Hiding Secrets With Steganography On FreeBSD

BSD Forums writes "Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? OnLamp's Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities on FreeBSD."

GOATSE LINK MOD PARENT DOWN

[Anonymous Coward]

fuck you.

Re:Example:

[herrvinny]

Don't click on it! It's an animated GIF... and the second pic has serious problems...

Re:Is this limited to FreeBSD only?

[akaina]

There used to be a program called Steganosis in the win95 days. I'm sure there's a modern equivalent, if not an updated version.

Not so good..

[tr0llx0r]

Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are

• jsteg,
• jphide (unix and windows),
• invisible secrets,
• outguess 01.3b,
• F5 (header analysis),
• appendX and camouflage.

Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.

Re:Steg is fairly useful, but it is crackable

[Anonymous Coward]

MIT proved that stenographic files can be detected nearly 100%

then you have to crack them

Re:Is this limited to FreeBSD only?

[mlk]

Win, Linux [sourceforge.net]

Re:Is this limited to FreeBSD only?

[SkyMunky]

also check out http://camouflage.unfiction.com

Re:I wonder . . .

[The Darkness]

What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?

Of course.

These utilities usually use bits that will not make a change apparent to a human observing the data with our normal senses (ie. the last bit in each color field) so obviously doing anything to change the bit pattern will destroy the message.

Re:Is this limited to FreeBSD only?

[criquet]

I just compiled the source on Linux and it appears to work just fine.

Re:Is this limited to FreeBSD only?

[Enigma Deadsouls]

JPHS [linux01.gwdg.de] for Linux and Windows.

MOre stuff on Peter Wayner's website

[Anonymous Coward]

YOu might want to check out Peter Wayner's website [wayner.org] for his book, Disappearing Cryptography . There are several applets that let you hide information in a list of disco songs or even in the order of letters in a word.

pfah.

[pb]

Hiding secrets with steganography on Windows, Red Hat, SuSE, and... oh yeah, FreeBSD [sourceforge.net]...

Here's a link to a whole steg. file system:

[Courageous]

Any discussion of steganography is incomplete without this:

http://www.mcdonald.org.uk/StegFS/

Better compression = more difficult to hide...

[Kjella]

...ironically, the better algorithms we get for compressing stuff, the more difficult it is to hide something. It gets really obvious if you start sending around BMPs or WAVs.

Steganography detection is doing rather well - it simply realizes when the compression is "wrong", that is, if it would have been compressed better if there wasn't hidden info in the image.

By the way, for legal purposes it might be just as efficient to use something like Bestcrypt's hidden container - it's a very smart, yet "dumb" form of steganography. You create an encrypted container, which has a key. Then you create a hidden container inside the encrypted container, with a different key. There's no way to detect the presence of a hidden container - it looks like random data in a container full of random data.

If required by law to provide a key, provide the key to the outer container. When asked about a hidden container, go "What hidden container?" Even if it is very likely that there is one, there's no proof of that. Even the wackiest RIP bill doesn't require you to provide decryption keys to things that doesn't provably exist.

Kjella

Re:Good stuff, but...

[lysander]

a) you can always strip these headers.
b) you don't have to output to ascii armor. (although I'm certain that the resulting files still have a recognizable, openpgp compliant structure.)

Re:Is this limited to FreeBSD only?

[orthogonal]

John Walker's eclectic site, fourmilab.org (fourmilab.ch) has a JavaScript (ECMAScript) stenography app [fourmilab.ch].

He also offers a public domain stenography app in portable C [fourmilab.ch].

Those looking for really random numbers, of course, will know about his HotBits [fourmilab.ch].

Re:How?

[Anonymous Coward]

You're taking (what looks like) random noise and hiding it in the least significant bits. The least significant bits are not normally random noise.
You ask:

"What distinguishes the [pseudo]randomly-distributed [psuedo]random-bits of the encrypted message from the background noise of the image?"

The thing that distinguishes them is the fact that the background noise in a file rarely resembles random noise. This depends greatly on the file format, but is arguably true in all cases. In your example, a simple entropy check should be sufficient to determine that all is not as it should be. Even with a small message, even the most basic steg detection tool will find this when comparing against statistics gathered when analyzing similar files. The trick with effective steg isn't with emulating randomness, it's making the message look as close as possible to the data that SHOULD be in the file. That's much much harder than simply emulating randomness. For a much better (more detailed) discussion of this topic, check the home page for Outguess and the links from that site.

Done properly...

[wirelessbuzzers]

... the real advantage is that if done properly, nobody can even prove you sent a message.

While this is true, in fact it is the definition of good steganography, I'm not aware of any steg that actually achieves this. For a while, there were no public methods that break Outguess, but that was broken over a year ago, and I don't think there are any stego schemes still standing. The problem is that the last bit of your WAV file or GIF isn't very random in a real picture, not nearly as random as you might guess. This makes it quite difficult to make a scheme which hides there effectively.

Re:Good stuff, but...

[plover]

You are correct in understanding that steganography is different than cryptography. It is possibly the purest example of "security through obscurity" that exists. To address your concerns, read to the bottom of the article where you can see where he experiments with a program called steghide [google.com] which performs both encryption (using your choice of modern, high strength algorithms) PLUS steganographic hiding.

Re:Is this limited to FreeBSD only?

[andyrut]

A securely encrypted message, hidden in a file with ostensibly another purpose, such that there is no way to prove the existence of the hidden message...

You make an excellent point. However, if the Department of Homeland Security suspected that you were hiding data within your own obscure files, they could search the files themselves for "extra" data. They can prove such a message exists, even if they can't discover what the message is.

Heck, within the steghide program itself you can see if a file contains embedded data (from the article):

The steghide info command is quite useful. It will tell me if a file contains hidden data (however, only from steghide-created files, as far as I know)

So if they suspect that your cute puppies are really plans for world domination, they could find out.

Re:Yes, except

[fyonn]

that latter case is great britain, for those who are unaware

*sigh*

dave

Re:Commercial for BSD!

[t0ny]

Nah, its got its little niche 'market'. These open source things are like gods- they only die when they run out of worshippers.

Now if we were going just by technical merits (or even moral merits) something like Apple should have died its righteous death a long time ago. But, I guess people need to worship on the altar of 'alternative', even if they are getting robbed blind for it. IMO, Apple is the worst monopolist ever (well, aside from someone truly attrocious like DeBeers).