PNG_CC/crc.c

#include <stdio.h>
#include <zlib.h>
#include <assert.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <sodium.h>
#include "crc_util.h"
#include "CRCLib.h"
#include "crc.h"

#define CHUNK 8
const long idat_signature = 1229209940;
const long iend_signature = 1229278788;

int zlib_compress_data(unsigned char *data_chunk, size_t file_length) {
	int ret;
	unsigned int have;
	z_stream strm;
	unsigned char out[CHUNK];
	unsigned char in[CHUNK];

	printf("Len: %zu\n", file_length);

	errno=0;
	FILE *data_stream = fmemopen(data_chunk, file_length-1, "r");
	FILE *of = fopen("wow.wow", "w");
	if(data_stream == NULL) {
		perror("F MEM OPEN");
	}

	strm.zalloc = Z_NULL;
	strm.zfree = Z_NULL;
	strm.opaque = Z_NULL;
	strm.avail_in = 0;
	strm.next_in = Z_NULL;
	ret = inflateInit(&strm);
	if(ret != Z_OK) {
		return ret;
	}

	do {
		strm.avail_in = fread(in, 1, CHUNK, data_stream);
		if(ferror(data_stream)) {
			(void)inflateEnd(&strm);
			return Z_ERRNO;
		}
		if(strm.avail_in == 0) {
			break;
		}
		strm.next_in = in;

		do {
			strm.avail_out = CHUNK;
			strm.next_out = out;
			ret = inflate(&strm, Z_NO_FLUSH);
			assert(ret != Z_STREAM_ERROR);
			switch(ret) {
				case Z_NEED_DICT:
					ret = Z_DATA_ERROR;
				case Z_DATA_ERROR:
				case Z_MEM_ERROR:
					(void)inflateEnd(&strm);
					printf("Error: %d\n", ret);
					printf("MSG: %s\n", (char*)strm.msg);
					return ret;
			}
			have = CHUNK - strm.avail_out;
			fwrite(out, 1, have, of);
		} while(strm.avail_out == 0);
	} while(ret != Z_STREAM_END);

	(void)inflateEnd(&strm);

	printf("String: %s\n", out);

	return 1;
}

unsigned long first_idat(unsigned char *addr) {
	int idat_found = 0;
	unsigned long offset = 8;
	int jump_offset = 0;
	int header_type = 0;
	while(idat_found == 0) {
		jump_offset = check_header_length(addr, offset);
		header_type = check_header_length(addr, offset+4);
		if(header_type == idat_signature) {
			idat_found = 1;
		} else {
			offset = offset + jump_offset + 12;
		}
	}
	return offset;
}

int total_idat(unsigned char *addr) {
	int iend_found = 0;
	int found_idat = 0;
	unsigned long offset = 8;
	int jump_offset = 0;
	int header_type = 0;
	while(iend_found == 0) {
		jump_offset = check_header_length(addr, offset);
		header_type = check_header_length(addr, offset+4);
		if(header_type == iend_signature) {
			iend_found = 1;
		} else {
			if(header_type == idat_signature) {
				found_idat++;
			}
			offset = offset + jump_offset + 12;
		}
	}
	return found_idat;
}

int update_file_crc(unsigned char *addr, unsigned long offset , unsigned int crc_num) {
	int startCRC = 8 + offset + check_header_length(addr, offset);
	unsigned char new_crc;
	for(int i = 0; i < 4; i++) {
		new_crc = crc_num >> (8*(3-i)) & 0xFF;
		addr[startCRC+i] = new_crc;
	}
}

int change_idat_content(unsigned char *addr, char *message, int accuracy, unsigned long offset) {
	//printf("Starting IDAT Tranform\n");
	if(accuracy > 4) {
		printf("Warning, accuracy cannot be larger than 4");
		return EXIT_FAILURE;
	}
	if(accuracy > 2) {
		printf("Notice, this could take a long time...");
	}
	if(total_idat(addr) < strlen(message)) {
		printf("Warning, message exceeds IDAT amount");
		return EXIT_FAILURE;
	}

	int idat_length = check_header_length(addr, offset);
	printf("IDAT Length: %d\n", idat_length);

	int prop_found = 0;
	long size = 1;
	long rounds = 0;
	size_t idat_byte_length = 0;
	unsigned char* idat_data = calloc(size, sizeof(unsigned char));
	for(size_t i = 0; i <= idat_length; i++) {
		if(i == size) {
			size *= 2;
			idat_data = reallocarray(idat_data, size, sizeof(unsigned char));
		}
		idat_data[i] = addr[i+offset+8];
		idat_byte_length = i;
	}
	unsigned char temp_idat_data[idat_byte_length];
	while(prop_found == 0) {
		for(int i = 0; i <= idat_length; i++) {
			temp_idat_data[i] = idat_data[i];
		}
		int r = randombytes_uniform(5) + 1;
		int j = randombytes_uniform(idat_length);
		
		temp_idat_data[j] = (temp_idat_data[j] + r) % 255;
		unsigned char crc_check[size+4];
		unsigned int idat_header[] = { 0x49, 0x44, 0x41, 0x54 };
		for(int i = 0; i < 4; i++) {
			crc_check[i] = idat_header[i];
		}
		for(int i = 0; i < idat_byte_length; i++) {
			crc_check[i] = temp_idat_data[i+4];
		}
		unsigned int crcnum = crc(crc_check, idat_length);
		//printf("New CRC: %08X\n", crcnum);
		//printf("Test: %X\n", crcnum >> (8*3));
		unsigned int checked_crc = crcnum >> (8*3);
		rounds++;
		if(checked_crc == 61) {
			zlib_compress_data(temp_idat_data, idat_byte_length);
			printf("Found %d in %d rounds\n", checked_crc ,rounds);
			//printf("Full CRC: %08X\n", crcnum);
			//printf("Original: %02X\n", idat_data[j]);
			//printf("Change offset: %d to hex: %02X\n", j, temp_idat_data[j]);
			addr[offset+8+j] = temp_idat_data[j];
			update_file_crc(addr, offset, crcnum);
			prop_found = 1;
		}
	}

	return 0;
}

int main() {
	FILE *fp;
	unsigned int c;
	unsigned long file_data_cap = 8;
	unsigned char* file_data = calloc(file_data_cap, sizeof(unsigned char));
	size_t i = 0;
	unsigned long offset = 0;
	char message[1];
	if(sodium_init() == -1) {
		return EXIT_FAILURE;
	}
	fp = fopen("./1.png", "rt");
	for(size_t i = 0;(c = fgetc(fp)) != EOF; i++) {
		if(i == file_data_cap) {
			file_data_cap *= 2;
			file_data = reallocarray(file_data, file_data_cap, sizeof(unsigned char));
			if(file_data == NULL) {
				perror("FAILED ARRAY RESIZE");
				return EXIT_FAILURE;
			}
		}
		file_data[i] = c;
	}
	fclose(fp);
	offset = first_idat(file_data);
	change_idat_content(file_data, message, 1, offset);
	//create_cc_file(file_data, i);
}