Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateGhostTextPNG(text string, width, height int) ([]byte, error)
- func InjectAlphaStego(img *image.NRGBA, secretText string)
- func InjectByExtension(filename string, data []byte, payload string, strategies map[string]string) ([]byte, error)
- func InjectDOCX(data []byte, payload string) ([]byte, error)
- func InjectGIF(data []byte, payload string) ([]byte, error)
- func InjectGIFJS(gifData []byte, jsPayload string) ([]byte, error)
- func InjectICS(content []byte, payload string) ([]byte, error)
- func InjectJPEG(data []byte, payload string) ([]byte, error)
- func InjectJS(data []byte, payload string) ([]byte, error)
- func InjectJSON(data []byte, payload string) ([]byte, error)
- func InjectMP3(data []byte, payload string) ([]byte, error)
- func InjectPDF(data []byte, payload string) ([]byte, error)
- func InjectPDFHTML(pdfData []byte, htmlPayload string) ([]byte, error)
- func InjectPNG(data []byte, payload string) ([]byte, error)
- func InjectPNGAlphaStego(data []byte, payload string) ([]byte, error)
- func InjectRobots(data []byte, payload string) ([]byte, error)
- func InjectSRT(content []byte, payload string) ([]byte, error)
- func InjectSVGFont(content []byte, payload string) ([]byte, error)
- func InjectTTF(data []byte, payload string) ([]byte, error)
- func InjectWAV(data []byte, payload string) ([]byte, error)
- func InjectWOFF2(data []byte, payload string) ([]byte, error)
- func InjectXLSX(data []byte, payload string) ([]byte, error)
- func InjectXML(data []byte, payload string) ([]byte, error)
- func RevealAlphaStego(img *image.NRGBA) string
- func ValidateSVG(content []byte) error
- type InjectorFunc
- type ResolverFunc
Constants ¶
const ( SigRIFF = "RIFF" SigWAVE = "WAVE" SigGIF = "GIF" )
File Signatures
const ( ChunkICMT = "ICMT" ChunkINFO = "INFO" ChunkLIST = "LIST" ChunkIEND = "IEND" ChunkTEXT = "tEXt" JpegMarkerCOM = 0xFFFE GifExtIntroducer = 0x21 GifLabelComment = 0xFE GifTrailer = 0x3B )
Chunk Types & Markers
Variables ¶
var ( SigPNG = []byte{0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A} SigJPEG = []byte{0xFF, 0xD8} // SOI )
Functions ¶
func GenerateGhostTextPNG ¶
GenerateGhostTextPNG creates a PNG where the text is written in pure color (e.g., Red or White) but the Alpha channel is set to 0. This implements Vector B: The Premultiplication Exploit.
func InjectAlphaStego ¶
InjectAlphaStego modifies the Least Significant Bits (LSB) of the Alpha channel to encode a secret string. This implements Vector C: Alpha-Steganography. Note: This function modifies the image in-place.
func InjectByExtension ¶
func InjectByExtension(filename string, data []byte, payload string, strategies map[string]string) ([]byte, error)
InjectByExtension dispatches the injection based on file extension and configuration.
func InjectDOCX ¶
InjectDOCX injects a hidden paragraph using godocx library.
func InjectGIFJS ¶
InjectGIFJS appends a JavaScript payload to the end of a GIF file. This creates a "GIFAR" style polyglot where the file is a valid image, but can be executed as a script in some contexts (e.g. <script src="...") or detected by scanners looking for JS.
func InjectJPEG ¶
InjectJPEG injects a COM (Comment) segment after SOI.
func InjectJSON ¶
InjectJSON injects a key "_llm_instruction" with the payload.
func InjectMP3 ¶
InjectMP3 injects a payload into the ID3v2 USLT (Lyrics) frame. It enforces the Round-Trip Rule by parsing, modifying, and verifying.
func InjectPDF ¶
InjectPDF injects an invisible watermark into a PDF. Satisfies Round-Trip Rule: pdfcpu handles parsing and XREF rebuilding.
func InjectPDFHTML ¶
InjectPDFHTML appends an HTML payload to the end of a PDF file. The file remains a valid PDF (readers stop at %%EOF), but contains HTML that might be parsed by naive scrapers or LLMs reading the file as text.
func InjectPNG ¶
InjectPNG injects a tEXt chunk with the payload. Satisfies Round-Trip Rule: We construct a valid chunk with CRC.
func InjectPNGAlphaStego ¶
InjectPNGAlphaStego is the adapter function for the dispatcher. It decodes a PNG, injects the payload into the alpha channel LSB, and re-encodes.
func InjectRobots ¶
InjectRobots injects a Disallow rule or comment.
func InjectSVGFont ¶
InjectSVGFont injects a payload into the <desc> or <metadata> tag of an SVG font.
func InjectWAV ¶
InjectWAV injects a payload into a new 'ICMT' (Comment) chunk within a 'LIST' 'INFO' chunk. This requires low-level RIFF parsing to ensure we update the main chunk size.
func InjectWOFF2 ¶
InjectWOFF2 injects a payload into the WOFF2 Extended Metadata Block.
func InjectXLSX ¶
InjectXLSX injects a VeryHidden sheet containing the payload.
func RevealAlphaStego ¶
RevealAlphaStego extracts the secret string from the Alpha channel LSBs. It reads until it finds a null terminator (0x00) or runs out of pixels.
Types ¶
type InjectorFunc ¶
InjectorFunc defines the signature for injection functions.
func GetInjector ¶
func GetInjector(filename string, strategies map[string]string) InjectorFunc
GetInjector returns the appropriate injection function for the given filename/extension. It checks the strategies map for specific overrides (e.g. "polyglot").
type ResolverFunc ¶
type ResolverFunc func(filename, strategy string) InjectorFunc
ResolverFunc defines the logic to select an InjectorFunc based on context.
Source Files