Implementation for feature request #4

Breaking change to CLI introduces subcommands so normal usage requires encode subcommand (i.e. stegosaurust encode ... )

Disguise added as subcommand stegosaurust disguise /path/to/directory. 10 images are compressed and embedded in the binary making encoding slower (as images are decompressed), but decoding is normal. 10 images are cycled so if there are more than 10 images multiple of the same will be present. New image names are just base64 encoded old filenames so original can be retrieved, and old files are deleted.

Needs a bit more thought to error handling and neatness so will push some more changes soon. This is just an initial MVP for visibility. See the GIF for workings.

areas to improve:

• error handling
• security of base64 encoding filenames (effectively none)
• if a file is too large to be encoded it fails (skip over and carry on encoding?)
• more images to less repetitions

Also note: images are taken from unsplash so are free to use as per their license

Compress data to be encoded so more can be squeezed into an image. Of course, decompression needed on decoding.

May need to experiment when in pipeline to do compression:

• on raw data
• after encryption and base64

Could have command flag to use different compression algorithms (xz, gzip, bzip etc)

Interface to picsum image API for fetching image during disguise command. When a file is found to be disguised, the rough image size to fetch is calculated and fetched and then used to encode the file.

This means every file is encoded with a unique image, and no assets need to be stored in the binary which massively limited how many assets could be stored due to crates.io limit

Fixes #14 - asset best fit

Does so by iterating through assets until one is found that fits the data, or it loops back round to the first asset again at which point it skips the file.

Output from Logs

Logs show one file which gets encoded but not with the first asset found, and then a file which is too large to be encoded by any asset

[2022-07-14T10:49:11Z DEBUG stegosaurust::run] assets/images/cat-0.jpg too small to mask tmp/1/file.pdf
[2022-07-14T10:49:14Z DEBUG stegosaurust::run] encoding tmp/1/survey.pdf with assets/images/cat-1.jpg ==> tmp/1/ZmlsZS5wZGY=.png
[2022-07-14T10:49:28Z DEBUG stegosaurust::run] assets/images/cat-2.jpg too small to mask tmp/1/example-2.png
[2022-07-14T10:49:29Z DEBUG stegosaurust::run] assets/images/cat-3.jpg too small to mask tmp/1/example-2.png
[2022-07-14T10:49:30Z DEBUG stegosaurust::run] assets/images/cat-0.jpg too small to mask tmp/1/example-2.png
[2022-07-14T10:49:33Z DEBUG stegosaurust::run] assets/images/cat-1.jpg too small to mask tmp/1/example-2.png
[2022-07-14T10:49:33Z DEBUG stegosaurust::run] no asset large enough to mask tmp/1/example-2.png. Skipping file
[jj@arch:11:49: stegosaurust] λ RUST_LOG=debug cargo run -- disguise -d tmp/1 
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
     Running `target/debug/stegosaurust disguise -d tmp/1`
[2022-07-14T10:49:56Z DEBUG stegosaurust::run] decoding tmp/1/ZmlsZS5wZGY=.png ==> tmp/1/file.pdf
[2022-07-14T10:50:22Z WARN  stegosaurust::run] error decoding original filename from "tmp/1/example-2.png": InvalidLength

fixes #15 - file not found when running disguise

from disguise, was passing the asset file name to the encode procedure which attempted to load from the filesystem so this didn't work when outside the project directory.

fix by using the rust-embed Asset::get to load the embedded_data from the binary and pass the image data to the encode function itself

additionally ignores hidden files in the disguise subcommand's target directory

Version: 🦕 stegosaurust 0.4.1

Reproduce: stegosaurust disguise ~/Desktop

[2022-07-06T13:47:39Z ERROR stegosaurust::run] error encoding DirEntry("Desktop/.directory"): opening "assets/images/cat-2.jpg"
    
    Caused by:
        No such file or directory (os error 2)

Assets searching relative to where stegosaurust is run from.

Fix: Check documentation for rust-embed has a line for interpolating path relative to where Cargo.toml crate root is

When using the disguise subcommand, the assets are iterated over and encoding is attempted with the file skipped if an error occurs (e.g. due to file being larger than can be stored in the image)

But there may be another asset that could fit the image. Therefore the program should find this image if it exists and use it for compression.

Solution may be attempt encoding, if error due to max size exceeded:

• keep iterating through assets until succeed or first asset reached again (full circle so can't encode)
• keep map of asset and size that can be encoded. Key map to find image that can fit the content

In release v0.4.1 assets were deleted to bring the crates size within crates.io maximum upload size of 10MB.

It would be preferable to have more assets so the same ones aren't repeated over and over in a directory when using the disguise command.

Solutions may involve:

• getting an increase in this crates maximum allowed size
• compressing assets
• fetching assets remotely on the first run and caching them
• having assets of different sizes e.g. one at 1MB, one at 750KB, one at 500KB, ... and selecting best fit

Implement #4 - disguise all files in directory by masking with assets embedded in the binary.

:warning: PR introduces breaking changes to CLI interface with introduction of subcommands Previous behaviour now accessed with the enc (encode) subcommand.

Examples

• Old: echo message | stegosaurust -o out.png image.png and stegosaurust --decode out.png
• New: echo message | stegosaurust enc -o out.png image.png and stegosaurust enc --decode out.png

New Features

Disguise subcommand: stegosaurust disguise /path/to/directory All files are masked with steganography with images embedded in the binary. All* flags (compression, encryption, base64 etc.) can be used on the disguise subcommand and will be applied to all files.

*only the bit distribution cannot be used as on decoding each file would require a different "key" to unlock the linear bit distribution, so the bit distribution must be linear when using disguise.

See GIF below for example of new behaviour

Note: images are taken from unsplash so are free to use as per their license

implements #6 providing a linear bit distribution to spread message out evenly throughout an image. Default option is to use sequential encoding.

New behaviour

• use --distribution linear when encoding
• If linear is used when encoding, a "key" (number representing the number of pixels to generate based on the length of the message) is displayed. It is necessary to use this number when decoding to ensure the right pixels are selected (as the original message is unknown we need the length to determine which pixels to look at)
• use --distribution linear-N when decoding where N is the length output when encoding as described above

Bit hacky with the string parsing of distribution-N - perhaps better to switch to subcommands in the future

• implementation for #7 - compression.
• Adds a --compression/-c flag to the command line.
• Uses Bzip2 compression by default. Perhaps in future add support for selecting different algorithms

allow messages to be hidden in different files other than just images:

• videos/gif (each frame is an image which can use existing technique)
• word documents (use existing techniques to put messages in images contained within word doc)
• audio
• ...

Encryption with AES-256-CBC does not produce the same encrypted value as when using openssl.

Versions

• 🦕 Stegosaurust 0.2.1
• OpenSSL 1.1.1o 3 May 2022

Steps to Reproduce

echo "message" | stegosaurust -o /tmp/output.png -k password -b examples/stegosaurus.png
stegosaurust -d /tmp/output.png 
U2FsdGVkX181UW0xWkdxSUR29UYSXWm2dsewkAE+X2Q=
echo "message" | openssl enc -aes-256-cbc -pbkdf2 -a -pass pass:password
U2FsdGVkX1+i6Cvu1qVM1h3vkBlaBkUOgSq9BdVv+zg=

As seen: U2FsdGVkX181UW0xWkdxSUR29UYSXWm2dsewkAE+X2Q= != U2FsdGVkX1+i6Cvu1qVM1h3vkBlaBkUOgSq9BdVv+zg=

Expected Outcome

Encrypted values should match so that data encrypted with stegosaurust can be decrypted separately with openssl, and data encrypted with openssl and subsequently hidden in an image, is decrypted using stegosaurust.