Someone just tweeted the entire works of Shakespeare with one tweet

Cal Jeffrey

TS Evangelist
Staff member

However, one researcher noticed that tweets would leave one form of metadata alone. So with a little coding ingenuity, David Buchanan was able to cram the entire works of Shakespeare into one tiny image and post it in a tweet.

Buchanan told Motherboard that Twitter does not touch a particular type of image metadata called ICC.

“So basically, I wrote a script which parses a JPG file and inserts a big blob of ICC metadata,” Buchanan said. “The metadata is carefully crafted so that all the required ZIP headers are in the right place.”

He noted that the process is not perfect and requires a lot of “fiddling.” It took him two hours to get all the compressed data into the image that is, appropriately, a low-res portrait of Shakespeare that says, “Unzip Me.”

"I tried reporting this techinque to twitter's bug bounty program, but it's #notabug."

Buchanan said he got the idea while he was trying to see how much raw data he could stuff into one tweet.

“A while later I had the idea to embed a ZIP file,” he said

After finding the tweet had successfully posted, Buchanan replied with instructions on how to extract the data. Followers were able to confirm that the files are all intact and contain the works as found in Project Gutenberg.

He acknowledges that the technique presents an opportunity for bad actors to distribute malware, but says this use case has already been employed, just with smaller packages.
“[Malware distribution] already has been possible via more ‘traditional’ steganography techniques, but this method allows you to pack in way more data.”

Buchanan said that he tried to collect a bug bounty from Twitter for the exploit, but was denied. Twitter told him it was not a bug. “Fair enough, but that just means we can have some fun with it,” he tweeted.

Steganography has also been used to secretly pass messages over social media. A browser extension called "Secretbook" allows users to embed a 140-character message with a password into an image and upload it to Facebook. Only those with the password can extract the message.

Permalink to story.



TS Evangelist
He might as well write a program that let's people attach huge amounts of data to their tweets. Maybe then they will consider it a bug.

Metadata has been exploited in the past. There is a known PHP exploit that can execute code secretly stored in image metadata. For example, a smart hacker can send a tweet with an image and hidden PHP code. The PHP code would run and execute the much larger hidden payload within the image.

Anyone who loads that tweet would be infected. Of course this is all assuming that you can slip PHP code somewhere but I'm sure it's possible.


TS Enthusiast
Getting checksum errors when trying to extract rar files from renamed zip with Archive Manager on Linux Mint 18.3. Any suggestions?


TS Rookie
Getting checksum errors when trying to extract rar files from renamed zip with Archive Manager on Linux Mint 18.3. Any suggestions?
I used 7-zip in Windows to extract 31 rar files (30 x 63KB, 1 x 3KB). This produced a warning about "data after the end of the payload data" and "the archive is open with offset", but the 31 rar seem fine. Next, I used 7-zip to extract the first rar file which resulted in a single 6,869 KB HTML file. The first rar file refers to the next rar file and so on.


TS Enthusiast
Actually, I got a clue from the Archive Manager error messages when attempting to open an extracted html file from its rar file:

Cannot find volume ~/Downloads/shakespeare.part002.rar
shakespeare.html - checksum error

Each one looks for the next one, so I realized I had to extract all into the same directory. Once I did that, it worked fine, and opened a web browser with all the works "strung together".

Devious! ;-}
  • Like
Reactions: Cal Jeffrey