Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Raúl Fraile#PHPDS15
Steganography
Hiding your secrets with PHP
E U Q W E X S A O S L Z U
L R T Z S R P V I Y E P N
H A F H G Z I P L M F I E
G U R I C E R T I F I E D
B L A A Q N T E T ...
Introduction to Steganography
https://leanpub.com/symfony-selfstudy
Steganography is the science of
concealing a hidden message in plain
sight in order to avoid detection.
Introduction
Introduction
steganos
graphein
στựữửνός
ữράφựư̆ν
covered, concealed, protected writing
Terminology
Embedding (E)
Extracting (D)
Cover (C) Message (M)
Stego-Object (S)
Key (K)
• Steganography: Hide the data from a
third party.

• Cryptography: Make data unreadable
by a third party.
Steganography /...
Prisoners’ problem
• Esoteric programming language with
only three lexical tokens: Space (ASCII
32), Tab (ASCII 9) and Line Feed (ASCII
10).
...
Motivation
Source: http://uk.businessinsider.com/david-cameron-encryption-apple-pgp-2015-1?r=US
• Protection of data alteration (digital
watermarking).
• Secretly communicate information.
• Anti-forensics mechanism.
Ap...
Techniques
Classical Steganography
Bacon’s Bilateral Cipher
A AAAAA
B AAAAB
C AAABA
D AAABB
E AABAA
F AABAB
G AABBA
H AABBB
I/J ABAAA
K ABAAB
L ABABA
M ABABB...
• Backmasking is a technique in which a
sound or message is recorded backward
onto a track that is meant to be played
forw...
Backmasking
If there's a bustle in your hedgerow,
don't be alarmed now, it's just a spring
clean for the May queen. Yes th...
• Some brand color laser printers add tiny
yellow dots to each page, that contain
encoded printer serial numbers and
times...
Printer steganography
Source: https://w2.eff.org/Privacy/printers/docucolor/
Morse code
Morse code
T O R T U R E
Source: http://youtu.be/BgelmcOdS38
Digital Steganography
Digital Steganography
LSB IN IMAGES
144 141 81
10010000 10001101 01010001
Hidden message: 101001…
145 140 81
10010001 1000...
Piet is a programming language in which
programs look like abstract paintings.
Piet
Composition with Red, Yellow and Blue....
525
Piet
Darkness change
Hue change None 1 2
None push pop
1 step add substract multiply
2 steps divide mod not
3 steps gr...
Piet
• We already have filesystems with support
for encryption, so they only can be read
with the password. But… the attacker
ma...
Steganographic filesystem
0 1 2 3 4 5 6 7 8
1.txt 2
2.txt 5
3.txt 7
3 4 EOF EOF EOF6 8
Boot FATFilesystem
Boot FATFilesyste...
• Network steganography uses communication
protocols and are harder to detect.
• Techniques:
• Steganophony: Delayed or co...
• Custom HTTP headers to include geeky
messages or as a recruiting tool.
• For example, booking.com:
• X-Recruiting: Like ...
SkyDe (Skype Hide)
Source: http://arxiv.org/pdf/1301.3632.pdf
• St e ga n o g r a p h i c m e t h o d fo r t h e
BitTorrent P2P file transfer service.
• It is based on modifying the ord...
StegTorrent
Source: http://www.computer.org/csdl/proceedings/spw/2013/5017/00/5017a151-abs.html
0 1 …
4 5
2
6
3
7
1100 10
• Spammimic embeds a message into
spam.
• There is tons of spam. Also, real spam is
usually dumb, so it's sometimes hard t...
Spammimic
Dear Professional , Your email address has been submitted
to us indicating your interest in our newsletter !
Thi...
Steganalysis
• Steganalysis is the study of detecting
messages hidden using steganography.
• The goal of steganalysis is to identify
su...
Steganalysis
144 141 81
10010000 10001101 01010001
Random
0
0,2
0,4
0,6
0,8
0 1
What about PHP?
Binary strings
• In PHP, strings are just a sequence of
bytes (C char type).
• PHP stores the length of strings
explicitly...
5
l l oh e*val
len
Binary strings
typedef union _zvalue_value {
long lval;
double dval;
struct {
char *val;
int len;
} str...
pack()/unpack()
• pack() packs data into a binary string
according to a given format.
• unpack() unpacks from a binary str...
pack()/unpack()
$now = new DateTime();
$id1 = 0x1f;
$id2 = 0x8b;
$cm = 0x08;
$flags = 0x00;
$mtime = $now->getTimestamp();...
pack()/unpack()
$gzip = file_get_contents(__DIR__ . '/test.gz');
/*
* Format:
* - C2: 2 bytes (id1, id2).
* - C1: 1 byte (...
Bitwise operators
• Bitwise operators allow evaluation and
manipulation of specific bits within an
integer.
• PHP provides ...
Bitwise operators
1 0 11 0 00 1
0 0 00 0 11 1
&
0 0 00 0 00 1
101
0x65
0145
0b01100101
200
0xc8
0310
0b11001000
64
0x40
01...
Bitwise operators
1 0 11 0 00 1
0 0 00 0 11 1
|
1 0 11 0 11 1
101
0x65
0145
0b01100101
200
0xc8
0310
0b11001000
237
0xed
0...
Bitwise operators
1 0 11 0 00 1
0 0 00 0 11 1
^
1 0 11 0 11 0
101
0x65
0145
0b01100101
200
0xc8
0310
0b11001000
173
0xad
0...
Bitwise operators
1 0 11 0 00 1 2<<
101
0x65
0145
0b01100101
404
0x194
0624
0b1010110100
1 0 11 0 11 0 0 0
x << y == x * p...
Bitwise operators
1 0 11 0 00 1 2>>
101
0x65
0145
0b01100101
25
0x19
031
0b00011001
1 1 00 0 0 0 1
x << y == x / pow(2, y)
Bitwise operators
1 0 11 0 00 1
~
101
0x65
0145
0b01100101
154
0x9a
0232
0b10011010
1 1 01 0 0 1 0
Bitwise operators
0X14
$flag & 0x04Read flag
Set flag
Unset flag
$flag | 0x04
$flag & ~0x04
0 0 0 1 0 1 0 0
0 0 0 0 0 1 0 0
&...
Demo #1: Hiding messages in
GZIP file headers
GZIP file format
CM FLGID1 ID2 MTIME XFL OS
CRC32 ISIZE
COMPRESSED STREAM
FTEXT FHCRC FEXTRA FNAME FCOMMENT
0FILE NAME
Sour...
Demo #1.1
Embedding messages into
GZIP FNAME header
/demos/demo1/demo1_1
raulfraile/steganography_talk
Demo #1: GZIP
Demo #2: Hiding data
into images
• PHP extension to use the
• It provides high level function to deal
directly with pixels (they will be used to
encode dat...
Demo #2.1
Embedding text data into
images (+ steganalysis)
/demos/demo2/demo2_1
raulfraile/steganography_talk
Demo #2.2
Embedding images into
images (+ steganalysis)
/demos/demo2/demo2_2
raulfraile/steganography_talk
Hiding code into code
Demo #3
• A polyglot is a program written in a valid
form of multiple programming
languages.
• Generally are written in a combinat...
polyglot.pl.php.py.rb.cpp
Polyglot programs
#/*<?php eval('echo "PHP Coden";'); __halt_compiler();?> */
#include <stdio.h>...
Demo #3.1
Embedding PHP code using
__halt_compiler()
/demos/demo3/demo3_1
raulfraile/steganography_talk
__halt_compiler()
• Halts the execution of the compiler.
• The byte position of the data start is
given by the __COMPILER_...
__halt_compiler()
23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p|
68 70 0a 3c 3f 70 68 70 0a 0a 50 68 6...
Demo #3.2
Hiding messages using
whitespace characters
/demos/demo3/demo3_2
raulfraile/steganography_talk
Demo #3.3
Hiding code using
whitespace characters
/demos/demo3/demo3_3
raulfraile/steganography_talk
Demo #3.4
Embedding Whitespace code in
empty lines of Docblocks
/demos/demo3/demo3_4
raulfraile/steganography_talk
Whitespace
• Esoteric programming language with
only three lexical tokens: Space (ASCII
32), Tab (ASCII 9) and Line Feed (...
hello_world.ws
Whitespace
Source: http://compsoc.dur.ac.uk/whitespace/
nikic/php-parser
• A PHP parser written in PHP.
• Useful for static code analysis, manipulation
and generation.
• Converts...
nikic/php-parser
Assignment
Variable Lnumber
If
Equal Statements
Echo
condition
Name: test Value: 1
Lnumber
Value: 1
Varia...
hello_world.ws
nikic/php-parser
$code = <<<CODE
<?php
$test = 1;
if (1 == $test) {
echo 'ok';
}
CODE;
$parser = new PhpPar...
nikic/php-parser
• The parser provides two main
components:
• NodeTraverser: For traversing and
visiting the node tree.
• ...
Questions?
raulfraile
raulfraile@gmail.com
Credits:
https://www.flickr.com/photos/ignotus/16132533706
https://www.flickr.com...
Upcoming SlideShare
Loading in …5
×

Steganography: Hiding your secrets with PHP

9,416 views

Published on

Steganography consists of hiding a secret message within another message. Unlike cryptography, steganography tries to achieve security through obscurity, hiding the very presence of the message. Ideally, the steganographic message will look identically to a normal message.

This talk examines different techniques to hide messages using steganography from the perspective of a PHP developer. From more classical techniques such as hiding an image within another image using the least significant bits of each pixel, to more advanced ones like using TCP/IP packets.

Published in: Technology

Steganography: Hiding your secrets with PHP

  1. 1. Raúl Fraile#PHPDS15 Steganography Hiding your secrets with PHP
  2. 2. E U Q W E X S A O S L Z U L R T Z S R P V I Y E P N H A F H G Z I P L M F I E G U R I C E R T I F I E D B L A A Q N T E T O R T T E K I M A D H S G N O 💩 A P O L Y G L O T A Y E S U A J E W H I T E S P A C E O B R F S A C I L I A P Y S T E G A N O G R A P H Y R A M C Y T I R W C P P A About me
  3. 3. Introduction to Steganography
  4. 4. https://leanpub.com/symfony-selfstudy
  5. 5. Steganography is the science of concealing a hidden message in plain sight in order to avoid detection. Introduction
  6. 6. Introduction steganos graphein στựữửνός ữράφựư̆ν covered, concealed, protected writing
  7. 7. Terminology Embedding (E) Extracting (D) Cover (C) Message (M) Stego-Object (S) Key (K)
  8. 8. • Steganography: Hide the data from a third party.
 • Cryptography: Make data unreadable by a third party. Steganography / Cryptography
  9. 9. Prisoners’ problem
  10. 10. • Esoteric programming language with only three lexical tokens: Space (ASCII 32), Tab (ASCII 9) and Line Feed (ASCII 10). • Stack based language with support for I/O, flow control and arithmetic operations. Motivation Source: http://youtu.be/u_kqM0gn63M
  11. 11. Motivation Source: http://uk.businessinsider.com/david-cameron-encryption-apple-pgp-2015-1?r=US
  12. 12. • Protection of data alteration (digital watermarking). • Secretly communicate information. • Anti-forensics mechanism. Applications
  13. 13. Techniques
  14. 14. Classical Steganography
  15. 15. Bacon’s Bilateral Cipher A AAAAA B AAAAB C AAABA D AAABB E AABAA F AABAB G AABBA H AABBB I/J ABAAA K ABAAB L ABABA M ABABB N ABBAA O ABBAB P ABBBA Q ABBBB R BAAAA S BAAAB T BAABA U/V BAABB W BABAA X BABAB Y BABBA Z BABBB Take the red pill BAABA AAAAA ABAAB AABAA BAABA AABBB AABAA BAAAA AABAA AAABB ABBBA ABAAA ABABA ABABA Steganography is the art or practice of concealing messages within other messages S t e g a n o g r a p h y i s t h e a r t o r p r a c t i c e o f c o n c e a l i n g m e s s a g e s w i t h i n o t h e r m e s s a g e s 70
  16. 16. • Backmasking is a technique in which a sound or message is recorded backward onto a track that is meant to be played forward. • It is a deliberate process, whereas a message found through phonetic reversal may be unintentional. Backmasking
  17. 17. Backmasking If there's a bustle in your hedgerow, don't be alarmed now, it's just a spring clean for the May queen. Yes there are two paths you can go by, but in the long run there's still time to change the road you're on. Oh here's to my sweet Satan. The one whose little path would make me sad, whose power is satan. He'll give those with him 666, there was a little toolshed where he made us suffer, sad Satan.
  18. 18. • Some brand color laser printers add tiny yellow dots to each page, that contain encoded printer serial numbers and timestamps. • Monochrome printers and copiers from major manufacturers also include the markings. • Most printers' codes have not been decoded. Printer steganography
  19. 19. Printer steganography Source: https://w2.eff.org/Privacy/printers/docucolor/
  20. 20. Morse code
  21. 21. Morse code T O R T U R E Source: http://youtu.be/BgelmcOdS38
  22. 22. Digital Steganography
  23. 23. Digital Steganography LSB IN IMAGES 144 141 81 10010000 10001101 01010001 Hidden message: 101001… 145 140 81 10010001 10001100 01010001 146 142 81 10010010 10001110 01010001
  24. 24. Piet is a programming language in which programs look like abstract paintings. Piet Composition with Red, Yellow and Blue. 1921, Piet Mondrian Source: http://www.dangermouse.net/esoteric/piet.html
  25. 25. 525 Piet Darkness change Hue change None 1 2 None push pop 1 step add substract multiply 2 steps divide mod not 3 steps greater pointer switch 4 steps duplicate roll in(number) 5 steps in(char) out(number) out(char) DP right CC left $ npiet example1.png ? 5 25 5
  26. 26. Piet
  27. 27. • We already have filesystems with support for encryption, so they only can be read with the password. But… the attacker may obtain it illegally or torture the user to give it up. • The steganographic filesystem goes one step further: it does not even show the existence of sensitive information (even when raw sectors of the hard disc are accessed). Steganographic filesystem
  28. 28. Steganographic filesystem 0 1 2 3 4 5 6 7 8 1.txt 2 2.txt 5 3.txt 7 3 4 EOF EOF EOF6 8 Boot FATFilesystem Boot FATFilesystem-level encryption PartitionSteganographic filesystem
  29. 29. • Network steganography uses communication protocols and are harder to detect. • Techniques: • Steganophony: Delayed or corrupted packets that would normally be ignored by the receiver. • WLAN Steganography: Transmission of steganograms in Wireless Local Area Networks Network Steganography
  30. 30. • Custom HTTP headers to include geeky messages or as a recruiting tool. • For example, booking.com: • X-Recruiting: Like HTTP headers? C o m e w r i t e o u r s : h t t p s : / / workingatbooking.com HTTP headers
  31. 31. SkyDe (Skype Hide) Source: http://arxiv.org/pdf/1301.3632.pdf
  32. 32. • St e ga n o g r a p h i c m e t h o d fo r t h e BitTorrent P2P file transfer service. • It is based on modifying the order of data packets in the peer-peer data exchange protocol. • Steganographic bandwidth of up to 270 b/s while introducing little transmission distortion and providing difficult detectability. StegTorrent
  33. 33. StegTorrent Source: http://www.computer.org/csdl/proceedings/spw/2013/5017/00/5017a151-abs.html 0 1 … 4 5 2 6 3 7 1100 10
  34. 34. • Spammimic embeds a message into spam. • There is tons of spam. Also, real spam is usually dumb, so it's sometimes hard to tell if it was written by a human or a machine. Spammimic
  35. 35. Spammimic Dear Professional , Your email address has been submitted to us indicating your interest in our newsletter ! This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 2516 , Title 9 , Section 303 . Do NOT confuse us with Internet scam artists . Why work for somebody else when you can become rich in 16 days . Have you ever noticed most everyone has a cellphone and nearly every commercial on television has a .com on in it ! Well, now is your chance to capitalize on this ! We will help you decrease perceived waiting time by 190% and deliver goods right to the customer's doorstep ! The best thing about our system is that it is absolutely risk free for you ! But don't believe us . Mrs Simpson of Maryland tried us and says "I was skeptical but it worked for me" . We assure you that we operate within all applicable laws ! We implore you - act now ! Sign up a friend and you get half off . Thanks . Message: attack Source: http://www.spammimic.com Disappearing Cryptography. Information Hiding: Steganography & Watermarking
  36. 36. Steganalysis
  37. 37. • Steganalysis is the study of detecting messages hidden using steganography. • The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. • The problem is generally handled with statistical analysis. Steganalysis
  38. 38. Steganalysis 144 141 81 10010000 10001101 01010001 Random 0 0,2 0,4 0,6 0,8 0 1
  39. 39. What about PHP?
  40. 40. Binary strings • In PHP, strings are just a sequence of bytes (C char type). • PHP stores the length of strings explicitly. Unlike C it does not need a zero termination to find the end of a string.
  41. 41. 5 l l oh e*val len Binary strings typedef union _zvalue_value { long lval; double dval; struct { char *val; int len; } str; HashTable *ht; zend_object_value obj; } zvalue_value; 6 091 21314 0123 88 $str[5] Big endian: 14 - 0 Little endian: 0 - 14 strlen()
  42. 42. pack()/unpack() • pack() packs data into a binary string according to a given format. • unpack() unpacks from a binary string into an array according to a given format.
  43. 43. pack()/unpack() $now = new DateTime(); $id1 = 0x1f; $id2 = 0x8b; $cm = 0x08; $flags = 0x00; $mtime = $now->getTimestamp(); //0x54c13374 /* * Format: * - C4: 4 bytes. * - V: Unsigned long, 32 bit, little endian byte order */ $binStr = pack('C4V', $id1, $id2, $cm, $flags, $mtime); file_put_contents(__DIR__ . '/test.gz', $binStr); 74 3308 001f 8b c1 54
  44. 44. pack()/unpack() $gzip = file_get_contents(__DIR__ . '/test.gz'); /* * Format: * - C2: 2 bytes (id1, id2). * - C1: 1 byte (cm), 1 byte (flags). * - V: Unsigned long, 32 bit, little endian byte order */ list($id1, $id2, $cm, $flags, $mtime) = array_values( unpack('C2id/C1cm/C1flags/Vmtime', $gzip) ); var_dump( dechex($id1), // 1f dechex($id2), // 8b dechex($cm), // 8 dechex($flags), // 0 dechex($mtime) // 54c13374 );
  45. 45. Bitwise operators • Bitwise operators allow evaluation and manipulation of specific bits within an integer. • PHP provides 6 bitwise operators: &, |, ^, ~, << and >>.
  46. 46. Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 & 0 0 00 0 00 1 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 64 0x40 0100 0b01000000
  47. 47. Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 | 1 0 11 0 11 1 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 237 0xed 0355 0b11101101
  48. 48. Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 ^ 1 0 11 0 11 0 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 173 0xad 0255 0b10101101
  49. 49. Bitwise operators 1 0 11 0 00 1 2<< 101 0x65 0145 0b01100101 404 0x194 0624 0b1010110100 1 0 11 0 11 0 0 0 x << y == x * pow(2, y)
  50. 50. Bitwise operators 1 0 11 0 00 1 2>> 101 0x65 0145 0b01100101 25 0x19 031 0b00011001 1 1 00 0 0 0 1 x << y == x / pow(2, y)
  51. 51. Bitwise operators 1 0 11 0 00 1 ~ 101 0x65 0145 0b01100101 154 0x9a 0232 0b10011010 1 1 01 0 0 1 0
  52. 52. Bitwise operators 0X14 $flag & 0x04Read flag Set flag Unset flag $flag | 0x04 $flag & ~0x04 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 & 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 | 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 0 1 1 1 1 1 0 1 1 & 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0
  53. 53. Demo #1: Hiding messages in GZIP file headers
  54. 54. GZIP file format CM FLGID1 ID2 MTIME XFL OS CRC32 ISIZE COMPRESSED STREAM FTEXT FHCRC FEXTRA FNAME FCOMMENT 0FILE NAME Source: https://tools.ietf.org/html/rfc1952
  55. 55. Demo #1.1 Embedding messages into GZIP FNAME header /demos/demo1/demo1_1 raulfraile/steganography_talk
  56. 56. Demo #1: GZIP
  57. 57. Demo #2: Hiding data into images
  58. 58. • PHP extension to use the • It provides high level function to deal directly with pixels (they will be used to encode data), such as imagecolorat() and imagesetpixel(). GD extension Source: http://libgd.bitbucket.org/
  59. 59. Demo #2.1 Embedding text data into images (+ steganalysis) /demos/demo2/demo2_1 raulfraile/steganography_talk
  60. 60. Demo #2.2 Embedding images into images (+ steganalysis) /demos/demo2/demo2_2 raulfraile/steganography_talk
  61. 61. Hiding code into code Demo #3
  62. 62. • A polyglot is a program written in a valid form of multiple programming languages. • Generally are written in a combination of C (which allows redefinition of tokens with a preprocessor) and a scripting language. Polyglot programs
  63. 63. polyglot.pl.php.py.rb.cpp Polyglot programs #/*<?php eval('echo "PHP Coden";'); __halt_compiler();?> */ #include <stdio.h> /* print ((("b" + "0" == 0) and eval('"Perl Coden"')) or (0 and "Ruby Coden" or "Python Code")); __DATA__ = 1 """"" __END__ ===== . ===== */ #ifdef __cplusplus char msg[9] = {'C','+','+',' ','C','o','d','e', 'n'}; #else char msg[7] = {'C',' ','C','o','d','e', 'n'}; #endif int main() { int i; for(i = 0; i < 9; ++i) putchar(msg[i]); return 0;} Source: https://gist.github.com/SaswatPadhi/2872457
  64. 64. Demo #3.1 Embedding PHP code using __halt_compiler() /demos/demo3/demo3_1 raulfraile/steganography_talk
  65. 65. __halt_compiler() • Halts the execution of the compiler. • The byte position of the data start is given by the __COMPILER_HALT_OFFSET__ constant. • PHAR files make use of this function to separate the stub (loader functionality) and the rest of the file (manifest, files and signature).
  66. 66. __halt_compiler() 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 77 6f 72 6c 64 21 27 3b 0a 0a 5f 5f 48 41 |o world!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| Source: http://www.slideshare.net/raulfraile/kernelinfect-creating-a-cryptovirus-for-symfony2-apps
  67. 67. Demo #3.2 Hiding messages using whitespace characters /demos/demo3/demo3_2 raulfraile/steganography_talk
  68. 68. Demo #3.3 Hiding code using whitespace characters /demos/demo3/demo3_3 raulfraile/steganography_talk
  69. 69. Demo #3.4 Embedding Whitespace code in empty lines of Docblocks /demos/demo3/demo3_4 raulfraile/steganography_talk
  70. 70. Whitespace • Esoteric programming language with only three lexical tokens: Space (ASCII 32), Tab (ASCII 9) and Line Feed (ASCII 10). • Stack based language with support for I/O, flow control and arithmetic operations.
  71. 71. hello_world.ws Whitespace Source: http://compsoc.dur.ac.uk/whitespace/
  72. 72. nikic/php-parser • A PHP parser written in PHP. • Useful for static code analysis, manipulation and generation. • Converts PHP code into an AST (Abstract Syntax Tree). • Uses a PHP 5.6 compliant grammar (backwards compatible with PHP 5.2+). Also, emulates tokens from different versions of the one running (for example, parse 5.6 code from 5.3). Source: https://github.com/nikic/PHP-Parser
  73. 73. nikic/php-parser Assignment Variable Lnumber If Equal Statements Echo condition Name: test Value: 1 Lnumber Value: 1 Variable Name: test left right String Value: ok $test = 1; if (1 == $test) { echo 'ok'; }
  74. 74. hello_world.ws nikic/php-parser $code = <<<CODE <?php $test = 1; if (1 == $test) { echo 'ok'; } CODE; $parser = new PhpParserParser( new PhpParserLexerEmulative ); $ast = $parser->parse($code);
  75. 75. nikic/php-parser • The parser provides two main components: • NodeTraverser: For traversing and visiting the node tree. • PrettyPrinter: To compile the AST back to PHP code.
  76. 76. Questions? raulfraile raulfraile@gmail.com Credits: https://www.flickr.com/photos/ignotus/16132533706 https://www.flickr.com/photos/sporkqueen/2525132547
 https://www.flickr.com/photos/kjarrett/15428375607 https://www.iconfinder.com/iconsets/hawcons

×