Shakespeare in a Zip in a RAR, Hidden in an Image on Twitter

Steganography involves hiding data in something else — for example, encoding data in a picture. [David Buchanan] used polyglot files not to hide data, but to send a large amount of data in a single Twitter post. We don’t think it quite qualifies as steganography because the image has a giant red UNZIP ME printed across it. But without it, you might not think to run a JPG image through your unzip program. If you did, though, you’d wind up with a bunch of RAR files that you could unrar and get the complete works of the Immortal Bard in a single Tweet. You can also find the source code — where else — on Twitter as another image.

What’s a polyglot file? Jpeg images have an ICC (International Color Consortium) section that defines color profiles. While Twitter strips a lot of things out of images, it doesn’t take out the ICC section. However, the ICC section can contain almost anything that fits in 64 kB up to a limit of 16 MB total.

The ZIP format is also very flexible. The pointer to the central directory is at the end of the file. Since that pointer can point anywhere, it is trivial to create a zip file with extraneous data just about anywhere in the file.

Continue reading “Shakespeare in a Zip in a RAR, Hidden in an Image on Twitter”

Alas, Poor Yorick! I Tweeted Him

yoreck the talking skull

You know Halloween is coming around when the tweet reading skulls start popping up. [Marc] wanted to bring the Halloween spirit into his workplace, so he built “Yorick”. In case you’re worried, no humans were harmed (or farmed for parts) in the creation of this hack. Yorick started life as an anatomical skull model, the type one might find in a school biology lab. Yorick’s skull provided a perfect enclosure for not one but two brains.

A Raspberry Pi handles his higher brain function. The Pi uses the Twitter API to scan for tweets to @wedurick. Once a tweet is found, it is sent to Google’s translate server. A somewhat well-known method of performing text to speech with Google translate is the next step. The procedure is simple: sending “” will return an MP3 file of the audio. To get a British accent, simply change to

The Pi pipes the audio to a speaker, and to the analog input pin of an Arduino, which handles Yorick’s lower brain functions.  The Arduino polls the audio in a tight loop.  An average of the last 3 samples is computed and mapped to a servo position. This results in an amazingly realistic and automatic mouth movement. We think this is the best part of the hack.

It wouldn’t’ be fair for [Marc] to keep the fruits of his labors to himself, so Yorick now has his own Livestream channel. Click past the break to hear Yorick’s opinion on the Hack A Day comments section! Have we mentioned that we love pandering?

Continue reading “Alas, Poor Yorick! I Tweeted Him”