Hide Messages With Ulterior

While working on a CTF a couple of weeks ago I ran across a challenge that required inspecting a web app. The page had one line of visible text, however the source showed many repeating patterns of characters(‌​) Say “Hello” to zero-width characters. These characters are called non-printing characters so they are not visible while encoded in Unicode.

Zero-width non-joiner = &zwnj

Zero-width spa​‌‌‌​‌​‌​​‌‌‌‌​‌​​​‌‌​​‌​​​‌​‌‌‌​​‌‌​‌​‌​​​‌‌​‌‌‌​‌‌‌‌‌‌​‌‌‌​‌​‌​​‌‌​​​‌​​‌‌​​​‌‌​‌‌‌‌‌‌‌​​‌‌‌​‌​​‌​​​​‌​​‌‌​​‌‌‌​​‌​‌​ce = &#8203

I started doing some research on what the purpose of these characters are and realized how interesting it would be to be able to just easily hide messages in any Unicode document.  I found this concept interesting so I started writing a program called Ulterior i​‌​‌‌​​‌​​‌​‌‌​‌​​‌​​‌​‌​​​‌‌‌‌‌​​‌​​‌‌‌​​‌‌​‌​‌‌​‌​​‌‌‌‌​‌‌‌‌‌‌​​​​‌‌​‌​​‌‌​‌​‌​​​‌​‌‌‌‌​‌‌‌‌‌‌​​‌‌​‌​‌​​‌‌​​‌‌​​‌‌​​‌‌​​‌‌​‌​‌​​‌‌‌​​‌​​​‌​‌‌‌​​‌​‌‌​‌​​​‌​​‌‌​​‌‌​‌​‌‌​‌​​​‌‌‌​‌‌‌‌‌‌‌​​‌‌​‌‌​​‌​​​​‌​​‌‌​​‌‌‌​​‌​‌​n Python, that would do all the conversions from message -> binary -> zero-width equivalent and from zero-width back to original message.  I have placed a zero-width message in the text below.

Hidden Mes​‌​‌​‌‌‌​​​‌‌​‌‌​​‌‌​‌​‌​​‌​​​‌‌​​‌‌‌​​‌​​‌​‌‌‌‌​​‌‌​‌​‌​​​‌‌​​‌‌​‌‌‌‌‌‌​​‌​​​​‌​​‌‌​​‌‌‌​‌‌‌‌‌‌​‌‌​‌‌​‌​‌​‌​‌‌sage Is Here.

The current code can be found here: https://github.com/trenchesofit/ulterior



Option 1: Convert zero width characters into message

Paste the copied text into input.txt and save the document with UTF-8 encoding.  This will preserve any zero-width characters hidden in the string.

Option 2: Conver​‌‌​‌‌‌‌​​‌​‌‌​‌​​‌‌​‌‌‌​​‌‌​‌‌‌​​‌‌​‌​‌​​‌​​​‌‌‌​‌‌‌‌‌‌​​‌​‌‌​‌​​‌​​​‌‌‌​‌‌‌‌‌‌​​​‌‌‌‌‌​​‌​​‌‌‌​​‌‌‌‌​‌​​‌​‌‌​‌​​‌​​​‌‌‌​‌‌‌‌‌‌​​​‌‌​​‌​​‌​‌‌​‌​​‌‌​​​‌​​‌​‌‌‌‌​​​‌​‌‌‌‌​‌‌‌‌​‌‌​‌‌‌‌​‌‌​‌‌‌‌​‌‌​‌‌‌‌​‌‌​‌‌‌‌‌‌‌​‌‌‌‌‌‌‌​​‌‌​​‌​​‌​​​​‌​​‌‌​​‌‌‌​​‌​‌​ts ascii text into zero width characters

Option a: Copy zero width characters into binary.

Paste the copied text into input.txt and save the document with UTF-8 encoding.  This will preserve any zero-width c​‌‌​​​‌‌‌​​‌‌‌‌‌​​​‌​‌‌‌​​‌​‌‌‌‌‌​​‌‌‌​‌​​‌​​​‌‌​​‌‌​​​‌‌​‌‌‌‌‌‌​‌‌​‌‌‌‌‌​​‌‌​​‌​​​‌‌​‌‌‌​​‌‌​​‌‌​‌‌‌‌​‌‌​‌‌‌‌​‌‌​‌‌‌‌‌‌‌​​‌​‌‌‌​​‌​​​​‌​​‌‌​​‌‌‌​​‌​‌​haracters hidden in the string.

Option b: Convert binary to ascii.

Option c: Convert ascii to binary.

Option d: Convert binary to zero width characters.

This concept can be used for a few useful purposes:

Embed message in document for accountability:
Sending confidential documents to your employees with unique zero width character messages would allow leaked data to be traced back to the original source.

Store hidden code:
Code could be converted to binary then to zero width characters and stored for use.

Hiding messages in designated area of document for another users to receive.

Note:  If partial zero-width message is copied, this will cause an error due to Ulterior being unable to convert the binary in to ascii.

I will be refining the code over time so let me know if you find any issues.

Continue hiding and revealing messages with Unicode, and until next time, stay safe in the Trenches of IT​‌​‌​​​‌​​‌‌​‌​‌​​‌​​‌‌‌​​‌​​‌‌‌‌​‌‌‌‌‌‌​​‌‌​‌‌‌​​‌​​​​‌​​‌​​​‌‌​​‌‌​‌​‌‌​‌‌‌‌‌‌​​​​‌‌​‌​​‌​​​​‌​​​‌​‌​‌​​‌​​​‌‌​​‌‌​​​‌‌​‌‌‌‌‌‌​​​‌‌‌‌‌​​‌‌‌‌​‌​​‌‌​‌‌‌​​‌‌‌‌​‌​​​‌​​​‌​​‌‌‌‌​‌​​‌​​​‌‌‌​‌​​​‌‌‌​‌‌‌‌‌‌‌​‌‌‌‌‌‌​‌‌​​‌​‌​​‌‌‌‌​‌​​​​‌‌​‌‌​‌‌‌‌‌‌​​​‌​‌‌‌​​‌​‌‌‌‌​​‌‌​‌​‌‌​‌‌‌‌‌‌​​‌‌​​‌‌​​‌​​​​‌​​​‌‌​‌‌​​‌‌‌​​‌​​‌‌​‌​‌‌​‌‌‌‌‌‌​​‌‌‌​‌‌​​‌‌​‌​‌‌​‌‌‌‌‌‌​​​‌​​​‌​​‌​‌‌​‌​​​‌​‌‌‌​​‌​‌‌‌‌‌​‌‌‌‌‌‌​​​​‌‌​‌​​‌​​​​‌​​​‌​‌​‌‌​‌‌‌‌​‌‌​‌‌‌‌​‌‌​‌‌‌‌‌‌‌​​‌​‌​‌​​‌​​​​‌​​‌‌​​‌‌‌​​‌​‌​.

Leave a Reply