The article shows how it is possible not only to hide data in an image using Least Significant Bit (LSB) manipulation, but also to create a file that is simultaneously a valid image and an executable ELF/.so binary. The author demonstrates that by combining structures (ELF headers and image format), the Pillow library successfully validates the file as an image, while the system loader interprets it as an executable module.

Using a practical example of a Python application built with FastAPI and an image validation function (processing.is_valid_image), it is shown how such a file can bypass upload filtering and remain in the system as a "safe image." Further use of such files opens the path to code execution and is complemented by techniques for embedding data into pixels and extracting it later, making the attack both stealthy and functional.

📎 Article: https://blog.babelo.xyz/posts/elf-in-the-pixels/

💬 Discuss

Hidden Code in Images: How Steganography Turns Pixels into a Data Transmission Channel