kurolabs / stegcloak Goto Github PK

My cover may be one word.

I am getting this error:

RangeError: Input buffers must have the same byte length
    at decrypt (/home/runner/encryptstuff/node_modules/stegcloak/components/encrypt.js:41:10)
    at StegCloak.reveal (/home/runner/encryptstuff/node_modules/stegcloak/stegcloak.js:94:7)
    at /home/runner/encryptstuff/index.js:24:22
    at Layer.handle [as handle_request] (/home/runner/encryptstuff/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/runner/encryptstuff/node_modules/express/lib/router/route.js:137:13)
    at next (/home/runner/encryptstuff/node_modules/express/lib/router/route.js:131:14)
    at next (/home/runner/encryptstuff/node_modules/express/lib/router/route.js:131:14)
    at next (/home/runner/encryptstuff/node_modules/express/lib/router/route.js:131:14)
    at next (/home/runner/encryptstuff/node_modules/express/lib/router/route.js:131:14)
    at next (/home/runner/encryptstuff/node_modules/express/lib/router/route.js:131:14)

Using this code to decrypt:

// Use an express route, suitable for either GET or POST 
app.all("/decrypt", (req, res) => {
	// Conbining req.query and req.body
	var body = {...req.query, ...req.body}
	// Enc is a 'new Stegcloak(true, false)'
	let decrypted = enc.reveal(body.data || body.text, body.password || body.pass);
	// Log
	console.log(decrypted)
	// Send to client
	res.json(decrypted);
})

With this form body:

// POST /decrypt
{
  "text": "Here's ⁢‍⁢⁣⁢⁢‌‍⁢‌‌‌⁢‌⁡‍‌⁡‍⁢⁢‍⁡⁢⁡‌‍⁡‌⁡⁢‌‍⁢‌‌⁡‌‍⁢‌‌‍⁢⁤‍⁢⁣‍⁢‍⁢⁢‌‌⁢‍⁡⁢⁢⁢⁡‍⁢⁢⁤‍‌‍‌⁢⁢‌‍‌⁢‍⁢⁢⁡⁣‍⁢⁣‌‍⁡⁢⁣⁢‍⁡‌⁢⁣‌‍⁤‌⁢‌‍⁤‌⁢‌⁣⁡⁢⁡⁣⁢⁢⁡⁢⁡‌⁤‍⁢‌‌⁣⁢‌ ‍⁡‍⁢⁢⁢⁡‌‍⁡‌⁢⁢⁢‌⁡‌‌⁤‌⁢⁡‍⁤‌‌‍⁢⁢⁡‍⁢⁡‍‌⁤‌‌⁢⁡⁢‌⁢⁡⁢‍⁢⁢⁡‌‍‌‍⁢⁡‍⁢⁢⁢⁡⁢‌‍⁢⁡‍⁡‌‍⁢‌‌⁡‍‌‌⁢⁡‌‌‌⁤‍⁡‌‌‍⁡‍⁢⁡‍⁡⁢‌⁢‍⁤⁤⁢⁡⁢‍‌⁢⁣⁡⁢⁡⁢⁡⁢‍⁢⁡‌‍⁡‌⁡‌‌‌⁡⁣‌⁡‌‌‌⁡⁢ ‌‍⁡⁢‌⁢⁢‍⁤‍‌⁡‌⁢⁢‍⁢‌⁢⁢‌⁢‍‌‍⁡⁢‌‌⁤⁢⁤‍⁡‌⁢‌‍⁢⁢‍‌⁡‍⁡⁢‌‌⁣‍⁤⁢‍‌‌‌‌‌⁡⁢‌‍⁢‍‌⁤⁡‌‍⁡⁣⁣⁤⁢⁡‌‍⁤⁢⁣⁢‍⁤‌‍⁢‌⁢‍⁡⁢⁢⁢⁢⁡‌⁡⁢⁣⁢⁣‌⁡‌⁢‌‌⁢‍⁡‌⁤⁡‌‌‌⁢⁤⁡‍‌⁡‌⁡⁢⁣⁣⁡‌‍‌‍ ⁡⁢‌⁢‌⁢‌⁤⁢‌⁢‍⁡⁢⁢⁢‍⁢‌⁡‌‌⁤⁣‍‌⁢⁡‌‍⁡‌⁢‍⁢⁢⁣‌‍‌‌⁡‌⁤⁢‌⁢⁢⁣⁤‌⁡‍⁡‍⁡⁣⁢⁡‌⁢⁢‍‌‌⁢‌⁣⁡‌⁡‌⁤‌⁡⁢‌⁡⁢⁡‌⁢⁣⁢⁢‌⁡⁣⁤‌⁡‍⁡⁢⁡⁢‌⁢‍⁢‌‍⁢‌‌⁤⁢⁡⁢‌⁢⁣‍⁢‌⁣⁢⁡⁢⁡‌‌‌⁡‌⁡‌‌‍‌‍⁡ ⁢‌⁢⁢⁡‌⁡⁢⁡⁢‌‌‌⁢⁡‍‌⁡⁣‍‌‌⁡‌⁢⁢‍⁡⁢‌‌‌⁡‍⁢⁡⁣⁡⁢⁢‌⁢‌⁢‍⁡⁣‍⁢‍⁡⁣‌⁤‍‌‍⁡⁢‌⁢⁢⁡‌⁢⁡⁢⁢⁡‌⁡‌⁡‍⁤⁣‌‌⁢‍⁤⁢‌⁡⁣‍⁢⁡‌‍⁡⁢⁢⁣⁢⁡‍⁢⁢⁢‌‌⁢⁢‌‍‌‌⁢⁢‍⁢‍⁡‌⁡‌⁡‌⁢⁢⁢⁢‌⁡⁢⁢‌‌‌⁣⁢ ⁢⁢⁤‌⁡⁢⁡⁢⁡‍‌⁣‌⁢‌‌⁡‍‌⁢‌⁣⁡‍⁢‍⁡⁢‌⁡‍‌⁤‍⁢‍⁤‍‌⁡⁢‌‍‌⁡‍‌⁢⁡‌‍‌⁡‌⁡‌‍⁤⁢⁤‍‌‍⁡‍‌⁢⁢⁢‌⁤⁡⁣‌⁢⁡⁢⁡‌⁣‌‍⁢‍⁢⁢⁢‌⁢‌⁢‌⁤‌⁡‌⁢‌⁣⁢‌‌‍⁢‌⁡⁣⁡‍⁢⁢‌⁤‍⁢⁡‌⁢‌⁢⁤⁡‌‌⁤⁤‌⁡⁢⁢⁢⁢ ‌‌‌⁡⁢‌‌⁢⁢⁡⁣⁣⁢‌⁡⁢⁢‌⁣‌‍⁡‍‌⁢⁤‌⁢⁣‌‍‌‌‍⁤⁤‌⁡‌‌⁢‍‌‌‌‌‌⁢⁢⁣‍⁢‌‌⁢⁡‌‍⁤‍‌‌⁤‍⁢⁣⁢‍⁤⁢⁣⁢⁡⁢‌‍‌⁡⁢‌the code!",
  "pass": "42"
}

Encrypted this:

// POST /encrypt
{
  "hide": "chrome.contextMenus.create({    id: `encrypt`,     title: `Encrypt "%s"`,    contexts: [\'selection\'],    onclick: (info) => {       const { menuItemId: id , selectionText: selected } = info;       console.log(info);       encrypt(selected).then((res) => {          prompt(_gui.encrypt, res)       });    } }, log("Created context menu"))",
  "show": "Here's the code!",
  "pass": "42"
}

Express code to encrypt:

app.all("/encrypt", (req, res) => {
	var body = {...req.query, ...req.body}
	let encrypted = enc.hide(body.secret || body.hide, body.password || body.pass, body.cover || body.show || body.text)
	res.json(encrypted);
})

Please make normal, regular demo for people like me who are not familiar with coding, api usage, or React.
Just a standard click-to-open index.html where your excellent script works without a need for react.

Hello. First of all, thank you for making a nice library.
And i found one interesting thing about using this library.

I own Android, Mac and iOS and have tested the equipment.
The tests on my equipment were successful,
but some of the transparent letters were visible to window users.

I sent the message below to my friends who can see the transparent string,
and I received the answer below.

so... it's looks like a U+2060 has can be seeing when the
user are have some windows machines.

I recommend deleting U+2060 to improve the completeness of this library.

it would be great if there is typescript support

Hi!
Exist a version of this epic tool can run without npm?

Hiding files in strings can be achieved by uploading the file to cloud and stegcloaking the link in the string

From your readme, would it be possible to base64 the binary into a string? Perhaps this is something that could be supported?

Hello! 👋
I guess this diagram you use is from Telegram security diagram flow

And i ask if its the same here and thank you!

hi. i found this site https://stegcloak.surge.sh/ and i really need it. but when i click on "get the secret" just a white screen, how do i solve this problem?

I use the API, even wrong password returns value but not a false or null, so I can not find a way to check failed.

I tried 3 different browsers on android
Chrome - version 55.0.2883.91
Link Bubble - version 1.9.58
Tet Aide - version 9.0 beta 3a
on all 3 the "your secret" box never changes. It just remains /secret/.
What is the problem? If it's just javascript it shouldn't be that different from one device (or version) to another, should it?

When I try to get the content from the out.txt file, then python does not want to perceive the content normally. For generate random text i use lorem_text.
In file:
Veniam adipisci tempora explicabo natus atque eius architecto dignissimos, praesentium ad odio eligendi eum voluptate vero alias id?
In console:
Veniam ⁡‍‌‍⁤⁡⁡⁡‌⁡⁢⁡‌‍⁣⁣⁣⁢⁡‍⁣‍⁡⁢‍‍⁡⁤‌‍‍⁢⁡‌⁡‌⁤⁡⁡adipisci tempora explicabo natus atque eius architecto dignissimos, praesentium ad odio eligendi eum voluptate vero alias id?
How I can get the text in normal form?

This particular UTF Character (HEX \xe2\x81\xa4 or E281A4, HTML Entity ⁤) renders as a ? or a square character (depending on the font) in iOS Safari HTML page.

Tested in iPadOS 13.5.1 with Safari.

I tried to do a minimum reproducibility test and the best I could do was this https://codepen.io/daniele-pelagatti/pen/ExPbEYO in the HTML Tab, if you open it in iOS it should show the caracter. It doesn't show in the result windows through for some reason.

Logically you can figure out some of the items are different parameter sets, but the docs don't make that clear.

What does cover mean here, the key/password? I think it may be clearer to change the name. Does it work to pass a file and a secret? Probably not. Are outputs on stdout or is it mandatory to specify output?

hide [options] [secret] [cover]

-f, --file <file>       Extract input from file
-n, --nocrypt           If you don't need encryption (default: false)
-i, --integrity         If additional security of preventing tampering is needed (default: false)
-o, --output <output>   Stream the results to an output file
-h, --help              display help for command

Similar questions here, where do you pass [cover] here to decrypt the string? Options aren't stated in the same format as the previous example.

reveal [data]

-f, --file <file>       Extract input from file
-cp, --clip             Copy Data directly from clipboard
-o, --output <output>   Stream the secret to an output file
-h, --help              display help for command

Provide a file or cdn to use it on web

As discussed in #8, we should add a --config option in case people want to use StegCloak in languages other than Node - the current interactive nature of the CLI tool is a problem in those cases.

Trying to change the ZWCs and the amount of them used to three on this line here in stegcloak.js.

const zwc = ["‌", "‍", "​"]; (200c, 200d, 200b)

It looks like the shrink and expand function expect 5 and 6 characters so is there an easy way to limit it to user three or two? Thank you.

Hi guys, very cool project. I found it via your article.

In that article, you detail how you use the 6 special characters during the encoding/compression phases. But in your readme here and in your source code, you use 7 characters. The one that's left out of the article is U+2061 (Function Application). So just for clarification, is that one truly a web-safe, cross-platform invisible character? And do you use it in that second compression step to replace 2 Cs or 2 Ds?

For example via gettext or a similar tool to support other languages.

Hi, I just tried to import stegcloak into my project, but I got an error like this. What can I do to fix this?

Just wanted to ask if it's possible to host your own version of https://stegcloak.surge.sh/ with the npm package stegcloak and if so, how?

I use Windows 10. and I have additional characters after the encrypting, after which it is impossible to decode.

stegcloak hide --config to_send.json

Given the secret "Hello" and a password 123 and a text tO cloak into as 'Ggygvh ⁢‍⁢‌⁡⁢⁡‌⁣⁣‍⁤⁢⁢⁢‌‍⁢⁡‌⁢‍⁢⁡‍⁡⁣⁡⁢‌‍‌⁢⁢‌⁢⁤⁢⁤⁢‌⁢‌‌‌⁢⁡‌hhhggcgh higfgh', the decipher of it yields broken result of the secret being 'HelbW'