Forgot your password?
typodupeerror
Encryption Operating Systems Security BSD

Hiding Secrets With Steganography On FreeBSD 424

Posted by Hemos
from the hiding-it-together dept.
BSD Forums writes "Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? OnLamp's Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities on FreeBSD."
This discussion has been archived. No new comments can be posted.

Hiding Secrets With Steganography On FreeBSD

Comments Filter:
  • by Anonymous Coward on Monday December 08, 2003 @11:03AM (#7659904)
    ...people just think it is because it hides itself very well. ;-)
  • by akaina (472254) * on Monday December 08, 2003 @11:05AM (#7659915) Journal
    Makes you wonder what the demon is hiding
    • by dipipanone (570849) on Monday December 08, 2003 @11:33AM (#7660142)
      <Darl McBride>
      I'll tell you what the Demon is hiding -- our intellectual property, fer cryin' out loud.

      Boies? I hope you're getting all this. The damned open source, heathen, communist hippies are deliberately flaunting their ability to conceal the code they've ripped off in an image of some goddamned devil. If that isn't proof enough of a conspiracy to rip us off, I don't know what is!
      </Darl McBride>
  • by Wigfield (730339) on Monday December 08, 2003 @11:06AM (#7659928) Journal
    I'd be interested to know if this is just a BSD thing or if I can run these apps on Linux or Windows.
    • There used to be a program called Steganosis in the win95 days. I'm sure there's a modern equivalent, if not an updated version.
    • by SkyMunky (249995) on Monday December 08, 2003 @11:24AM (#7660080)
      also check out http://camouflage.unfiction.com
    • by criquet (120814) on Monday December 08, 2003 @11:42AM (#7660213) Homepage Journal
      I just compiled the source on Linux and it appears to work just fine.
    • JPHS [linux01.gwdg.de] for Linux and Windows.
    • John Walker's eclectic site, fourmilab.org (fourmilab.ch) has a JavaScript (ECMAScript) stenography app [fourmilab.ch].

      He also offers a public domain stenography app in portable C [fourmilab.ch].

      Those looking for really random numbers, of course, will know about his HotBits [fourmilab.ch].
    • by TedCheshireAcad (311748) <ted.fc@rit@edu> on Monday December 08, 2003 @01:07PM (#7660892) Homepage
      I'm probably gonna get modded down for this, but:

      Please, please, please, avoid steganography and use standard cryptography if you want to protect data. Steganography's security lies in the idea that if you conceal the method with which data is obscured, you conceal the data. This is a very bad way to assume security. In any data protection scheme, you should always assume your enemy has the algorithm used to obscure the data, but that only you have the secret (key).

      I do realize that steganographic techniques now will encrypt data then insert the encrypted bytes into the image, but if it is so easy to extract the steganographically encoded information, what's the point of encoding it in the first place? Differential steganalysis seems to be an easy enough method of finding steganographically encoded data, so recovering the information encoded into an image or whathaveyou is somewhat of a trivial problem, and if there is a trivial step in your data protection scheme, it should just be removed, because it's pointless.

      Kerkhoff must be rolling in his grave.
      • by Rebar (110559) on Monday December 08, 2003 @04:01PM (#7662361)
        One facet of data security is deniability. Which would you rather the Department of Homeland Security find on your hard drive:
        /documents/plan_for_world_domination.pgp
        or
        /wallpaper/cute_puppies.png?

        A securely encrypted message, hidden in a file with ostensibly another purpose, such that there is no way to prove the existence of the hidden message would keep anyone from telling you: "Reveal the secret key to this obviously encrypted file, or face contempt of court and an automatic prison sentence."
        • A securely encrypted message, hidden in a file with ostensibly another purpose, such that there is no way to prove the existence of the hidden message...

          You make an excellent point. However, if the Department of Homeland Security suspected that you were hiding data within your own obscure files, they could search the files themselves for "extra" data. They can prove such a message exists, even if they can't discover what the message is.

          Heck, within the steghide program itself you can see if a file cont
          • However, if the Department of Homeland Security suspected that you were hiding data within your own obscure files, they could search the files themselves for "extra" data. They can prove such a message exists, even if they can't discover what the message is.

            This is true, but finding well-encrypted data is much harder than finding plaintext data. Plaintext data has certain statistical properties, i.e. in ordinary English ascii-text some characters are used more often than others. Cipher text usually resem

      • You're missing the point.

        The main reason to use steganography is that it hides the fact that you are hiding something. If you use straight encryption, it is obvious that you have something sensitive that you want to encrypt (most people don't go to the trouble of encrypting things otherwise). Steganography helps you fly under the radar and send encrypted data without people knowing that you are sending encrypted data in the first place.

        If someone is already suspicious of you, then of course they can a

  • Hiding pr0n? (Score:5, Interesting)

    by Realistic_Dragon (655151) on Monday December 08, 2003 @11:06AM (#7659932) Homepage
    I used to use this kind of thing to hide certain, ahem, suspect images on the Acorn machines at school.

    Of course being an adult now it's not as required, but I suppose it might be able to hide offensive pr0n images inside more innocent ones - so that anyone looking finds pretty mild things and stops there, without being able to find things that would get you looked at oddly in church :o)
    • by Anonymous Coward
      The act of renaming your porn files to "StudyNotes.jpeg" is not steno unfortunately :)
    • Re:Hiding pr0n? (Score:4, Interesting)

      by Ayaress (662020) on Monday December 08, 2003 @11:58AM (#7660338) Journal
      An interesting technique for hiding "questionable content" on your computer is to zip it up and rename the file something like syskrnl32.dll or winld64.sys or something important-sounding, then putting it in c:\windows\system. Back in the days of windows 3.11, I could go into DOS and do an attrib +d on it, but they seem to have taken the d attribute out since Windows 95.
  • by Anonymous Coward on Monday December 08, 2003 @11:07AM (#7659934)
    I've been using it for years, posting messages like "allah is great" on Fark photoshop contests.

    Just raising the background chatter to a dull roar.
  • Good stuff, but... (Score:5, Interesting)

    by VargrX (104404) on Monday December 08, 2003 @11:07AM (#7659938) Journal
    my problem wrt steganography is that it 'feels' more like security through obscurity than an actual cryptographic regime (ala gpg encrypted attachments, etc). Other than that, neat stuff.

    • by Realistic_Dragon (655151) on Monday December 08, 2003 @11:11AM (#7659972) Homepage
      You can always encrypt first then hide later.

      Security through obscurity is fine _as an additional layer_ - can't even begin to decrypt something you can't find.
    • by Phigs (528913)
      When he attached the files, he also encrypted them didn't he (with the passphrase). In the article he made a point to showing off all of the encryption standards supported by the utility.
    • by ReTay (164994) on Monday December 08, 2003 @11:25AM (#7660084)
      Well again this falls on the user.
      When I Steg an image I encrypt the text first then plant it into the picture.
      Even if you figure out that the image has been Stegged you won't know if you get the
      Method I used to put it in because you can't read it. But all the receiver needs to do is use the correct decoding in Steg and then un encrypt the images. You may be able to tell there is something in the picture but reading it is another matter.
    • by jxs2151 (554138) on Monday December 08, 2003 @11:50AM (#7660274) Homepage
      Here's the deal with encrypting with PGP (GPG, etc.):

      It leaves a telltale header "-----BEGIN PGP MESSAGE-----"

      This makes it very easy to find encrypted messages as you can apply a simple filter.

      One of the benefits of steganography is that is looks like a JPG file being emailed or a JPG(PNG) sitting there on a website. Without very special software there is no easy way of even knowing that the picture of grandpa on the tractor is anything but a picture of grandpa on the tractor.

      When I was playing with it, I would encrypt the text using PGP then embed it in a image using JSteg. It was fun but not particularly useful since nothing I had to say or email was worth anything to anyone important. Having said that, should (when) the revolution comes it will not be televised [gilscottheron.com], it will be stegged so I'm keeping those skills.

    • Yes, except (Score:5, Insightful)

      by Moderation abuser (184013) on Monday December 08, 2003 @11:52AM (#7660292)
      In some countries you can go to prison for using cryptography, in other more enlightened countries you can go to prison for not handing over the keys when asked by the guys in jack boots or for talking about the fact that you've been raided.

    • by dfay (75405) on Monday December 08, 2003 @11:59AM (#7660351)
      Cryptography IS security through obscurity... mathematical obscurity. You either choose a secret (a prime or a password) to encrypt something, or you choose a secret (which picture, which algorithm and settings) to hide something using stego.

      Basically, encryption is hiding a needle in a very large haystack, and stego is hiding a carefully disguised strand of hay in a not-so-big haystack. The end result is that similar attacks are required to break either scheme (theoretically), so from a conceptual point of view neither should be preferred over the other.

    • by jmv (93421) on Monday December 08, 2003 @12:02PM (#7660376) Homepage
      Not exactly. As someone suggested, it's possible to encrypt first, but the real advantage is that if done properly, nobody can even prove you sent a message. Even if the interceptor knows the steganography method, unless they have the key, they can't prove the last bits of your wav file is a secret message and not just normal noise from your microphone.
      • Done properly... (Score:3, Informative)

        ... the real advantage is that if done properly, nobody can even prove you sent a message.

        While this is true, in fact it is the definition of good steganography, I'm not aware of any steg that actually achieves this. For a while, there were no public methods that break Outguess, but that was broken over a year ago, and I don't think there are any stego schemes still standing. The problem is that the last bit of your WAV file or GIF isn't very random in a real picture, not nearly as random as you might g
    • This reminds me of the fake rocks folks use to hide an extra house key...

      ... The bad guys get the same catalogs you do!

    • by plover (150551)
      You are correct in understanding that steganography is different than cryptography. It is possibly the purest example of "security through obscurity" that exists. To address your concerns, read to the bottom of the article where you can see where he experiments with a program called steghide [google.com] which performs both encryption (using your choice of modern, high strength algorithms) PLUS steganographic hiding.
  • by TWX (665546) on Monday December 08, 2003 @11:07AM (#7659940)
    ...is that no one else knows where to look to find things that might be sensitive. You can literally hide things in plain sight, but with the amount of crud stacked everywhere physically, and the amount of data strewn about with no apparent labelling (except for the porn of course), no one can actually tell what is important and what isn't.

    Of course, dates don't seem to understand the logic of living in an apartment that already looks like it's been rifled through.
    • by Lumpy (12016) on Monday December 08, 2003 @11:36AM (#7660174) Homepage
      you got modeed funny but this is a very useable and strong way of hiding. Not only files but attacks and most anything else.

      If I upload 500 photos a month to the net Each of them contain something in the photo (results of /dev/random in random lengths) and then I fire off one photo in a group of others that has real information, the chances of it being found or even noticed is lower than having a encrypted file cracked.

      I've seen this used many times and is used in nature by birds and fish...

      a school of 500 fish makes it impossible for a predator to single out one specific fish.
    • The Wife doesn't seem to get that argument either. Labeling the porn is an interesting idea, but could set a bad precedent.

      Here's some arguments I've tried that may work with your SO.

      Fuzzy Logic - It sort of goes in this pile, but it could go a little bit into those other piles too.
      Chaos - It's actually a more advanced form of order she just doesn't understand yet.
      Shortest Path - I'm never more then a few feet from anything I need.
      Strange Attractor - Things just end up this way over as movements are i
  • by j0keralpha (713423) * on Monday December 08, 2003 @11:07AM (#7659942)
    I use steg sometimes to pass messages i dont want out in plaintext or overtly encrypted, but it has to be passed in such a way that it isnt apparent that a message is there (i.e. email to brother 'See these pics of grandma!'). It is not a foolproof method, but its very useful when you realize you cant trust the encryption itself to hide the message.
  • How come ... (Score:5, Interesting)

    by DogIsMyCoprocessor (642655) <[dogismycoprocessor] [at] [yahoo.com]> on Monday December 08, 2003 @11:07AM (#7659944) Homepage
    BSD is mentioned 3 times in the post, while the utilities that actually do the work are only mentioned once? This is like titling a post "Processing Images with Filters on Mac OS X" and only mentioning once that you use Photoshop.
    • by Anonymous Coward
      Posts/books/whatever that say "My webserver is Linux" (No it is not. It is Apache) "How to use LInux to serve Windows files" (No, you are using SAMBA and LDAP.) "Robot runs on Linux" (No, its some custom code that runs ON the GNU/Linux environment)

      Where have YOU posted objecting to abuses like the above?

      Well?
  • No... (Score:5, Interesting)

    by SuperBanana (662181) on Monday December 08, 2003 @11:08AM (#7659947)
    Bad guys in the movies all keep their wall safes hidden behind paintings

    No, bad guys in movies walk into the Rich Dude's house, immediately realize where the safe is, pull the painting away and get whatever's in the safe. How many times have we said that security through obscurity isn't security, and now we're all clamoring about obscuring data to make it safer.

    Data-wise, it seems like you'd need to be hiding a relatively small amount of data. Otherwise, you're like an elephant trying to blend in at an LA cocktail party.

    • Re:No... (Score:2, Funny)

      by Anonymous Coward
      Otherwise, you're like an elephant trying to blend in at an LA cocktail party.

      Delta Burke did this for years

    • by hey (83763)
      Better to put the safe behind a painting than in front!
    • Re:No... (Score:3, Insightful)

      by Lumpy (12016)
      Yes and no. I dare you or anyone else to locate my valuables in my house. hell they're not even in a safe.

      I used to use hollowed out books in college for safe storage from the idiot friends my roommate had, same as the trick of the first 4 bottles of beer in the fridge were filled with piss, the pattern of real beer versus piss was changed weekly by the beer owner. It kept the mooch friends out of the beer, although was a bit wierd to have bottles of piss in the fridge as far as I was concerned.

      You can
      • I used to use hollowed out books in college for safe storage from the idiot friends my roommate had, same as the trick of the first 4 bottles of beer in the fridge were filled with piss, the pattern of real beer versus piss was changed weekly by the beer owner. It kept the mooch friends out of the beer, although was a bit wierd to have bottles of piss in the fridge as far as I was concerned.

        If I was your roommate, I'd start rotating your bottles of beer. Or did you also unobtrusively mark them?

        My strateg

      • >>It's the same trick as the fake rock holding your house key

        Except that the more of those fake rocks you see in the store, the more they begin to look alike, and yet different from real rocks.

        Then you begin to spot them around peoples homes.

        Security by obscurity isn't secure.

        As for the beer bottle prank, I'd just check to see if the bottlecap is loose or dented. Or if the contents of the bottle smelled like pee.

        The book trick is a timeless classic.

        wbs.
    • Re:No... (Score:3, Interesting)

      by wideBlueSkies (618979)
      OK, so you get a bunch of dummy .jpg files right? Fill em up with whatever you have to hide. Then rename them to look like object files.

      So myBankAccountNumbers.jpg becomes mban.o and myMistressesAddressAndPhone.jpg becomes maap.o.

      Then drop em in with your system files. Done.

      On Window$, rename them to .dll or .obj to accomplish the same thing.

      OR, drop them into your MySQL data folder, and rename to pictures to match what's in there. This might work for you if you use MySQL and do regular backups.

      So it'
      • Re:No... (Score:3, Insightful)

        by aallan (68633)

        The only problem here is to keep track of what is what. After a couple of files, it's going to be a pain to remember which file has your pr0n site passwords in it, versus Gramma's cookie recipe.

        Well obviously you only have to keep track of one file, the one which holds the list of all the other files you've got with encrypted content.

        . Al.
    • Re:No... (Score:5, Insightful)

      by johndiii (229824) * on Monday December 08, 2003 @11:50AM (#7660280) Journal
      The analogy isn't security through obscurity, it's finding a better place than behind the painting to hide the safe. Or, perhaps more accurately, securing one's valuables in something that is not recognizable as a safe. If the burglar had to look at a thousand books to determine if even one of them had a secret compartment, it would be a much more effective security measure than a safe behind a painting.

      If you are using stegged files (they do not have to be images) to communicate with others, then you are hiding the channel. This is a potentially very useful mechanism against automated monitoring tools, particularly if the data is first encrypted. Isolated information in high-volume channels can be very hard to detect. Another use would be to help defeat traffic analysis.

      This is not to say that steganography is a magic means of information hiding. But it is one of the useful tools.
    • Re:No... (Score:5, Insightful)

      by Ayaress (662020) on Monday December 08, 2003 @12:17PM (#7660483) Journal
      Keep in mind that the article said that hiding messages in images is NOT a great way to hide important stuff by itself, but that it could be used as a second layer of security. Lets have four people, shall we? They all run servers, and they all have an important file on there they don't want other people to find. Johnny keeps his file unencrypted and unhidden. Billy keeps his encrypted, but unhidden. Mike hides his in an mp3, but unencrypted. Joe hides his in a jpeg after encrypting it. Johnny's most likely to have his stolen, obviously. But Billy's file is more likely to be found than either Mike or Joe's, even though Mike's has no encryption on the file itself. Even though the person who took Billy's file doesn't have the information in it, finding it it one step closer to stealing it. Now, Mike and Joe are both considerably less likely to have this file found, unless the data theif expects them to hide it in a media file like this. On the off chance that the hacker DOES find the file, though, Mike's is as good as stolen, just like Johnny's. However, Joe is the most secure of the bunch. Not only is his file encrypted, but it's also hidden, meaning it's unlikely that the hacker will even get the encrypted version. They can't crack what they can't find. Even after what Johnny did, he can go furthur. Encrypt his password, hide the text in an image, rename the image to a .dll or .o and hide it in a system directory. Sure, it's not 100% secure, but it's better than leaving even the most secure file laying around.
    • No security is full proof. Making your security more obscure raises the bar on breaking it. Key locks are not secure, and most can use a master key. Having the locks there make it hard for the novice to get in. Stegonography too is like that. Sure, an expert MAY be able to get in, but a novice? It's just a little harder.
  • Really cool demo... (Score:5, Interesting)

    by veecee_veecee (694455) on Monday December 08, 2003 @11:09AM (#7659959)
    This was my first exposure to a steganopraphy demo....Written by the author of a bunch of books on Computer Networks and Operating Systems... http://www.cs.vu.nl/~ast/books/mos2/zebras.html [cs.vu.nl]
  • Bad Guys? (Score:5, Interesting)

    by philovivero (321158) on Monday December 08, 2003 @11:09AM (#7659962) Homepage Journal
    All the BAD GUYS hide their safes behind pictures? Is the metaphor you're trying to paint that BAD GUYS use steganography? The government propaganda wars are working. Newspeak is ingrained.

    Every citizen of these modern times is a criminal, and because everyone is a criminal, everyone should use steganography. Most criminals are not BAD GUYS, but instead, good loving parents, patriots, and friends to society. It no longer makes sense to equate criminal to BAD.
    • Great Observation (Score:3, Insightful)

      by nurb432 (527695)
      This concept is lost to most people. And i agree it just proves how effective slow media manipulation of peoples attitudes is.

      Just like calling downloaders 'pirates' and 'theft'. .Or 'the SUV killed.. ' in time people begin to belive it with out realizing it...
  • Not so good.. (Score:5, Informative)

    by tr0llx0r (730590) on Monday December 08, 2003 @11:11AM (#7659975)
    Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are
    • jsteg,
    • jphide (unix and windows),
    • invisible secrets,
    • outguess 01.3b,
    • F5 (header analysis),
    • appendX and camouflage.
    Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.
    • Re:Not so good.. (Score:2, Insightful)

      by Lumpy (12016)
      and it becomes 100% useless if you make it trigger tons of false positives.

      if EVERY picture on a website trigger's it's detection and yet you find nothing in them you begin to suspect the usefulness of the tool.

      here lies the true power in stenagraphy.
      • by jpetts (208163)
        and it becomes 100% useless if you make it trigger tons of false positives.

        That's right: for every picture with a real hidden message, you have 10,000 with the following text:

        "What the fuck do you think YOU'RE looking for?
        Madonna"
    • How? (Score:5, Interesting)

      by ThePyro (645161) on Monday December 08, 2003 @12:23PM (#7660531)
      How could that that work reliably? Lets say I take a text message, then encrypt it (as all hidden messages should be). At this point, the encrypted bits of the message should closely resemble random noise - assuming the encryption scheme we used was good enough.

      Now I take the encrypted bits of the message (which already look a lot like random noise) and hide them inside the least significant bits of a bitmap file. Lets assume that I'm using a half-decent steganography tool here, and it distributes the bits of the message throughout the image in a psueudo-random fashion.

      So now we've got a stream of encrypted bits, which more or less resembles a stream of psueodo-random numbers. And we've sprinkled these bits all over the place inside the image, so they don't even appear together or in order.

      How does one go about detecting that there's a message in there, reliably? What distinguishes the [pseudo]randomly-distributed [psuedo]random-bits of the encrypted message from the background noise of the image?

      (I am assuming, of course, that the message we're trying to hide is relatively small - at most, 1 bit per byte in the image is modified. Much more than that is like trying to hide a tractor trailer behind a go-kart)

  • by ksheka (189669) on Monday December 08, 2003 @11:11AM (#7659976)
    First time I read the headline, I thought it was implying that there are secret messages in the icons/images that are part of the freeBSD installation. Which brings me to wonder: what prevents people from putting messages hidden in the KDE or Gnome icons and such?

    (Maybe a "If you can read this, you're too paranoid" sort of message in the Redhat splash picture?)
  • by j_dot_bomb (560211) on Monday December 08, 2003 @11:13AM (#7659993)
    Simply rename its extension to .dll. It will fit right in to the gigs of OS files.
    • Simply rename its extension to .dll. It will fit right in to the gigs of OS files.

      And how is this different from any other OS?. Take a look in /usr/lib/ and tell me that you know what every library there does.

      Call it /usr/lib/libsxprtVnp12.0c.49.so. If you want to avoid accidental deletion of unused libraries by an overenthusiastic sysadmin, make it using gcc, export a few symbols as wrappers of libc functions, and relink some gnome applications (which uses hordes of libraries anyway) to use it.

    • Yeah, I'm sure every user has a monstercock.dll file in their windows folder ;)
  • by Anonymous Coward on Monday December 08, 2003 @11:15AM (#7660004)
    I have yet to see a good treatment of the necessity of hiding the fact that one may have knowledge of or tools capable of implementing steganography. While hiding data is a nifty thing, it's not of much practical use unless you can also hide the code - the tools that you use to embed and deembed your steganographically hidden files.

    Adding hooks to libraries and hiding executable code in data areas and coming up with slick ways of calling into that code when you actually do some stega processing is an area ripe for exploration. It may be more challenging than data hiding as well, especially when you consider the huge libraries of md5sums for all known executables and libraries that are maintained and distributed by computer forensics people.
  • Does this mean ... (Score:2, Interesting)

    by value_added (719364)

    I can hide my entire pr0n collection in a single gigpixel [slashdot.org] image?

    Seriously, though, I read a news article some time ago describing how the FBI are onto such data hiding techniques after discovering terrorists (ok, "Arabs") had been posting stego encrypted messages in images posted to various popular terrorist (there I go again!) websites.

    Don't know to what extent they're "onto" it (they never say, do they?), but I imagine looking for secret clues [abeautifulmind.com] can be a full-time job.

  • I wonder . . . (Score:5, Interesting)

    by lavaface (685630) on Monday December 08, 2003 @11:20AM (#7660049) Homepage
    What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?
    • Re:I wonder . . . (Score:5, Informative)

      by The Darkness (33231) on Monday December 08, 2003 @11:34AM (#7660156) Homepage
      What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?

      Of course.

      These utilities usually use bits that will not make a change apparent to a human observing the data with our normal senses (ie. the last bit in each color field) so obviously doing anything to change the bit pattern will destroy the message.

    • Re:I wonder . . . (Score:3, Interesting)

      by gosand (234100)
      What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?

      Hmm. If it does, you could use it to your advantage. Encrypt your message. Use steg to hide it in an image. For that added level of (ob)s(e)curity you could hue shift the image whatever values you wanted before hiding your message in it. Adjust the values to "normal" before sending it.

      To completely decrypt it, you would have to be ab

      • Re:I wonder . . . (Score:2, Interesting)

        by molafson (716807)
        Seriously, do any of you have information that is THAT secret?

        Not me, but I can imagine various scenarios where steg would be useful. e.g. espionage -- where you use a one time pad to encrypt the info, then steg to insert it in a jpeg which you could transport through airports, etc. on a memory card in your digital camera. Much less incriminating than carrying a floppy or cd...

        I can imagine that a similar "stealth" technique could be employed using mp3s and an iPod.
      • Re:I wonder . . . (Score:3, Insightful)

        by joto (134244)
        To completely decrypt it, you would have to be able to set the R,G, and B values to the correct ones, then de-steg it to get the message, then unencrypt it.

        This is usually not completely reversible. You'd better experiment on the file before doing that, or you'll lose data.

  • why the old stuff? (Score:5, Interesting)

    by Tom (822) on Monday December 08, 2003 @11:21AM (#7660055) Homepage Journal
    Why do we get articles about tools that are what? 3 years old?

    There is enough new and interesting (and better) stuff around. For example, rubberhose [rubberhose.org] would've been much more interesting to read about.
  • Steganography is new to me (as a science). All i can say is i'm RTFA'ing and it's badass cool :o)

    Does this disqualify me as a slashbot?
  • by MURD3R3R (691512) on Monday December 08, 2003 @11:34AM (#7660151)
    The first and probably best steno-encrypted file I ever remember seeing was the first linux no-modchip hack for the XBOX, from http://xbox-linux.sourceforge.net/docs/007analysis .html

    It is a good read.

    Lies, Deceipt, and Trickery

    The rest of the hack does everything it can to hide itself. There are two major components to the disguise: the "fake" hack, and the JPEG image of Tux.

    Firstly the fake hack. The fake hack begins at offset 0xD00 in the game save. If you disassemble the game save, you are likely to notice that some interesting stuff begins there. It appears to be getting it's own address, turning off write protection in memory, patching the kernel, and calling XLaunchNewImage. There is some branching logic which seems to imply that it is patching the kernel in different ways, depending on the value of location 0x8001FFFF in memory. The patches even resemble those that certain modchips perform, some are even at the same offsets. The path to the linux xbe is noticeable as well, at offset 0xFD5.

    Upon initial inspection this code seems very plausible. When you look at it closer, there are a lot of inconsistencies. Firstly, the value being tested at 0x8001FFFF does not match up to any known kernels that I know of anyway. Secondly, a lot of the patches to the kernel are junk code and don't make any sense. Thirdly, there is no call to IoCreateSymbolicLink in order for the call to XLaunchNewImage to work. XLaunchNewImage checks to make sure that the path to the executable resides on the 'D:' drive to prevent applications being launched from the hard drive, and therefore only from the DVDROM drive. Without remapping \Device\Harddisk0\Partition1 to 'D:' using IoCreateSymbolicLink, there is no way for the kernel to find the default.xbe as specified.

    Secondly there is the Tux JPEG. Starting at offset 0x1080 in the game save is a JPEG image. This is obvious from the text JFIF which is present in all JPEG headers. If you extract out this block, you get a nice little picture of Tux. Seems like a harmless little addition by a linux fanatic. It is typical of linuxheads to stick stuff like this everywhere. In reality, the real hack is encrypted and stored in this image. The practice of storing data in images is known as steganography. Perhaps this doesn't count, as it stores the data in the header and not in the actual image data. It's still rather devious. We'll come back to the contents of the hidden data in a moment.

  • by Scholasticus (567646) on Monday December 08, 2003 @11:44AM (#7660225) Journal
    I've been staring at this pictures of Jenny McCarthy for years now, trying to discover the steganographically hidden messages.

    That's what I told my girlfriend.
  • pfah. (Score:3, Informative)

    by pb (1020) on Monday December 08, 2003 @11:50AM (#7660272)
    Hiding secrets with steganography on Windows, Red Hat, SuSE, and... oh yeah, FreeBSD [sourceforge.net]...
  • by Courageous (228506) on Monday December 08, 2003 @11:53AM (#7660306)
    Any discussion of steganography is incomplete without this:

    http://www.mcdonald.org.uk/StegFS/
  • by Anonymous Coward
    I'm curious, why put the encrypted data in the comment blocks for jpeg pictures? By placing scrambled data in these sections you make it pretty obvious that there is a 'hidden' message in there.

    Why not make the data truly hidden by using the least significant bit within each of the RGB values for a 24 bit color image? 8 bytes of image data can hide 1 byte of data.

    If you can repeat the hidden message enough times you might even be able to use this within a jpeg image and have the message survive recompress
  • mine (Score:2, Funny)

    by Luveno (575425)
    I keep mine in topsecret.txt.
  • by lugar (561993)
    They actually had this on Navy:NCIS a couple weeks ago. A terrorist was hiding messages inside of porn images.
  • by Qinopio (602437) on Monday December 08, 2003 @12:22PM (#7660521) Homepage
    Didn't Kevin Nealon hooker already perfect this technique useless on Saturday Night boring Live?
  • by Kjella (173770) on Monday December 08, 2003 @12:23PM (#7660532) Homepage
    ...ironically, the better algorithms we get for compressing stuff, the more difficult it is to hide something. It gets really obvious if you start sending around BMPs or WAVs.

    Steganography detection is doing rather well - it simply realizes when the compression is "wrong", that is, if it would have been compressed better if there wasn't hidden info in the image.

    By the way, for legal purposes it might be just as efficient to use something like Bestcrypt's hidden container - it's a very smart, yet "dumb" form of steganography. You create an encrypted container, which has a key. Then you create a hidden container inside the encrypted container, with a different key. There's no way to detect the presence of a hidden container - it looks like random data in a container full of random data.

    If required by law to provide a key, provide the key to the outer container. When asked about a hidden container, go "What hidden container?" Even if it is very likely that there is one, there's no proof of that. Even the wackiest RIP bill doesn't require you to provide decryption keys to things that doesn't provably exist.

    Kjella
    • Obvious solution... (Score:5, Interesting)

      by Lemmeoutada Collecti (588075) <obereon@gma[ ]com ['il.' in gap]> on Monday December 08, 2003 @01:22PM (#7661011) Homepage Journal
      Use reversable compression. Encrypt the cleartext, package it in a container (subcontained if desired), stga that into the BMP or WAV, compress using GIF/PNG/FLAC as required. Ship product to receiver, they uncompress (since the compression is lossless, no bits lost there), de-steg, decrypt, decrypt, viola recipe for brownies.

      Also tends to confuse the detectors, as they are not trying all (n) possible ways the file could have been compressed to look for steg data in the raw file, only looking at the compression errors in the current format.

      For every scheme, a crack, for every crack, a new scheme. What fun the merry go round is!
  • by commonchaos (309500) on Monday December 08, 2003 @12:27PM (#7660564) Homepage Journal
    What I would like to be able to see is the ability to use a large directory of files as a stenographic "filesystem" of sorts. For example: Mount the pictures of your roadtrip to Antarctica as a loopback device.

    Ideally the software would only need to be pointed to a directory or a wildcard, given a passphrase and be able to just "mount" those files. I.E.
    mountsteg /home/bob/antarctica_roadtrip_pictures/ /mount/secret/
  • by aepervius (535155) on Monday December 08, 2003 @12:50PM (#7660752)
    I do not have the web page here but somebody can certainly search in slashdot and find it. How to detect it ? The guys which made the thesis/program show that even if the lowest bits seems random, in reality if you take only red / blue or green component you see "forms" appears. And thus on steganographied image you see those form disappear, whereas on non stenographied they appear. Note that you can avoid that. So people using some of those program think they are safe, but instead a third party can show that they are exchanging secre. And knowing you are sending something hidden in some case can put you in a bad position. Even in the US.
  • This is not a troll, but I've looked at encryption many times and wondered what I needed it for. Sure, I probably have secrets like anyone else - but what do Slashdotters need to encrypt? Bank records? Isn't that info on the bank's pc, unencrypted? Diaries? I'm pretty forthcoming, so there's not alot I wouldn't tell someone else, but for others, why wouldn't a password do? Most of what is in a diary could be constructed from your behavior in public, or just asking around.

    Of course, if I lived in China and was plotting a demonstration, I'd need to hide that info. Or bank heist details.

    Currently, encryption is used freestanding by people with something to hide - and is viewed by 'the masses' as a terrorist/theft/dishonest tool. Why isn't encryption used in *everything*? I appreciate the need for encryption, but until it is everywhere and easy to use, it will have a black cloud hanging over it. Which makes it much easier for those who would like to abuse their powers (cough *Ash*cough) to pass laws restricting the use. Thereby reinforcing its reputation as a tool for people who have something (bad, ohohoh very bad) to hide.

  • by nuintari (47926) on Monday December 08, 2003 @01:31PM (#7661075) Homepage
    This is all well and cute, but realistically speaking, no implementation of steganography is all that secure. Detection is fairly easy, and then a dictionary attack against the encrypted contents is used. [Link [xtdnet.nl]]

    Its a twofold problem as I see it.

    1. The hiding of encrypted data/images/text/whatever inside of an image file is based on the notion that security through obscurity raises the bar. Anyone who studies security knows that this is just not true. Since suspicious images are simple to detect, this layer of obscurity offers no real data protection than just encrypting the file and naming it "this-is-secure-data.blowfish". Its just a matter of what encryption method is used to secure the contents. Which brings me to my second point.

    2. Since the basis of steganography is to hide information inside an image without disturbing the visual image, the size of the data contained within, from my understanding, is severely constrained. Thereby limiting the effectiveness of this technique in all but very large, suspicious, and still easily scanned images.

    SO, by hiding one's data inside an image with this technique, one is left with a picture of a table that is just screaming to be scanned for its suspicious content.
  • In BSD (Score:3, Interesting)

    by cybercuzco (100904) on Monday December 08, 2003 @02:05PM (#7661343) Homepage Journal
    Why not hide stuff -IN- FreeBSD. It wouldnt be that hard to write a utility that inserted "typos" into comments that when decoded could be used to pass messages or even hide images.
  • by phr1 (211689) on Tuesday December 09, 2003 @05:37AM (#7666902)
    is for the standard version of mkfs to fill empty disk blocks with random data (from /dev/urandom) BY DEFAULT instead of zeroing them. That way you can run a stego file system in the unused blocks and it will be indistinguishable from ordinary randomized free blocks. If every BSD (and ideally every GNU/Linux) distro shipped with that feature turned on, there would be no way to tell a stego user from a non-user.

Recent investments will yield a slight profit.

Working...