in this prevention/tutorial video, I will explain what is a pickle and what is unpickling, how to be safe when downloading these models, and also I will show you how to download and install 2 security pickle scanners so that you can scan every model you download in search for malicious codes. Be safe people!
Hello humans my name is getting your air Overload and today is going to be a very Serious video so no laughs or Giggles Allowed I mean it if I see some LOLs or Some lmfaos in the comments I will get Very angry so uh why so serious what is This video All About so you see recently There’s been a pretty cool Trend since The implementation of the dreambooth Extension in automatic level 11 11 Repository in the sense that pretty much Every single day we now get a bunch load Of custom stable diffusion models Trained by the community using Dreambooth especially one in particular That I will also make a video about and That’s really super cool and all but um The thing is is that these models are Not inherently safe believe it or not That these models could actually contain Malicious codes in them that when Loading in the stable diffusion could Run and install viruses on your computer So in this prevention type slash Tutorial video I will first explain the Terms pickle and unpickling and what it Means for the safety of stable diffusion Models I’ll then show you the best Practices to use to avoid getting Yourself hacked and then I will show you How to install two security pickle Scanners that will analyze any stable Diffusion models to check for malicious Codes so that you and your data can be
Safe so are you ready to rumble then Let’s go so before we begin let’s Actually Define what is a pickle so a Pickle is simply a cucumber that has Been soaking brine mixed with spices and As the Cucumber sucks up the mixture it Also changes oh okay okay okay okay I’m Sorry I’m sorry okay sorry now okay Let’s be serious for a second here so to Make it simple a pickle is a python Module that allows you to convert a Python object into a format called a Byte stream that can be saved to your Disk or transmitted over a network and When you convert the byte stream back Into an object this is called unpickling So basically to make it even more Simpler pickling is thinking something Big and complex and converting it into Something small and simple and Unpickling is doing the opposite taking Something small and simple into Something big and complex and this is The process that is used with the stable Diffusion models and this is also where There is a little problem because a Pickled file can be injected with Malicious code and when the file is Loaded in stable diffusion and unpickled That code will be executed in the Background now I’m not gonna go into the Full explanation of how this is even Possible with the whole tensorflow Remote code execution because this is
Really super super complex and you don’t Need to know about that unless you are a Super knowledgeable programmer so tldr Or more like tldw I suppose when when You lower the stable diffusion model That you download it from only God knows Where website there is a chance that This model could actually contain a Virus that will install on your computer Yeah pretty scary I know so then what Can you do to avoid getting yourself Hacked well first make sure that you Trust where that file is coming from if This is coming from some weird Shady Sketchy websites well the losing a model From that website is probably not the Best decision that you made today so Instead try to download from trusted Websites like huggingface.com since they Have currently in place a security Scanner that scans every file pushed to The hub and runs Security checks they Basically run two Security checks and Anti-virus scan using the open source Clam AV software and also pigno import Scans which extracts the list of import Referenced in a pickle file this way you Know that if any import looks suspicious It will be highlighted in red but as They say themselves this is not 100 Secure you are still the ones who are Responsible for downloading the models Onto your computer so well you take the Risk with you so as you can see here as
An example here is a simple ckpt file on The hugging face.com website and right Next to the file you see here a little Button that when you click on it tells You what kind of pickle Imports it has Detected and as you can see here there Is absolutely nothing to report and if You check on this file right here as you Can see it has detected a certain pickle Imports that was highlighted in Orange Which could be considered as suspicious But don’t worry because this one is Actually completely fine so now then What is another layer of security that You can use so let’s say that you have Downloaded a model and you are really Really scared scared to use it on your Own computer well for this you can Either try to use this model on a Google Collab doc or on a GPU ranking site like Rampart.io this way you’re not using Your local stable diffusion installation To load the model and put your computer To the risk of running malicious codes So for this I’m simply going to show you How you can use this on a Google column Doc make sure that you have your model Uploaded to your Google Drive account I Highly recommend just putting it at the Root of your Google Drive account so Right here then you’re gonna right click Click on get Link in here under General Access you’re going to change from Restricted to anyone with the link and
Then you’re gonna click on this button Right here to copy the link then you’re Gonna go on your Google collab doc I’m Using the last Bend fast stable Diffusion one the link for it will be in The description down below you’re gonna Start by clicking on this button right Here to run the cell click run anyway Click connect to Google Drive select Your Google Drive account and click on Allow then once this is done you’re Gonna click on the second button right Here and wait until on the automatic 1111 repository is installed then once This is done you’re gonna scroll down And here link to Trend models you’re Gonna paste the link that we copied from Our Google Drive account and then click On this button right here to run the Cell and as you can see it is now Downloading the model from all Google Drive account then once this is done You’re gonna click on this button right Here to install the requirements and Then click on this button here to start Stable diffusion and then you can click On this URL right here to start using Stable diffusion with your dangerous Model but you could even say that that Is not 100 secure either since you need To link your Google Drive account to Download the generated images so there Might still be a code inside that could Potentially take out some of your Google
Drive data or install something else now This is very unlikely of course but Again you never know better be saved and Sorry so the other solution is a little Bit more secure that Google collab is to Use a GPU renting site like runpod.io This way since you are not linking your Google account with rompod and you’re Just downloaded the model onto your pod There is basically no risk for your Machine or your Google account to be Infected now to do this all you have to Do is just choose a GPU so in my case I Was simply using this one the RTX a5000 Click on select for the template you’re Gonna choose runpoint stable diffusion And then click on continue then click on Deploy on demand then you’re gonna click On my pods click on this Arrow right Here on this three buttons right here And click on edit job and make sure that For volume out path it’s written slash Workspace then click connect start web Terminal connect to web terminal and Here you’re gonna type git pull and Press enter and this will automatically Update stable diffusion then you can go Back click on stop web terminal and then Click on connect to Jupiter lab so once You are on this page you’re gonna double Click on stable diffusion web UI folder Models stable diffusion and then you’re Going to click on this button right here Then in a notepad document you’re gonna
Paste your Google Drive Link and this Command that you will find description Down below for the Google Drive Link You’re gonna select this ID right here Ctrl C to copy it you’re gonna paste it Right here just after the ID equals then You’re going to select this entire Command Ctrl C and paste it in this cell And then you’re going to click on this Button right here to run the cell and What this will do is that this will Download your model from your Google Drive account and put it in this folder Right here and as you can see now this Is done all you have to do now is simply Click on file and click on shutdown and Then you’re gonna click on this button Right here click on reset pod and then You’re gonna reset your pod and finally To use stable diffusion you’re going to Click on connect and connect via HTTP And then in the stable diffusion Checkpoint you’re gonna select your Model and now you are ready to use it so If you’re really really not sure about a Certain model I would highly suggest Using it on the service link rompod First and generate a few images but the Problem is again is that you could still Have a model that works perfectly that Is still somehow able to install a virus On your computer and that is why you Also need another layer of protection in This layer of protection is by
Installing and using a security pickle Scanner now when the Pico scanner will Do is that as its name implies it will Scan pickled files and try to detect if Some python Pico files are performing Suspicious actions and you can use this Scanner before or after the logic the Model on your computer now if you want To use it before the login model this Scanner can only be performed on the Huggingface.com website so if you want To scan a file from another website you Need to download it first on your Computer and then run the scan now I Will show you how you can download and Install two different Pico scanners but No worries this is actually super super Easy and I will also provide you with a Bad file that you can use to run it with A simple click now I think the symbol Diffusion already has a layer for Protection for picked files but you Really need to download these scanners Anyway because they work best by Themselves now the first Pico scanner is Called stable diffusion Pico scanner and To be able to use this this is actually Super easy you’re going to click on this Button right here and click on download Zip then once you’ve downloaded The Arc Archive you’re gonna right click and Then you’re gonna extract the files then Inside that folders you’re gonna select Pickle inspector.py and pickle scan.py
Ctrl X to cut it go into your super Stable diffusion 2.0 folder stable Diffusion web UI and then you’re gonna Paste these files right here then you’re Gonna click the link in the description Down below you’re gonna arrive on this Page and then you’re gonna click on this Button right here to download the bad File then you’re gonna select the file Ctrl X to cut it go into your simple Stable diffusion 2.0 stable diffusion Web UI you’re gonna paste that file Right here and it should appear just Above the pickle inspector py file now To be able to use this for you you need To First launch stable diffusion and You’re gonna select this part of the Line right here just after VNV Ctrl C to Copy it then you’re gonna right click on Pickle inspector1.bot file exit with Notepad then you’re gonna replace this Part of the line with your own address Now obviously for me it is already done But for you it will be a completely Different folder URL and then you you Can save the file and then once this is Done all you have to do is just double Click on this bad file right here and After a few seconds you will see a brand New text file appear called scan Underscore output and if you double Click on it you will see a bunch of Lines with a scan passed right below Them and what this means is that
Basically every single models that are Present in the models folder will be Analyzed with the Pico inspector and Will then tell you if they pass the Pickle scan and in my case as you can See every single model passed the scan With flying colors so to be able to use This pickle inspector option make sure That your models are indeed in the Model’s stable diffusion folder now the Second pickle scanner that I’m going to Show you is called python pickle malware Scanner it was really great with this One is that you can actually scan files From the hugging phase.com website Before even downloading them on your own Computer which is really super practical And to install this this is actually Even easier because all you have to do Is just come here on your folder URL Type CMD press enter and then you’re Gonna paste this command land and you Will find the description down below Clip install pickle scan and then press Enter and then after it is done Installing you’re gonna copy and paste This command line and you’ll find in Description down below pickle scan dash Dash hanging face then you’re gonna go On hugging face.com website and choose a Stable diffusion model that you want to Scan let’s say I want to scan this model Right here disco Elysium by nitrosock All I have to do is just click on this
Button right here to copy the model name To clipboard then go back to the common Prompt press space after hugging face And control V to paste the address and Then press enter now it will take Between a few seconds in a few minutes To scan the models and then it will tell You if they pass the test or not and as You can see after a few minutes we have The final results and it says right here That there is absolutely no infected Files in that whole repository now how Does it look like if there is an Infected file well if I take this Example right here press enter you will See that now it says that there is an Infected files in that address now don’t Worry this is actually not a real virus This is actually something that was Created to prove that there is a way to Insert malicious codes into a model and As you can see right here this scanner Actually found this malicious code so it Is working pretty well now if you want To use fecal scan to scan the models in Your stable diffusion folder again you Can use this bad file that I created Just for you so you can click the Description down below you can arrive on This page just like the previous bat File you’re going to click on this Button right here to download it and Just like the other vat file you’re Gonna select it Ctrl X to connect go to
Your super stable diffuser 2.0 folder Stable diffusion web UI you’re gonna Paste it right here and then all you Have to do is just click on pickle Scanmodel.bat and as you can see it will Automatically scan every single files And tell you how many are infected or Not which again is super super useful Well now then after all of that are you Finally 100 safe and secure for any Malicious codes that could be present Inside the models folder well the answer Is unfortunately no at least not as of Right now we might get in the near Future a better scanner that could Easily identify and stop any malicious Codes to harm our computer but as of Right now this is not the case but don’t Worry with all these layers of Protection you should be able to Download stable diffusion models made by The amazing people of this community Without any risk and as of right now There hasn’t been a single case of Someone getting hacked but again better Be safe than sorry and there we have it Folks now you should have all the tools That you need to find those pesky Malwares thank you so much to my patrons Supporters for supporting my videos you Guys are absolutely awesome awesome Thank you so much for watching don’t Forget to subscribe and smash the like Button for the YouTube algorithm and
I’ll see you guys next time bye bye