Facade: A PNG Payload Library and Tool

Facade is a library and tool that can manipulate PNG files to include arbitrary payloads inside of them. There are many techniques that can be employed with the binary, but further functionality can be extended through use of the tool's library. For example, all known pixel types for PNG files are technically supported, but functionality still needs to be added to fully integrate them into the payload process. Facade actually comes with a basic PNG encoder under the hood that theoretically supports all pixel types!

A basic way to get started with adding payloads via the library is the facade::PNGPayload class:

#include <facade.hpp>
 
using namespace facade;
 
int main(int argc, char *argv[]) {
   PNGPayload image("../test/art.png");
   std::string payload_string("Just an arbitrary payload, nothing suspicious here!");
   std::vector<std::uint8_t> payload_data(payload_string.begin(), payload_string.end());
 
   // we can add a payload to the end of the file
   image.set_trailing_data(payload_data);
 
   // or a text section
   image.add_text_payload("tEXt payload", payload_data);
 
   // or a ztxt section
   image.add_ztext_payload("zTXt payload", payload_data);
 
   // or a stego-encoded payload
   auto final_payload = image.create_stego_payload(payload_data);
 
   // finally, we can save our payload to a new file.
   final_payload.save("art.payload.png");
 
   return 0;
}
   

And extracting this data from a known image is just as easy:

#include <facade.hpp>
#include <cassert>
 
using namespace facade;
 
int main(int argc, char *argv[]) {
   PNGPayload image("art.payload.png");
   std::string expected_string("Just an arbitrary payload, nothing suspicious here!");
   std::vector<std::uint8_t> expected_data(expected_string.begin(), expected_string.end());
 
   // we can then extract the payload from the end of the file
   assert(image.get_trailing_data() == expected_data);
 
   // or the text section
   assert(image.extract_text_payloads("tEXt payload")[0] == expected_data);
 
   // or the ztxt section
   assert(image.extract_ztext_payloads("zTXt payload")[0] == expected_data);
 
   // in order to get stego data, we need to load the image first, THEN extract it
   image.load();
   assert(image.extract_stego_payload() == expected_data);
 
   return 0;
}

Note that these examples in particular assume that the payload data is already there! If it isn't, you may encounter exceptions, which you can view in exception.hpp. For more granular control of the individual PNG files, see facade::PNGPayload's base class, facade::png::Image.

For further reading about the PNG format, check out this blog post by David Buchanan! To understand the design intent of this library, check out the design section! For manipulating the PNG image directly (e.g., for writing your own steganography code), check out the usage section!