Open Source Tool Unredacter restores text that has been pixelated

Martin Brinkmann
Feb 19, 2022
Security
|
12

Unredacter is an open source tool that is designed to restore text that has been pixelated. Sharing screenshots and other images is done with the press of a button on today's devices. Users who want to protect information on these images may use various techniques to do so. One common option when it comes to textual information is to use an image editor to pixelate the data.

pixelate text

The effectiveness of the manipulation of the image depends entirely on the selected algorithm. Tools to unpixel pixelated content in images have been around for some time, and security researchers have pointed out that pixelation is particularly weak when it comes to that.

Unredacter was created by security researcher Dan Petro as a response to a challenge to reveal pixelated text published on the Jumpsec blog. The researcher's tool was successful in de-obfuscating the posted pixelated text.

ADVERTISEMENT

The open source tool has been published on GitHub. It is not an executable file and requires some manual adjustments for each image with pixelated information to work properly.

First step is to download the project to the local system. The source image needs to be edited so that only the pixelated part remains. Then, it is necessary to change the block size in the code and change the CSS as well to match the source text and to select a character set.

  1. Crop your image down to just the pixelated area. No borders, no other text. Replace secret.png with that. I recommend doing it in GiMP.
  2. Make note of the block size. (It's just size of each pixelated block) Replace blockSize in the code with that.
  3. Get the CSS just right. This is the hardest and most time-consuming part. Try entering it into test.html and view it in Chrome. Tweak it until you can replicate some sample text as exactly as possible. Pay particular attention to the word and letter spacing. If it skews, then it'll all mess up. Also the font-weight, or else things will end up too light or dark. I can't emphasize enough how critical this step is, as the whole thing really depends on being able to correctly replicate the redacted characters.
  4. Determine what character set you want to try. It's at the top of preload.ts.
  5. Press the go button and see if it works!

It is quite tedious to get it right, but someone could turn the tool into a full-fledged application to make it more user-friendly and less time consuming.

For users, it is essential that pixelation is not used anymore when it comes to obfuscating parts of text. Common options include deleting the information entirely or painting over the part using a solid color.

Now You: have you pixelated text in the past?

Summary
Open Source Tool Unredacter restores text that has been pixelated
Article Name
Open Source Tool Unredacter restores text that has been pixelated
Description
Unredacter is an open source tool that is designed to restore text that has been pixelated to obfuscate information in images.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. adw said on February 19, 2022 at 10:05 am
    Reply

    is it safer to cut out the text as opposed to pixelating it? or can that be reconstructed as well?

    1. Martin Brinkmann said on February 19, 2022 at 10:47 am
      Reply

      Cutting out is better

      1. Anonymous said on February 25, 2022 at 9:04 pm
        Reply

        Find out all

    2. Nope said on February 21, 2022 at 10:40 pm
      Reply

      Lol how would they reconstruct cut out text? What a ridiculous question.

  2. Tom Hawack said on February 19, 2022 at 4:32 pm
    Reply

    What about blurred text? I often wonder if I’ve blurred sufficiently text I wish to hide without overlaying it with a one-color shape, or just cutting it out. If you really want to be in the fake information arena — disinformation in fact —, then blur inadequately false information : the other smart guy will lose time to clear the text and discover peanuts! I know, it’s an old well-known process : a supermarket anti-theft guardian (whatever it’s called) told me once that smart kids would pretend to rob some product just to trigger the guardian’s reaction then make a fool out of him given nothing was found given nothing had been robbed. How vicious can you get? LOL. Happy WE to all.

    1. Nope said on February 21, 2022 at 10:42 pm
      Reply

      If it uses an algorythem and has poor or no randomization it can be reconstructed. Non of this is new. And by that I mean its decades old.

    2. Anonymous said on February 21, 2022 at 11:00 pm
      Reply

      Blurring is also reversable and blurring unessential text doesn’t substantially slow down the process. Just follow best practices and redact sensitive things by over writing the area with a wide, solid black mark.

  3. DrKnow said on February 21, 2022 at 1:55 am
    Reply

    Pointless review of complete junkware.
    Come on Martin you can do better to fill the content!

    1. Some Dude said on February 23, 2022 at 1:29 am
      Reply

      Pointless comment too.

      1. DrKnow said on February 24, 2022 at 1:26 am
        Reply

        Not really, Some Dude, no-one sensible redacts text by pixelation. I can’t even remember when I saw text pixelated.
        Junkware.

  4. Alexis said on February 23, 2022 at 1:52 pm
    Reply

    The point that the attacker needs to know both the original font size and type is not clearly stated in this article in my opinion.
    Moreover, the pixelised part must contains only text as the tool works by trials and comparison.

  5. Barrage said on February 24, 2022 at 6:30 am
    Reply

    It’s still a potential tool.
    Thanks

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.