R6d ago

So, I recently saw some quiet discussion about a paper where researchers reverse-engineered and disclosed some attacks against PhotoDNA, the very-super-duper-secret algorithm used by tech megacorps to scan for illegal images.

They didn't make any code public, and so... I did: https://github.com/ArcaneNibble/open-alleged-photodna

A _complete_ reverse-engineering and commented Python reimplementation of the algorithm from publicly-leaked binaries.

This means that studying the algorithm and any potential flaws is now much more accessible.

This took only about two days (once I knew that there even _was_ a leaked binary to compare against), which just goes to again show that security through obscurity never works.

🔁 encouraged

GitHub - ArcaneNibble/open-alleged-photodna: because research belongs to _everybody_

because research belongs to _everybody_. Contribute to ArcaneNibble/open-alleged-photodna development by creating an account on GitHub.

GitHub
Show threadR6d ago

I don't think I'm going to implement any of the published attacks, but other people are certainly free to have a go at it.

It's certainly scary how just one fuckywucky leak and... honestly not _that_ much research nor computational complexity can have major impacts on this algorithm. Especially when said algorithm serves a purpose that deeply affects lives....

Show threadR6d ago

Also, the leaked binary this is derived from is from 2021

If anything, it's a shock it took _this long_ for whitebox attacks and other such holes

Show threadR

Oh, and guess how much all the secrecy amounts to?

only 500 lines of Python, including comments

Mar 15 at 4:35amWeb