![How to Use AI as a Productivity Tool with Mike Kaput [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/v2MAICON-Speaker_Series.png)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
![Designing a Robust Modular Hardware-Oriented Application in C++ [closed]](https://i.sstatic.net/f2sQd76t.webp)
_91QLANU.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#){kind=tracking}
_Alexander-Yakimov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Zoonar_GmbH_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![AirPods Pro 3 Not Launching Until 2026 [Pu]](https://www.iclarified.com/images/news/97620/97620/97620-640.jpg)
![Apple Releases First Beta of iOS 18.6 and iPadOS 18.6 to Developers [Download]](https://www.iclarified.com/images/news/97626/97626/97626-640.jpg)
![Apple Seeds watchOS 11.6 Beta to Developers [Download]](https://www.iclarified.com/images/news/97627/97627/97627-640.jpg)
![Apple Seeds tvOS 18.6 Beta to Developers [Download]](https://www.iclarified.com/images/news/97628/97628/97628-640.jpg)
![T-Mobile customers' address, number, and other info allegedly up for sale; company denies claim [UPDATED]](https://m-cdn.phonearena.com/images/article/171306-two/T-Mobile-customers-address-number-and-other-info-allegedly-up-for-sale-company-denies-claim-UPDATED.jpg?#)
Hackers Can Hide Images in Text Data and Embeds Directly into DNS TXT Records
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system. This innovative technique, dubbed “dnsimg,” represents a novel approach to data concealment that leverages the ubiquitous DNS protocol to store visual content in plain sight across […] The post Hackers Can Hide Images in Text Data and Embeds Directly into DNS TXT Records appeared first on Cyber Security News.
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system.
This innovative technique, dubbed “dnsimg,” represents a novel approach to data concealment that leverages the ubiquitous DNS protocol to store visual content in plain sight across the internet’s foundational infrastructure.
Hiding Images in DNS TXT Records
According to the Asher Falcon Report, the core mechanism behind this revolutionary technique centers on converting image files into hexadecimal or Base64 encoded text strings that can be stored within DNS TXT records.
The process begins with extracting the raw binary data from image files using the xxd command-line utility, specifically employing xxd -p output.jpg > output.txt to generate hexadecimal representations of the image data.
While this hexadecimal approach requires approximately twice the storage space compared to Base64 encoding, which only increases file size by 1.33 times, it provides a straightforward implementation for proof-of-concept demonstrations.
The technique addresses the inherent limitations of DNS TXT records by implementing an intelligent data chunking system. Since individual TXT records are constrained to 2048 characters maximum, larger images must be systematically divided into manageable segments.
A sophisticated Python script automates this process, calculating the total number of required chunks using total = int(len(image)/2048)+1 and creating individual DNS records for each segment.
Each chunk is assigned a unique subdomain identifier following the pattern dnsimg-{chunk_number}.{domain}, while an additional dnsimg-count record maintains the total chunk count for reconstruction purposes.
The practical deployment of this image storage technique requires careful consideration of DNS infrastructure limitations and propagation delays.
Cloudflare DNS services, commonly used for testing implementations, automatically subdivides records that exceed their internal limits, necessitating concatenation during the retrieval process.
The implementation demonstrates remarkable resilience through asynchronous data fetching using the dig command, enabling parallel retrieval of multiple chunks to reconstruct the original image efficiently.
The retrieval mechanism employs multithreaded Python scripts that query each chunk simultaneously using dig +short dnsimg-{chunk_number}.{domain} TXT commands.
This approach significantly reduces reconstruction time while providing visual feedback through color-coded progress indicators that display the status of each chunk during the fetching process.
The system demonstrates robust error handling capabilities, accounting for network delays and temporary DNS propagation issues that might cause individual chunks to become temporarily unavailable.
Testing reveals both the potential and constraints of DNS-based image storage. Successful demonstrations include storing and retrieving images across 21 chunks of 2048 characters each, effectively proving the viability of the concept for moderate-resolution images.
The technique successfully reconstructed images after typical DNS propagation delays of approximately 10-15 minutes, though initial attempts often produced corrupted results due to incomplete record availability.
However, significant limitations emerge when attempting to store larger files. Images exceeding 1MB in size encounter hard limits, likely imposed by DNS provider policies or fundamental DNS protocol constraints.
These boundaries suggest that while the technique proves conceptually sound for smaller images or critical data concealment scenarios, it remains impractical for high-resolution media storage.
The innovative approach nonetheless opens intriguing possibilities for steganographic applications and demonstrates the creative potential of repurposing existing internet infrastructure for unconventional data storage methodologies.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
The post Hackers Can Hide Images in Text Data and Embeds Directly into DNS TXT Records appeared first on Cyber Security News.
