10:38 Steganography | |
| Habre've written several times about steganography, in particular the recent post about the LSB steganography (which, unfortunately, the author moved to Drafts) awakened in me a desire to share their knowledge and thoughts on this topic. Let's assume that you are a spy, and (as with any self-respecting spy) on your hard drive has a lot of sensitive information. You need to hide it so no one has found. And if you get caught, then your computer will give the survey and the one who will look for this information will be 99% sure that the information on your hard drive is. So what are the ways to hide information is at our disposal ... Method 1 - BanalThe easiest way - is to rename the file. For example you have a picture that should be hidden. You simply rename the file extension and the picture is no longer determined by the system as a picture. But, of course, it's foolproof. If you, for example, rename the file in JPG RAR, then such a RAR archive can not be opened, WinRar derision that the archive is broken, causing suspicion and a deeper study of the file. Method 2 - banal, AdvancedAnother simple way, but still more advanced - it is bonding two different files into one. The simplest example: Adding a RAR archive to the end of JPEG images. This image is no problem to open any program for viewing / editing pictures, and also will be opened and the program WinRar. The fact that almost all programs to work with archives calculated that the archive does not start from the beginning of the file, since it is possible that the file is enclosed in a self-extracting shell. But the drawbacks of this method is that such bonding can be easily seen. For example, if the picture has a size of 200x200 and weighs 2 megabytes, then immediately suspect. In addition, all formats (containers) are typically well structured and if suddenly there is a file which is redundant information, it is easy to detect. So we need a way to hide information that does not disrupt the structure of the file format chosen. Method 3 - LSBAs already mentioned before, this method is very simple to implement, while it does not violate the container and the file does not store redundant information. But this method has not a few drawbacks. Firstly, it applies only to a small number of containers. For example it can not be applied to the format of JPG, MP3 or AVI. But usually the files of these formats is stored by hundreds of our computers and that's where it's best to hide information. Personally, I immediately suspected it had not all right, finding a computer large library of image format BMP. Also, this method gives himself with giblets in the images with a homogeneous surface. And try to apply this method to the MP3 file. Changing just one bit of time in 2 or more bytes that will lead to inevitable deterioration of audio data. For those who want to play with in this way can offer a plugin for Total Commander'a which allows you to hide data in images of some containers, as well as WAV (provided that the audio data encoded by the codec PCM). There are also more advanced algorithms, eg algorithm Koch-Zhao, who hides the data only in pictures. It differs in that it encodes one bit of information in blocks of 8x8 pixels. Unfortunately, due to the small amount of information about this algorithm, the Internet, I can not tell him anything else. Method 4 - Meta DataMany formats can store certain metadata. Plus, this method is that it just does not break the file format, as well as work with these meta-data is usually well documented and is ready libraries to quickly write a program to store their data in these files. Almost all media formats are supported meta-data. However, there is not always possible to store data so that they could not see. So where can also try to keep secret data: MP3Just recently Habre appeared post Hiding text to MP3 which describes the implementation of the PHP storing their information in the tag ID3v1. But the fact that the ID3v1 tag is very restrictive and a lot of information out there is not retained. In addition to any normal media player, all your data is clearly visible. It is quite another ID3v2.4 tag that allows you to store data much larger, and allows you to save any or no default data. For example, some programs store there settings for volume normalization for each individual file. Media Players usually do not display unknown parameters to them. Since we are talking about MP3, it is worth to mention about the little-known tag Lyrics3, which was created to store the file for lyrics, as well as expanding tag ID3v1 (for example possible to maintain a long title song), but the yield of standard ID3v2 tag and did not let the tag Lyrics3 be widely distributed. But how is strange, a large number of MP3 files which can now be found on the Internet, contain the tag (although the name of the song but there's nothing more stores). JPEGIn JPEG format, there is support for EXIF ??tag. Data stored in this tag key = value pairs. In theory there is no problem to add there is not a standard key containing your encrypted data. The program works with this tag, stumbled on the key, most likely just ignore it and do not show. AVINot many people know that the files are AVI format also has support for metadata, and stored there can be many things. As in the MP3 and JPEG files can be created which is a key to be simply ignored by programs working with meta-data. I can recommend a good program for viewing metadata AVI files: abcAvi Tag Editor Less store sensitive data in the meta-data file is obvious, there are many programs that show absolutely all their contents, including custom and private values. Method 5:And finally I want to tell you about another great way to store sensitive data in MP3 files. Implemented it in the program MP3Stego. Unfortunately the author of this program has not updated the project since 2006. The idea is that the data is first encrypted and then in the heart of the process of encoding an MP3 file (from the WAV) is mixed into the final result. The result is an ordinary MP3 file, without noticeable distortion to the ear, but keeps a coded data. | |
|
| |
| Total comments: 0 | |