888 888 8888888 8888888b. 8888888888 d8888 .d8888b. 8888888888 888b d888
888 888 888 888 "Y88b 888 d88888 d88P Y88b 888 8888b d8888
888 888 888 888 888 888 d88P888 888 888 888 88888b.d88888
8888888888 888 888 888 8888888 d88P 888 888 8888888 888Y88888P888
888 888 888 888 888 888 d88P 888 888 88888 888 888 Y888P 888
888 888 888 888 888 888 d88P 888 888 888 888 888 Y8P 888
888 888 888 888 .d88P 888 d8888888888 Y88b d88P 888 888 " 888
888 888 8888888 8888888P" 8888888888 d88P 888 "Y8888P88 8888888888 888 888
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄ ____ ______ ____ ▄ ▄
█ / / \ \ HIDEAGEM STEGANOGRAPHY PLATFORM █ . . █
█ /___ /________\ ___\ █ .-. .-. '.___.' █
█ \ \ / / ASTRAL SOFTWARE FROM THE FUTURE █ (_ \ / _) .' `. █
█ \ \ / / █ | : : █
█ \ \ / / COPYRIGHT 2024 WWW.CYBERGEM.NET █ | : : █
█ \ \ / / █ | `.___.' █
█ \/ LET'S DO COMPUTER STUFF ALL DAY █ █
█ █ █
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ █ ._____. .--. █
█ MMMMMSSSSSSSSSSSSSSSSSSSSSSSSSSddMMMMMSSSSSSMSSSSSSSSSS; █ | | / _`. █
█ MMMMSSSSSSSSSSSSSSSSSMSSSSS; ;SSdMMMMSSSSSSMMSSSSSSSSSS, █ | | (_) ( ) █
█ MMSSSSSSSMSSSSSMSSSSMMMSS."-.-":MMMMMSSSSMMMMSSMSSSMMSS █ _|_|_ '. / █
█ MSSSSSSSMSSSSMMMSSMMMPTMM;"-/\":MMM^" MMMSSMMMSSMM █ ' ' `--' █
█ SSSSSSSMMSSMMMMMMMMMP-.MMM : ;.;P dMMMMMMMMMP' █ █
█ SSMSSSMMMSMMMMMMMMMP :M;`: ;.'+"""t+dMMMMMMMMMMP █ _ █
█ MMMSSMMMMMMMMPTMMMM"""":P `.\// ' ""^^MMMMMMMP' █ .--. ' `:--.--. █
█ MMMMMMPTMMMMP="TMMMsg, \/ db`c" dMMMMMP" █ ( ) | | |_ █
█ MMMMMM TMMM d$$$b ^ /T$; ;-/TMMMP' Let's █ (_) / | | | ) █
█ MMMMM; .^`M; d$P^T$$b : $$ ::MMMMP hide some █ (_, | | |/ █
█ MMMMMM .-+d$$ $$$; ;. $$ ;;MMMP, Gems ! █ (J █
█ MMMMMMb _d$$$ $$$$ :$$$; :MMMMMMp. █ █
█ MMMMMM" " T$$$._.$$$; T$P.'MMMSSSSSSb █ _ █
█ MMM`TMb -")T$$$$$$P' `._ "" :MMSSSMMP' █ __ ' `:--.--. █
█ MMM / \ ' "T$$P" / :MMMMMMP' █ ___.' '.___ | | | █
█ MMSb`. ; " :MMMMMM' █ ____________ | | | █
█ MMSSb_lSSSb. .___. MMMMMP ,d88b.d88b, █ | | | .., █
█ MMMMSSSSSSSSb. .MMMMMM. 88888888888 █ `--': █
█ MMMMMMMMMMMSSSb .dMMMMMMMP `Y8888888Y' █ █
█ MMMMMMMMMMMMMSS; .dMMMMMMMMMM' `Y888Y' █ ... _ █
█ MMMMGEMMAMMMMb`;"-. .dMMMMMMMMMMP' `Y' █ .': \ /_) █
█ MMMMMMMMMMMMMMb: `'--.___.dMMMMMMMMMPP' █ .' \ /`. █
█ MMMMMMMMMMMMMMMb; dMMMMMMMMPPR █ `..' \ / ; █
█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █ .'`. \/ __.' █
█ █ █
█ ░░░░░░░░ ▒▒▒▒▒▒▒▒ ░░░░░░░░ █ █
█ ▓▓▓░░ ████████ ███▒▒ ▓▓▓▓▓▓▓▓ ▓▓▓░░ ████████ █ `-. .-' █
█ ▒▒▒▓▓ ░░ ██ ▒▒▒▒▒▒░░░██ ▒▒ ▓▓ ░░░░░░▒▒▒▓▓ ░░ ██+§¥µ██ █ .-"-._.-"-._.- : : █
█ ███▒▒ ▓▓ ░░░██ ▒▒ ▓▓▓░░ ██ ▒▒▒▓▓ ░░ ███▒▒ ▓▓ ░░░██$@¢¶██ █ .-"-._.-"-._.- --:--:-- █
█ ██ ▒▒ ▓▓▓▓▓▓███▒▒ ▓▓ ░░ ██████▓▓▓░░ ██ ▒▒ ▓▓▓▓▓▓████████ █ : : █
█ ██ ▒▒▒▒▒▒▒▒ ▒▒▒▓▓ ░░░░░░░░ ░░░██ ▒▒▒▒▒▒▒▒ █ .-' `-. █
█ ████████ ▓▓▓▓▓▓▓▓ ████████ CYBERGEM █ █
▀ ▀ ▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
HIDEAGEM is an experimental
tool for hiding files inside of images.
It's written in C++ and can be used via Python CLI and custom nodes in ComfyUI for Stable Diffusion.
WARNING: HIDEAGEM is experimental software! It may have unknown flaws or vulnerabilities. Use at own risk!
WARNING: HIDEAGEM has not yet been studied to determine its resistance to steganalysis (e.g. tools that calculate the probability of a hidden message being present in an image). So assume that it may be possible for adversaries to detect if an image is "suspicious."
For an in depth explanation of HIDEAGEM's algorithms and design, please see this post.
Development updates and support are available on Discord.
Steganography is about hiding the presence of a message; it's about concealing the existence of communication.
HIDEAGEM aims to be a next-generation steganography platform, combining modern cryptographic and steganographic techniques in order to facilitate fast, secure, and robust information hiding in cover media.
In addition to pursuing the traditional objective of steganography (stealth communication), other security properties of hiding message bits in large bit collections are being explored.
HIDEAGEM is designed to be expandable and adaptable, a platform from which various steganographic algorithms and techniques can be launched to conceal data within a variety of cover media types.
New stego algorithms can be incorporated into the program over time in order to support more file types and leverage new techniques.
List of general features and potential future development directions.
Current Features | Future Development
-------------------------------|---------------------------------------------------
Unicode passwords | Keyfiles
Tamper-proof Gem data | Mobile app
512-bit symmetric key | More stego algorithms
Secure Memory Handling | More cover media types
Multiple files per password | Split files across images
Multiple passwords per image | Web app (local execution)
Offline brute-force resistance | Browser extension (e.g. context menu Gem extract)
Use any crazy Unicode characters you want in your passwords: You can even use your favorite emojis; no one can stop you! 🐬
Note: The information below applies only to HIDEAGEM's current spatial domain algorithms that are compatible only with lossless image formats such as PNG, TIFF, and BMP.
If a Gem is successfully extracted and has the correct Gem Hash, then it is virtually guaranteed to be bit-for-bit the same Gem that you hid in the image.
If even a single bit of a Gem Pixel (a pixel that has Gem Data hidden inside of it) is corrupted then the Gem extraction will fail.
Tamper-proof comes at the cost of fragility: Small changes to Gem Images can make the data unrecoverable. They are fragile and can be broken by resizing, cropping, or mutating a pixel that contains Gem Data.
HIDEAGEM uses an experimental symmetric key system designed to work in concert with its steganographic algorithms.
The 512-bit key is generated using libsodium’s Argon2id password hashing function and the user supplied password.
Argon2id was selected because it offers configurable brute-force resistance parameters (such as memory requirements), and resistance to GPU brute-force attacks.
The Gem Data is encrypted using a 256-bit key derived from the 512-bit key, and is then hidden in the cover media using the 512-bit key. The 512-bit key must first be used to extract the entire encrypted Gem before the 256-bit key can be used to decrypt any of its bits.
You can learn more about the key system here.
NOTE: The key's ultimate strength is only as strong as the password. A very
long/random password is required to leverage all 512 bits of the key.
To achieve 512 bits of entropy with a password using the ASCII character set,
the password would have to be >= ~74 chars and each character perfectly random.
In order to try to mitigate potential side-channel attacks, libsodium's low level memory management functions are used to securely erase memory of keys, Gem files, and other sensitive data generated during the embed/extract processes.
It's also used to prevent sensitive data like keys from being swapped to disk.
You can think of images as encrypted write-once file folders or archives.
You can hide any number of files in an image using a single password, limited only by the image's embed capacity. They'll all be extracted at once when the correct password is entered.
The Gem Stream has an overhead of 52 bytes, and each Gem File an overhead of 8 bytes.
HIDEAGEM tries to compress all Gem Files with miniz (zlib) before encrypting them, which can sometimes reduce the number of bytes embedded substantially.
The max file size per Gem File and max bytes that can be embedded per Ocean is 16 exabytes.
HIDEAGEM currently supports hiding multiple sets of files using multiple passwords and a single image, however a UI hasn't been developed for using that feature yet.
The way it works is also a bit peculiar in that it's hierarchical: To access the next set of files you need all the passwords that came before it in addition to the file set's password.
So consider this a stealth feature that's probably not useful yet.
The Argon2id password hashing function is used to generate keys using the user supplied password.
The Master Key is generated using INTERACTIVE key parameters, which offers significant password brute-force resistance compared to using a regular hash function to generate the key.
HIDEAGEM is written in C++ and can be used in Python via a tiny API.
Custom nodes for ComfyUI Stable Diffusion platform are available, making it easy to integrate into 2D generative AI workflows.
The following external libraries are used:
All cryptographic operations, such as Gem Data encryption, hashing, and random number generation are done using libsodium's functions.
Key Generation: BLAKE2b hashing function and Argon2id password hashing algorithm
Gem Data Encryption: XChaCha20-Poly1305 symmetric encryption algorithm (256-bit key + 192-bit nonce)
CSPRNG Implementation: BLAKE2b hash and XChaCha20 stream cipher (256-bit seed + 192-bit nonce)
Additionally, libsodium's low level memory management functions are used to manage sensitive data such as keys and Gem Files.
A small library for managing Unicode strings. It's used to normalize Unicode passwords so that they'll work consistently between systems.
Gem Data compression is attempted with miniz (zlib implementation) before encryption.
Hold on to old versions of HIDEAGEM in case you need to migrate data.
Small changes to HIDEAGEM's code during this early phase of development can break backwards compatibility. New versions of HIDEAGEM may not be able to extract Gems hidden with older versions.
This won't be an issue once the code is considered stable, as the version system will from then onwards be used to provide backwards compatibility with all previous versions.
HIDEAGEM v.1 ships with with some nodes for ComfyUI. You can use them to hide Gems in your AI generated images, or any images saved on disk.
🚨 WARNING: ComfyUI's default save image node will reveal that HIDEAGEM was used in the PNG metadata !!!
It's important to use HIDEAGEM's SAVE IMAGE
node, as it doesn't save that metadata to the output PNG Gem image.
The nodes come with some example workspaces showing how to use them.
When fiding Gems, the console window will require user input to save Gems to disk, so after you start a Gem find switch over to ComfyUI's console to see what the result was.
How to compile HIDEAGEM and all dependencies from source:
- install cmake
- git clone --recurse-submodules https://github.com/CYBERGEM777/HIDEAGEM
- Navigate to
HIDEAGEM\builds\visual_studio\2022
- Run SETUP.BAT
- Open HIDEAGEM_CORE.sln in Visual Studio
- Set configuration to Release x64
- Build solution
Binaries will be produced in HIDEAGEM\bin
To test, install Python then:
pip install -r requirements.txt
python HIDEAGEM.py demo
Press CTRL + C to quit the demo.
First, install cmake
and make
, then:
git clone --recurse-submodules https://github.com/CYBERGEM777/HIDEAGEM
cd HIDEAGEM
make
Binaries will be produced in HIDEAGEM/bin
To test, install python3
then:
pip install -r requirements.txt
python HIDEAGEM.py demo
Press CTRL + C to quit the demo.
After building, HIDEAGEM can be used via HIDEAGEM.py:
cd HIDEAGEM
pip install -r requirements.txt
python HIDEAGEM.py [ args ]
HIDEAGEM can hide Gems (files) inside of any other file, which HIDEAGEM calls a bit Ocean.
HIDEAGEM.py will try to detect if the input Ocean is an image file, and if so will use only the image's pixel bytes as the bit Ocean. The rest of the image file will be completely discarded and the Gem image will be saved to the specified output directory as a .png image with the same file name as the input image.
To hide a Gem, just pass HIDEAGEM an Ocean, one or more Gem Files, and a password. If no output directory is specified, then the Gem hide will proceed but the output won't be saved to disk.
python HIDEAGEM.py hide --ocean MORIA.JPEG --files RUBY.TXT EMERALD.TXT SAPPHIRE.TXT --output gem_images/ --password mellon
The Gem text files will be hidden inside of the pixel bytes copied from MORIA.JPEG, and the resulting Gem image MORIA.PNG will be saved to the directory gem_images.
If an RGBA image is used as the Ocean, the alpha channel bytes and the RGB bytes of any fully transparent pixels will not be written to.
Finding Gems is simple ( if you have the password ! ):
python HIDEAGEM.py find --ocean MORIA.PNG --output gem_images/ --password mellon
HIDEAGEM will search for Gems in the Ocean MORIA.PNG with password "mellon" and if any are found save them to gem_images.
If Gem find is run without an output directory, the Gem Files will be extracted (if found) but nothing will be saved to disk.
WARNING: Experimental feature !!! Use at own risk !
HIDEAGEM can place a Time Trap enchantment on Gems so that it's harder to brute-force the password.
Time Traps have a level from 0 to 7 that changes how long it takes to extract the Gem and verify the password.
Level 0 has no addtional time added: Gem embedding and extracting takes the same time as without a Time Trap.
Levels 1 - 7 have longer extraction times, with 1 being the shortest and 7 the longest.
When the correct password is entered, the Gem is extracted using the Time Trap level specified when hiding the Gem.
When an incorrect password is entered, a random Time Trap level is fished from the Ocean with a high probability of catching the slowest one:
LEVEL 7 = 50% (1/2)
LEVEL 6 = 25% (1/4)
LEVEL 5 = 12.5% (1/8)
LEVEL 4 = 6.25% (1/16)
LEVEL 3 = 3.125% (1/32)
LEVEL 2 = 1.5625% (1/64)
LEVEL 1 = 0.78125% (1/128)
LEVEL 0 = 0.39062% (1/256)
Around half of password brute-force attempts will select level 7, no matter which level was used to hide the Gem (even level 0).
It's possible to hide Gems that take less than a second to extract, but take several minutes to attempt a single password brute-force attempt on.
The price of the Time Trap is convenience: Accidentally entering the wrong password can cost a lot of time, so it's not suitable for use in contexts where immediate wrong password feedback is required.
To add a Time Trap to a Gem, just add the --timetrap
flag, with an optional level from 0 to 7 (if none is specified, 0 is selected):
python HIDEAGEM.py hide --ocean MORIA.JPEG --files DIAMOND.TXT --output gem_images/ --password mellon --timetrap [level]
To find a Time Trap Gem, just add the --timetrap
flag (no need to include the level):
python HIDEAGEM.py find --ocean MORIA.PNG --output gem_images/ --password mellon --timetrap
Note that HIDEAGEM find
does not automatically look for Time Trap gems unless asked to.
If you want to watch HIDEAGEM generate random Gem Seals by hiding random data in a random Ocean, you can run demo mode:
python HIDEAGEM.py demo
If you want to see HIDEAGEM hide and find Gems as fast as it can, you can run some unit tests:
python HIDEAGEM.py unit
Press CTRL + C to exit both modes.
HIDEAGEM is licensed under a permissive license + MAGIC AI LICENSE [ MAGIC-AL]