Uncovering the Technique of Hiding Images in DNS TXT Entries

Uncovering the Technique of Hiding Images in DNS TXT Entries

A curious technique has emerged: hiding images inside DNS TXT records. This approach, which at first glance seems unorthodox, leverages the flexibility of DNS TXT records to store arbitrary data, including the binary data that makes up an image.

The method has gained attention among tech enthusiasts and security researchers, sparking discussions on platforms like Reddit and inspiring open-source projects, as per a report by Researcher.

How It Works

The core idea is straightforward: convert an image into a format that can be stored in DNS TXT records.

– Advertisement –
Google News

TXT records are traditionally used for human-readable notes or service configurations, but since they accept any text data, they can also be used to store encoded binary data.

The most efficient encoding for this purpose is Base64, though hexadecimal encoding is also possible.

While Base64 uses about 1.33 times the original file size, hex encoding doubles it, making Base64 the preferred choice for larger images.

To store an image, it must first be converted into a text string using a command like:

xxd -p output.jpg > output.txt

Since individual TXT records have length limits (commonly around 2048 characters per record), the encoded data must be split into chunks.

Each chunk is stored in a separate TXT record, often under subdomains like dnsimg-1.domain.com, dnsimg-2.domain.com, and so on.

An additional record, such as dnsimg-count.domain.com, is used to indicate how many chunks exist.

Code Example: Splitting and Storing the Image

A simple Python script can automate the splitting process:

image = open("output.txt", "r").read()
image = image.replace("\n", "")
chunks = []
total = int(len(image)/2048)+1

This script outputs a DNS zone file that can be imported into services like Cloudflare.

Uncovering the Technique of Hiding Images in DNS TXT Entries
Uncovering the Technique of Hiding Images in DNS TXT Entries 4

While this technique is clever and demonstrates the flexibility of DNS, it is not without limitations. DNS records have size and rate limits, and storing large images is impractical.

For example, a 2MB image would require about 1000 records, each at the 2KB limit—possible, but cumbersome. 

Additionally, this method has been noted as a potential vector for data exfiltration, making it a topic of interest in security circles.

Storing images in DNS TXT records is a novel proof of concept that highlights the versatility of DNS infrastructure.

It serves as both a fun experiment and a reminder of the creative—and sometimes unintended—uses of network protocols. For those interested, web viewers and open-source tools are available to try the technique firsthand.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates


Source link