隐写技巧——利用PNG文件格式隐藏Payload(二)

关注 2017-01-03 15:13:32 查看数 7596 ,评论数 0 专题
前一篇:隐写技巧——利用PNG文件格式隐藏Payload(一)

04  编写程序分析文件格式


开发工具:vc6.0 1、读取PNG文件 保存为example2.cpp,代码如下:
#include<stdio.h>
#include<string.h>
int main(int argc, char* argv[])
{
            FILE*fp;   
            if((fp=fopen("c:\\test\\test.png","rb+"))==NULL)
                        return0;   
            fseek(fp,0,SEEK_END);
            intlen=ftell(fp);
            unsignedchar *buf=new unsigned char[len];      
            fseek(fp,0,SEEK_SET);
            fread(buf,len,1,fp);
            printf("len=%d\n",len);
            for(inti=1;i<=len;i++)
            {
                        printf("%02X",buf[i-1]);
                        if(i%16==0)
                                    printf("\n");
            }
            fclose(fp);
            printf("\n");
            return0;         
}
如图,程序按照UltraEdit的格式输出,以便后续的格式分析 646 2、解析数据块结构 从第8字节开始,读前四字节为ChunkLength 对应的代码为: unsigned intChunkLen=(buf[0]<<24)|(buf[1]<<16)|(buf[2]<<8)|buf[3]; 接着四字节为ChunkName printf("ChunkName:%c%c%c%c\n",buf[0],buf[1],buf[2],buf[3]); 然后根据ChunkLength读出完整的ChunkData 最后读出CRC32的值,同Chunk Type Code+Chunk Data求出的CRC32校验值作比较 保存为check.cpp,完整代码如下:
#include<stdio.h>
#include<string.h>
unsigned int GetCrc32(unsigned char*InStr,unsigned int len){        
            unsignedint Crc32Table[256];      
            unsignedint i,j;        
            unsignedint Crc;        
            for(i = 0; i < 256; i++){        
                        Crc= i;        
                        for(j = 0; j < 8; j++){        
                                    if(Crc & 1)        
                                                Crc= (Crc >> 1) ^ 0xEDB88320;        
                                    else       
                                                Crc>>= 1;      
                        }        
                        Crc32Table[i]= Crc;        
            }        
        
            Crc=0xffffffff;        
            for(unsignedint m=0; m<len; m++){          
                        Crc= (Crc >> 8) ^ Crc32Table[(Crc & 0xFF) ^ InStr[m]];        
            }     
            
            Crc^= 0xFFFFFFFF;     
            returnCrc;        
}       

int main(int argc, char* argv[])
{
            FILE*fp;   
            unsignedchar *buf=NULL;
            unsignedint len=0;
            unsignedint ChunkLen=0;
            unsignedint ChunkCRC32=0;
            unsignedint ChunkOffset=0;         
            unsignedint crc32=0;
            unsignedint i=0;
            if((fp=fopen("c:\\test\\test.png","rb+"))==NULL)
                        return0;   
            fseek(fp,0,SEEK_END);
            len=ftell(fp);
            buf=newunsigned char[len];
            fseek(fp,0,SEEK_SET);
            fread(buf,len,1,fp);
            printf("TotalLen=%d\n",len);
            printf("----------------------------------------------------\n");
            fseek(fp,8,SEEK_SET);
            ChunkOffset=8;
            i=0;
            while(1)
            {
                        i++;
                        memset(buf,0,len);
                        fread(buf,4,1,fp);
                        ChunkLen=(buf[0]<<24)|(buf[1]<<16)|(buf[2]<<8)|buf[3];
                        fread(buf,4+ChunkLen,1,fp);
                        printf("[+]ChunkName:%c%c%c%c                 ",buf[0],buf[1],buf[2],buf[3]);
                        if(strncmp((char*)buf,"IHDR",4)==0|strncmp((char*)buf,"PLTE",4)==0|strncmp((char *)buf,"IDAT",4)==0)
                                    printf("PaletteChunk\n");
                        printf("AncillaryChunk\n");
                        printf("   ChunkOffset:0x%08x       \n",ChunkOffset);
                        printf("   ChunkLen: %10d              \n",ChunkLen);
                        ChunkOffset+=ChunkLen+12;
                        crc32=GetCrc32(buf,ChunkLen+4);
                        printf("   ExpectCRC32:%08X\n",crc32);
                        fread(buf,4,1,fp);
                        ChunkCRC32=(buf[0]<<24)|(buf[1]<<16)|(buf[2]<<8)|buf[3];
                        printf("   ChunkCRC32: %08X                     ",ChunkCRC32);
                        if(crc32!=ChunkCRC32)
                                    printf("[!]CRC32CheckError!\n");
                        else
                                    printf("CheckSuccess!\n\n");
                        ChunkLen=ftell(fp);
                        if(ChunkLen==(len-12))
                        {
                                    printf("\n----------------------------------------------------\n");
                                    printf("TotalChunk:%d\n",i);                        
                                    break;
                        }
            }
            fclose(fp);
            return0;         
}
运行如图,可获得完整的PNG文件结构 666 777 注:这个程序可用来对PNG文件进行格式分析,标记PNG文件的数据块名称、偏移地址、数据块长度、比较预期和实际的CRC32校验码,可基于此对批量文件进行分析,查找可疑文件。 后续会补充python的实现代码

*来源:RoarTalk   作者:3gstudent Mottoin整理发布

交流评论(0)
Loading...
点击 ,就能发表评论哦~如果您还没有账号,请 一个吧
css.php
正在加载中...