seems like asking for more problems, as people try to double-click on mjthriller.png and it launches - and crashes - IE.
I know, I know... This is Slashdot, nobody reads the article. But could you at least read the summary?
They aren't re-naming a file. They aren't just dropping the .torrent extension and replacing it with .png The resulting file isn't going to run any malicious code or do anything bizzarre.
They're encoding the bits of the .torrent file in a .png image. It actually creates an image. Looks like some kind of abstract/modern art kind of thing... Blocks of bright colors. You could open it with any graphics
Re: (Score:3, Informative)
This is for encoding the .torrent file. Not whatever it points to.
For example, I just found a torrent file for Terminator Salvation - 14kB
Re: (Score:3, Insightful)