We all remember the βWhat color is this dress?β phenomenon followed by βYanny vs. Laurel.β Now the world has a new puzzle to obsess over, and it will pit Apple users against their longtime rivals.
Hereβs how it works: look at the below image on a PC or Android phone (or any other non-Apple product). Then, view the same image on an Apple device. If you were already using a Mac, iPhone, or iPad, then switch over to a different platform.
Letβs try that again with a different image.
Pretty neat, huh? When viewing the first image on a PC or Android phone, you should have seen the message βHELLO WORLD.β On an Apple device that same image file reads βHELLO APPLE.β (There is a caveat that weβll address in further detail below.)
The second image is even trippier. On a non-Apple device, the image shows an old IBM PC, but switch to an i-device and youβll see an old Mac.
OK, so what the hell is going on here? Let engineer and cryptographer David Buchananβthe mastermind behind this puzzleβdo the explaining:
βI found this while writing my own multi-threaded PNG decoder. While pondering my design, I realised that I had an exploitable implementation bug,β Buchanan wrote in a blog post. βAfter learning that Apple has their own implementation of parallel-decodable PNGs, I realised that theyβd made exactly the same mistake!β
In simplified terms, there are different ways to decode an image. You could do it in a single thread or you could do it in parallel threads broken into blocks (a method used to make programs run faster), as Buchanan attempted. He discovered a bug in his own project, then found that Apple had made the same mistake. He determined that it was possible to render a PNG file where: decompress(a + b) != decompress(a) + decompress(b) (where != means not equal to). That is, that two parts decoded separately then put together didnβt always create the same results as those same two parts decoded together.
βThis could happen if a ends midway through a non-compressed block. It is, therefore, possible for an image to have two possible interpretations, depending on whether a parallel or non-parallel decoder decodes it,β Buchanan continued.
For you skeptics out there, when I showed these images to my brother, a research scientist at The University of Virginia, he hashed the files (converted them into numbers) and confirmed that they are indeed the same, proving that Buchanan isnβt cutting corners by serving you different files based on the browser or OS youβre using.
If youβre having trouble replicating this puzzle, it may have to do with your browser because the trick relies on Apple software, not hardware. After viewing the image on multiple devices and browsers, we learned that Apple products running Safari will always show HELLO APPLE while non-Apple devices using other browsers show HELLO WORLD.
But things do get confusing once you start mixing and matching.
When using non-Safari browsers on Appleβs mobile devices (iPad, iPhone), the HELLO APPLE message appeared. Strangely, using those same browsersβChrome, Opera, Edge, for exampleβon a Mac showed the HELLO WORLD message. While we canβt be certain, this suggests browser apps written for the App Store are using Appleβs PNG rendering image library whereas browsers downloaded as programs on macOS use their own PNG parser.
Whatever the case, if you want to get in on the fun, Buchanan posted a tool called βAmbiguous PNG Packerβ that lets anyone create images that look different when run through Apple software. We should caution, however, that these deviations in parsing image files could be a security concern, and something Buchanan believes βneeds to be approached with care.β
