Someone just tweeted the entire works of Shakespeare with one tweet

[Cal Jeffrey]

Why it matters: Steganography is a technique for hiding data within images, and it is not new. However, it can be tricky to upload those images to services like Twitter while keeping the data intact. Twitter strips most of the metadata from images when you post them, making it hard to post more than just a little bit of data.

However, one researcher noticed that tweets would leave one form of metadata alone. So with a little coding ingenuity, David Buchanan was able to cram the entire works of Shakespeare into one tiny image and post it in a tweet.

Assuming this all works out, the image in this tweet is also a valid ZIP archive, containing a multipart RAR archive, containing the complete works of Shakespeare.

This technique also survives twitter's thumbnailer :P pic.twitter.com/P0Owq9abRC

— Dаvіd Вucһаnаn (@David3141593) October 29, 2018

Buchanan told Motherboard that Twitter does not touch a particular type of image metadata called ICC.

“So basically, I wrote a script which parses a JPG file and inserts a big blob of ICC metadata,” Buchanan said. “The metadata is carefully crafted so that all the required ZIP headers are in the right place.”

He noted that the process is not perfect and requires a lot of “fiddling.” It took him two hours to get all the compressed data into the image that is, appropriately, a low-res portrait of Shakespeare that says, “Unzip Me.”

"I tried reporting this techinque to twitter's bug bounty program, but it's #notabug."

Buchanan said he got the idea while he was trying to see how much raw data he could stuff into one tweet.

“A while later I had the idea to embed a ZIP file,” he said

After finding the tweet had successfully posted, Buchanan replied with instructions on how to extract the data. Followers were able to confirm that the files are all intact and contain the works as found in Project Gutenberg.

He acknowledges that the technique presents an opportunity for bad actors to distribute malware, but says this use case has already been employed, just with smaller packages.
“[Malware distribution] already has been possible via more ‘traditional’ steganography techniques, but this method allows you to pack in way more data.”

I tried reporting this techinque to twitter's bug bounty program, but it's #notabug. Fair enough, but that just means we can have some fun with it

— Dаvіd Вucһаnаn (@David3141593) October 29, 2018

Buchanan said that he tried to collect a bug bounty from Twitter for the exploit, but was denied. Twitter told him it was not a bug. “Fair enough, but that just means we can have some fun with it,” he tweeted.

Steganography has also been used to secretly pass messages over social media. A browser extension called "Secretbook" allows users to embed a 140-character message with a password into an image and upload it to Facebook. Only those with the password can extract the message.

Permalink to story.

https://www.techspot.com/news/77209-someone-tweeted-entire-works-shakespeare-one-tweet.html

 

[GreenArrow]

Sweet if its not a bug its a fetcher. hence tweeter can be the next cloud storage platform.

 

[qking]

Sweet if its not a bug its a fetcher. hence tweeter can be the next cloud storage platform.

Just wow.

 

[Evernessince]

He might as well write a program that let's people attach huge amounts of data to their tweets. Maybe then they will consider it a bug.

Metadata has been exploited in the past. There is a known PHP exploit that can execute code secretly stored in image metadata. For example, a smart hacker can send a tweet with an image and hidden PHP code. The PHP code would run and execute the much larger hidden payload within the image.

Anyone who loads that tweet would be infected. Of course this is all assuming that you can slip PHP code somewhere but I'm sure it's possible.

 

[Reachable]

Though this be madness, yet there is method in't.

 

[woofer]

Getting checksum errors when trying to extract rar files from renamed zip with Archive Manager on Linux Mint 18.3. Any suggestions?

 

[Qrash]

Getting checksum errors when trying to extract rar files from renamed zip with Archive Manager on Linux Mint 18.3. Any suggestions?

I used 7-zip in Windows to extract 31 rar files (30 x 63KB, 1 x 3KB). This produced a warning about "data after the end of the payload data" and "the archive is open with offset", but the 31 rar seem fine. Next, I used 7-zip to extract the first rar file which resulted in a single 6,869 KB HTML file. The first rar file refers to the next rar file and so on.

 

[woofer]

Actually, I got a clue from the Archive Manager error messages when attempting to open an extracted html file from its rar file:

Cannot find volume ~/Downloads/shakespeare.part002.rar
shakespeare.html - checksum error

Each one looks for the next one, so I realized I had to extract all into the same directory. Once I did that, it worked fine, and opened a web browser with all the works "strung together".

Devious! ;-}

 

[Plutoisaplanet]

I've seen a webpage also function as an image before. The page embedded a link to itself as an image and it worked great! Inspect the source here: http://lcamtuf.coredump.cx/squirrel/

 

[GirlDownunder]

Glad to see independent thought, ingenuity, and imagination is still alive and well in our current state of "what-the-h*ll-happened" society.