183 lines
4.4 KiB
C
183 lines
4.4 KiB
C
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <sodium.h>
|
|
#include "CRCLib.h"
|
|
#include "crc.h"
|
|
|
|
const long png_signature[8] = { 0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a };
|
|
const long idat_signature = 1229209940;
|
|
const long iend_signature = 1229278788;
|
|
const int working = 1;
|
|
|
|
int check_file_header(char *addr) {
|
|
int signature_match = 0;
|
|
for( int i = 0; i < 8; i++ ) {
|
|
if (addr[i] != png_signature[i]) {
|
|
signature_match = 1;
|
|
}
|
|
}
|
|
printf("Sig Match: %d\n", signature_match);
|
|
return signature_match;
|
|
|
|
}
|
|
|
|
|
|
int check_header_length(unsigned char *addr, long offset) {
|
|
unsigned int res = 0;
|
|
for( int i = 0; i < 4; i++ ) {
|
|
res |= addr[offset+i];
|
|
if (i < 3) {
|
|
res <<= 8;
|
|
}
|
|
}
|
|
return res;
|
|
}
|
|
|
|
unsigned long first_idat(unsigned char *addr) {
|
|
int idat_found = 0;
|
|
unsigned long offset = 8;
|
|
int jump_offset = 0;
|
|
int header_type = 0;
|
|
while(idat_found == 0) {
|
|
jump_offset = check_header_length(addr, offset);
|
|
header_type = check_header_length(addr, offset+4);
|
|
if(header_type == idat_signature) {
|
|
idat_found = 1;
|
|
} else {
|
|
offset = offset + jump_offset + 12;
|
|
}
|
|
}
|
|
return offset;
|
|
}
|
|
|
|
int total_idat(unsigned char *addr) {
|
|
int iend_found = 0;
|
|
int found_idat = 0;
|
|
unsigned long offset = 8;
|
|
int jump_offset = 0;
|
|
int header_type = 0;
|
|
while(iend_found == 0) {
|
|
jump_offset = check_header_length(addr, offset);
|
|
header_type = check_header_length(addr, offset+4);
|
|
if(header_type == iend_signature) {
|
|
iend_found = 1;
|
|
} else {
|
|
if(header_type == idat_signature) {
|
|
found_idat++;
|
|
}
|
|
offset = offset + jump_offset + 12;
|
|
}
|
|
}
|
|
return found_idat;
|
|
}
|
|
|
|
int update_file_crc(unsigned char *addr, unsigned long offset , unsigned int crc_num) {
|
|
int startCRC = 8 + offset + check_header_length(addr, offset);
|
|
unsigned char new_crc;
|
|
for(int i = 0; i < 4; i++) {
|
|
new_crc = crc_num >> (8*(3-i)) & 0xFF;
|
|
addr[startCRC+i] = new_crc;
|
|
}
|
|
}
|
|
|
|
int change_idat_content(unsigned char *addr, char *message, int accuracy, unsigned long offset) {
|
|
printf("Starting IDAT Tranform\n");
|
|
if(accuracy > 4) {
|
|
printf("Warning, accuracy cannot be larger than 4");
|
|
return EXIT_FAILURE;
|
|
}
|
|
if(accuracy > 2) {
|
|
printf("Notice, this could take a long time...");
|
|
}
|
|
if(total_idat(addr) < strlen(message)) {
|
|
printf("Warning, message exceeds IDAT amount");
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
int idat_length = check_header_length(addr, offset);
|
|
printf("IDAT: %d\n", idat_length);
|
|
|
|
int prop_found = 0;
|
|
long size = 1;
|
|
long rounds = 0;
|
|
unsigned int* idat_data = malloc(size * sizeof(unsigned int));
|
|
for(int i = 0; i < idat_length; i++) {
|
|
idat_data[i] = addr[i+offset+8];
|
|
size++;
|
|
int* new_idat_data = realloc(idat_data, size * sizeof(unsigned int));
|
|
}
|
|
unsigned int temp_idat_data[size];
|
|
while(prop_found == 0) {
|
|
for(int i = 0; i < idat_length; i++) {
|
|
temp_idat_data[i] = idat_data[i];
|
|
}
|
|
int r = randombytes_uniform(5) + 1;
|
|
int j = randombytes_uniform(idat_length);
|
|
|
|
temp_idat_data[j] = (temp_idat_data[j] + r) % 255;
|
|
unsigned char crc_check[size+4];
|
|
unsigned int idat_header[] = { 0x49, 0x44, 0x41, 0x54 };
|
|
for(int i = 0; i < 4; i++) {
|
|
crc_check[i] = idat_header[i];
|
|
}
|
|
for(int i = 0; i < size; i++) {
|
|
crc_check[i] = temp_idat_data[i+4];
|
|
}
|
|
unsigned int crcnum = crc(crc_check, idat_length);
|
|
//printf("New CRC: %08X\n", crcnum);
|
|
//printf("Test: %X\n", crcnum >> (8*3));
|
|
unsigned int checked_crc = crcnum >> (8*3);
|
|
rounds++;
|
|
if(checked_crc == 61) {
|
|
printf("Found %d in %d rounds\n", checked_crc ,rounds);
|
|
printf("Full CRC: %08X\n", crcnum);
|
|
printf("Original: %02X\n", idat_data[j]);
|
|
printf("Change offset: %d to hex: %02X\n", j, temp_idat_data[j]);
|
|
addr[offset+8+j] = temp_idat_data[j];
|
|
update_file_crc(addr, offset, crcnum);
|
|
prop_found = 1;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int create_cc_file(unsigned char *addr, unsigned long file_length) {
|
|
FILE *fp;
|
|
fp = fopen("png2.png", "w");
|
|
|
|
if(fp == NULL) {
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
for(int i = 0; i < file_length; i++){
|
|
fputc(addr[i], fp);
|
|
}
|
|
fclose(fp);
|
|
}
|
|
|
|
int main() {
|
|
FILE *fp;
|
|
unsigned int c;
|
|
unsigned char* myArray = calloc(1000, sizeof(unsigned char));
|
|
unsigned long i = 0;
|
|
unsigned long offset = 0;
|
|
char message[1];
|
|
if(sodium_init() == -1) {
|
|
return EXIT_FAILURE;
|
|
}
|
|
fp = fopen("./1.png", "rt");
|
|
while((c = fgetc(fp)) != EOF) {
|
|
myArray[i] = c;
|
|
i++;
|
|
}
|
|
fclose(fp);
|
|
offset = first_idat(myArray);
|
|
change_idat_content(myArray, message, 2, offset);
|
|
create_cc_file(myArray, i);
|
|
//int crcnum = crc(myArray, 19);
|
|
//printf("%08X\n", crcnum);
|
|
}
|