stegdetect: add default stegbreak rules and fix FTBFS

BlackArch · Oct 5, 2023 · fc208c6 · fc208c6
1 parent 50b9316
commit fc208c6
Show file tree

Hide file tree

Showing 3 changed files with 358 additions and 3 deletions.
diff --git a/packages/stegdetect/0001-tree-wide-rename-progname-to-avoid-conflicts.patch b/packages/stegdetect/0001-tree-wide-rename-progname-to-avoid-conflicts.patch
@@ -0,0 +1,284 @@
+From 697e6ea82387a1114303d162d38254065dd54979 Mon Sep 17 00:00:00 2001
+From: Mole Shang <[email protected]>
+Date: Thu, 5 Oct 2023 12:11:49 +0800
+Subject: [PATCH] tree-wide: rename `progname` to avoid conflicts
+
+Ian Darwin's libfile (in subdir /file) uses the `progname` symbol
+as an alias to argv[0], so even we are using it as a library, newer ld would
+complain about `progname` redefination at linking stage.
+Rather than modifying third party projects, it's better to patch our
+legacy `stegdetect` source code. :)
+
+* Patch modified from https://github.com/frankwxu/digital-forensics-lab/tree/7a846e371608bd45b3cebef4e7fcb4dd5e4f8e20/Illegal_Possession_Images/tools
+
+Signed-off-by: Mole Shang <[email protected]>
+Co-authored-by: Frank Xu <[email protected]>
+---
+ stegbreak.c   |  6 +++---
+ stegcompare.c |  6 +++---
+ stegdeimage.c |  6 +++---
+ stegdetect.c  | 38 +++++++++++++++++++-------------------
+ 4 files changed, 28 insertions(+), 28 deletions(-)
+
+diff --git a/stegbreak.c b/stegbreak.c
+index 4b0bd59..107b2c1 100644
+--- a/stegbreak.c
++++ b/stegbreak.c
+@@ -62,7 +62,7 @@
+ #define FLAG_DOJSTEG	0x0004
+
+ char *rules_name;
+-char *progname;
++char *prog_name;
+ char *wordlist = "/usr/share/dict/words";
+
+ int convert = 0;
+@@ -117,7 +117,7 @@ usage(void)
+ {
+ 	fprintf(stderr,
+ 		"Usage: %s [-V] [-r <rules>] [-f <wordlist>] [-t <schemes>] file.jpg ...\n",
+-		progname);
++		prog_name);
+ }
+
+ void
+@@ -470,7 +470,7 @@ main(int argc, char *argv[])
+ 	int ch;
+
+ 	rules_name = RULES_NAME;
+-	progname = argv[0];
++	prog_name = argv[0];
+
+ 	scans = FLAG_DOJPHIDE;
+
+diff --git a/stegcompare.c b/stegcompare.c
+index 6e8a9d7..dd99c78 100644
+--- a/stegcompare.c
++++ b/stegcompare.c
+@@ -47,7 +47,7 @@
+
+ #define VERSION "0.1"
+
+-char *progname;
++char *prog_name;
+
+ #define FLAG_DOOUTGUESS	0x0001
+ #define FLAG_DOJPHIDE	0x0002
+@@ -58,7 +58,7 @@ int scans = FLAG_DOJPHIDE;
+ void
+ usage(void)
+ {
+-	fprintf(stderr,	"Usage: %s orig.jpg modified.jpg\n", progname);
++	fprintf(stderr,	"Usage: %s orig.jpg modified.jpg\n", prog_name);
+ }
+
+ int hist[257];
+@@ -242,7 +242,7 @@ main(int argc, char *argv[])
+ 	extern int optind;
+ 	int i, ch;
+
+-	progname = argv[0];
++	prog_name = argv[0];
+
+ 	/* read command line arguments */
+ 	while ((ch = getopt(argc, argv, "Vht:")) != -1)
+diff --git a/stegdeimage.c b/stegdeimage.c
+index 42ec551..f63b473 100644
+--- a/stegdeimage.c
++++ b/stegdeimage.c
+@@ -47,12 +47,12 @@
+
+ #define VERSION "0.1"
+
+-char *progname;
++char *prog_name;
+
+ void
+ usage(void)
+ {
+-	fprintf(stderr,	"Usage: %s orig.jpg deimages.jpg\n", progname);
++	fprintf(stderr,	"Usage: %s orig.jpg deimages.jpg\n", prog_name);
+ }
+
+ void
+@@ -153,7 +153,7 @@ main(int argc, char *argv[])
+ 	extern int optind;
+ 	char ch;
+
+-	progname = argv[0];
++	prog_name = argv[0];
+
+ 	/* read command line arguments */
+ 	while ((ch = getopt(argc, argv, "V")) != -1)
+diff --git a/stegdetect.c b/stegdetect.c
+index d787bcc..7e0b580 100644
+--- a/stegdetect.c
++++ b/stegdetect.c
+@@ -73,7 +73,7 @@
+ float chi2cdf(float chi, int dgf);
+ double detect_f5(char *);
+
+-char *progname;
++char *prog_name;
+
+ float DCThist[257];
+ float scale = 1;		/* Sensitivity scaling */
+@@ -155,7 +155,7 @@ buildDCThist(short *data, int x, int y)
+ 			continue;
+ 		else if (off > 127)
+ 			continue;
+-		
++
+ 		DCThist[off + 128]++;
+ 	}
+
+@@ -298,7 +298,7 @@ unify_outguess(float *hist, float *theo, float *obs, float *pdiscard)
+ 					(float)two,
+ 					(float)(one + two)/2,
+ 					(float)(one + two)/sum);
+-				
++
+ 			discard += one + two;
+ 			continue;
+ 		}
+@@ -618,7 +618,7 @@ histogram_chi_outguess(short *data, int bits)
+ 			sum += f;
+ 		if (f > 0.001)
+ 			count++;
+-		if ((debug & DBG_CHI) && 
++		if ((debug & DBG_CHI) &&
+ 		    ((debug & DBG_PRINTZERO) || f != 0))
+ 			fprintf(stdout, "%04d: %8.5f%%\n", i, f * 100);
+ 	}
+@@ -835,7 +835,7 @@ histogram_chi_jphide(short *data, int bits)
+ 	    i += range) {
+ 		f = chi2test(data, bits, unify_jphide, 0, i);
+ 		f2 = chi2test(data, bits, unify_false_jphide, 0, i);
+-		
++
+ 		if (i <= jphpos[0] && jphide_zero_one()) {
+ 			stat_zero_one++;
+ 			negative++;
+@@ -869,7 +869,7 @@ histogram_chi_jphide(short *data, int bits)
+ 			fprintf(stdout, "%04d: %8.5f%% %8.5f%% %.2f %.2f %s\n",
+ 			    i, f * 100, f2*100, sum, false,
+ 			    (i <= jphpos[0] && f2*0.99 > f) ||
+-			    (i <= jphpos[1] && false * 1.10 >= jphpos[1]) 
++			    (i <= jphpos[1] && false * 1.10 >= jphpos[1])
+ 			    ? "**" : "");
+
+ 	}
+@@ -1088,7 +1088,7 @@ usage(void)
+ 	fprintf(stderr,
+ 	    "Usage: %s [-nqV] [-s <float>] [-d <num>] [-t <tests>] [-C <num>]\n"
+ 	    "\t [file.jpg ...]\n",
+-		progname);
++		prog_name);
+ }
+
+ char *
+@@ -1147,7 +1147,7 @@ detect(char *filename, int scans)
+ 	if (scans & FLAG_DOJSTEG) {
+ 		prepare_jsteg(&jdcts, &jbits);
+ 	}
+-	
++
+ 	if (scans & FLAG_DOAPPEND) {
+ 		detect_buflen = 0;
+ 		stego_set_eoi_callback(detect_append);
+@@ -1170,7 +1170,7 @@ detect(char *filename, int scans)
+ 	if (scans & FLAG_DOJSTEG) {
+ 		stego_set_callback(NULL, ORDER_MCU);
+ 	}
+-	
++
+ 	flag = 0;
+ 	sprintf(outbuf, "%s :", filename);
+
+@@ -1238,7 +1238,7 @@ detect(char *filename, int scans)
+
+ 		if (ncomments < 2 || commentsize[1] < 4)
+ 			goto no_invisiblesecrets;
+-		
++
+ 		p = comments[1];
+ 		length = p[3] << 24;
+ 		length |= p[2] << 16;
+@@ -1266,7 +1266,7 @@ detect(char *filename, int scans)
+ 			snprintf(tmp, sizeof(tmp), " invisible[%d](***)", ol);
+ 			strlcat(outbuf, tmp, sizeof(outbuf));
+ 		}
+-		
++
+ 	no_invisiblesecrets:
+ 	a_wasted_var = 0;
+ 	}
+@@ -1300,7 +1300,7 @@ detect(char *filename, int scans)
+ 				scans &= ~FLAG_DOOUTGUESS;
+ 		}
+ 	}
+-	
++
+ 	if (scans & FLAG_DOJSTEG) {
+ 		/* Set via the callback */
+ 		dcts = jdcts;
+@@ -1308,7 +1308,7 @@ detect(char *filename, int scans)
+
+ 		if (dcts == NULL)
+ 			goto jsteg_error;
+-		
++
+ 		res = histogram_chi_jsteg(dcts, bits);
+ 		if (res > 0) {
+ 			strlcat(outbuf, quality(" jsteg", res),
+@@ -1407,7 +1407,7 @@ main(int argc, char *argv[])
+ 	extern int optind;
+ 	int ch;
+
+-	progname = argv[0];
++	prog_name = argv[0];
+
+ 	scans = FLAG_DOOUTGUESS | FLAG_DOJPHIDE | FLAG_DOJSTEG | FLAG_DOINVIS |
+ 	    FLAG_DOF5 | FLAG_DOAPPEND;
+@@ -1437,7 +1437,7 @@ main(int argc, char *argv[])
+ 			break;
+ 		case 'C': {
+ 			char *strnum, *strtrans, *p;
+-			
++
+ 			p = optarg;
+ 			strnum = strsep(&p, ",");
+ 			strtrans = strsep(&p, ",");
+@@ -1454,9 +1454,9 @@ main(int argc, char *argv[])
+ 				usage();
+ 				exit(1);
+ 			}
+-			
++
+ 			scans = FLAG_DOTRANSF;
+-			
++
+ 			ispositive = atoi(optarg);
+ 			if ((transformname = strdup(strtrans)) == NULL)
+ 				err(1, "strdup");
+@@ -1514,7 +1514,7 @@ main(int argc, char *argv[])
+ 			usage();
+ 			exit(1);
+ 		}
+-	
++
+ 	/* Set up magic rules */
+ 	if (file_init())
+ 		errx(1, "file magic initializiation failed");
+@@ -1566,7 +1566,7 @@ main(int argc, char *argv[])
+ 				dohistogram(argv[0]);
+ 			else
+ 				detect(argv[0], scans);
+-			
++
+ 			argc--;
+ 			argv++;
+ 		}
+-- 
+2.42.0
+
diff --git a/packages/stegdetect/PKGBUILD b/packages/stegdetect/PKGBUILD
@@ -3,7 +3,7 @@
 
 pkgname=stegdetect
 pkgver=20.28a4f07
-pkgrel=1
+pkgrel=2
 pkgdesc='An automated tool for detecting steganographic content in images.'
 groups=('blackarch' 'blackarch-stego' 'blackarch-defensive'
         'blackarch-forensic')
@@ -12,18 +12,28 @@ url='https://github.com/redNixon/stegdetect'
 license=('BSD')
 depends=('gdk-pixbuf2')
 makedepends=('git' 'automake')
-source=("git+https://github.com/redNixon/$pkgname.git")
-sha512sums=('SKIP')
+source=("git+https://github.com/redNixon/$pkgname.git"
+        "rules.ini"
+        "0001-tree-wide-rename-progname-to-avoid-conflicts.patch")
+sha512sums=('SKIP'
+            '8a7e13c7c5b44d731c7e9e904bef221ce8c248a426a64de797196cafb0c3a5950967a064cf281ec998e7c28f3b82adfb7f329a2c1e160c466d00b60df54428fe'
+            '915dba8a1d140a220d9fbaf8e2ae948e64c58c749ace223c4e1ceb929e4e25235860a1f6b60fcb62667beb9fb83a8b83fad9bd752ee6f8ef451ac6f718e550c2')
 
 pkgver() {
   cd $pkgname
 
   echo $(git rev-list --count HEAD).$(git rev-parse --short HEAD)
 }
 
+prepare() {
+  patch -d "${pkgname}" -Np1 -i "${srcdir}/0001-tree-wide-rename-progname-to-avoid-conflicts.patch"
+}
+
 build() {
   cd $pkgname
 
+  autoreconf -f -i # regen new confs
+
   if [ $CARCH = "x86_64" ]
   then
     linux32 ./configure --prefix=/usr
@@ -37,6 +47,8 @@ build() {
 package() {
   cd $pkgname
 
+  install -Dm 644 "$srcdir/rules.ini" "$pkgdir/usr/share/stegbreak/rules.ini"
+
   install -dm 755 "$pkgdir/usr/share/$pkgname"
 
   install -Dm 755 -t "$pkgdir/usr/bin" stegcompare stegdeimage $pkgname \

diff --git a/packages/stegdetect/rules.ini b/packages/stegdetect/rules.ini
@@ -0,0 +1,59 @@
+#
+# This file is part of John the Ripper password cracker,
+# Copyright (c) 1996-98 by Solar Designer
+#
+# Wordlist mode rules
+[List.Rules:Wordlist]
+# Try words as they are
+:
+# Lowercase every pure alphanumeric word
+-c >3!?XlQ
+# Capitalize every pure alphanumeric word
+-c >2(?a!?XcQ
+# Lowercase and pluralize pure alphabetic words
+<*>2!?Alp
+# Lowercase pure alphabetic words and append '1'
+<*>2!?Al$1
+# Capitalize pure alphabetic words and append '1'
+-c <*>2!?Ac$1
+# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
+<7>1!?Ald
+# Lowercase and reverse pure alphabetic words
+>3!?AlMrQ
+# Prefix pure alphabetic words with '1'
+>2!?Al^1
+# Uppercase pure alphanumeric words
+-c >2!?XuQ
+# Lowercase pure alphabetic words and append a digit or simple punctuation
+<*>2!?Al$[2!37954860.?]
+# Words containing punctuation, which is then squeezed out, lowercase
+/?p@?p>3l
+# Words with vowels removed, lowercase
+/?v@?v>3l
+# Words containing whitespace, which is then squeezed out, lowercase
+/?w@?w>3l
+# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
+-c <7>1!?Acd
+# Capitalize and reverse pure alphabetic words (fred -> derF)
+-c <+>2!?Acr
+# Reverse and capitalize pure alphabetic words (fred -> Derf)
+-c >2!?AMrQc
+# Lowercase and reflect pure alphabetic words (fred -> fredderf)
+<7>1!?AlMrQrf
+# Uppercase the last letter of pure alphabetic words (fred -> freD)
+-c <+>2!?AMrQcr
+# Prefix pure alphabetic words with '2' or '4'
+>2!?Al^[24]
+# Capitalize pure alphabetic words and append a digit or simple punctuation
+-c <*>2!?Ac$[2!3957468.?0]
+# Prefix pure alphabetic words with digits
+>2!?Al^[379568]
+# Capitalize and pluralize pure alphabetic words of reasonable length
+-c <*>2!?Acp
+# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
+# crack -> cracked, crack -> cracking
+<*>2!?Al[PI]
+-c <*>2!?Ac[PI]
+# Try the second half of split passwords
+-s x**
+-s-c x**MlQ