search

bannsec / stegoVeritas

Yet another Stego Tool
GNU General Public License v2.0
349 stars 38 forks source link

Change file to python magic module #2

Closed bannsec closed 5 years ago

bannsec commented 7 years ago

Need to remove the dependency on the unix file command and use some platform independent python module for that.

Ref #1

huanglitong123 commented 7 years ago

Can you tell me details? Change which file?

bannsec commented 7 years ago

So i just switched it over. It's the fact that I was utilizing the GNU file command, which won't be installed by default on Windows machines. I haven't had a chance to test this, so let me know how it works for you.

You'll need to pip install python-magic

The changes are in the "noFileCommand" branch for now (https://github.com/Owlz/stegoVeritas/tree/noFileCommand).

huanglitong123 commented 7 years ago

windows7 x64 python 3.5.2

if I just install python-magic

result

F:\steganography\stegoVeritas-noFileCommand>python3 stegoveritas.py "miao~870F6C 667A6CDC0D1F533859E72C48E0.jpg" Type: JPEG (ISO 10918) Mode: RGB

Checking Meta Data

Exif Data

Image ResolutionUnit: Pixels/Inch Image XResolution: 144 Image YResolution: 144 Image Artist: key:m1a0@888 Image YCbCrPositioning: Centered

Checking for trailing data Running image filters Attempting to brute force LSB items Trying 0.0.0 Traceback (most recent call last): File "stegoveritas.py", line 70, in modules.image.run(fArray,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image__init.py", line 98, in run autoAnalysis(f,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image\init.py", line 37, in autoAnalysis modules.image.imageLSB.auto(f,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image\imageLSB.py", line 143, in auto testOutput(o,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image\imageLSB.py", line 23, in testOutput m = magic.from_buffer(b,mime=True) File "C:\Users\Admin\AppData\Local\Programs\Python\Python35-32\lib\site-packag es\python_magic-0.4.13-py3.5.egg\magic.py", line 142, in from_buffer File "C:\Users\Admin\AppData\Local\Programs\Python\Python35-32\lib\site-packag es\python_magic-0.4.13-py3.5.egg\magic.py", line 118, in _get_magic_type File "C:\Users\Admin\AppData\Local\Programs\Python\Python35-32\lib\site-packag es\python_magic-0.4.13-py3.5.egg\magic.py", line 67, in init__ File "C:\Users\Admin\AppData\Local\Programs\Python\Python35-32\lib\site-packag es\python_magic-0.4.13-py3.5.egg\magic.py", line 259, in magic_load File "C:\Users\Admin\AppData\Local\Programs\Python\Python35-32\lib\site-packag es\python_magic-0.4.13-py3.5.egg\magic.py", line 190, in errorcheck_negative_one

magic.MagicException: b'could not find any magic files!'

then I change the imageLSB.py file

changed code

def testOutput(b,args): import magic m = magic.Magic(magic_file="C:\GnuWin32\share\misc") m2 = m.from_buffer(b,mime=True) if m2 != 'application/octet-stream': m2 = magic.from_buffer(b,mime=False) print("Found something worth keeping!\n{0}".format(m))

Save it to disk

        with open(os.path.join(args.outDir,str(time.time())), "wb") as f:
            f.write(b)

result

Traceback (most recent call last): File "stegoveritas.py", line 70, in modules.image.run(fArray,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image__init.py line 98, in run autoAnalysis(f,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image\init__.py line 37, in autoAnalysis modules.image.imageLSB.auto(f,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image\imageLSB.py line 144, in auto testOutput(o,args) File "F:\steganography\stegoVeritas-noFileCommand\modules\image\imageLSB.py line 24, in testOutput m2 = m.from_buffer(b,mime=True) TypeError: from_buffer() got an unexpected keyword argument 'mime'

I guess that the magic.from_buffer have some problem, I know a little about magic.from_buffer,maybe you have some solutions

bannsec commented 7 years ago

Hmm.. So looks like this library (and most others I've seen) relies on libmagic. That said, one thing you probably want to do is provide the fill magic file path instead of the directory:

 m = magic.Magic(magic_file="C:\GnuWin32\share\misc\magic")

Another issue I'm seeing on the windows side is getting the proper DLLs (and right architecture for them) in the correct places. Not sure what a good answer is for now as it seems the Windows solutions for libmagic aren't the greatest.

I'll keep this issue open as a reminder.

bannsec commented 7 years ago

I should say, my guess is that the DLLs could be packaged with python and a smart setup script created for them so that libmagic will work out of the box. However, that would involve updating their rep/creating my own fork of it, as well as shipping with DLLs. Not a horrible thing, but not really what one wants to do with python either.

bannsec commented 5 years ago

This issue ticket is from well before the refactor. Not really a thing anymore.