#!/usr/bin/env bash
set -euo pipefail

if [ $# -lt 1 ]; then
    echo "Usage: $0 hidden_file.png"
    exit 1
fi

PNG="$1"
OFFSET=0
MAGIC="MAGICHID"

while true; do
    POS=$(grep -aob "$MAGIC" "$PNG" | head -n1 | cut -d: -f1 || true)
    if [ -z "$POS" ]; then
        echo "No more hidden files found."
        break
    fi

    OFFSET=$((POS + ${#MAGIC}))

    # read filename length (4 bytes)
    FNAME_LEN=$(dd if="$PNG" bs=1 skip="$OFFSET" count=4 2>/dev/null)
    FNAME_LEN_NUM=$((10#$FNAME_LEN))
    OFFSET=$((OFFSET + 4))

    # read filename
    FNAME=$(dd if="$PNG" bs=1 skip="$OFFSET" count="$FNAME_LEN_NUM" 2>/dev/null)
    OFFSET=$((OFFSET + FNAME_LEN_NUM))

    # read data length (10 bytes)
    DATA_LEN=$(dd if="$PNG" bs=1 skip="$OFFSET" count=10 2>/dev/null)
    DATA_LEN_NUM=$((10#$DATA_LEN))
    OFFSET=$((OFFSET + 10))

    # extract encrypted content
    dd if="$PNG" bs=1 skip="$OFFSET" count="$DATA_LEN_NUM" of="$FNAME.enc" 2>/dev/null

    # decrypt
    openssl enc -d -aes-256-cbc -pbkdf2 -in "$FNAME.enc" -out "$FNAME"
    rm "$FNAME.enc"

    echo "Extracted and decrypted $FNAME"

    # move offset past this block for next search
    OFFSET=$((OFFSET + DATA_LEN_NUM))
    tail -c +"$OFFSET" "$PNG" > tmpfile && mv tmpfile "$PNG"
done