You probably had to hide or blur the information of an image at least once in your life. For example, you wanted hide your credit card information. Or, you wanted to sell your car hiding the registration number.
But be aware that today even blurred images can often still reveal the data you want to hide.
If you thought that blurred passwords or other sensitive information in screenshot kept your secrets safe, it's time to reconsider your security practices.
Indeed, Sipke Mellema, security consultant, has just created a mind-blowing tool that allows you to decipher a blurred text on a screenshot.
This tool is called Depix and is available for free on GitHub. It takes pixelated images and recovers passwords that are hidden underneath using machine learning technology.
How Depix decrypts fuzzy passwords?
The software basically searches for patterns created when the password is pixelated.
Since rasterization follows a set algorithm, the pixelated image of a set character combination will look the same every time.
Depix tool compares pixelated password to a search image, which includes a sequence of characters containing all the two-letter combinations you are likely to find in passwords, placed one after the other (i.e. 00, 01, 02 etc).
As Mellema explains: “It’s important to use two-character combinations because some blocks may overlap two characters.”
As you can see in the screenshot below: when this search image is pixelated, it is possible to match the blocks of this image with the blocks of the password, allowing Depix to retrieve the supposed information hidden, s:
Example of use:
python depix.py -p images/testimages/testimage3_pixels.png -s
images/searchimages/debruinseq_notepad_Windows10_closeAndSpaced.png -o output.png
Conclusion
Finally, Mellema hopes his work will convince software companies and others not to use rasterization as a way to hide passwords and other sensitive data.
Always completely remove sensitive information from images, as obfuscation techniques can reveal recoverable portions of the original value.
Always think carefully before uploading a photo that contains sensitive information.