Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

[OT] Perl Code Embedded in an Image

by ktross (Deacon)
on Mar 30, 2005 at 15:25 UTC ( #443504=obfuscated: print w/ replies, xml ) Need Help??

There has been a lot of talk about people of nefarious nature hiding information in otherwise normal looking images. After hearing about this prospect, I wondered if it was possible to make an image containing runnable perl code. For several days I had trouble getting around the image headers, as they all cause syntax errors. Eventually, Joost showed me the light of the -x switch.

As of now, my user image ktross's user image is a JAPH script, and a picture of a camel.

Steps to run:
  1. Download ktross's user image, also availible at my home node ktross
  2. Run perl with the -x switch : perl -x perlmonks.gif
  3. Enjoy :)

The code contained in the image is a re-run of System Independant Rand-JAPH, but I thought the concept was interesting.

Comment on [OT] Perl Code Embedded in an Image
Re: [OT] Perl Code Embedded in an Image
by Tanktalus (Canon) on Mar 30, 2005 at 16:52 UTC

    I have three words for you: ('sick!')x3

    ++Thanks!

Re: [OT] Perl Code Embedded in an Image
by NateTut (Deacon) on Mar 30, 2005 at 18:45 UTC
    Way cool. Your post will now be destroyed in the interests of national security.
Re: [OT] Perl Code Embedded in an Image
by merlyn (Sage) on Mar 30, 2005 at 19:01 UTC
Re: [OT] Perl Code Embedded in an Image
by cristian (Hermit) on Mar 30, 2005 at 20:13 UTC
    Great uuuuuffffff warning security trick . The investigation in your brain , yes is hacking.
Re: [OT] Perl Code Embedded in an Image
by cristian (Hermit) on Mar 30, 2005 at 20:59 UTC
    The code perl Embedded can be runing into execute , jpg , png , pdf anything with perl -x , great and more more and more
Re: [OT] Perl Code Embedded in an Image
by diotalevi (Canon) on Mar 31, 2005 at 14:01 UTC

    There's actually a related JavaScript security bug in Netscape 4.x about this. The text data is stored in a comment tag inside the image. When Netscape viewed the "About" page for the image, it also displayed the embedded comments. It didn't escape the input so any embedded JavaScript was then run in "local filesystem" context instead of "internet" context.

Re: [OT] Perl Code Embedded in an Image
by Ultra (Hermit) on Apr 04, 2005 at 18:20 UTC
    This is awesome!
    ++
    Dodge This!
Re: [OT] Perl Code Embedded in an Image
by ambrus (Abbot) on Oct 06, 2005 at 21:31 UTC

    Without having known about your post, I wondered on the same thing a few months later.

    I wanted an image that runs as a perl script without the -x switch or any other switches.

    First, I've decided that this was impossible to do with a PNG image, because perl chokes right away on its header.

    Then, I was looking at GIF, but I've found the specs too complicated, so I took it away.

    I've however produced a BMP (windows bitmap) that doubles as a JAPH. BMP is now displayed in most browsers, however it's not allowed to upload one as a monk image (maybe because when this was decided, Netscape 4 which doesn't have BMP support, was still common back then). Thus, I can only show this image off-site: japh.bmp.

    To try the perl part, download it and run with perl japh.bmp.

    (The japh this one has is a trivial one, but I can change it to any perl code of course.)

      I want to upload a copy of that file here in case you can't reach the external server. However, I don't want to just include it in code tags because that could break it (by eg. mangling newline characters).

      Thus, here's a perl script that you should run to reproduce the script: redirect its output to a file, say japh.bmp, then run the resulting file with perl like perl japh.bmp and/or view it with some image viewer program.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: obfuscated [id://443504]
Approved by Tanktalus
Front-paged by thor
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (10)
As of 2014-10-21 11:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (103 votes), past polls