Jump to content

How to customize VI Snippets


Recommended Posts

On this LabVIEW Wiki page, the following text can be found:

The capitalization of this chunkname makes sure the code is removed if someone alters the image, thus preventing the creation of malicious snippets.

I aim to show that this is not true. While most programs will remove the code if the image is altered, it's relatively simple to use a free tool called TweakPNG to put any VI into any PNG image.

First, download TweakPNG. Now, create a VI Snippet of whatever you want. I'll be using this as an example:

post-15106-0-92388600-1341521144.png

Run TweakPNG, and you'll see the following:

post-15106-0-07515200-1341521248.png

Next, open your VI Snippet in TweakPNG.

post-15106-0-49706800-1341521321_thumb.p

Select the item that's selected in that screenshot ("niVI") and then go to Edit->Export Chunk. Save the file wherever you want; you'll need it later.

Next, open whatever image you want to put the VI into in TweakPNG. I'll be using this image:

post-15106-0-59231300-1341521654.png

You'll see the following:

post-15106-0-44274100-1341521758_thumb.p

Once again, click the item I selected ("IEND"), but now go to Edit->Import Chunk. Remember the file you saved earlier? Select that. You'll see this:

post-15106-0-15680700-1341521869_thumb.p

Finally, go to File->Save in TweakPNG (or File->Save As if you don't want to overwrite the original image) and you'll now have a VI Snippet with a custom image.

Don't believe me? Here, save this image and drag it into LabVIEW:

post-15106-0-45998900-1341521983.png

I'm not encouraging anyone to make anything malicious as mentioned in the wiki article, but this does have legitimate uses. For instance, you may want to add some extra text to a VI Snippet explaining something, but don't want it to appear when it's dragged into LabVIEW. Or you may want to scale the image down a bit so it will fit somewhere on a web page. I'm sure there are many other uses.

  • Like 1
Link to comment

On this LabVIEW Wiki page, the following text can be found:

Quote

The capitalization of this chunkname makes sure the code is removed if someone alters the image, thus preventing the creation of malicious snippets.

I aim to show that this is not true. While most programs will remove the code if the image is altered, it's relatively simple to use a free tool called TweakPNG to put any VI into any PNG image.

You are correct, the capitalization instructs editors to remove the chunk upon graphical editing. By using non-compliant tools (like Microsft Paintbrush or TweakPNG) you can bypass this.

So it's not a prevention of malicious snippets, but a precaution. NI could add info to the 'niVI' chunk that contains info about the containing file (like the complete or hashed IDAT chunk).

For instance, you may want to add some extra text to a VI Snippet explaining something, but don't want it to appear when it's dragged into LabVIEW.

The code capture tool does exactly that. It even inserts the tool name, and optionally some copyright info.

Ton

  • Like 1
Link to comment

One thing to point out is that this isn't an actual security threat - you can embed malicious code in the snippet and hide it in any number of ways, but at least today LV doesn't execute the code when it's placed, so a cleanup should reveal the hidden code. There are some exceptions to the no execution rule, such as XNodes, but since those require additional files, they can't be folded into the snippet.

That said, I never studied the snippet or VI-stream techs closely. I assume there's no way to allow arbitrary code execution there, but that doesn't mean there isn't some roundabout way to do it by embedding special data in the stream.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.