You probably had to hide or blur the information of an image at least once in your life. For example, you wanted hide your credit card information. Or, you wanted to sell your car hiding the registration number.
But be aware that today even blurred images can often still reveal the data you want to hide.
If you thought that fuzzy passwords or other sensitive information in the screenshot kept your secrets safe, it's time to reconsider your security practices.
Indeed, Sipke Mellema, security consultant, has just created a mind-blowing tool that allows you to decipher a blurred text on a screenshot.
This tool is called Depix and is available for free on GitHub. It takes pixelated images and recovers passwords which are hidden underneath using machine learning technology.
How Depix decrypts fuzzy passwords?
The software basically searches for patterns created when the password is pixelated.
Since rasterization follows a defined algorithm, the pixelated image of a defined character combination will look the same every time.
The Depix tool compares the pixelated password to a search image, which consists of a sequence of characters containing all the combinations of two letters that you are likely to find in passwords, placed one after the other (i.e. 00, 01, 02 etc).
As Mellema explains, "It's important to use two-character combinations, as some blocks may overlap two characters."
As you can see in the screenshot below: when this search image is pixelated, it is possible to match the blocks in this image with the blocks in the password, allowing Depix to retrieve the supposed information hidden, s:
Example of use:
python depix.py -p images/testimages/testimage3_pixels.png -s
images/searchimages/debruinseq_notepad_Windows10_closeAndSpaced.png -o output.png
Conclusion
Finally, Mellema hopes his work convinces software companies and others not to use rasterization as a way to hide passwords and other sensitive data.
Always completely remove sensitive information from images, as obfuscation techniques can reveal recoverable parts of the original value.
Always think carefully before uploading a photo that contains sensitive information.