Executable PNGs

[djhworld]

Author here, hello.

The post glosses over some aspects of the implementation, for example to fit some executables into an image you can optionally compress the data with gzip and encode that instead

It also supports encoding at two-bit and four-bit levels but obviously the grain starts becoming apparent in the output images

Also it puts a 40 byte or so "header" in the encoded output so the decoder can see how many bytes to read up to, validate a hash and check a magic. It's a bit basic but it's enough to get it to work.

Anyway this was fun, thanks for reading!

[codetrotter]

> It also supports encoding at two-bit [...] levels

Excellent! That was going to be my question after having just read the blog post and comments. Nice work!

[nicoty]

This might be of interest - https://github.com/chinarulezzz/pixload

[NiceWayToDoIT]

Vehicle for viruses/malware?

[sloshnmosh]

I’ve seen Android malware that imports and exfilterates compressed data disguised as GIF’s

[app4soft]

> to fit some executables into an image you can optionally compress the data with gzip and encode that instead

We already know such solution as "Rarjpeg"[0]: "letter file" + "letterbox file"[1]

Supported "letter files" (which could make box files selfexecutable):

- archives (selfexecutable): .rar/.7z

- other (not selfexecutable): any other files

Actually, supported "letterbox files" are:

- audio: .wav/.mp3/.aac/.amr

- image: .jpg/.png/.gif/.webp

- other: .torrent , .html

So, there are nothing new in your solution.

[0] http://lurkmore.to/Rarjpeg

[1] https://news.ycombinator.com/item?id=25329600

[djhworld]

Thanks, I didn't go into this expecting it to be new, or a production ready thing, I did it because it was dumb and I learned a few things along the way

[falcolas]

I appreciate you sharing your explorations. Novelty is overrated when it comes to learning.

[hootbootscoot]

"Novelty is overrated when it comes to learning."

I'm still trying to understand what this means.

I must admit to being aesthetically offended by any dismissal of novelty, but this is clearly an emotional reaction and I recognize that.

I agree that making an implementation of an existing thing can be a useful way to learn about it's structure. I really don't think that novelty and original work (i.e. a hacking exploit and it's writeup) are opposed to the previous sentence.

What does it mean to oppose novelty and learning?

[Twisol]

For what it's worth, I read this less as "dismissal" and more as a statement of orthogonality. Novelty is neither positively nor negatively correlated with learning; in other words, if your goal is to learn, novelty simply doesn't need to enter the equation.

> I really don't think that novelty and original work [...] are opposed to the previous sentence.

So I don't think you disagree with your parent comment.

[runamok]

E.g. when learning one should not also need to implement something new.

As an example making tic-tac-toe or a calculator or bubble sort are all tried and true exercises which you can find plenty of prior art on to compare and contrast your solution with.

Perhaps too many people don't try something because "it's been done to death".

[hootbootscoot]

I can't believe someone flagged a citation-laden dry-as-a-bone statement with no insults, rude words, etc.

I do think that that the author addressed this comment by saying that they don't CLAIM original work, but I find such use of the "flag post" tool to be disturbingly motivated and illogical.

[the_only_law]

> I can't believe someone flagged a citation-laden dry-as-a-bone statement with no insults, rude words, etc.

This is actually pretty common. Although it appears that it has been unflagged at this point.