David Buchanan found an easy way to insert a file, for example zip or mp3 to the png image he posts to Twitter. Files have been hidden in images before (for example, steganography). The new is a simple way to “decrypt” the file and also publish it via Twitter.
To decrypt, simply change the suffix from png to zip or mp3. In the case of mp3, the original image is 2048 × 2048, so if you have a lower screen resolution, you will get a reduced file without mp3. It is therefore necessary to do, for example:
wget -O surprise.mp3 https://pbs.twimg.com/media/Ewo_O6zWUAAWizr?format=png&name=large
Twitter removes all unnecessary parts from uploaded files. David had to hide the files at the end of the Deflate data. It is also necessary for the png to contain at least 257 colors, otherwise Twitter will convert it to a palette. The result must still be less than 3 MB (or 5 MB), otherwise Twitter will convert it to jpeg. A simple Python program is available and GitHubu.
(source: bleepingcomputer)
–
–
