Here’s how it works: look at the below image on a PC or Android phone (or any other non-Apple product). Then, view the same image on an Apple device. If you were already using a Mac, iPhone, or iPad, then switch over to a different platform.
Let’s try that again with a different image.
Pretty neat, huh? When viewing the first image on a PC or Android phone, you should have seen the message “HELLO WORLD.” On an Apple device that same image file reads “HELLO APPLE.” (There is a caveat that we’ll address in further detail below.)
The second image is even trippier. On a non-Apple device, the image shows an old IBM PC, but switch to an i-device and you’ll see an old Mac.
OK, so what the hell is going on here? Let engineer and cryptographer David Buchanan—the mastermind behind this puzzle—do the explaining:
“I found this while writing my own multi-threaded PNG decoder. While pondering my design, I realised that I had an exploitable implementation bug,” Buchanan wrote in a blog post. “After learning that Apple has their own implementation of parallel-decodable PNGs, I realised that they’d made exactly the same mistake!”
In simplified terms, there are different ways to decode an image. You could do it in a single thread or you could do it in parallel threads broken into blocks (a method used to make programs run faster), as Buchanan attempted. He discovered a bug in his own project, then found that Apple had made the same mistake. He determined that it was possible to render a PNG file where: decompress(a + b) != decompress(a) + decompress(b) (where != means not equal to). That is, that two parts decoded separately then put together didn’t always create the same results as those same two parts decoded together.
“This could happen if a ends midway through a non-compressed block. It is, therefore, possible for an image to have two possible interpretations, depending on whether a parallel or non-parallel decoder decodes it,” Buchanan continued.
For you skeptics out there, when I showed these images to my brother, a research scientist at The University of Virginia, he hashed the files (converted them into numbers) and confirmed that they are indeed the same, proving that Buchanan isn’t cutting corners by serving you different files based on the browser or OS you’re using.
If you’re having trouble replicating this puzzle, it may have to do with your browser because the trick relies on Apple software, not hardware. After viewing the image on multiple devices and browsers, we learned that Apple products running Safari will always show HELLO APPLE while non-Apple devices using other browsers show HELLO WORLD.
But things do get confusing once you start mixing and matching.
When using non-Safari browsers on Apple’s mobile devices (iPad, iPhone), the HELLO APPLE message appeared. Strangely, using those same browsers—Chrome, Opera, Edge, for example—on a Mac showed the HELLO WORLD message. While we can’t be certain, this suggests browser apps written for the App Store are using Apple’s PNG rendering image library whereas browsers downloaded as programs on macOS use their own PNG parser.
Whatever the case, if you want to get in on the fun, Buchanan posted a tool called ‘Ambiguous PNG Packer’ that lets anyone create images that look different when run through Apple software. We should caution, however, that these deviations in parsing image files could be a security concern, and something Buchanan believes “needs to be approached with care.”