fickling
Stable-Diffusion-Pickle-Scanner-GUI
Our great sponsors
fickling | Stable-Diffusion-Pickle-Scanner-GUI | |
---|---|---|
7 | 21 | |
327 | 208 | |
22.3% | - | |
8.4 | 0.0 | |
2 days ago | over 1 year ago | |
Python | Python | |
GNU Lesser General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fickling
- Fickling – A Python pickling decompiler and static analyzer
- ⚠️WARNING⚠️ never open a .ckpt file without knowing exactly what's inside (especially SDXL)
-
Facebook LLAMA is being openly distributed via torrents
You're right! You should probably use Trail of Bits Fickling tool to investigate. https://github.com/trailofbits/fickling
-
Safety of downloading random checkpoints
I tested the Anything V3 pruned from Hugging Face, and indeed nothing funny in its pickle. I used the Fickling library to decompile it. I do not use Windows so my interests in .ckpt security are largely related to Pickle exploits— which could extract malicious code from a data file and then do something with it, but the data files themselves are not executed. I will edit this comment with lines referencing that data file.
-
Draw Things, Stable Diffusion in your pocket, 100% offline and free
I've been using Diffusion Bee on my Mac, and it's just gained the ability to import models (which it converts), but it is unpickling to do so— but barely. It unpickles, figures out what sort of data is in every data file and then computes what it wants from them on its own. I would love it to not use unpickling at all, so my intention is if I can figure it out, to write a script to decode the pickle file (with Fickling or otherwise) and then just do the weight calculation/assignment.
- Novel AI models allegedly leaked.
-
Never a dill moment: Exploiting machine learning pickle files
Something you won't gather from skim-reading the headline is that this is that the author has also created a tool, Fickling: https://github.com/trailofbits/fickling - to aid in playing around with pickle files.
From the article: [Fickling] can help you reverse engineer, test, and even create malicious pickle files.
Stable-Diffusion-Pickle-Scanner-GUI
- ⚠️WARNING⚠️ never open a .ckpt file without knowing exactly what's inside (especially SDXL)
- Textual Inversion / .pt file are those secure to use? or how to use it safely
-
Stable Diffusion on Virtual Machine to avoid Pickles
Pickle scanner: https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI
- Stable Diffusion modellerindeki gizli tehlike
-
Anyone know an online ckpt to safetensor converter?
Did you do a pickle scan on it already? You can find Distys pickle scanner here. If it's clean, then you could load it into Auto1111 and just do a checkpoint merge of that model at "0" (Meaning 100%) and save it as safetensor.
- How do I scan the models?
-
Any way to merge a checkpoint with a vae
Safetensor is a new file format for models. Checkpoints create a security risk, since they are Python code encapsulated in binary form, so a malicious actor could put whatever code they wanted in one of those, and which is why it's recommended that you only use .ckpt models from reputable sources or use a checker like this https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI to make sure they are "clean."
-
Safe & Stable - Ckpt2Safetensors Conversion Tool-GUI v0.1.0: New Update, Now with the Ability to Convert Back to ckpt.
If you are concerned about malware being embedded in .ckpt files, you can use an online tool to scan the models, or my Stable-Diffusion-Pickle-Scanner-GUI tool to scan your models before converting them.
-
Safe & Stable: Conversion Tool for Safer Stable Diffusion Models Distribution
I also recently updated my Stable Diffusion Pickle Scanner GUI, which you can find here: https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI Let me know what you think and if you have any suggestions for improvement!
-
Save yourself some space with Stable Diffusion Checkpoint Prunage Tool.
There is also an update for Stable-Diffusion-Pickle-Scanner-GUI https://github.com/diStyApps/Stable-Diffusion-Pickle-Scanner-GUI
What are some alternatives?
swift-diffusion
safetensors - Simple, safe way to store and distribute tensors
diffusionbee-stable-diffusion-ui - Diffusion Bee
Safe-and-Stable-Ckpt2Safetensors-Conversion-Tool-GUI - Convert your Stable Diffusion checkpoints quickly and easily.
safer_unpickle
picklescan - Security scanner detecting Python Pickle files performing suspicious actions
sd-webui-model-converter - model convert extension for stable-diffusion-webui. supports convert fp16/bf16 no-ema/ema-only safetensors
spaCy - 💫 Industrial-strength Natural Language Processing (NLP) in Python
Stable-Diffusion-Checkpoint-Prunage-Tool-GUI - Save yourself some disk space by pruning checkpoints
stable-diffusion-webui-docker - Easy Docker setup for Stable Diffusion with user-friendly UI
YourVision - AI-powered image editor
stable-diffusion-docker - Run the official Stable Diffusion releases in a Docker container with txt2img, img2img, depth2img, pix2pix, upscale4x, and inpaint.