Steganography

Let’s talk about steganography. Have you ever heard it? There could be a lot of reasons why not.

  • You don’t speak greek
  • You never needed to hide something (I don’t think so)
  • You’re happy with common cryptography if you want to seal something

Take a look at the wiki:

Steganography (/ˌstɛɡəˈnɒɡrəfi/ STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós (στεγανός), meaning “covered or concealed”, and -graphia (γραφή) meaning “writing”.

OK so what does it mean?

Well what would you do if you’ve gained an access to my vacation photo folder?

alt text

I know what! You would steal all my passwords. Am I right? Yes I’m because I’d do it too.

At the first glance you can identify WHERE are the most valuable data/information. That’s the security weakness. Look at every bank. You know that in front of the safe is full armed guard. Why? Because he is trying to protect something. Again. You precisely know WHERE to go if you want it. Follow the arms, chains, locks… Hmm but let me think about it. What if you don’t see any locks, doors, windows, or anything else where you could break into?

Here comes the power of steganography.


The Art of Hiding Messages in Plain Sight Link to heading

Take a look at images below

alt text alt text

They are the same you’d say. But actually, they are not.

Let’s look at how they were created.

First image was downloaded from here and saved as leonardo-flying-machine.jpg

Second was created like this

$ ls
leonardo-flying-machine.jpg
$ 

$ tempFile=$(mktemp); echo -e "\nhttps://jpmorganonline.com/ - username: theking | password: iamsorich\n" > $tempFile; cat leonardo-flying-machine.jpg $tempFile > leonardo-flying-machine-modified.jpg; rm $tempFile;

$ ls
leonardo-flying-machine.jpg
leonardo-flying-machine-modified.jpg
$ 

Sooooooo what happened? We’ve modified an image a little bit. We’ve appended some message at the end of the file. Will you notice if you look at the image that I’m giving you a free access to bank account? I think you’d try to find it in the previous ZIP file right? So even if you’ve a lot of money right in front of your eyes you wouldn’t even notice it. You just don’t see it. Isn’t it a beautiful and scary at the same time?

Let’s briefly check the results

$ strings leonardo-flying-machine.jpg | tail -n 2
8_tA
h%g,
$

$ strings leonardo-flying-machine-modified.jpg | tail -n 2
h%g,
https://jpmorganonline.com/ - username: theking | password: iamsorich
$

With usage of binary comparison

$ xxd leonardo-flying-machine.jpg 
...ommited for brevity...
00002c90: c088 5131 5f17 4a37 5c63 f65b e70a 2426  ..Q1_.J7\c.[..$&
00002ca0: 2c15 ab0e 2a43 db9c 9438 5f74 41d0 e482  ,...*C...8_tA...
00002cb0: 9c81 2410 f40a 59fd 7e76 11d3 3650 d5dc  ..$...Y.~v..6P..
00002cc0: 4f9c 09a2 0068 2567 2ced aff5 f9ab 5736  O....h%g,.....W6
00002cd0: 2b11 a796 bde0 5d06 4f80 87fe 23ff d9    +.....].O...#..
$

$ xxd leonardo-flying-machine-modified.jpg
...ommited for brevity...
00002c90: c088 5131 5f17 4a37 5c63 f65b e70a 2426  ..Q1_.J7\c.[..$&
00002ca0: 2c15 ab0e 2a43 db9c 9438 5f74 41d0 e482  ,...*C...8_tA...
00002cb0: 9c81 2410 f40a 59fd 7e76 11d3 3650 d5dc  ..$...Y.~v..6P..
00002cc0: 4f9c 09a2 0068 2567 2ced aff5 f9ab 5736  O....h%g,.....W6
00002cd0: 2b11 a796 bde0 5d06 4f80 87fe 23ff d90a  +.....].O...#...
00002ce0: 6874 7470 733a 2f2f 6a70 6d6f 7267 616e  https://jpmorgan
00002cf0: 6f6e 6c69 6e65 2e63 6f6d 2f20 2d20 7573  online.com/ - us
00002d00: 6572 6e61 6d65 3a20 7468 656b 696e 6720  ername: theking 
00002d10: 7c20 7061 7373 776f 7264 3a20 6961 6d73  | password: iams
00002d20: 6f72 6963 680a 0a                        orich..
$

Above command will find all strings in the image and print’em. I’m printing the last 2 rows. As you can see we’ve appended our “secret message” at the end of the file. Binary comparison shows you the same in binary form.

Some of you may say “Oh wait, it’s kind of security through obscurity is not it?”

You’re right. It can look like that. But what stops you from increasing security by adding some kind of additional encryption? Nothing.

Let’s do it!

$ echo -e "\nhttps://jpmorganonline.com/ - username: theking | password: iamsorich\n" | openssl enc -a -A -aes-128-ecb -K 31323334353637383930313233343536
r/rWy+dH156O83Kw9Ahhf8AviEorSaS3heSoGEte40RuhZnMWlHqWuJpvNAjlc4mlXuQiGLg82HSIfALQkWjU90YtEQX+2S5pW0WZUBt8/I=
$
  • So we’ve encrypted our message with AES 128 ECB cippher.
  • We’ve used as a password 16 digits (because AES 128 requires it) - “1234567890123456” (this is the -K parameter. Note that -K parameter accepts hexadecimal numbers hence we had to transalate our password into hexadecimal form). You can translate your own here

“alt text”

Let’s append encrypted message into Leonardo’s flying machine again.

$ tempFile=$(mktemp); echo -e "\nr/rWy+dH156O83Kw9Ahhf8AviEorSaS3heSoGEte40RuhZnMWlHqWuJpvNAjlc4mlXuQiGLg82HSIfALQkWjU90YtEQX+2S5pW0WZUBt8/I=\n" > $tempFile; cat leonardo-flying-machine.jpg $tempFile > leonardo-flying-machine-modified-encrypted.jpg; rm $tempFile;
$

$ ls
leonardo-flying-machine.jpg
leonardo-flying-machine-modified-encrypted.jpg
leonardo-flying-machine-modified.jpg
$

$ strings leonardo-flying-machine-modified-encrypted.jpg | tail -n 2
h%g,
r/rWy+dH156O83Kw9Ahhf8AviEorSaS3heSoGEte40RuhZnMWlHqWuJpvNAjlc4mlXuQiGLg82HSIfALQkWjU90YtEQX+2S5pW0WZUBt8/I=
$

$ xxd leonardo-flying-machine-modified-encrypted.jpg
...ommited for brevity...
00002c90: c088 5131 5f17 4a37 5c63 f65b e70a 2426  ..Q1_.J7\c.[..$&
00002ca0: 2c15 ab0e 2a43 db9c 9438 5f74 41d0 e482  ,...*C...8_tA...
00002cb0: 9c81 2410 f40a 59fd 7e76 11d3 3650 d5dc  ..$...Y.~v..6P..
00002cc0: 4f9c 09a2 0068 2567 2ced aff5 f9ab 5736  O....h%g,.....W6
00002cd0: 2b11 a796 bde0 5d06 4f80 87fe 23ff d90a  +.....].O...#...
00002ce0: 722f 7257 792b 6448 3135 364f 3833 4b77  r/rWy+dH156O83Kw
00002cf0: 3941 6868 6638 4176 6945 6f72 5361 5333  9Ahhf8AviEorSaS3
00002d00: 6865 536f 4745 7465 3430 5275 685a 6e4d  heSoGEte40RuhZnM
00002d10: 576c 4871 5775 4a70 764e 416a 6c63 346d  WlHqWuJpvNAjlc4m
00002d20: 6c58 7551 6947 4c67 3832 4853 4966 414c  lXuQiGLg82HSIfAL
00002d30: 516b 576a 5539 3059 7445 5158 2b32 5335  QkWjU90YtEQX+2S5
00002d40: 7057 3057 5a55 4274 382f 493d 0a0a       pW0WZUBt8/I=..
$

In this case we’re encrypting our “top secret message” so even if somebody find it by an accident he will end up with encrypted data (so basically nothing is still stolen)

How to decode it? Take your message

r/rWy+dH156O83Kw9Ahhf8AviEorSaS3heSoGEte40RuhZnMWlHqWuJpvNAjlc4mlXuQiGLg82HSIfALQkWjU90YtEQX+2S5pW0WZUBt8/I=

and go to this page. Fill your data which should be decrypted, select cipher you used, provide secret key, hit “Decrypt” and then “Decode to Plain Text” and you’re done!

“alt text”

This is the main reason why to use steganography. Encryption is still used but we’ve eliminated our first and the most visible security problem. Now we don’t even know what should we look for and where to find it. It will increase your privacy dramatically. If you don’t have nothing to break into You’ll not even try it right?

Other usages in real life:

  • picture watermarking (add your own signature and watch who is stealing or modifying your picture)
  • prevention of persecution
  • backups (imagine you need to transfer some data but you have to leave the country naked)
  • pranks

As a DEMO I created website where you can create such picture with hidden message inside and you’ll see what’s happening under the hood (You can even install it as a standalone application)

comments powered by Disqus