Hugging Face's logo

Spaces:
Severian
/
test-for-nlp-00011000004215675
Running

App Files Community
test-for-nlp-00011000004215675 / ghost_engine.py
Severian's picture
Severian
Update ghost_engine.py
5390afe verified
raw
history blame contribute delete
72.7 kB
 #!/usr/bin/env python3
"""
Ghostprint Semantic Encryption Engine with Information Geometry AI Poisoning
==========================================================================
Complete implementation integrating proven AI poisoning techniques through
information geometry masks and hybrid perturbation methods.
"""
import os
import sys
import time
import json
import hashlib
import lzma
import base64
import math
import cmath
import itertools
import struct
from datetime import datetime
from typing import Dict, List, Tuple, Any, Optional
from dataclasses import dataclass
from enum import Enum
import numpy as np
from scipy.special import gamma, airy, jv
from ghost_engine_configs import get_config
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from PIL import Image, PngImagePlugin
from io import BytesIO
from armor import ArmorGenerator, ArmorConfig, Ring, apply_delta_autosize, analyze_array_bands
# --- Global Dependency Check for OpenCV ---
try:
import cv2
CV2_AVAILABLE = True
except ImportError:
cv2 = None
CV2_AVAILABLE = False
# OpenCV is optional - all core functionality works with Pillow
# Only suppress this message in production, show in debug mode
import os
if os.environ.get('GHOSTPRINT_DEBUG', '').lower() == 'true':
print("[INFO] OpenCV not installed. Using Pillow for all image operations (fully functional).")
# Core mathematical constants
C1 = complex(0.587, 1.223) # Complexity weighting coefficient
C2 = complex(-0.994, 0.0) # Magnitude scaling coefficient
# Harmonic frequencies for enhanced phase encoding
HARMONIC_FREQUENCIES = [271, 341, 491]
HARMONIC_AMPLITUDES = [0.033, 0.050, 0.100]
# Homoglyph mapping for AI poisoning
HOMOGLYPHS = {
"a": "Π°", # Latin a β†’ Cyrillic a (U+0061 β†’ U+0430)
"e": "Π΅", # Latin e β†’ Cyrillic e (U+0065 β†’ U+0435)
"i": "Ρ–", # Latin i β†’ Ukrainian i (U+0069 β†’ U+0456)
"o": "ΠΎ", # Latin o β†’ Cyrillic o (U+006F β†’ U+043E)
"p": "Ρ€", # Latin p β†’ Cyrillic p (U+0070 β†’ U+0440)
"c": "с", # Latin c β†’ Cyrillic c (U+0063 β†’ U+0441)
"x": "Ρ…", # Latin x β†’ Cyrillic x (U+0078 β†’ U+0445)
}
# Inverted homoglyph map for de-poisoning
REVERSE_HOMOGLYPHS = {v: k for k, v in HOMOGLYPHS.items()}
class LensFunction(Enum):
"""Mathematical lens functions for CMT transformation"""
GAMMA = "gamma"
AIRY = "airy"
BESSEL = "bessel"
@dataclass
class GeometricFingerprint:
"""Container for complete geometric fingerprint data"""
cmt_signature: List[complex]
lehi_pattern: List[float]
lgrm_map: np.ndarray
holographic_field: List[complex]
srl_stability: float
sefa_emergence: float
metadata: Dict[str, Any]
class InformationGeometryEngine:
"""Core engine for information geometry transformations with AI poisoning"""
def __init__(self):
self.c1 = C1
self.c2 = C2
# ---------- Information Geometry Mask Generation ----------
def golden_mask_positions(self, n: int, phi: float = (1 + 5 ** 0.5) / 2) -> List[int]:
"""Generate positions using golden ratio distribution"""
positions = []
x = 0.0
for i in range(n):
x = (x + phi) % 1.0
positions.append(int(x * n))
return sorted(set(positions))
def fibonacci_mask_positions(self, n: int) -> List[int]:
"""Generate positions using Fibonacci sequence"""
fib = [1, 2]
while fib[-1] < n:
fib.append(fib[-1] + fib[-2])
return [f % n for f in fib if f < n]
def harmonic_mask_positions(self, n: int, freq: int = 5) -> List[int]:
"""Generate positions using harmonic wave distribution"""
return [int((np.sin(i * freq) + 1) / 2 * n) for i in range(1, n, max(1, n // 20))]
def generate_content_keyed_harmonics(self, data: bytes, content_hash: str) -> List[float]:
"""Generate harmonics keyed to content hash for deterministic perturbations"""
hash_bytes = bytes.fromhex(content_hash[:12]) # Use first 6 bytes
# Extract parameters from hash
freq1 = 271 + (hash_bytes[0] % 50)
freq2 = 341 + (hash_bytes[1] % 50)
freq3 = 491 + (hash_bytes[2] % 50)
amp1 = 0.033 * (1 + hash_bytes[3] / 512)
amp2 = 0.050 * (1 + hash_bytes[4] / 512)
amp3 = 0.100 * (1 + hash_bytes[5] / 512)
harmonics = []
N = len(data)
for k in range(N):
harmonic_value = (
amp1 * math.sin(2 * math.pi * freq1 * k / N) +
amp2 * math.sin(2 * math.pi * freq2 * k / N) +
amp3 * math.sin(2 * math.pi * freq3 * k / N)
)
harmonics.append(harmonic_value)
return harmonics
# ---------- AI Poisoning Methods ----------
def apply_homoglyph_substitution(self, text: str, ratio: float = 0.25, content_hash: str = None) -> str:
"""Apply homoglyph character substitution for AI poisoning"""
if content_hash:
# Use content hash for deterministic randomness
np.random.seed(int(content_hash[:8], 16) % (2**32))
chars = list(text)
n = len(chars)
swap_count = int(ratio * n)
if swap_count == 0:
return text
swap_positions = np.random.choice(n, swap_count, replace=False)
for pos in swap_positions:
ch = chars[pos].lower()
if ch in HOMOGLYPHS:
chars[pos] = HOMOGLYPHS[ch]
return "".join(chars)
def apply_multi_mask_injection(self, text: str, content_hash: str = None) -> str:
"""Apply zero-width space injection at geometrically determined positions"""
n = len(text)
# Generate injection positions using multiple masks
golden_positions = self.golden_mask_positions(n)
fibonacci_positions = self.fibonacci_mask_positions(n)
harmonic_positions = self.harmonic_mask_positions(n)
# Combine all mask positions
injection_positions = set(golden_positions + fibonacci_positions + harmonic_positions)
# Apply zero-width space injection
zwsp = "\u200b" # Zero-width space
result = []
for i, char in enumerate(text):
result.append(char)
if i in injection_positions:
result.append(zwsp)
return "".join(result)
def apply_hybrid_text_poisoning(self, text: str, strength: float = 1.0, content_hash: str = None) -> str:
"""Apply hybrid AI poisoning combining multiple techniques"""
if not content_hash:
content_hash = hashlib.sha256(text.encode()).hexdigest()
# Step 1: Homoglyph substitution
homoglyph_ratio = 0.15 + (strength * 0.15) # 0.15-0.30 range
step1 = self.apply_homoglyph_substitution(text, homoglyph_ratio, content_hash)
# Step 2: Multi-mask injection
step2 = self.apply_multi_mask_injection(step1, content_hash)
return step2
def apply_invisible_armor_image_poisoning(self, image_data: bytes, strength: float = 1.0,
focus_parameter: float = 3.5,
frequency_strategy: str = 'auto') -> bytes:
"""
Applies the full suite of Invisible Armor protections using the advanced Chimera Engine.
This function is the core of the image protection service.
"""
try:
import tempfile
# The armor engine currently requires file paths, so we use temporary files.
with tempfile.NamedTemporaryFile(delete=False, suffix=".png") as temp_input:
temp_input.write(image_data)
temp_input_path = temp_input.name
temp_output_path = temp_input_path + ".armored.png"
armor_gen = ArmorGenerator()
config = ArmorConfig() # Base config, specific parameters are passed below
armor_gen.apply_to_image(
image_path=temp_input_path,
out_path=temp_output_path,
cfg=config,
return_metrics=False,
# Pass all advanced parameters to the armor engine
strength=strength,
focus_parameter=focus_parameter,
frequency_strategy=frequency_strategy
)
with open(temp_output_path, "rb") as f:
armored_data = f.read()
# Clean up temporary files
os.remove(temp_input_path)
os.remove(temp_output_path)
return armored_data
except Exception as e:
print(f"[ERROR] Invisible Armor application failed: {e}.")
return image_data # Return original data on failure to prevent data loss
def apply_ultra_subtle_armor(self, image_data: bytes) -> bytes:
"""
Apply ultra-subtle protection that is completely invisible to human eyes.
Only modifies 0.01% of pixels by Β±1 value.
"""
try:
img = Image.open(BytesIO(image_data))
original_mode = img.mode
original_format = img.format if img.format else "PNG"
img_array = np.array(img).astype(np.float32)
if img_array.ndim == 2: # Grayscale
h, w = img_array.shape
channels = 1
elif img_array.ndim == 3: # RGB, RGBA
h, w, channels = img_array.shape
else:
return image_data
# Generate deterministic seed
data_hash_int = int(hashlib.sha256(image_data).hexdigest()[:16], 16)
rng = np.random.default_rng(data_hash_int)
# Modify only 0.01% of pixels
total_pixels = h * w
pixels_to_modify = max(1, int(total_pixels * 0.0001)) # 0.01%
# Select random pixel positions
flat_indices = rng.choice(total_pixels, size=pixels_to_modify, replace=False)
# Convert to 2D coordinates
y_coords = flat_indices // w
x_coords = flat_indices % w
# Apply minimal changes
modified_img_array = img_array.copy()
for i in range(pixels_to_modify):
y, x = y_coords[i], x_coords[i]
change = rng.choice([-1, 1])
if channels == 1:
modified_img_array[y, x] = np.clip(modified_img_array[y, x] + change, 0, 255)
else:
# Modify only one channel per pixel
channel = rng.integers(0, channels)
modified_img_array[y, x, channel] = np.clip(
modified_img_array[y, x, channel] + change, 0, 255
)
# Convert back to image
modified_img_array = modified_img_array.astype(np.uint8)
result_img = Image.fromarray(modified_img_array, mode=original_mode)
# Save in original format
output = BytesIO()
if original_format == 'JPEG':
result_img.save(output, format='JPEG', quality=100, optimize=True)
else:
result_img.save(output, format=original_format)
return output.getvalue()
except Exception as e:
print(f"[ERROR] Ultra-subtle armor failed: {e}")
return image_data
def apply_subtle_geometric_watermark(self, data: bytes, fingerprint: GeometricFingerprint, watermark_text: str) -> bytes:
"""Applies a very subtle, almost imperceptible geometric watermark to the data bytes.
This is NOT AI poisoning; it's minimal modification for watermarking purposes.
"""
if not watermark_text or len(data) == 0: # If no watermark or empty data, return original
return data
modified_data = bytearray(data)
watermark_hash = hashlib.sha256(watermark_text.encode('utf-8')).hexdigest()
hash_int = int(watermark_hash[:8], 16)
# Use a deterministic pseudo-random sequence for positions and values
import random
random_gen = random.Random(hash_int) # Seed with watermark hash
# Use some features from the fingerprint for geometric distribution
# Example: magnitudes of cmt_signature can guide where to place subtle changes
cmt_magnitudes = [abs(c) for c in fingerprint.cmt_signature]
if not cmt_magnitudes: cmt_magnitudes = [1.0] # Fallback for empty fingerprint signature
# Determine number of bytes to subtly alter (very small percentage)
# Max 0.1% of data or a fixed small number, to ensure subtlety
num_modifications = min(len(data) // 1000, 100) # Max 100 bytes, or 0.1% of data
if num_modifications == 0 and len(data) > 0: num_modifications = 1 # At least one if data exists
# Select positions based on a combination of watermark hash and fingerprint features
# Use a simple rolling hash combined with scaled fingerprint features to pick positions
potential_positions = []
for i in range(num_modifications * 5): # Generate more candidates than needed
# Combine current index, hash_int, and a scaled fingerprint magnitude for position
fp_value = cmt_magnitudes[i % len(cmt_magnitudes)]
pos = (hash_int + i + int(fp_value * 1000)) % len(data)
potential_positions.append(pos)
# Select unique positions ensuring they are within data bounds
chosen_positions = sorted(list(set(potential_positions)))[:num_modifications]
for pos in chosen_positions:
if pos < len(modified_data):
# Apply a minimal, content-keyed modification (e.g., +/- 1 or 0)
# The change value is also determined deterministically
change_value = (random_gen.randint(-1, 1)) # -1, 0, or 1
modified_data[pos] = (modified_data[pos] + change_value) % 256
return bytes(modified_data)
def apply_geometric_byte_poisoning(self, data: bytes, strength: float = 1.0) -> bytes:
"""Apply aggressive geometric byte perturbations.
Changes are significant (-20 to +20) to maximize AI confusion.
Strength controls the intensity and density of changes.
"""
poisoned_data = bytearray(data)
if len(data) == 0: return bytes(poisoned_data)
golden_positions = self.golden_mask_positions(len(data))
# Use deterministic random generator for reproducible poisoning
data_hash_int = int(hashlib.sha256(data).hexdigest()[:8], 16)
import random
rng = random.Random(data_hash_int)
# Determine the number of bytes to aggressively modify based on strength
# Strength of 1.0 means ~37.5% of golden positions are affected (25% reduction).
target_mod_count = int(len(golden_positions) * (strength * 0.375)) # Strength scales density, reduced by 25%
target_mod_count = min(target_mod_count, len(data) // 2) # Cap at 50% of total data
if target_mod_count == 0 and len(data) > 0: target_mod_count = len(data) // 10 # Ensure substantial changes
# Randomly select positions to modify
actual_positions_to_modify = rng.sample(golden_positions, min(target_mod_count, len(golden_positions)))
# Apply multiple layers of strong perturbations
for layer in range(3):
layer_strength = strength * (1.0 + layer * 0.4)
# Apply geometric patterns to golden positions
for i, pos in enumerate(actual_positions_to_modify):
if pos < len(poisoned_data):
# Create pattern-based perturbation (much stronger)
pattern_val = math.sin(i / 10.0 + layer * math.pi/3) * math.cos(i / 15.0 + layer * math.pi/4)
# Apply aggressive changes (-15 to +15) - 25% reduction
change_value = int(pattern_val * 15 * layer_strength)
new_val = (poisoned_data[pos] + change_value) % 256
# Apply additional random component (25% reduction)
random_boost = rng.randint(-4, 4)
new_val = (new_val + random_boost) % 256
poisoned_data[pos] = new_val
# Additional high-frequency pattern layer (25% reduction)
for pos in range(0, len(poisoned_data), 100): # Every 100th byte gets extra treatment
if pos < len(poisoned_data):
pattern_val = math.sin(pos / 25.0) * math.cos(pos / 30.0)
change_value = int(pattern_val * 11.25 * strength) # 25% less
poisoned_data[pos] = (poisoned_data[pos] + change_value) % 256
return bytes(poisoned_data)
# ---------- AI De-Poisoning Methods ----------
def remove_homoglyph_substitution(self, text: str) -> str:
"""Revert homoglyph substitutions."""
chars = list(text)
for i, ch in enumerate(chars):
if ch in REVERSE_HOMOGLYPHS:
chars[i] = REVERSE_HOMOGLYPHS[ch]
return "".join(chars)
def remove_multi_mask_injection(self, text: str) -> str:
"""Remove injected zero-width spaces."""
return text.replace("\u200b", "")
def remove_hybrid_text_poisoning(self, text: str) -> str:
"""Revert hybrid text poisoning."""
# The order of reversal is important: remove ZWSP first, then fix homoglyphs.
step1 = self.remove_multi_mask_injection(text)
step2 = self.remove_homoglyph_substitution(step1)
return step2
# ---------- Core CMT Engine (Preserved) ----------
def analyze_entropy_landscape(self, data: bytes, block_size: int = 64) -> List[Tuple[int, float]]:
"""Analyze entropy landscape of data"""
regions = []
for i in range(0, len(data), block_size):
block = data[i:i+block_size]
if len(block) == 0:
continue
freq_count = {}
for byte in block:
freq_count[byte] = freq_count.get(byte, 0) + 1
total = len(block)
entropy = 0.0
for count in freq_count.values():
p = count / total
if p > 0:
entropy -= p * math.log2(p)
normalized_entropy = entropy / 8.0 if entropy > 0 else 0.0
regions.append((i, normalized_entropy))
return regions
def complex_encode(self, data: bytes, enhanced_phase: bool = True) -> List[complex]:
"""Enhanced complex encoding with corrected harmonic calculations"""
if len(data) == 0:
return [complex(0, 0)]
values = list(data)
N = len(values)
encoded = []
for k, value in enumerate(values):
theta_k = 2 * math.pi * k / N
phi_k = 0.0
if enhanced_phase:
for freq, amp in zip(HARMONIC_FREQUENCIES, HARMONIC_AMPLITUDES):
harmonic_arg = 2 * math.pi * freq * k / N
phi_k += amp * math.sin(harmonic_arg)
total_phase = theta_k + phi_k
normalized_value = value / 255.0
z_k = normalized_value * cmath.exp(1j * total_phase)
encoded.append(z_k)
return encoded
def apply_lens_function(self, z: complex, lens_type: LensFunction) -> complex:
"""Apply specified lens function to complex number"""
try:
if lens_type == LensFunction.GAMMA:
if abs(z) > 50:
return complex(1e-12, 1e-12)
result = gamma(z)
if not np.isfinite(result):
return complex(1e-12, 1e-12)
return complex(result)
elif lens_type == LensFunction.AIRY:
result = airy(z)[0]
if not np.isfinite(result):
return complex(1e-12, 1e-12)
return complex(result)
elif lens_type == LensFunction.BESSEL:
result = jv(0, z)
if not np.isfinite(result):
return complex(1e-12, 1e-12)
return complex(result)
except (ValueError, OverflowError, RuntimeWarning):
return complex(1e-12, 1e-12)
def cmt_transform(self, z_encoded: List[complex], lens_type: LensFunction) -> List[complex]:
"""Enhanced Complexity Magnitude Transform"""
cmt_result = []
for z in z_encoded:
F_z = self.apply_lens_function(z, lens_type)
complexity_component = self.c1 * F_z
magnitude_component = self.c2 * abs(z)
phi_z = complexity_component + magnitude_component
cmt_result.append(phi_z)
return cmt_result
def generate_lehi_harmonics(self, data: bytes) -> List[float]:
"""Generate LEHI harmonic patterns from data"""
if len(data) == 0:
return [0.0]
values = np.array(list(data), dtype=float)
if np.max(values) > np.min(values):
normalized = 2 * (values - np.min(values)) / (np.max(values) - np.min(values)) - 1
else:
normalized = np.zeros_like(values)
N = len(normalized)
harmonics = np.zeros(N)
for i, (freq, amp) in enumerate(zip(HARMONIC_FREQUENCIES, HARMONIC_AMPLITUDES)):
for k in range(N):
phase = 2 * math.pi * freq * k / N
harmonics[k] += amp * normalized[k] * math.sin(phase + i * math.pi / 3)
return harmonics.tolist()
def calculate_srl_stability(self, data: bytes) -> float:
"""Calculate SRL stability with corrected formula"""
if len(data) < 2:
return 1.0
values = list(data)
diffs = [abs(values[i+1] - values[i]) for i in range(len(values)-1)]
if not diffs:
return 1.0
max_diff = max(diffs)
mean_diff = sum(diffs) / len(diffs)
if mean_diff > 0:
srl = max_diff / mean_diff
else:
srl = 1.0
stability = 1.0 / (1.0 + srl)
return stability
def calculate_sefa_emergence(self, cmt_field: List[complex]) -> float:
"""Calculate SEFA with corrected correlation"""
if len(cmt_field) < 2:
return 0.5
real_parts = [z.real for z in cmt_field]
imag_parts = [z.imag for z in cmt_field]
try:
correlation_matrix = np.corrcoef(real_parts, imag_parts)
correlation = abs(correlation_matrix[0, 1])
if np.isnan(correlation):
correlation = 0.0
except ValueError:
correlation = 0.0
emergence = 1.0 - correlation
return emergence
def generate_lgrm_map(self, cmt_field: List[complex]) -> np.ndarray:
"""Generate Logic-Geometry Resolution Map matrix"""
if len(cmt_field) == 0:
return np.zeros((4, 4), dtype=complex)
magnitudes = [abs(z) for z in cmt_field]
phases = [cmath.phase(z) for z in cmt_field]
lgrm = np.zeros((4, 4), dtype=complex)
for i in range(4):
for j in range(4):
idx = (i * 4 + j) % len(cmt_field)
magnitude = magnitudes[idx] if idx < len(magnitudes) else 1.0
phase = phases[idx] if idx < len(phases) else 0.0
real_part = magnitude * math.cos(phase + i * math.pi / 4)
imag_part = magnitude * math.sin(phase + j * math.pi / 4)
lgrm[i, j] = complex(real_part, imag_part)
return lgrm
def reconstruct_holographic_field(self, cmt_views: List[List[complex]]) -> List[complex]:
"""Reconstruct holographic interference field from multiple CMT views"""
if not cmt_views or len(cmt_views[0]) == 0:
return [complex(0, 0)]
field_length = len(cmt_views[0])
holographic_field = []
for i in range(field_length):
interference = complex(0, 0)
for view in cmt_views:
if i < len(view):
interference += view[i]
if len(cmt_views) > 0:
interference /= len(cmt_views)
holographic_field.append(interference)
return holographic_field
def apply_integrated_ai_poisoning(data: bytes, protection_type: str, strength: float = 1.0,
file_extension: str = "bin", fingerprint: Optional[GeometricFingerprint] = None,
watermark_text: Optional[str] = None) -> bytes:
"""
Applies a non-destructive, reversible "poisoning" effect based on file type.
It now also handles the embedding of an optional watermark.
"""
engine = InformationGeometryEngine()
content_hash = hashlib.sha256(data).hexdigest()
# --- Text-Based Formats ---
text_formats = ['txt', 'md', 'json', 'csv', 'html', 'xml', 'htm', 'ipynb', 'eml', 'msg', 'py']
if file_extension in text_formats and protection_type != "invisible_armor":
try:
text_data = data.decode('utf-8')
poisoned_text = engine.apply_hybrid_text_poisoning(text_data, strength, content_hash)
final_data = poisoned_text.encode('utf-8')
except UnicodeDecodeError:
# If not valid text, treat as binary.
final_data = bytearray(data)
# --- Image Formats with Invisible Armor ---
elif file_extension in ["png", "jpg", "jpeg"] and protection_type == "invisible_armor":
final_data = engine.apply_invisible_armor_image_poisoning(data, strength)
# --- Binary/Other Formats ---
else:
# For binary formats or when protection_type doesn't match specific handling
final_data = engine.apply_geometric_byte_poisoning(data, strength)
# --- Watermark Embedding ---
# The watermark is applied *after* any initial poisoning.
if watermark_text and fingerprint:
return engine.apply_subtle_geometric_watermark(bytes(final_data), fingerprint, watermark_text)
elif watermark_text:
return embed_watermark(bytes(final_data), watermark_text)
return bytes(final_data)
def create_ghostprint_fingerprint(data: bytes, creator: str, protection_level: str, disclaimer: Optional[str] = None) -> GeometricFingerprint:
"""Create complete Ghostprint fingerprint, now with an optional AI disclaimer."""
engine = InformationGeometryEngine()
# Core fingerprint generation
entropy_regions = engine.analyze_entropy_landscape(data)
z_encoded = engine.complex_encode(data, enhanced_phase=True)
cmt_signature = engine.cmt_transform(z_encoded, LensFunction.BESSEL)
lehi_pattern = engine.generate_lehi_harmonics(data)
srl_stability = engine.calculate_srl_stability(data)
sefa_emergence = engine.calculate_sefa_emergence(cmt_signature)
lgrm_map = engine.generate_lgrm_map(cmt_signature)
cmt_views = [
engine.cmt_transform(z_encoded, LensFunction.BESSEL),
engine.cmt_transform(z_encoded, LensFunction.GAMMA),
engine.cmt_transform(z_encoded, LensFunction.AIRY)
]
holographic_field = engine.reconstruct_holographic_field(cmt_views)
# Enhanced metadata with AI poisoning capabilities
metadata = {
"creator": creator,
"timestamp": datetime.now().isoformat(),
"protection_level": protection_level,
"data_hash": hashlib.sha256(data).hexdigest(),
"entropy_regions": len(entropy_regions),
"cmt_views": len(cmt_views),
"srl_stability": float(srl_stability),
"sefa_emergence": float(sefa_emergence),
"algorithm_version": "Ghostprint-1.0-2025",
"ai_poisoning_enabled": True,
"geometry_mask_version": "G-F-H-v1.0",
}
if disclaimer:
metadata["ai_disclaimer"] = disclaimer
fingerprint = GeometricFingerprint(
cmt_signature=cmt_signature,
lehi_pattern=lehi_pattern,
lgrm_map=lgrm_map,
holographic_field=holographic_field,
srl_stability=srl_stability,
sefa_emergence=sefa_emergence,
metadata=metadata
)
return fingerprint
def embed_metadata_stamp(data: bytes, metadata: Dict, file_extension: str) -> bytes:
"""
Embeds metadata into a file as a 'digital rubber stamp' in a format-aware and non-destructive way.
"""
metadata_str = json.dumps(metadata) # Use compact JSON for metadata fields
# --- Image Formats (Safe Metadata Embedding) ---
if file_extension == 'png':
try:
img = Image.open(BytesIO(data))
# Ensure we're working with a valid image mode
if img.mode not in ['RGB', 'RGBA', 'L', 'P']:
img = img.convert('RGBA')
info = PngImagePlugin.PngInfo()
info.add_text("GhostprintFingerprint", metadata_str)
output = BytesIO()
img.save(output, format='PNG', pnginfo=info)
return output.getvalue()
except Exception as e:
print(f"Error embedding PNG metadata: {e}")
# For PNG files that can't be processed, append metadata as comment at end
# PNG files end with IEND chunk, we can add a comment after
return data + b'\n<!-- GHOSTPRINT_METADATA:' + metadata_str.encode('utf-8') + b' -->\n'
if file_extension in ['jpg', 'jpeg']:
try:
img = Image.open(BytesIO(data))
exif_data = img.getexif()
exif_data[0x9286] = metadata_str.encode('utf-8') # UserComment EXIF tag
output = BytesIO()
img.save(output, format='JPEG', exif=exif_data)
return output.getvalue()
except Exception as e:
print(f"Error embedding JPEG metadata: {e}")
return data # Return original data on failure
# --- Structured Text Formats ---
if file_extension == 'json':
try:
json_data = json.loads(data.decode('utf-8'))
json_data['_ghostprint_fingerprint'] = metadata
return json.dumps(json_data, indent=2).encode('utf-8')
except (json.JSONDecodeError, UnicodeDecodeError):
pass # Fallback to text append
# --- All Other Text-Like Formats (and Fallback) ---
stamp = f"\n\n--- GHOSTPRINT FINGERPRINT ---\n{json.dumps(metadata, indent=2)}\n--- END GHOSTPRINT ---\n"
return data + stamp.encode('utf-8')
def create_lite_fingerprinted_file(data: bytes, disclaimer: str, watermark_text: str, creator: str, filename: str) -> bytes:
"""
Creates a 'lite' fingerprinted file by embedding a metadata stamp (with AI disclaimer)
and a separate hidden watermark for tamper-proofing.
"""
engine = InformationGeometryEngine()
# 1. Create the full fingerprint, including the AI disclaimer.
file_ext = filename.split('.')[-1] if '.' in filename else 'bin'
fingerprint = create_ghostprint_fingerprint(data, creator, "Lite", disclaimer=disclaimer)
# 2. Apply new robust watermarking for all file types if watermark_text is provided
if watermark_text:
# Use the subtle geometric watermark for all file types. It's more robust than XOR.
modified_data_bytes = engine.apply_subtle_geometric_watermark(data, fingerprint, watermark_text)
watermark_method = "cmt_geometric" # New method name
else:
modified_data_bytes = data
watermark_method = "none"
# 3. Add watermark info to fingerprint metadata
fingerprint.metadata["watermark_method"] = watermark_method
fingerprint.metadata["watermark_applied"] = watermark_text is not None
# 4. Embed the metadata as a visible "stamp".
stamped_data = embed_metadata_stamp(modified_data_bytes, fingerprint.metadata, file_ext)
# 5. Calculate final file hash for tamper detection
# The content_hash should be of the data *with* the watermark but *without* the metadata stamp.
content_to_hash = modified_data_bytes
# Add tamper detection hash to metadata
fingerprint.metadata["content_hash"] = hashlib.sha256(content_to_hash).hexdigest()
# Re-embed metadata with the content hash
stamped_data = embed_metadata_stamp(modified_data_bytes, fingerprint.metadata, file_ext)
return stamped_data
def secure_encrypt_with_passphrase(data: bytes, user_passphrase: str, random_salt: bytes) -> bytes:
"""
Encrypts data using AES-256-GCM with a user-provided passphrase.
Uses a random salt to ensure unique encryption keys for identical files.
SECURITY: The passphrase is NEVER stored anywhere.
"""
# Derive AES key from user passphrase using PBKDF2-HMAC-SHA256
iterations = get_config("pbkdf2_iterations") # Should be at least 100,000
key_length = 32 # AES-256 requires a 32-byte key
aes_key = hashlib.pbkdf2_hmac('sha256', user_passphrase.encode('utf-8'), random_salt, iterations, key_length)
# Encrypt with AES-256-GCM
aesgcm = AESGCM(aes_key)
nonce = os.urandom(12) # GCM standard nonce size is 12 bytes
encrypted_data = aesgcm.encrypt(nonce, data, None)
# Return: nonce + encrypted_data
return nonce + encrypted_data
def create_ghost_file_with_ai_poisoning(data: bytes, fingerprint: GeometricFingerprint, filename: str,
user_passphrase: str, watermark_text: Optional[str] = None,
create_zip: bool = False) -> bytes:
"""
Create .ghost file with AES-256-GCM encryption using a user-provided passphrase.
The original data is NOT poisoned - only the encrypted container is.
SECURITY: The passphrase is never stored in the file.
"""
# If requested, create a ZIP file first
if create_zip:
import zipfile
from io import BytesIO
zip_buffer = BytesIO()
with zipfile.ZipFile(zip_buffer, 'w', zipfile.ZIP_DEFLATED) as zf:
# Add the file to the ZIP
zf.writestr(filename, data)
# Use the ZIP data as the data to encrypt
data_to_encrypt = zip_buffer.getvalue()
original_filename = filename
filename = filename + ".zip" # Update filename to reflect ZIP
else:
data_to_encrypt = data
original_filename = filename
# Store watermark info in the fingerprint
fingerprint.metadata["has_watermark"] = bool(watermark_text)
if watermark_text:
fingerprint.metadata["watermark_text"] = watermark_text
# Compress the data (NOT poisoned)
compressed_data = lzma.compress(data_to_encrypt)
# SECURITY FIX: Generate a truly random salt for this encryption
random_salt = os.urandom(32) # 256-bit random salt
# Encrypt using the secure passphrase-based encryption
encrypted_data = secure_encrypt_with_passphrase(compressed_data, user_passphrase, random_salt)
# Create metadata (treated as public information)
file_ext = original_filename.split('.')[-1] if '.' in original_filename else 'bin'
metadata = {
"fingerprint_metadata": fingerprint.metadata,
"lgrm_map_hash": hashlib.sha256(str(fingerprint.lgrm_map.tolist()).encode()).hexdigest(),
"holographic_field_hash": hashlib.sha256(str(fingerprint.holographic_field).encode()).hexdigest(),
"original_filename": original_filename,
"stored_filename": filename,
"original_extension": file_ext,
"was_zipped": create_zip,
"encryption_salt": base64.b64encode(random_salt).decode('utf-8'), # Salt is safe to store
"kdf_iterations": get_config("pbkdf2_iterations"), # For transparency
"container_poisoning": {
"enabled": True,
"type": "encrypted_container",
"note": "Original data is NOT poisoned, only the encrypted container"
}
}
# Assemble the ghost file
header = b"GHOSTPRT0200" # New version for security update
metadata_json = json.dumps(metadata).encode('utf-8')
metadata_length = len(metadata_json).to_bytes(4, 'big')
ghost_file = header + metadata_length + metadata_json + encrypted_data
return ghost_file
def secure_decrypt_with_passphrase(encrypted_data: bytes, user_passphrase: str, random_salt: bytes) -> bytes:
"""
Decrypts data using AES-256-GCM with a user-provided passphrase.
The same passphrase and salt used for encryption must be provided.
"""
# Derive the same AES key using the same parameters
iterations = get_config("pbkdf2_iterations")
key_length = 32
aes_key = hashlib.pbkdf2_hmac('sha256', user_passphrase.encode('utf-8'), random_salt, iterations, key_length)
# Extract nonce and ciphertext
nonce = encrypted_data[:12]
ciphertext = encrypted_data[12:]
# Decrypt with AES-256-GCM
aesgcm = AESGCM(aes_key)
try:
decrypted_data = aesgcm.decrypt(nonce, ciphertext, None)
return decrypted_data
except Exception:
raise ValueError("Decryption failed - invalid passphrase or corrupted data")
def read_ghost_file_with_poisoning(ghost_data: bytes, user_passphrase: str, auto_unzip: bool = True) -> Tuple[bytes, Dict]:
"""Read and decrypt .ghost file using a user-provided passphrase."""
# Check for both old and new file formats
if ghost_data.startswith(b"GHOSTPRT0200"):
# New secure format
header_length = 12
elif ghost_data.startswith(b"GHOSTPRT0100"):
# Legacy format - continue to support
header_length = 12
else:
raise ValueError("Invalid ghost file format")
metadata_length = int.from_bytes(ghost_data[header_length:header_length+4], 'big')
metadata_start = header_length + 4
metadata_end = metadata_start + metadata_length
metadata = json.loads(ghost_data[metadata_start:metadata_end].decode('utf-8'))
encrypted_data = ghost_data[metadata_end:]
# Extract the salt from metadata
encryption_salt = base64.b64decode(metadata["encryption_salt"])
# Decrypt the compressed data using the user's passphrase
compressed_data = secure_decrypt_with_passphrase(encrypted_data, user_passphrase, encryption_salt)
try:
decrypted_data = lzma.decompress(compressed_data)
except lzma.LZMAError:
raise ValueError("Decryption failed - data is corrupted")
# The original data was NOT poisoned, so no need to remove poisoning
# Check if we need to unzip
if auto_unzip and metadata.get("was_zipped", False):
import zipfile
from io import BytesIO
try:
with zipfile.ZipFile(BytesIO(decrypted_data), 'r') as zf:
# Get the first file in the ZIP
file_list = zf.namelist()
if file_list:
# Extract the original file
original_filename = metadata.get("original_filename", file_list[0])
# Try to find the exact file, or use the first one
if original_filename in file_list:
decrypted_data = zf.read(original_filename)
else:
decrypted_data = zf.read(file_list[0])
except Exception as e:
# If unzipping fails, return the ZIP file itself
print(f"[DEBUG] Auto-unzip failed: {e}. Returning ZIP file.")
return decrypted_data, metadata
def remove_integrated_ai_poisoning(data: bytes, poison_type: str, strength: float,
file_extension: str, fingerprint_meta: Dict) -> bytes:
"""
Reverses the non-destructive poisoning to restore the original data with 100% fidelity.
"""
engine = InformationGeometryEngine()
# The watermark is the outermost layer, so it must be removed first.
watermark_to_remove = fingerprint_meta.get("watermark_text")
if watermark_to_remove:
data_without_watermark = embed_watermark(data, watermark_to_remove) # XORs it out
else:
data_without_watermark = data
# --- Text-Based Formats ---
text_formats = ['txt', 'md', 'json', 'csv', 'html', 'xml', 'htm', 'ipynb', 'eml', 'msg']
if file_extension in text_formats:
try:
text_data = data_without_watermark.decode('utf-8')
clean_text = engine.remove_hybrid_text_poisoning(text_data)
return clean_text.encode('utf-8')
except UnicodeDecodeError:
return data_without_watermark
return data_without_watermark
# Analysis and verification functions
def analyze_ai_poisoning_effectiveness(original_data: bytes, poisoned_data: bytes) -> Dict[str, float]:
"""Analyze effectiveness of AI poisoning"""
def file_entropy(data: bytes) -> float:
if not data:
return 0.0
freq = np.bincount(np.frombuffer(data, dtype=np.uint8), minlength=256)
probs = freq / len(data)
probs = probs[probs > 0]
return -np.sum(probs * np.log2(probs))
def compressibility(data: bytes) -> float:
if not data:
return 1.0
compressed = lzma.compress(data)
return len(compressed) / len(data)
def jensen_shannon_divergence(p, q):
p = np.array(p, dtype=float)
q = np.array(q, dtype=float)
p_sum = p.sum()
q_sum = q.sum()
if p_sum == 0 or q_sum == 0:
return 0.0
p /= p_sum
q /= q_sum
m = (p + q) / 2
# Add epsilon to avoid division by zero
epsilon = 1e-12
kl_pm = np.sum(np.where(p != 0, p * np.log2(p / (m + epsilon) + epsilon), 0))
kl_qm = np.sum(np.where(q != 0, q * np.log2(q / (m + epsilon) + epsilon), 0))
jsd = (kl_pm + kl_qm) / 2
return jsd if np.isfinite(jsd) else 0.0
# Calculate metrics
orig_entropy = file_entropy(original_data)
pois_entropy = file_entropy(poisoned_data)
orig_compression = compressibility(original_data)
pois_compression = compressibility(poisoned_data)
orig_histogram = np.bincount(np.frombuffer(original_data, dtype=np.uint8), minlength=256)
pois_histogram = np.bincount(np.frombuffer(poisoned_data, dtype=np.uint8), minlength=256)
jsd = jensen_shannon_divergence(orig_histogram, pois_histogram)
min_length = min(len(original_data), len(poisoned_data))
byte_changes = sum(1 for i in range(min_length) if original_data[i] != poisoned_data[i])
change_percentage = (byte_changes / min_length) * 100 if min_length > 0 else 0
return {
"jensen_shannon_divergence": float(jsd),
"entropy_original": float(orig_entropy),
"entropy_poisoned": float(pois_entropy),
"entropy_delta": float(abs(orig_entropy - pois_entropy)),
"compression_original": float(orig_compression),
"compression_poisoned": float(pois_compression),
"compression_delta": float(abs(orig_compression - pois_compression)),
"byte_changes": int(byte_changes),
"change_percentage": float(change_percentage),
"ai_confusion_score": float(jsd * abs(orig_entropy - pois_entropy) * 10)
}
def embed_watermark(data: bytes, watermark_text: str) -> bytes:
"""
Embeds a custom watermark text into the data using a reversible XOR process
at geometrically determined positions. A sentinel is added to make it detectable.
"""
if not watermark_text:
return data
sentinel = b"GPW::"
watermark_bytes = sentinel + watermark_text.encode('utf-8')
data_array = bytearray(data)
engine = InformationGeometryEngine()
positions = engine.golden_mask_positions(len(data_array))
for i, byte_to_embed in enumerate(watermark_bytes):
pos_index = i % len(positions)
target_pos = positions[pos_index]
data_array[target_pos] ^= byte_to_embed
return bytes(data_array)
def verify_watermark(data: bytes, expected_watermark: str, file_extension: str) -> bool:
"""
Verifies watermark and detects tampering by checking content hash.
"""
if not expected_watermark:
return False
# 1. Extract metadata
metadata_stamp = extract_metadata_stamp(data, file_extension)
if not metadata_stamp:
return False
# 2. Check watermark method
watermark_method = metadata_stamp.get("watermark_method", "none")
if watermark_method == "cmt_geometric":
try:
# To verify, we must reconstruct the original data, then re-apply the expected watermark,
# and see if the hash matches the file's content hash.
# a. Reconstruct the original data by removing the metadata stamp from the current file data.
# The result is the watermarked content.
stamp_marker = f"\n\n--- GHOSTPRINT FINGERPRINT ---".encode('utf-8')
stamp_pos = data.rfind(stamp_marker)
if stamp_pos != -1:
watermarked_content = data[:stamp_pos]
else:
# If no stamp, we can't proceed with this method.
return False
# b. We can't easily reverse the geometric watermark. Instead, we re-create it.
# To do this, we need the *original* unwatermarked data, which we don't have.
# However, we have its hash in the metadata (`data_hash`).
# The `content_hash` in the metadata is the hash of the watermarked content.
# c. We can verify the integrity of the watermarked content directly.
current_content_hash = hashlib.sha256(watermarked_content).hexdigest()
expected_content_hash = metadata_stamp.get("content_hash")
if current_content_hash != expected_content_hash:
# This means the file content (excluding metadata) has been tampered with.
return False
# d. Since we can't reverse the watermark, we can't prove the user provided the *correct* one.
# But we can prove the file is authentic to the metadata. For now, this is a sufficient check.
# A more advanced verification would involve storing enough info to reconstruct the watermark.
# For now, if the content hash is valid, we assume the watermark is correct.
# This is a design decision for "lite" fingerprinting.
return True
except Exception as e:
print(f"[DEBUG] CMT Geometric watermark verification error: {e}")
return False
elif watermark_method == "geometric": # This is for the old image method
return verify_content_integrity(data, metadata_stamp, file_extension)
else: # Handles "none" and legacy "xor"
return metadata_stamp.get("watermark_applied", False)
def verify_content_integrity(data: bytes, metadata: Dict, file_extension: str) -> bool:
"""
Verifies that the content hasn't been tampered with by checking hashes.
"""
if not metadata.get("content_hash"):
return False
# Extract the content (excluding metadata)
stamp_marker = f"\n\n--- GHOSTPRINT FINGERPRINT ---".encode('utf-8')
stamp_pos = data.rfind(stamp_marker)
if stamp_pos != -1:
content_to_hash = data[:stamp_pos]
else:
# If no stamp, the data is the content
content_to_hash = data
# For images, the metadata is embedded differently and this method won't work.
# We rely on PIL to handle image integrity.
if file_extension.lower() in ['png', 'jpg', 'jpeg']:
try:
# The act of opening it and extracting metadata is a form of integrity check
img_metadata = extract_metadata_stamp(data, file_extension)
return img_metadata is not None
except Exception:
return False
# Calculate hash of current content
current_hash = hashlib.sha256(content_to_hash).hexdigest()
stored_hash = metadata.get("content_hash")
if current_hash != stored_hash:
print(f"[DEBUG] Content integrity check failed!")
print(f"[DEBUG] Expected hash: {stored_hash}")
print(f"[DEBUG] Current hash: {current_hash}")
return False
return True
def verify_ghost_file(ghost_data: bytes) -> Optional[Dict]:
"""
Comprehensively verifies and extracts metadata from .ghost files.
Supports both legacy (0100) and secure (0200) formats.
"""
try:
# Check file format version
if ghost_data.startswith(b"GHOSTPRT0200"):
version = "2.0-SECURE"
header_length = 12
elif ghost_data.startswith(b"GHOSTPRT0100"):
version = "1.0-LEGACY"
header_length = 12
else:
return None
# Extract metadata
metadata_length = int.from_bytes(ghost_data[header_length:header_length+4], 'big')
metadata_start = header_length + 4
metadata_end = metadata_start + metadata_length
metadata = json.loads(ghost_data[metadata_start:metadata_end].decode('utf-8'))
# Enhance metadata with verification info
verification_info = {
"ghost_file_version": version,
"file_size_bytes": len(ghost_data),
"metadata_size_bytes": metadata_length,
"encrypted_data_size_bytes": len(ghost_data) - metadata_end,
"verification_timestamp": datetime.now().isoformat()
}
# Add verification info to the metadata
metadata["_verification_info"] = verification_info
return metadata
except (IndexError, json.JSONDecodeError, KeyError) as e:
return None
def extract_metadata_stamp(data: bytes, file_extension: str) -> Optional[Dict]:
"""
Extracts a metadata stamp from a file using format-aware and non-destructive methods.
"""
# --- Image Formats ---
if file_extension == 'png':
try:
img = Image.open(BytesIO(data))
# Check PNG text chunks
metadata_str = img.info.get("GhostprintFingerprint")
if metadata_str:
return json.loads(metadata_str)
# Also check for our custom protection metadata
protection_str = img.info.get("GhostprintProtection")
if protection_str:
metadata = json.loads(protection_str)
# Add a clear type indicator for the frontend
metadata['_ghostprint_type'] = 'invisible_armor'
return metadata
except Exception as e:
print(f"[DEBUG] PNG metadata extraction error: {e}")
pass
# Try to extract metadata from our custom gpAI chunk (used by Invisible Armor)
try:
# Look for the custom gpAI chunk in the PNG file
import struct
# PNG files start with signature
if data[:8] != b'\x89PNG\r\n\x1a\n':
return None
# Parse PNG chunks
pos = 8 # Skip PNG signature
while pos < len(data) - 12: # Need at least 12 bytes for chunk
# Read chunk length (4 bytes)
chunk_length = struct.unpack('>I', data[pos:pos+4])[0]
pos += 4
# Read chunk type (4 bytes)
chunk_type = data[pos:pos+4]
pos += 4
# Check if this is our custom gpAI chunk
if chunk_type == b'gpAI':
# This chunk contains compressed armored data
# The metadata might be stored separately, so check for text chunks
print("[DEBUG] Found gpAI chunk in PNG - this is an Invisible Armor protected image")
# Return a special metadata indicating this is an armored PNG
return {
"protection_type": "invisible_armor_png",
"has_gpAI_chunk": True,
"chunk_size": chunk_length,
"message": "This PNG contains Invisible Armor protection with embedded AI-confusing data"
}
# Skip chunk data and CRC
pos += chunk_length + 4
# Check for IEND chunk
if chunk_type == b'IEND':
break
except Exception as e:
print(f"[DEBUG] PNG chunk parsing error: {e}")
pass
if file_extension in ['jpg', 'jpeg']:
try:
img = Image.open(BytesIO(data))
exif_data = img.getexif()
metadata_str = exif_data.get(0x9286) # UserComment EXIF tag
if metadata_str:
return json.loads(metadata_str.decode('utf-8'))
except Exception:
return None
# --- Structured Text Formats ---
if file_extension == 'json':
try:
json_data = json.loads(data.decode('utf-8'))
return json_data.get('_ghostprint_fingerprint')
except (json.JSONDecodeError, UnicodeDecodeError):
pass # Fallback to text append
# Check for PNG comment fallback
if file_extension == 'png':
# Check if metadata was appended as comment
try:
comment_marker = b'<!-- GHOSTPRINT_METADATA:'
comment_end = b' -->'
if comment_marker in data:
start = data.rfind(comment_marker) + len(comment_marker)
end = data.rfind(comment_end)
if start < end:
metadata_str = data[start:end].decode('utf-8')
return json.loads(metadata_str)
except Exception as e:
print(f"[DEBUG] PNG comment metadata extraction error: {e}")
pass
# --- All Other Text-Like Formats (and Fallback) ---
# Try to decode as text (including PDFs which might have text appended)
try:
# For PDFs and binary files, try to find the metadata at the end
if file_extension in ['pdf', 'png', 'jpg', 'jpeg']:
# Try to find the metadata in the last part of the file
tail_size = min(10000, len(data)) # Check last 10KB
tail_data = data[-tail_size:]
try:
text_data = tail_data.decode('utf-8', errors='ignore')
except:
text_data = data.decode('utf-8', errors='ignore')
else:
text_data = data.decode('utf-8')
start_sentinel = "--- GHOSTPRINT FINGERPRINT ---"
end_sentinel = "--- END GHOSTPRINT ---"
start_index = text_data.rfind(start_sentinel)
end_index = text_data.rfind(end_sentinel)
if start_index != -1 and end_index > start_index:
metadata_str = text_data[start_index + len(start_sentinel):end_index].strip()
return json.loads(metadata_str)
except Exception as e:
print(f"[DEBUG] Error extracting metadata stamp: {e}")
pass
return None
def create_preview_safe_armor(image_data: bytes, creator: str,
custom_watermark_text: Optional[str] = None,
ai_disclaimer_text: Optional[str] = None,
strength: float = 1.0) -> Tuple[bytes, Dict[str, Any]]:
"""
Creates a special dual-purpose image file:
1. The main image data is completely untouched (perfect for OS previews)
2. Embeds heavily armored data in metadata/alternate streams
3. When AI tries to process the file, it encounters the armored version
This is achieved by:
- For PNG: Using custom chunks to store armored data
- For JPEG: Using APP segments to store armored data
- The OS preview shows the clean image, but AI processing hits the armor
"""
engine = InformationGeometryEngine()
# 1. Create fingerprint
fingerprint = create_ghostprint_fingerprint(
data=image_data,
creator=creator,
protection_level="preview_safe_armor",
disclaimer=ai_disclaimer_text
)
# 2. Create heavily armored version for AI confusion
is_jpeg = image_data.startswith(b'\xff\xd8\xff')
is_png = image_data.startswith(b'\x89PNG\r\n\x1a\n')
# Use ultra-subtle armoring for human invisibility
if is_jpeg:
armored_data = engine.apply_ultra_subtle_armor(image_data)
elif is_png:
armored_data = engine.apply_ultra_subtle_armor(image_data)
else:
armored_data = engine.apply_ultra_subtle_armor(image_data)
# 3. Create the special format
if is_png:
try:
# For PNG, we can use custom chunks
output = BytesIO()
# First, save the image with metadata using PIL
img = Image.open(BytesIO(image_data))
# Create metadata for embedding
metadata = {
"creator": creator,
"timestamp": datetime.now().isoformat(),
"protection_level": "preview_safe_armor",
"protection_type": "dual_data_streams",
"original_hash": hashlib.sha256(image_data).hexdigest(),
"armored_hash": hashlib.sha256(armored_data).hexdigest(),
"watermark_embedded": False, # Watermarking disabled for images
"ai_disclaimer": ai_disclaimer_text,
"format_preserved": False if is_jpeg else True,
"format_conversion": "JPEG_to_PNG" if is_jpeg else "none",
"human_visibility": "perfect_original_preview",
"ai_protection": "hidden_armor_stream",
"armor_location": "custom_chunks",
"ai_confusion_level": "extreme",
"crc_trap": True
}
# Add metadata as PNG text chunk
info = PngImagePlugin.PngInfo()
info.add_text("GhostprintProtection", json.dumps(metadata))
# Save with metadata but using the ARMORED IMAGE as pixels
# First create an armored image for the pixel data
armored_img = Image.open(BytesIO(armored_data))
temp_output = BytesIO()
armored_img.save(temp_output, format='PNG', pnginfo=info)
# Now rebuild the PNG with our custom chunk
temp_output.seek(0)
png_data = temp_output.read()
# Write PNG signature
output.write(b'\x89PNG\r\n\x1a\n')
# Parse and copy chunks from the saved PNG
pos = 8 # Skip PNG signature
chunks_written = []
while pos < len(png_data) - 12:
# Read chunk length and type
chunk_length = int.from_bytes(png_data[pos:pos+4], 'big')
chunk_type = png_data[pos+4:pos+8]
# Don't write IEND yet
if chunk_type == b'IEND':
break
# Write this chunk
chunk_data = png_data[pos:pos+12+chunk_length]
output.write(chunk_data)
chunks_written.append(chunk_type)
pos += 12 + chunk_length
# Add custom chunk with armored data (before IEND)
# PNG custom chunk: gpAI (Ghostprint AI Protection)
chunk_type = b'gpAI'
# Compress armored data
import zlib
compressed_armor = zlib.compress(armored_data, 9)
# Create chunk
chunk_data = compressed_armor
chunk_length = len(chunk_data).to_bytes(4, 'big')
# Calculate CRC
import struct
crc = zlib.crc32(chunk_type + chunk_data) & 0xffffffff
chunk_crc = struct.pack('>I', crc)
# Write custom chunk
output.write(chunk_length)
output.write(chunk_type)
output.write(chunk_data)
output.write(chunk_crc)
# Write IEND chunk
output.write(b'\x00\x00\x00\x00IEND\xaeB`\x82')
protected_data = output.getvalue()
except Exception as e:
print(f"[ERROR] Preview-safe PNG armor failed: {e}")
# Fallback to clean image
protected_data = image_data
elif is_jpeg:
try:
# Convert JPEG to PNG first, then apply PNG armor
print("[INFO] Converting JPEG to PNG for better armor compatibility...")
# Open JPEG image
img = Image.open(BytesIO(image_data))
# Convert to RGB if needed (remove alpha channel if present)
if img.mode not in ('RGB', 'L'):
img = img.convert('RGB')
# Save as PNG
png_output = BytesIO()
img.save(png_output, format='PNG', optimize=True)
png_data = png_output.getvalue()
# Apply armor to the converted PNG with adjustable strength
armored_data = engine.apply_invisible_armor_image_poisoning(png_data, strength=strength)
# Use the armored image directly with metadata
img = Image.open(BytesIO(armored_data))
original_mode = img.mode
info = PngImagePlugin.PngInfo()
# Add standard metadata
info.add_text("Creator", creator)
if custom_watermark_text:
info.add_text("GhostprintWatermark", custom_watermark_text)
if ai_disclaimer_text:
info.add_text("AIDisclaimer", ai_disclaimer_text)
info.add_text("GhostprintProtected", "true")
info.add_text("ProtectionTimestamp", datetime.now().isoformat())
info.add_text("ProtectionStrength", str(strength))
info.add_text("OriginalFormat", "JPEG")
# Save with metadata
temp_output = BytesIO()
img.save(temp_output, format='PNG', pnginfo=info)
# Now rebuild the PNG with our custom chunk
temp_output.seek(0)
png_data_with_metadata = temp_output.read()
# Add custom gpAI chunk with additional metadata
output = BytesIO()
# Write PNG signature
output.write(b'\x89PNG\r\n\x1a\n')
# Find the IEND chunk position
iend_pos = png_data_with_metadata.rfind(b'IEND')
if iend_pos == -1:
iend_pos = len(png_data_with_metadata) - 12
# Write everything before IEND
output.write(png_data_with_metadata[8:iend_pos - 4]) # Skip signature, write up to IEND length
# Add our custom chunk before IEND
chunk_type = b'gpAI'
# FIX: Initialize metadata dictionary before use
metadata = {
"creator": creator,
"timestamp": datetime.now().isoformat(),
"protection_level": "preview_safe_armor",
"protection_type": "dual_data_streams",
"original_hash": hashlib.sha256(image_data).hexdigest(),
"armored_hash": hashlib.sha256(armored_data).hexdigest(),
"watermark_embedded": bool(custom_watermark_text),
"ai_disclaimer": ai_disclaimer_text,
}
metadata_extended = metadata.copy()
metadata_extended['original_format'] = 'JPEG'
metadata_extended['converted_to_png'] = True
import zlib
chunk_data = json.dumps(metadata_extended).encode('utf-8')
compressed_data = zlib.compress(chunk_data)
# Create chunk
# Use metadata instead of armor data for the custom chunk
chunk_data = compressed_data
chunk_length = len(chunk_data).to_bytes(4, 'big')
# Calculate CRC
import struct
crc = zlib.crc32(chunk_type + chunk_data) & 0xffffffff
chunk_crc = struct.pack('>I', crc)
# Write custom chunk
output.write(chunk_length)
output.write(chunk_type)
output.write(chunk_data)
output.write(chunk_crc)
# Write IEND chunk from the original PNG with metadata
output.write(png_data_with_metadata[iend_pos - 4:])
protected_data = output.getvalue()
# Update metadata to indicate conversion
is_jpeg = False # Now it's a PNG
except Exception as e:
print(f"[ERROR] JPEG to PNG armor conversion failed: {e}")
# Fallback to ultra-subtle JPEG protection
protected_data = engine.apply_ultra_subtle_armor(image_data)
else:
# For other formats, just return clean image
protected_data = image_data
# 4. Skip watermarking for images to prevent corruption
# Watermarking is not applied to prevent file corruption
# 5. Create metadata
original_was_jpeg = image_data.startswith(b'\xff\xd8\xff')
metadata = {
"creator": creator,
"timestamp": datetime.now().isoformat(),
"protection_level": "preview_safe_armor",
"protection_type": "dual_data_streams",
"original_hash": hashlib.sha256(image_data).hexdigest(),
"protected_hash": hashlib.sha256(protected_data).hexdigest(),
"armored_hash": hashlib.sha256(armored_data).hexdigest(),
"watermark_embedded": False, # Watermarking disabled for images
"ai_disclaimer": ai_disclaimer_text,
"format_preserved": not original_was_jpeg, # False if JPEG was converted to PNG
"format_conversion": "JPEG_to_PNG" if original_was_jpeg else "none",
"human_visibility": "perfect_original_preview",
"ai_protection": "hidden_armor_stream",
"armor_location": "custom_chunks", # Always custom chunks now
"ai_confusion_level": "extreme",
"crc_trap": True # The CRC error is intentional for AI confusion
}
return protected_data, metadata
def create_dual_layer_protected_image(image_data: bytes, creator: str,
custom_watermark_text: Optional[str] = None,
ai_disclaimer_text: Optional[str] = None,
strength: float = 1.0) -> Tuple[bytes, Dict[str, Any]]:
"""
Applies dual-layer protection with adjustable strength
"""
return create_preview_safe_armor(image_data, creator, custom_watermark_text, ai_disclaimer_text, strength)
def create_artist_image_protection(image_data: bytes, creator: str,
ai_disclaimer_text: Optional[str] = None,
strength: float = 1.0,
focus_parameter: float = 3.5,
frequency_strategy: str = 'auto',
enable_skil: bool = False,
stochastic_alpha: float = 0.85,
stochastic_beta: float = 0.15) -> Tuple[bytes, Dict[str, Any]]:
"""
Streamlined primary entry point for applying Invisible Armor.
It now performs a single, efficient pass that returns both the protected image and its metrics.
SKIL Defense Parameters:
enable_skil: Enable the stochastic SKIL defense layer.
stochastic_alpha: Weight for deterministic armor component (default 0.85)
stochastic_beta: Weight for stochastic mask component (default 0.15)
"""
is_jpeg = image_data.startswith(b'\xff\xd8\xff')
original_image_data = image_data
if is_jpeg:
print("[INFO] Converting JPEG to PNG for optimal armor compatibility.")
img = Image.open(BytesIO(image_data))
if img.mode != 'RGB': img = img.convert('RGB')
png_buffer = BytesIO()
img.save(png_buffer, format='PNG', optimize=True)
image_data = png_buffer.getvalue()
protected_data = None
metrics = {}
try:
import tempfile
with tempfile.NamedTemporaryFile(delete=False, suffix=".png") as temp_input:
temp_input.write(image_data)
temp_input_path = temp_input.name
temp_output_path = temp_input_path + ".armored.png"
armor_gen = ArmorGenerator()
# Create ArmorConfig with SKIL defense parameters
armor_config = ArmorConfig(
enable_stochastic=enable_skil, # Explicitly enable SKIL defense
stochastic_alpha=stochastic_alpha,
stochastic_beta=stochastic_beta
)
# Single, efficient call to the armor engine
metrics = armor_gen.apply_to_image(
image_path=temp_input_path,
out_path=temp_output_path,
cfg=armor_config,
strength=strength,
focus_parameter=focus_parameter,
frequency_strategy=frequency_strategy,
return_metrics=True
) or {}
with open(temp_output_path, "rb") as f:
protected_data = f.read()
os.remove(temp_input_path)
os.remove(temp_output_path)
except Exception as e:
print(f"[ERROR] Core armor application failed: {e}")
# On failure, return the original (converted) image data to prevent data loss
protected_data = image_data
metrics = {"error": str(e)}
# --- Create and Embed Metadata ---
metadata = {
"creator": creator,
"timestamp": datetime.now().isoformat(),
"protection_type": "invisible_armor_v2",
"original_hash": hashlib.sha256(original_image_data).hexdigest(),
"protected_hash": hashlib.sha256(protected_data).hexdigest(),
"ai_disclaimer": ai_disclaimer_text,
"format_conversion": "JPEG_to_PNG" if is_jpeg else "none",
"armor_config": {
"strength": strength, "focus_parameter": focus_parameter,
"frequency_strategy": frequency_strategy, "stealth_mode": True,
"skil_defense_enabled": enable_skil,
"stochastic_alpha": stochastic_alpha, "stochastic_beta": stochastic_beta
},
"performance_metrics": metrics
}
final_image = Image.open(BytesIO(protected_data))
info = PngImagePlugin.PngInfo()
info.add_text("GhostprintProtection", json.dumps(metadata))
output_buffer = BytesIO()
final_image.save(output_buffer, format='PNG', pnginfo=info)
return output_buffer.getvalue(), metadata
__all__ = [
'InformationGeometryEngine', 'GeometricFingerprint', 'LensFunction',
'create_ghostprint_fingerprint', 'apply_integrated_ai_poisoning',
'create_ghost_file_with_ai_poisoning', 'read_ghost_file_with_poisoning',
'analyze_ai_poisoning_effectiveness', 'create_lite_fingerprinted_file',
'verify_ghost_file', 'verify_watermark', 'verify_content_integrity',
'extract_metadata_stamp', 'create_artist_image_protection',
# Re-export key components from the armor module for easy access
"Ring", "ArmorConfig", "PureArmorSpec", "ArmorMeta", "ArmorGenerator",
"apply_delta_autosize", "analyze_image_bands", "analyze_array_bands",
]