Tools Used For AI Masking

After my previous post on AI masking, some of you asked for a more detailed breakdown of the tools I used. Today, I'll walk you through the process step-by-step to showcase how it all works. Before we dive in, though, I want to make it clear that this tutorial is for educational purposes only. The techniques I’ll cover should not be used for illegal or immoral reasons, such as identity theft or unauthorized surveillance. The ethical use of AI tools is essential in maintaining a responsible and respectful technological ecosystem.

What Tools Did I Use?

For this demo, I used a platform called Pinokio, a fantastic hub that works like the Google Play Store, but for AI apps. It's compatible with Windows, Mac, and Linux, making it versatile and easy to install on most machines.

One of the big downsides to AI has often been that it can be a pain to setup all the dependant tools and enviornments in order to get it to work. The reason I use Pinokio is that it takes care of all that for you.

Basically, Pinokio is the App used to access the app store, so go download pinokio then wander through all the apps you can install with it. Once Pinokio is set up, you can explore the "Discover" tab to find a wide range of AI tools for various tasks.

To achieve face masking in the demo, I used a specific tool from Pinokio’s catalog called FaceFusion. This tool is particularly effective for blending facial features and can be used for anonymization, digital avatars, and creative art projects. Now, let me show you how to install and use it.

Step-by-Step Guide to AI Masking

1. Installing Pinokio
   First, head to the Pinokio website and download the installer that matches your operating system. The install process is straight forward for each platform, but if you ever run into any issues, there is a discord channel for questions and issues

2. Exploring the Discover Tab
   After launching Pinokio, navigate to the "Discover" tab, where you can browse through hundreds of AI tools. For this demo, search for FaceFusion in the search bar, or browse the categories if you’re curious about other AI tools.

3. Installing FaceFusion

   

   
   When you find FaceFusion, click the “Install” button. Pinokio will automatically download and set up the tool for you. Once it’s installed, you’ll see FaceFusion listed in your “Installed Tools” section.

Using FaceFusion for Face Masking With FaceFusion ready to go, follow these simple steps to mask a face:

1. Click on the FaceFusion app after installing it in Pinokio

2. click on launch default in the left tab, let it finish creating a local instance before moving forward (very important)

3. click Open Session in the left tab. At this point you should see a menu that looks like this

   

4. The top “source” tab is for your source image, is the face you want to put into a video or image. The “Target” tab is the image you want the source image to go into

5. Once you have the target and source image / video selected an estimate will pop up in the upper right (preview), if everything looks ok, click the start button to begin masking.

A few notes to help you out

• If your target image has multiple faces, you can select the face you want to adjust from the right selection

• If you ever get an error when trying to start the program, restart your computer, not sure why but there is an error message that states something along the lines of “there is no path / folder of …..” I have normally solved this error by restarting the computer

• Never leave the program running when you close out of your computer, as this often causes the above error to occur

• If the face you are swapping looks grainy and low quality, on the upper left there is a “face enhancer” button that will attempt to increase the quality of the image

• In the lower left, select the quality of output for your image, the default is 80%, higher quality will take longer but its usually worth it

Full Impersonation for Pentesting: Beyond Face Masking

If you're taking face masking a step further and attempting a full impersonation for a pentest, there are additional tools you’ll need to complete the disguise. Again, it’s important to emphasize that this is for ethical purposes only, such as security testing or approved penetration tests. Full impersonation in an unauthorized setting can lead to severe legal consequences.

To achieve a convincing impersonation during a pentest, you’ll need more than just a masked face. Voice cloning and lip-syncing are crucial elements to pull off a comprehensive identity replication.

Voice Cloning: Applio

For voice cloning, I recommend using a tool like Applio. Applio allows you to clone a person's voice by feeding it sample audio. It’s fairly intuitive—once you upload a voice sample, the AI analyzes the vocal patterns, intonations, and accents, and creates a synthetic replica of that voice. This can be incredibly useful for scenarios where you're trying to mimic someone’s identity during a pentest or simulate how easily a target could be impersonated.

Here’s how to get started with Applio:

1. Install Applio via Pinokio

2. Record or obtain a few minutes of clear audio from the individual whose voice you need to clone.

3. Upload the audio into Applio, and it will generate a digital clone of the voice.

4. You can then input text, and Applio will convert it into speech, spoken in the cloned voice.

For those who want a longer step by step, this video is pretty helpful

It’s an excellent tool, but be sure to obtain consent and use it strictly for ethical and professional purposes, like a pentest.

One thing to note about voice cloning apps, Applio included, is that they really eat up your memory space … so come prepare with a lot of it

Lip Sync Apps: Multiple Options

Once you’ve got the voice cloning in place, the next piece of the puzzle is ensuring the lip movements match the audio, especially if you're working with a video or a live feed. There are many lip sync apps available, and most of them perform similarly in syncing the mouth movements of a digital avatar or video footage with your cloned voice. I have tried a few lip syncing apps in Pinokio and honestly they all seem to work about the same, so if you want to try one, go to the discover tab and type in “lip” and pick your favorite to try out.

These apps allow for realistic mouth movements, making your pentest impersonation more convincing and aligned with your voice cloning efforts.

By combining FaceFusion, Applio, and a reliable lip sync app, you’ll have a full impersonation toolkit ready for any pentesting situation that requires mimicking someone's identity. Again, always ensure you have the proper legal and ethical clearance before conducting any such activities!

Trying AI Tools Without Pinokio: Hugging Face as a Free Alternative

If you're unable or prefer not to run Pinokio on your local machine, you can still experiment with a wide range of AI tools by visiting Hugging Face. Hugging Face offers many powerful AI applications, accessible directly through your browser, without the need to install or run anything locally. This platform is a fantastic resource for those who don’t have access to high-performance hardware but still want to explore what AI can do.

If you want to explore all of the free AI offered, simply go to the “spaces” tab which you can directly goto by this link and then simply searching for whatever AI you are interested in.

Benefits of Using Hugging Face

• Completely Free: Unlike Pinokio, where some tools may require a subscription or license, Hugging Face allows you to access many AI tools at no cost.

• No Local Resource Requirements: Since the tools run on Hugging Face’s servers, there’s no need for a powerful GPU or beefy workstation. You can run AI tasks even on a basic laptop or mobile device without performance issues.

Downsides to Consider

• Privacy Concerns: Because Hugging Face runs everything remotely, any data or tasks you process are done on their servers, meaning none of it is local. This could raise privacy concerns if you're working with sensitive information, as everything you do is technically visible on their platform.

• Long Wait Times: Hugging Face is a public platform used by many, so there's often a queue for processing AI tasks. A job that would take five minutes locally on your own machine with a GPU could take up to an hour or more on Hugging Face, depending on demand.

While Hugging Face is a fantastic and accessible option, especially for those who are just experimenting or don’t want to deal with setting up complex environments, be aware of the trade-offs in terms of privacy and speed. If you need quicker results or have sensitive data, running AI tools locally through Pinokio or similar platforms might still be the better choice.

Wrapping Up

I highly recommend playing with pinokio whether you are an offensive security person or anyone really. AI is becoming more important to know and use in our daily lives and this is a plug and play platform that allows you to try out new tools locally at will, just remember your laptops limitations.

Stay curious, stay ethical, and enjoy exploring the world of AI!