search

guofei9987 / blind_watermark

Blind&Invisible Watermark ,图片盲水印,提取水印无须原图!
https://blindwatermark.github.io/blind_watermark/#/en/
MIT License
5.76k stars 684 forks source link

Attacks on the image does break the watermark #89

Open eroo36 opened 2 years ago

eroo36 commented 2 years ago

I tested with this website and with GIMP to edit the watermarked image and I only crop/resize the image slightly for example used a JPG image with result of JPG as well: file 1: original: 329x731 cropped : 310x710

file 2: original: 4624 × 3472 resized: 4204 × 3157

the cropped/resized image has broken watermark result when i decode it again.

Code I use to add wm: 

bwm1 = WaterMark(password_wm=1235)
bwm1.read_img(filepath)
wm = 'example'
bwm1.read_wm(wm, mode='str')
bwm1.embed(resultFilePath)
return send_file(f'temp/wm_{file.filename}')

Code I use to get wm: 

bwm2 = WaterMark(password_wm=1235)
wm_extract = bwm2.extract(filepath, wm_shape=len(bwm1.wm_bit), mode='str')
return jsonify({'watermark': wm_extract})
bhzhu203 commented 2 years ago

You need to recovery the pics to the original size. this method can have over 80% success rate

The most imortant is this:

# recover from attack:
recover_crop(template_file='output/2022-09-30_15-20.png', output_file_name='output/截屏攻击2_还原.png',
             loc=(x1, y1, x2, y2), image_o_shape=image_o_shape)

https://github.com/guofei9987/blind_watermark/blob/master/examples/example_str.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# embed string
import numpy as np
from blind_watermark import WaterMark
from blind_watermark import att
from blind_watermark.recover import estimate_crop_parameters, recover_crop

import cv2

bwm = WaterMark(password_img=77782589, password_wm=7758258)
bwm.read_img('pic/1648799417649ee7d05.png')
wm = '1998-2022 Yafe Co., Limited'
bwm.read_wm(wm, mode='str')
bwm.embed('output/embedded.png')

len_wm = len(bwm.wm_bit)  # 解水印需要用到长度
print('Put down the length of wm_bit {len_wm}'.format(len_wm=len_wm))

ori_img_shape = cv2.imread('pic/1648799417649ee7d05.png').shape[:2]  # 抗攻击有时需要知道原图的shape

# %% 解水印
bwm1 = WaterMark(password_img=77782589, password_wm=7758258)

wm_extract = bwm1.extract('output/embedded.png', wm_shape=len_wm, mode='str')
print("不攻击的提取结果:", wm_extract)
assert wm == wm_extract, '提取水印和原水印不一致'

# %% 截屏攻击 = 剪切攻击 + 缩放攻击 + 不知道攻击参数
'''
loc_r = ((0.1, 0.1), (0.7, 0.6))
scale = 0.7
_, (x1, y1, x2, y2) = att.cut_att2(input_filename='output/embedded.png', output_file_name='output/截屏攻击2.png',
                                   loc_r=loc_r, scale=scale)
print(f'Crop attack\'s real parameters: x1={x1},y1={y1},x2={x2},y2={y2}')
'''
# estimate crop attack parameters:
(x1, y1, x2, y2), image_o_shape, score, scale_infer = estimate_crop_parameters(original_file='pic/1648799417649ee7d05.png',
                                                                               template_file='output/2022-09-30_15-20.png',
                                                                               scale=(0.5, 2), search_num=200)

print(f'Crop attack\'s estimate parameters: x1={x1},y1={y1},x2={x2},y2={y2}. score={score}')

# recover from attack:
recover_crop(template_file='output/2022-09-30_15-20.png', output_file_name='output/截屏攻击2_还原.png',
             loc=(x1, y1, x2, y2), image_o_shape=image_o_shape)

bwm1 = WaterMark(password_wm=7758258, password_img=77782589)
wm_extract = bwm1.extract('output/截屏攻击2_还原.png', wm_shape=len_wm, mode='str')
print("截屏攻击,不知道攻击参数。提取结果:", wm_extract)
assert wm == wm_extract, '提取水印和原水印不一致'

'''

# %%缩放攻击
#att.resize_att(input_filename='output/embedded.png', output_file_name='output/缩放攻击.png', out_shape=(400, 300))
att.resize_att(input_filename='output/embedded1.png', output_file_name='output/缩放攻击_还原.png',
               out_shape=ori_img_shape[::-1])
# out_shape 是分辨率,需要颠倒一下

bwm1 = WaterMark(password_wm=7758258, password_img=77782589)
wm_extract = bwm1.extract('output/缩放攻击_还原.png', wm_shape=len_wm, mode='str')
print("缩放攻击后的提取结果:", wm_extract)
assert np.all(wm == wm_extract), '提取水印和原水印不一致'
# %%

'''