Our new SANS research takes you inside the minds & methods of modern adversaries. Get the report ›
We write a lot of reports at Bishop Fox (it’s what happens when you hack all the things). This frequently results in needing to redact certain text. We have a long-standing policy that when you redact text, the only way to do it securely is to use black bars. Sometimes, people like to be clever and try some other redaction techniques like blurring, swirling, or pixelation. But this is a mistake.
Unredacter focuses on one such technique – pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted pixelized text and reverses it back into its unredacted form.
Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing, product security reviews, network penetration testing, and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. GitHub: dan-bishopfox.
Feb 15, 2022
Never, Ever, Ever Use Pixelation for Redacting Text
By Dan Petro
Tool Talks: Unredacter Episode
Sep 08, 2022
Solving the Unredacter Challenge
By Shawn Asmus
Unredacter Challenge: Alejandro's Solution
Unredacter Challenge: Shawn A.'s Solution
Unredacter Challenge: John L.'s Solution