Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet Media

New Service Converts Torrents Into PNG Images 297

jamie points out that a new web service, hid.im, will encode a torrent into a PNG image file, allowing it to be shared easily through forums or image hosting sites. Quoting TorrentFreak: "We have to admit that the usefulness of the service escaped us when we first discovered the project. So, we contacted Michael Nutt, one of the people running the project to find out what it's all about. 'It is an attempt to make torrents more resilient,' Michael told [us]. 'The difference is that you no longer need an indexing site to host your torrent file. Many forums will allow uploading images but not other types of files.' Hiding a torrent file inside an image is easy enough. Just select a torrent file stored on your local hard drive and Hid.im will take care the rest. The only limit to the service is that the size of the torrent file cannot exceed 250KB. ... People on the receiving end can decode the images and get the original .torrent file through a Firefox extension or bookmarklet. The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."
This discussion has been archived. No new comments can be posted.

New Service Converts Torrents Into PNG Images

Comments Filter:
  • by grub ( 11606 ) * <slashdot@grub.net> on Wednesday July 15, 2009 @08:43AM (#28702783) Homepage Journal

    The.Black.Hole.1979.dvdrip.xvid.torrent -> goatse.png
    ... you know you want to.

    .
    • Wouldn't really work. This isn't true steganography; it just generates an image based on the torrent file. tag should be "!steganography" not "steganography"

      • by duguk ( 589689 )

        Wouldn't really work. This isn't true steganography; it just generates an image based on the torrent file. tag should be "!steganography" not "steganography"

        It's more steganography than it is "renaming a .torrent file to a .png", that some people seem to think it is. Sure it's just some nice, but fairly simple encoding of a file into an image, but it's quite a neat idea. Give the guy some credit.

      • by goombah99 ( 560566 ) on Wednesday July 15, 2009 @09:39AM (#28703451)

        It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.

        let's work through the logic:
                If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.

              if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.

        so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.

        so it seems like this has no value as a means of hosting torrents.

        Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")

        • There are ways to circumvent that. For example, you could place the torrent information at a random address in the picture, and display that address in captcha-form in the picture itself. If you'd like to get the torrent information, you'd have to open the picture in your favorite image display tool, write down the address, enter the address in the decryption tool, and let it do it's work.

          There you go, no more hosting services filtering out .pngs containing torrents.
        • by elashish14 ( 1302231 ) <`profcalc4' `at' `gmail.com'> on Wednesday July 15, 2009 @10:38AM (#28704013)

          Parent is wise. It would be easy for any image hosting site to detect something like this. They would just have to scan it as they receive it. Nobody wins when you just encode it using a simple straightforward and one-time algorithm.

          What the authors need to do is provide some sort of key to decoding the torrent file. Instead of creating an entire image of it, they should instead take a standard image, and use some cypher method that would slightly distort the it (blur, stretch, etc.) in some way that would allow recovery of the torrent data. Then it wouldn't be obvious to the naked eye and you could just post the information necessary to decode the information from some other location. But is this worth the effort when torrents are still easy to find? Probably not yet, but in the future it may be.

        • by Sir_Lewk ( 967686 ) <sirlewk AT gmail DOT com> on Wednesday July 15, 2009 @11:10AM (#28704389)

          Anyone can then use slashdot's search feature

          I take it you've never actually tried to use slashdot's search function.

  • I still think the solution is to change TPB to a TpayB. Allow us to pay $1 for a movie and allow studios to save face and jump in. More hiding like this will just put the Congressmen in action to filter. If this path is chosen, we will all be living in wifi-caves before long.
  • What? (Score:5, Insightful)

    by geminidomino ( 614729 ) * on Wednesday July 15, 2009 @08:44AM (#28702793) Journal

    No "steganography" tag yet?

    Slashdot, I'm disappointed in you. :P

  • Still limited (Score:5, Insightful)

    by rnelsonee ( 98732 ) on Wednesday July 15, 2009 @08:45AM (#28702801)

    Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits [sooke.bc.ca].

    • by lxs ( 131946 ) on Wednesday July 15, 2009 @08:52AM (#28702909)

      Obviously you have never visited 4chan.

    • by tooyoung ( 853621 ) on Wednesday July 15, 2009 @09:19AM (#28703167)

      Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless.

      Yes, someone should invent a method for posting images on the internet and associating text with them.

      • Yes, someone should invent a method for posting images on the internet and associating text with them.

        You let me know when someone invents something that pirates can search easily, but the RIAA can't.

        What I got out of this is that they're obfuscating information to hide it. If they're just turning .torrents into images to post to forums, then, well I don't get its usefulness. I don't know of many forums that allow you to upload images but don't allow you to post a link to a URL, which could just point to the torrent.

      • to make that work someone would also have to invent a Text and Associated Image Peruser client and also a standard Peruser protocol.

    • if only there was user contributed website that contained listings of most media content!

    • Hosting a bunch of images doesn't do any good unless you have a text (or at least searchable) description of what you're downloading. Without context, warehoused information is useless. And these PNG files are just different representations of the same quasi-legal information (that is, they're still colored bits [sooke.bc.ca].

      That was my initial reaction as well.

      Instead of a .torrent file you've got a PNG, but I'm not sure how much that helps anyone.

      I don't think the complaint was ever that the information contained in the .torrent file was somehow infringing copyright or breaking laws... I believe the argument has been made that there's nothing actually copyrighted/illegal in the .torrent file itself, and judging from the results of recent court cases that argument doesn't seem to be working terribly well. The PNG still conta

      • by Hadlock ( 143607 )

        Some torrent sites already filter out HBO shows and American origin IP addresses. If TPB goes 100% legit then this becomes an easy way to distribute .torrents if you already have a twitter account and access to twitpic, just without the ability to browse by number of seeders/leechers. EZTV and a few others already post all their torrents to twitter for when the site goes down (their site is down currently).

    • by slim ( 1652 )

      I think the purpose of this is that you can put up a torrent, go to your favourite forum, and say "Hey, here's the .torrent for (some content)".

      Forums generally provide a means to embed pictures, but not other filetypes, such as torrents.

  • by Rooked_One ( 591287 ) on Wednesday July 15, 2009 @08:45AM (#28702807) Journal
    you mean the pirates are going to continue to beat out "the man" and get away with it?

    I'm just utterly shocked.
    • by jellomizer ( 103300 ) on Wednesday July 15, 2009 @08:57AM (#28702955)

      All "The Man" needs to do is modify the image. Which is rather common practice anyways.

      1. Insuring images are scaled properly.
      2. Reconverted so the images will fit in the Database.
      3. Insure you just have the image not a hack.
      4. lossy compression to save storage space.

      • Re: (Score:3, Insightful)

        by smallfries ( 601545 )

        Here we go with another technological arms race. How many image hosting sites will run the converter on all uploaded images and automatically reject those that contain an embedded file? Or just remove the steg and retain the basic image...

        So the next step will be some sort of keyed steg, with the keys distributed on some sort of centralised webserver.... oh no, actually that might break. But luckily keys are quite small and can be widely distributed as long as the image sites don't get a hold of them. It's

        • Don't forget a big whoops when a legitimate image file matches one of their filters and gets deleted, or when this becomes full blown steganography (which I'm sure it has by the time of this writing)

        • How do you know it contains a hidden file? I've written a file<->PNG converter, it's rather simple and you can do a large number of things to obfuscate it (reorder the bits, etc.) but overall, you can't really tell it's a 'file' unless you actually look at it. I think you're thinking of stenography, which this is not. This is changing the bits of the file into RGB values. PNG's lack of compression allows even conversion on the other side.

          • by Hadlock ( 143607 )

            Are your images PNGcrush-able? What happens if you PNGcrush the image?

            • I don't know what PNGcrush does but I'm 99% willing to bet it would break my procedure. There's probably tons of things I could do to optimize it, too. One thing I don't know if this service does, though, is use the alpha channel to make the dimensions of the picture smaller.

          • I think you're thinking of stenography.

            I don't think he is [wikipedia.org].

      • Presumably the people sharing will be posting these images on sites that don't do all of these things.
    • you mean the pirates are going to continue to beat out "the man" and get away with it?

      I believe Mr. Universe [wikipedia.org] expressed those very sentiments.

    • Re: (Score:3, Funny)

      you mean the pirates are going to continue to beat out "the man" and get away with it?

      I'm just utterly shocked.

      Oh just wait, PNG's won't be around much longer.
      Remember folks, when PNG's are outlawed only outlaws will have PNG's.

  • by lobiusmoop ( 305328 ) on Wednesday July 15, 2009 @08:46AM (#28702815) Homepage

    doesn't re-scale or tag your uploaded images first!

    • by JSBiff ( 87824 )

      . . . or automatically convert the image to a .jpg.

      • If the conversion process is resilient enough, it might not depend upon the image having an identical binary format.
        • Hmm, a binary picture like this one [ipernity.com]?

          (Just a picture of a wrecked building run through a threshold filter)

    • by slim ( 1652 )

      I don't think the content will be affected by tag modifications.

      These are pretty small images (one of the samples is 380x32) so rescaling isn't going to happen unless it's a deliberate attack on this technique. But there are far easier attacks if you're explicitly trying to block this exact technique.

  • I can download all of my pirated torrents and view pr0n in one convenient step? If so, this is one brilliant Nutt!
  • Why browser plugins? (Score:4, Interesting)

    by JSBiff ( 87824 ) on Wednesday July 15, 2009 @08:54AM (#28702927) Journal

    "The code is entirely open source and Michael Nutt told us that they are hoping for people to contribute to it by creating additional decoders supported by other browsers."

    Ok, ok, I do understand that a browser plugin adds some convenience, but how about a stand-alone version (native executable, or maybe something like a Java, Python, Perl, or Lisp program [which would be cross-platform]), which I can just run either as a GUI, or even a command line. . .

    png2torrent in.png out.torrent

    (heck, the original torrent filename might be stored in the png, so you might only need to specify the input file, and optionally an output path/filename if you want to change the name or extract to a different directory).

    Maybe a drag-and-drop icon on the desktop - drag the png to the icon, and it automatically creates the torrent on the desktop.

    • by Fross ( 83754 )

      It's open source, go for it. :)

  • All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image). Or alternatively, to implement software which destroys the included torrent before putting the image online.

    • Re:Won't work well (Score:5, Insightful)

      by slim ( 1652 ) <john AT hartnup DOT net> on Wednesday July 15, 2009 @09:17AM (#28703149) Homepage

      All sites hosting images will just be required to filter for those images which have torrents inside (it shouldn't be hard, just try to decode the torrent, and if you succeed, reject the image).

      Which just makes for an arms race, and one where the pirates can be more reactive than the authorities. Create new encoding methods, encode into different formats (MP3, JPEG, HTML, whatever).

      • Re: (Score:3, Insightful)

        by zwei2stein ( 782480 )

        Which is totally inconvenient for user that has to keep up with it... *AA wins with every step of arms race because users need to adapt.

        Andre regardless of images, there is more trouble: But they still need channel to share those files with public ... and to organize them and allow searching ... or you end up with closed communities of people who share them between themselves and network with other similar communities, which hinders casual torrent downloading.

        Which basically means *AA gets what they wanted

    • You can't destroy the torrent before putting the image online, because it's not steganography. You're not embedding the torrent data in an existing image, you're converting the torrent data into a visual representation.

      The images just look like random colored patterns when viewed normally.
      =Smidge=

    • I run a small Internet forum supported solely from member donations. We allow image attachments. The forum software we use is old, but the community is used to it and frankly it works fine for our purposes. If we were required to filter images for possible torrents hidden inside it would likely require that we: 1) Change forum software - a big time sink and something that would possibly cost us money or 2) Require us to invest in some sort of torrent filtering software (again time to set up and money to

    • All sites hosting images will just be required to filter for those images which have torrents inside

      I'd certainly need to be required--by law--to do that if I were the owner of any sort of image hosting website. "Try to decode the torrent" means time and computing power on my side, and for absolutely no benefit to me or my business. In fact rejecting images is actually bad for my business; it's actively pushing users away, all for the benefit of some mega-corp that isn't me and that frankly I don't care a

  • What's the point? (Score:3, Insightful)

    by Hatta ( 162192 ) * on Wednesday July 15, 2009 @08:56AM (#28702949) Journal

    If you're trying to post torrents into a web board that won't let you, wouldn't it be easier to encode the torrent to ASCII somehow? Say, MIME or yEnc? I mean, you want people to find the .torrent, so there's no point in hiding it with steganography.

    • Re:What's the point? (Score:4, Informative)

      by value_added ( 719364 ) on Wednesday July 15, 2009 @09:04AM (#28703025)

      Say, MIME ...?

      I think you mean base64.

      As for hiding it, I think that's sort of the point behind this scheme.

    • Like this?

      MIME-Version: 1.0

      Content-Type: application/x-bittorrent

      d8:announce30:http://tracker.prq.to/announce13:announce-listll30:http://tracker.prq.to/announceel44:http://vip.tracker.thepiratebay.org/announceel40:http://tracker.thepiratebay.org/announceel45:http://open.tracker.thepiratebay.org/announceee7:comment30:--- www.Yestorrent.com ---13:comment.utf-830:--- www.Yestorrent.com ---10:created by13:BitComet/0.9613:creation datei1237154572e8:encoding5:UTF-84:infod5:filesld6:lengthi5478058e

  • PNGs?! (Score:5, Funny)

    by Rik Sweeney ( 471717 ) on Wednesday July 15, 2009 @08:59AM (#28702977) Homepage

    OMG, who uses PNG files?! The compression routine is rubbish! I'm going to use this technology, but I'm going to convert the files to JPEG before I upload them. When people see how much smaller the file is that they have to download, they'll quickly move over to my way of thinking.

    • instead of difficult compression algorithms, I've a better solution for embedding text information in ascii porn. I'll share it as soon as the patent is granted.

    • Try lzip instead, you can get close to 100% compression that way, depending on how you specify the command line.

  • An example.. (Score:5, Informative)

    by Anonymous Coward on Wednesday July 15, 2009 @09:03AM (#28703011)
    Here's an example [imageshack.us]. It's the OpenOffice.org 3.1.0 win32 torrent taken from the OO.o site.
    • by Hadlock ( 143607 )

      It's a shame the default size isn't 100x100 pixels or 125x125... a more common size, particularly for VBB avatars and whatnot. 32x* will be considerably easier to filter/block by hosts.

    • I'd think it's a bit smaller than the original torrent, too... some torrents can get quite large. Can anyone check that? .torrent's are filtered where I'm at.
  • Alternatively (Score:2, Interesting)

    by planetmatt ( 1024599 )
    Couldn't you just use the comments section of a .tif file instead? At least then the picture could still look like kittens instead of a broken magic eye.
    • by duguk ( 589689 )

      Couldn't you just use the comments section of a .tif file instead? At least then the picture could still look like kittens instead of a broken magic eye.

      Most forums only allow PNG and JPEG, not TIFF. Nice thought though.

  • I'm half tempted to pop it open myself and add a feature that inserts a text description into the encoded PNG. Really, I don't think it would be too hard (hell, it could just have a few flag bits that tell the interpreter how much of the image needs to be cropped to remove the description.)
    • by dave420 ( 699308 )
      The header used by the format already describes where the data is in the image, so it already has the ability to ignore other stuff in the image.
  • IE6 FTW! (Score:2, Funny)

    by wangahrah ( 898109 )
    Lack of transparency support for your PNGs won't let those bastards see through the image to your thinly veiled P2P activity! Looks like IE6 just won the browser war.
  • by Blixinator ( 1585261 ) on Wednesday July 15, 2009 @09:21AM (#28703217)
    Take a .png of the Mona Lisa and convert it to a torrent and it downloads several thousand hours of voice notes by Da Vinci... and porn
  • by Pingh ( 1130313 ) on Wednesday July 15, 2009 @09:32AM (#28703363) Homepage
    A while ago it was a common thread on 4chan to have torrents hidden within rar files appended to jpgs. This lead to massive amount of virus infected files being uploaded. 4chan banned images that it could detect rar headers within. I can imagine similar practices would be up and about on other image boards as well.
  • by Steve S ( 35346 ) on Wednesday July 15, 2009 @09:48AM (#28703527)

    I built a utility that can be used for the same purpose back in april. http://cosmodro.me/blog/2009/apr/11/smuggle-improved/
    It's a small flash movie that can encode files into pngs and decode them back. It's not limited to torrents, so you can encode any file that's less than about 16MB.

  • by TerranFury ( 726743 ) on Wednesday July 15, 2009 @10:08AM (#28703707)

    Steganography hides data in an innocuous-looking "carrier" signal; e.g., a photo from your vacation; it's about hiding in plain sight. These images are not pictures of anything, and very obviously represent just a bunch of bits shoved into an image. It's the difference between a spy sending the message "So, I hear the Yankees won the other day" to communicate "assassinate the prime minister" to his partner, and sending the message "ENCRYPTED: XLAIHOIUHLEGDHGDLHSLKJHDGS" to his partner. The former avoids suspicion; the latter arouses it.

    Better would be to just shove the torrents into some "reserved" or "metadata" portion of the image format, say somewhere in the header, or after the last byte of the image data (or similar; I'm not super familiar with the implementation details of these formats).

  • !steganography (Score:4, Insightful)

    by Chris Pimlott ( 16212 ) on Wednesday July 15, 2009 @10:10AM (#28703721)

    This must be a different use of "hiding" that I'm aware of, which apparently means 'make it blatantly obvious that this image is encoding something'. The point of steganography is that the image doesn't appear to have any hidden data in it.

    So I suppose there might be some use for this, but it's not about to fool any hosting provider that dislikes torrents.

  • by uncanny ( 954868 ) on Wednesday July 15, 2009 @10:10AM (#28703723)
    So now, what this is telling me is that you can post porn videos INSIDE porn pictures? mind boggling!
  • by Anonymous Coward on Wednesday July 15, 2009 @10:12AM (#28703747)

    Why can't a forum owner scan all uploaded images for torrents using the same technology?

  • Similar to Spore (Score:4, Interesting)

    by kevmatic ( 1133523 ) on Wednesday July 15, 2009 @10:15AM (#28703787)
    I'm suprised no-one has mentioned this, but Spore Creation files are PNGs with a picture of the creation, with the data needed to create it in the game hidden in the alpha channel. This scheme, obviously, just generates a blurry group of pixels, but I wonder if you could change it somehow so the png looks like its contents... Like text of what's in the .torrent.

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...