7thSamurai
commented
5 months ago Hello,
First of all, sorry about the delay it took me to look at this. I haven't been very active on here as of late...
So, I was initially unable to duplicate your problem when attempting to embed the executable itself. This was apparently due to different executable sizes due to our different systems. I then instead tried embedding a null file of the same length as yours (635.36 KiB), generated using:
dd if=/dev/zero of=zeros.bin bs=1 count=650608 This method produced the exact same error as the one that you had received. After some further investigation, the problem seemed to occur when the embed file size was a multiple of 16.
The source of the issue ended up being the conditional check in this block of code right here:
The bug being that the mod 16 check was being preformed on the unaltered size variable and not the padded_size variable with the +1. Therefore if the input file size was a multiple of 16, then the one byte would be added, making it no longer a multiple of 16, and then the mod check would wrongfully fail and no padding would be applied. Which would latter cause the assert in AES::cbc_encrypt function to be triggered.
This has been fixed in commit 67e11d3.
Thank you for noticing this, much appreciated! I'm surprised it hadn't cropped up earlier!
Trying to embed steganography binary itself into a 1.3M png image: