Security

Pixelized Passwords Aren’t Safe From Deobfuscation Anymore

By Bill Toulas / December 8, 2020

Pixelization is an established method of visual obfuscation and censorship that has been trusted in media of all kinds for many years. It is a preferred technique because it still conveys a visual message while maintaining someone’s anonymity or hiding sensitive information effectively. This, though, may have come to an end already, as freely available tools on GitHub can now discern what lies behind the mosaic filter and recover the pixels of the original image. Most notably, passwords from pixelized screenshots.

The “Depix” algorithm is based on a block-level matching system that attempts to find matches with high enough confidence against a set of character sequences that have been pixelized. After enough guessing rounds, the tool can output all correct blocks and display the recovered image.

That may not be exactly like the original, but it’ll be enough to help the user discern the text. So, essentially it’s a very capable clue-giver rather than a pure deobfuscator. The level of recovery is demonstrated in the image below:

Source: GitHub

Of course, the user will have to determine a reference font - otherwise, the software cannot guess the pixelized characters. This is not a complicated procedure, but it presupposes the knowledge of the software that was used for the pixelization. Depix can work with any font, but the success of the results may vary depending on the choice.

The tool’s creator has developed it merely to demonstrate the risky practice of pixelating passwords, so it is possible that someone could take the source and spin out a more sophisticated unmasking software through it.

Even at its current state, though, Depix should be enough to convince people not to rely on pixelization when they want to hide sensitive text. Reversing blurring isn’t within the abilities of Depix, but it shouldn’t be considered absolutely safe either. Instead, you should place a black block on top of the text and make its recovery completely impossible.

Remember, this is a free tool on GitHub that can recognize characters in manipulated images. It goes without saying that if one were to deploy AI-powered solutions that possess full knowledge of all pixelation standards out there, they would be able to go beyond just text and into the realm of face features. The takeaway is that pixelation and blurring are obsolete methods, and you shouldn’t rely on them to keep information private.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: