Free Firefox plugin allows torrents hidden inside PNG image files

A website called Hid.im posted a Firefox plugin that makes sending torrents to people a simple matter of accessing an image, right-clicking and choosing “Save Torrent As…”. The Hidim Firefox plugin uses the open-source portable network graphics (PNG) file format to encode it data through an image which appears like this:

This JPG image displays graphically what three separate PNG files would look like, as they were created on Hid.im to demonstrate the image. These files are (top) sameer verma - olpc photo dvd.torrent, (middle) legaltorrents collections - web development icons superset.torrent and (bottom) politics apocalypse - oppressed by the authorities remix sources.torrent. They will not work with the Firefox plugin. Visit the Hid.im site to right-click on the original PNG images there on the front page to test the application.

Internally within the 2 pixel tall PNG file the data is arranged in reverse vertical columns, proceeding from left to right as in the following layout:

The torrent data is stored in place of what would otherwise be valid 24-bit red,green,blue (RGB) pixel values, which is what the internal PNG file format uses to determine each pixel’s color value. By having a value from 0-255 each for red, green and blue, a single pixel’s color within an image can be determined. In the Hid.im implementation, the RGB color data is replaced with bytes from the torrent data, thereby making the image appear like static or snow on the screen, while actually conveying real data underneath.

In order for the plugin to determine whether or not a particular PNG file is an actual Hid.im image, and not just one which looks like it, it looks for this embedded sequence of characters, which appears at the beginning of the file: [104, 105, 100, 105, 109, 32, 105, 115, 32, 116, 111, 114, 114, 101, 110, 116, 115, 33]. These characters correspond to the following ASCII sequence: “hidim is torrents!” (in lower-case).

If that character sequence is found, then the following data within the PNG file is used to extract a torrent, which according to the website’s example, appears in the following format, with each section separated by colons:

• Line length (bencoded integer)
• Filename (bencoded string)
• sha1 hash of the .torrent file (bencoded string)
• data (bencoded string)

The bencode (pronounced Bee-encode) structure is the encoding format used for P2P BitTorrent applications, and is native to their internal structure. Bencoding supports integers, strings, lists and dictionaries (which are a list of associative arrays). There is some sample source code on the Hid.im website showing how the Bookmarklet (the encoded torrent data file) can be converted, and saved to disk.

Right now the application is open source. It’s limited in size to a 250KB PNG file, but is governed by the extremely loose MIT License, which would allow for greater length PNG files to be created quite easily. The MIT License states:

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

The extremely free nature of the MIT License was chosen because the application’s creator, Michael Nutt, desires it to be made into a wide web standard. Right now there is only the Firefox/Safari plugin, but he hopes that since it is open source with such a free license structure, it won’t be long until other browsers are supported.