A tool for embedding hidden text signatures into Funscript JSON files.
The signature is stored by adjusting the parity (odd or even) of each at and pos value via its least significant bit. BCH forward error correction, block interleaving, and redundant embedding are used to improve recovery after common modifications.
javascript/funsigner.js: UMD module for browsers and Node.js
Support Development
FunSigner is open source and free to use. If you find it useful, consider purchasing the pre-built executables to support ongoing development.
funsigner.exe (CLI) and funsigner_gui_v1.0.0.exe (GUI) are ready-to-run Windows tools — no Python environment required. Just download, unzip, and use them directly from any command prompt or integrate them into your workflow.
The text is formatted into a payload packet (MAGIC marker + length + data + checksum), padded and error-correction encoded
What is a magic marker? why is this being turned to a network packet? why is padding or error correction necessary? This is a text file.
The encoded codewords are block-interleaved to spread burst errors
Again, this is not a networking thing
The interleaved bits are written redundantly into both the at and pos arrays (RAID-1 mirroring) by adjusting each value’s parity
There’s so much to pick apart here. First, there’s no need to interleave anything, that would just break the script. Redundant Array of Independant Disks (RAID)-1 doesn’t have parity bits, and that’s completely irrelevant. It’s a text file, not a storage drive.
This is like saying “This is water, not a liquid”
The disconnect in language on how cryptography works makes this a concerning point that makes me distrust this tool.
Another concern is how does the cryptography work? In order to have a signature you need a key pair and this tool doesn’t seem to have a key generation function.
edit: I reviewed the source code a bit. There’s no cryptography here. It just embeds text between elements. This breaks multiple versions of the funscript protocol.
This is not malware. The source code is open source and available for anyone to inspect.
Steganography has been widely used in copyright protection. Unlike traditional visible watermarks, which are easy to detect and remove, steganography embeds copyright information directly into the data, allowing authorship to be verified, traced, and confirmed.
Since Funscript is a JSON format, it isn’t practical to use hidden characters for steganography. Instead, I chose to embed the signature into the two data arrays, at and pos, by modifying the parity of the least significant digit (representing 0 or 1).
The references to “payload packets” and “RAID-1” were intended as analogies. The signature is divided into multiple chunks and embedded redundantly across both the at and pos arrays. Each chunk contains enough information to verify and reconstruct the complete signature. Similar to a RAID array, this redundancy allows the signature to be recovered even if part of the embedded data is damaged or modified.
That said, I have already documented the limitations of this approach. The signature can still be tampered with, so it is not meant to provide cryptographic security. However, it does increase the cost of stealing scripts, because any Funscript could potentially contain the original author’s identity hidden within it.
Simply put, FunSigner’s steganography works by making tiny adjustments to the last digit of the at and pos values so that it is either odd or even, representing a binary 1 or 0. Everything else in the design is there solely to improve robustness.
The terminology in the README is intended as an analogy for the encoding pipeline rather than a literal implementation of networking or RAID. I can see how terms like “payload packet” and “RAID-1 mirroring” are misleading, and I’ll probably rewrite that section to describe the implementation more directly.
As for breaking scripts, the only modification FunSigner makes is changing the parity of the least significant decimal digit of the at and pos values. The goal is to keep the numerical change as small as possible while embedding the signature.
Based on my own testing, the impact on scripts is minimal because changing the parity only requires adding or subtracting 1 from the value. Here’s a comparison of the script before and after signing:
I’ll remove the How It Works section for now, since it has caused some misunderstanding. I’ll rewrite it with more precise wording after giving it some more thought.
I’ve updated the documentation and revised some of the terminology.
The goal of FunSigner is to allow Funscript creators to embed a hidden signature into their scripts using steganography while keeping the script itself virtually unchanged. It is intended to make unauthorized copying less convenient by allowing authorship information to remain embedded in the file.
This approach is certainly not perfect, and I’m not claiming it is. The project is released under the MIT License, so anyone is free to use it commercially, modify it, or audit the source code in detail. Feedback and code reviews are always welcome.
Yea I don’t know about this one, this sets off all sorts of screwy red flags.
All of that barely sensical technobabble that was edit-removed makes for a truly bizarre read. Raid-1 mirroring, payload bits, cryptographics without secrets, etc? Moving on, though.
Maybe I’m misunderstanding the entire purpose of this?
The purpose of ‘signing’ a file is to provide a way to identify its creator and the item the authored, usually intended for legality or DRM-type applications. The signature is supposed to be ‘immutable’, otherwise it serves no purpose.
The signature provided by this program is effectively whiteboard permanent. Anyone can come around and re-modify the script without consequence any time after distribution. Is the author supposed to retain a permanent data-bank of all of the signatures they created for future reference? What is the use case for this software? How is this supposed to help a script author?
Thanks for the feedback. I agree that the wording in the original README was unnecessarily confusing. I’ve already rewritten that section to describe the implementation more directly, and I apologize for the misleading terminology.
The project is completely open source under the MIT License. Anyone is free to inspect, modify, or reuse the code. If someone doesn’t want to read the implementation line by line, modern code analysis tools such as Codex can also review the source and explain exactly what it does.
The purpose of FunSigner is much simpler than a cryptographic digital signature. It hides a short piece of text—such as the author’s name—inside the at and pos values of a Funscript by making very small numerical adjustments. The goal is for the script to remain visually and functionally almost indistinguishable from the original while still carrying embedded authorship information.
I don’t expect this to provide immutable proof of authorship or DRM. As documented in the README, the embedded text can be overwritten or intentionally removed. The goal is simply to make casual copying less convenient by allowing authors to leave an unobtrusive mark inside their work.
To me, it’s similar in spirit to how some musicians hide images or logos in an audio spectrogram. It isn’t meant to be a security mechanism; it’s a way to embed authorship information directly into the content itself.
English isn’t my native language, so I do use AI to help polish my writing. If some of my wording sounds unnatural or overly formal, I apologize.
The ideas, implementation, and code are my own. Everything is open source, so anyone is welcome to inspect or audit it rather than taking my explanations at face value.
I’ve released several open-source projects for this community in the past. My goal has always been to explore new ways to use these devices and contribute something back to the community. FunSigner is another experiment in that spirit. It may not be the best solution, and I’m happy to receive technical criticism or suggestions for improving it.
The purpose of FunSigner is much simpler than a cryptographic digital signature. It hides a short piece of text—such as the author’s name—inside the at and pos values of a Funscript by making very small numerical adjustments. The goal is for the script to remain visually and functionally almost indistinguishable from the original while still carrying embedded authorship information.
Some funscripts already have a metadata tag for authorship. I know all mine do. AND those metadata tags don’t effect the script at all.
bruh… whyyyy do all his answers read just like direct claude copypasta. I’m beginning to get so tired of seeing this shit around here.
I love that the AI hallucinated that it was doing all sorts of sophisticated network cryptography when all it does is round position data to even or odd numbers lmao. I know the post says the software is designed to tolerate “Small changes to numeric values” but some part of me wonders if going into a script and moving all the values up or down 1 would totally break the encryption … much less tweaking any part of the script at all.
If the point of the software is to make it so there is an ID system, then that system already exists. If it is to make that ID system harder to remove then I’ll just say breaking this encryption is probably just as easy as removing a single tag from a script. Maybe it’s use is that it makes it harder to detect?
That’s basically the idea. I fully understand the limitations of this approach. It’s not cryptography, DRM, or an immutable proof of authorship. Existing metadata fields are still the primary way to identify an author. My goal was simply to provide a second, less obvious place to embed the author’s name, so if the visible metadata is stripped, some authorship information may still remain. It’s only a small layer of protection, not a replacement for metadata.
And yes, I use AI to assist with development. It helps with coding and documentation, but I’m responsible for the design, code review, testing, and the final implementation.
yeah it seems it’s for makers worried about having their scripts re-released by others without proper attribution. i’m not sure what other situation would drive someone to do this.
im sure someone will love this tool but 90% of scripters probably don’t even think about this
I use AI to assist with development. It helps with coding and documentation, but I’m responsible for the design, code review, testing, and the final implementation.
These are not the same statements.
I think the idea is not a bad one. I’m imagining if one of the AI Script Generator developers wanted to be exceedingly ethical they could have their bot do a pass of something like this after they generate a script, with a single set key (so BlowJobBot123 has key = 123). Then they could give that key to hosting sites. Those sites could scan the funscript files with the given key and viola, if a script is AI generated from BlowJobBot123 it can be detected with 100% accuracy.
Eroscript could even pre-make a little code package that they send to AI generator devs to include at the end of their programs so every AI generator has the same key. That way devs don’t have to do a ton of implementation and Eroscript doesn’t need to store dozens of keys.
