如何在图像文件中找到隐藏文件(Jpg / Gif / Png) [英] How to find hidden files inside image files (Jpg/Gif/Png)
问题描述
我遇到了一个链接,显示了如何隐藏图像文件中的文件数量: http://lifehacker.com/282119/hide-files-inside-of-jpeg-images 有关检测的更多讨论: http://ask.metafilter.com/119943/How-to-detect-RARsEXEs-hidden-in-JPGs
I came across a link that shows how to hide number of files inside an image file: http://lifehacker.com/282119/hide-files-inside-of-jpeg-images more discussion on detection here: http://ask.metafilter.com/119943/How-to-detect-RARsEXEs-hidden-in-JPGs
我正在试图找出一种以编程方式检测图像文件是否隐藏在其中的其他文件的好方法?我应该尝试解压缩文件以查看是否有其他文件出来吗?
I'm trying to find out what is a good way to programmatically detect whether an image file has other files hidden inside it? Should I try unzipping the file to see if other files come out of it?
我没有以编程方式绑定,但在JVM上运行良好的东西会很棒。
I'm not bound programmatically but something that works well on the JVM would be great.
更新
一种方法:
这样的事情是否有效(由metafilter上的人建议)
Would something like this work (suggested by someone on metafilter)
$ cat orig.jpg test.zip > stacked.jpg
$ file stacked.jpg
stacked.jpg: JPEG image data, JFIF standard 1.01
$ convert stacked.jpg stripped.jpg # this is an ImageMagick command
$ ls -l
11483 orig.jpg
322399 stacked.jpg
11484 stripped.jpg
310916 test.zip
我可以使用JMagick来实现这种方法。
I could use JMagick for this approach.
推荐答案
很棒的问题!
如果想要检查所有内容是附加到
图像文件末尾的RAR或ZIP文件,然后通过 unrar 或 unzip 命令是
最简单的方法。
If all you want to check for is a RAR or ZIP file appended to the end of an
image file, then running it through the unrar or unzip command is the
easiest way to do it.
如果你想要更快但不太精确的检查,你可以检查一些
特殊文件格式签名,指示某些类型的文件。用于识别文件格式的
常用UNIX工具是 file 。它使用二进制文件的
数据库签名,其格式为 magic(5) >手册页。它不会在JPEG结尾处找到
的RAR文件,因为它只查看文件的开头为
尝试快速识别它们,但您可能能够修改其来源代码
做你想要的。您还可以重用其文件签名数据库。如果你看一下其数据库的档案文件部分在Rar文件部分中,它显示了:
If you want a faster but less exact check, you can check for some of the
special file format signatures that indicate certain types of files. The
usual UNIX tool to identify file format is file. It uses a
database of binary file signatures, whose format is
defined in the magic(5) man page. It won’t find a RAR file for
you at the end of a JPEG, because it only looks at the start of files to
try to identify them quickly, but you might be able to modify its source code
to do what you want. You could also reuse its database of file signatures. If you look at the archive file part of its database in the Rar files section, it shows this:
# RAR archiver (Greg Roelofs, newt@uchicago.edu)
0 string Rar! RAR archive data,
表示如果您的JPEG文件包含四个字节 Rar!
是可疑的。但你必须检查 Rar文件格式
spec 详细检查是否存在更多的Rar文件结构为
以避免误报 - 此网页还包含四个字节
Rar!但是没有附加隐藏文件:P
which indicates that if your JPEG file contains the four bytes Rar! that
would be suspicious. But you would have to examine the Rar file format
spec in detail to check whether more of the Rar file structure is
present to avoid false positives—this web page also contains the four bytes
Rar! but there are no hidden files attached to it :P
但如果有人知道您的自动检查的详细信息,他们可以轻松解决这些问题。最简单的解决方法是在将文件追加到JPEG之前,将文件的所有字节
反转。那么你的
签名都不会捕获文件的反转版本。
But if someone knows the details of your automated checks, they could easily work around them. The simplest workaround would be to reverse all the bytes of the files before appending them to the JPEG. Then none of your signatures would catch the reversed version of the file.
如果有人真想隐藏图像中的文件,有各种各样的方法可以做到这一点,你将无法轻易检测到。一般的
术语是隐写术。维基百科页,价格为
例子,显示一张树的图片,上面有一张隐藏在
里面的猫的照片。对于更简单的隐写方法,有统计测试,
可以表明对图片做了一些有趣的事情,但是如果有人
花了很多时间来提出他们自己的方法来隐藏其他文件
内部图片,您将无法检测到它。
If someone really wants to hide a file inside an image, there are all sorts of ways to do that that you won’t be able to detect easily. The general term for this is "steganography." The Wikipedia page, for example, shows a picture of trees that has a picture of a cat hidden inside it. For simpler steganographic methods, there are statistical tests that can indicate something funny has been done to a picture, but if someone spends a lot of time to come up with their own method to hide other files inside images, you won’t be able to detect it.
这篇关于如何在图像文件中找到隐藏文件(Jpg / Gif / Png)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
