hacker.org

HiGH Guys!

Perhaps i'm telling you too much - but I HAVE TO share this idea with you:

Did you ever thought about the next generation of File Sharing?

I did And thats what I invented:

A tool called "PicUp" that's taking advantage of the mass of free image hosting servers like www.imageshack.us and all the others!

The concept behind this is simple:

1. Converting any files or binary data to a collection of small bitmaps or .png files which are used as a kind of splitted container files for the desired data.

2. Uploading those encoded pictures to to one of the many (registration) free image hosting servers like www.imageshack.us or www.picoodle.com

3. (optional) use other image hosters wich support (URL based) server-to-server uploading to increase the possible download bandwith

4. Creating a single (steganophic encrypted) header PNG that contains all the direct URLs of the other data containing PNGs that you uploaded before - with all existing image mirrors.

5. Post the URL of the header image to any forum you prefer in order to allow others to download and decode these encoded images files...

-----------------------------------------------------------------------------------------------------------

Let's come to the challenge:

Try to decode the file stored in the following image:






--> "Pic it up - and Pic it down - share your pictures all around (the world)"


Please give me some feedback...

58 views yet and no one decoded the image - you're dissapointing me guys...

i only get junk when putting the image to raw

Nice Idea, but if it gets too popular, imagehoster'll lock this sort of pictures.

I agree with exby. It's far to easy to be recognized as hidden content.

From the visible structures I'd suspect you need to turn the picture by 90 degrees
before converting it to raw. Then you probably used some kind of compression
and/or encryption to garble your file(s). Decoding this without any knowledge of the
content or the algorithm will be quite hard and time consuming...
but probably fairly easy if (at least some) content is known.

Even if you use strong encryption, I guess your pictures will be banned by the image hosters
very soon.

What's your next idea?

I've got it.

There is no encrytion algorithm or compression used. It is a kind of raw format.
Try to find out the file format of the decoded file.

@c0rt3x : I sent you a PM.

ok, i kinda get the file now, but what's that 4 byte on the beginning?doesn look like size/crc
if i remove it it doesn't work :/

the size of the hidden file is at the "end" of the image. but the "header" or better let's say "footer" is encoded - but not encrypted....

I disagree withou in that point that the image hosters will be able to detect and delete these pictures that easily....

If if they put watermarks of somthing like this over the images would could destroy the data in it - we could use some kind of special data protection algo.

By the way there are really a lot of image hosters on the net: (And this is just a small number of them - if have tested so far...)

(ini. File for "NextShare.exe" - thats stored in the image...)

[GoodSites]
GoodSiteCount=102
GoodSite1=http://www.imagehosting.com/|http://www ... fileupload
GoodSite2=http://vnupload.com/|http://vnupload.co ... p|thefile4
GoodSite3=http://www.picsafe.de/|http://www.picsa ... ogin|files
GoodSite4=http://www.bilder-hochladen.net/|http:/ ... pictures[0]
GoodSite5=http://filehoster.net/|http://filehoste ... d|userfile
GoodSite6=http://image.becast.at/|http://image.be ... d.php|file
GoodSite7=http://www.bilderhoster.in/|http://www. ... p|thefile4
GoodSite8=http://pixload.org/startseite/home.html ... /|upload_a
GoodSite9=http://mepicture.net/|http://mepicture. ... p|userfile
GoodSite10=http://www.strathcl.com/upload/index.ph ... /|__upload
GoodSite11=http://www.filedealer.de/|http://www.fi ... .de//|file
GoodSite12=http://www.uploadmyfile.de/bildhoster/| ... .php|datei[]
GoodSite13=http://picpot.be/|http://picpot.be/inde ... ulti|datei[]
GoodSite14=http://schnuggelwelten.sc.funpic.de/upl ... .php|datei
GoodSite15=http://www.pixa.us/index.php|http://www ... p|userfile
GoodSite16=http://www.imgall.org/|http://www.imgal ... p|thefile4
GoodSite17=http://www.imagexplode.com/|http://www. ... |imagefile
GoodSite18=http://sn-upload.de/index.php|http://sn ... .php|datei
GoodSite19=http://ebild.ch/|http://ebild.ch/upload.php|remoteimg2
GoodSite20=http://www.hizliresim.com/|http://www.h ... php|upload
GoodSite21=http://www.yourupload.de/|http://www.yo ... |bilddatei
GoodSite22=http://www.2-mb.de/|http://www.2-mb.de//index.php|f
GoodSite23=http://www.webzter.eu/|http://www.webzt ... eck_resize
GoodSite24=http://www.imagetausch.de/|http://www.k ... php|bild_1
GoodSite25=http://www.ibitload.eu/|http://www.ibit ... .html|file
GoodSite26=http://www.fastup.de/|http://www.fastup ... .asp|file1
GoodSite27=http://zombiefilehost.com/|http://zombi ... com//|file
GoodSite28=http://thumbsnap.com/|http://thumbsnap. ... p|userfile
GoodSite29=http://www.petaimg.com/|http://www.peta ... x.php|file[]
GoodSite30=http://www.hochladen.info/|http://www.h ... in/|file_0
GoodSite31=http://www.imagegalore.com/|http://www. ... hp|thefile
GoodSite32=http://www.weupload.com/|http://www.weu ... .php|file3
GoodSite33=http://optical.fle.sh/|http://optical.f ... |imagefile
GoodSite34=http://www.filefeed.net/|http://www.fil ... p|thefile4
GoodSite35=http://bayimg.com/|http://bayimg.com//upload|file
GoodSite36=http://www.free-imagecode.com/de/upload ... gin.php|i4
GoodSite37=http://www.lupiupload.de/|http://www.lu ... p=1|file_1
GoodSite38=http://www.imgupp.com/|http://www.imgup ... =init|file
GoodSite39=http://www.sharezix.com/|http://www.sha ... hp|thefile
GoodSite40=http://www.uplodo.eu/upload.php|http:// ... d.php|file
GoodSite41=http://yukle.tc/|http://yukle.tc/http:/ ... /|userfile
GoodSite42=http://1-imagehost.com/|http://1-imageh ... p|pic_file
GoodSite43=http://pics.expload-upload.info/|http:/ ... nfo//|file
GoodSite44=http://pixcrawler.isp4p.net/.de/|http:/ ... hp|newname
GoodSite45=http://www.img-load.de/|http://www.img- ... php|image1
GoodSite46=http://www.gfx-hoster.de/|http://www.gf ... html|datei
GoodSite47=http://www.pictureuploadx.de/|http://ww ... d.php|file
GoodSite48=http://www.gfx-hoster.de/|http://www.gf ... html|datei
GoodSite49=http://image.becast.at/|http://image.be ... d.php|file
GoodSite50=http://www.uploadfilesystem.com/en/|htt ... hp|thefile
GoodSite51=http://www.fileload.eu/|http://www.file ... php|datei0
GoodSite52=http://www.imagecrate.de/|http://www.im ... pload|file
GoodSite53=http://www.pics.li/|http://www.pics.li/ ... uploadfile[]
GoodSite54=http://bayimg.com/|http://bayimg.com//upload|file
GoodSite55=http://www.simpload.com/|http://www.sim ... %2F|upload
GoodSite56=http://www.imagetitan.com/|http://www.i ... p|filename[]
GoodSite57=http://image.dkworld.de/|http://image.d ... .php|datei
GoodSite58=http://www.uploadfree.us/|http://www.up ... spx|Upload
GoodSite59=http://saved.im/hochladen|http://saved. ... dich|datei[]
GoodSite60=http://www.ld-host.de/|http://www.ld-ho ... load[file0]
GoodSite61=http://www.heatclick.com/|http://www.he ... d.php|file
GoodSite62=http://www.bilder-hosting.de/|http://ww ... g.de/|file
GoodSite63=http://www.olaolaonline.net/en_index.ph ... p|userfile[]
GoodSite64=http://www.mokiji.de/|http://www.mokiji ... hp|upl_img
GoodSite65=http://d4us.net/|http://dsdata.ath.cx//|Filedata
GoodSite66=http://grabmyfiles.com/|http://grabmyfi ... lic|file_3
GoodSite67=http://www.7pics.info/|http://www.7pics.info//|comment
GoodSite68=http://www.giraffeed.com/|http://www.gi ... php|image5
GoodSite69=http://www.picfront.org/|http://www.pic ... ding_image
GoodSite70=http://www.theimagehosting.com/|http:// ... php|_multi
GoodSite71=http://www.image-hosting.cx.la/|http:// ... e/|picture
GoodSite72=http://pikki.net/|http://pikki.net//upload.php|file
GoodSite73=http://imageup.de/|http://imageup.de/ht ... c.php|file
GoodSite74=http://www.image-dream.com/|http://de.z ... php|image2
GoodSite75=http://www.dumparump.com/index.php?imag ... filename[3]
GoodSite76=http://www.bildercache.de/upload.html|h ... einzelbild
GoodSite77=http://www.uploadannex.com/public|http: ... .php|image
GoodSite78=http://www.siteupload.de/|http://www.si ... p|filename
GoodSite79=http://www.imgu.de/|http://www.imgu.de/upload.php|image
GoodSite80=http://www.c-station.net/upload/quick.p ... ogin.php|1
GoodSite81=http://www.uploadftw.com/|http://www.up ... cgi|FILE10
GoodSite82=http://www.imagehosting.tv/|http://www. ... php|submit
GoodSite83=http://imgbox.co.uk/|http://imgbox.co.uk//|imagefile[]
GoodSite84=http://www.1wu.net/|http://www.1wu.net/ ... php|f_file
GoodSite85=http://www.imagehangar.com/|http://www. ... |imagefile
GoodSite86=http://www.iup.in/index.php?file=upload ... n|fupload6
GoodSite87=http://www.picfury.com/index.php|http:/ ... escription[]
GoodSite88=http://www.uploaditfree.com/|http://www ... php|upfile
GoodSite89=http://www.yourupload.de/|http://www.yo ... |bilddatei
GoodSite90=http://www.galaxyshare.com/|http://www. ... html|image
GoodSite91=http://imageanchor.com/|http://www.shoo ... .php|agree
GoodSite92=http://grafik.hosted4free.de/|http://gr ... hp|thefile
GoodSite93=http://loaditup.de/|http://loaditup.de/ ... oad/|datei
GoodSite94=http://www.lightroom.com/lr_pages/uploa ... .cgi|FILE1
GoodSite95=http://www.imagesocket.com/|http://www. ... /|userfile[]
GoodSite96=http://www.pictureupload.de/index.html| ... php|picurl
GoodSite97=http://pixerve.de/|http://pixerve.de/ht ... en/|bdatei
GoodSite98=http://www.imageshack.us/|http://www.im ... fileupload
GoodSite99=http://www.photoamp.com/|http://www.ima ... fileupload
GoodSite100=http://www.imagearmy.com/|http://www.im ... 2351475305
GoodSite101=http://www.directupload.net/|http://www ... image_link
GoodSite102=http://www.imagecabin.com/|http://www.i ... x.php|file[]

about the image hosters: you should probably save the max. image size aswell. what would you take as general maximum for the fileparts? i'd say at most 2MB, maybe even randomeized between 1-2MB.

ok, i still dont get what strange format you try to use here. why not simply do <size of the data (int64?)><CRC32><data><NUL padding>

and the image dimensions maybe so that you waste the least possible amout of pixels in NUL padding.

The maximal image size is automatically recognized before uploading... Yes randomizing the file size and the image width and height is a good idea - i thought about that allready a few days ago - but I did'n impement it yet. But im going to realise these extra features soon. As well as an automatic up- and download speed test for at atleast these sites I posted above...