Tuesday, November 4, 2008

Really Simple Keyless Steganography For Linux And Unix

IMPORTANT NOTE: A reader has noted that Blogspot elected to change all my bitmap images to jpg format without renaming them, which, of course, removes the hidden message just as surely as resizing does. Apologies for any confusion. I will refrain from posting bitmaps in the future. At least when their actually "remaining" bitmaps is of importance!

Hey again,

Today we're going to take a look at a topic that most people are probably familiar with to one degree or another. To use the dictionary definition, steganography is the art of "hiding a secret message within a larger one in such a way that others can not discern the presence or contents of the hidden message."

I'm sure the title of today's post probably put off more than a few purists who subscribe to the more exact definition that steganography is "the art of writing in cipher, or in characters which are not intelligible except to persons who have the key." If you define steganography that strictly, there can be no such thing as keyless steganography, except in the land where the oxymoron is king ;)

Later in the week, we'll be looking at "really" hiding a message inside another message (or PDF, or picture, etc, as the case may be) so that it can't be encoded or decoded without a key. For now, we're going to look at just how easily one can pass a message along (inside a bitmap image) without using a key. The beauty of this method is that it's incredibly easy to implement and hard to notice if one isn't looking for it.

For our example today, we'll take a standard Windows bitmap tile: The cute, pouting little kitten. Knowing that the little kitty on the right (below) is actually an agent for the delivery of a blatant hidden message, it probably looks a lot more menacing now, right?

innocent kitty stealth kitty

Okay, it doesn't look all that different than the original picture. However, if you blow up the top left section of the bitmap, you can see the difference (Remember; this is a hackish way of hiding a message that is just begging to be found out, so we can make a point ;)

innocent kitty blowup stealth kitty blowup

Now, you should be fairly confident that the kitten on the right is a bit more vicious than the kitten on the left (in the original pictures). We should note that the blown-up sections of the pictures, and even resizing the original bitmap (below), will completely erase our message (This is generally true of most steganographic methods).

stealth kitty large

So what's the secret to lame steganography? It's exactly that: completely lame ;) We could have actually taken some time and spaced the message out somewhat and made it much harder to see the difference in the altered image, but, again, we're trying to make the difference obvious (although not totally).

The secret to doing this sort of "lame steganography" is simple (raw) editing of the binary file. Using "vi" (available on virtually every distro of Linux and Unix imaginable) is one simple way to accomplish this. If you use "vi" to "read" the second kitty (the rightmost in the first set of pictures), you'll notice the message near the end:

<J"?ÅOY?'BiâXÅqdaeY/¤I>O¬¬>->O¬êSl"I>I>O>c,/¤ñÄI>o'_¼ì£,¼,_lIc£(",¼IOH<%>m"i£ª£òíl¼&ja fb` ?%jD,E3Öÿ²_O_II^£+zâ@á8åafri>¦zÆY("frSöÆ'é»jO-YO_#Y
¼I>OIIOÆ,£acIÄY?Ah>NíoåNåkO.åI"¥YCAÅYåqHr OE"&j?'IIE3Nåìä+IçIIJ$!A( THIS CAT WANTS TO EAT YOU ALIVE<I>ê,O"E,`'O>E,l"Ez^r%zE,I>ò¼`'ÑÄo'_Ä'åôåé»?'c£

Another, more elegant way to do it, is with any hex editor (for instance, Ultra Edit). Just like with vi, you can add the message and read it very simply (in the ASCII conversion column). This is how the output looks in Ultra Edit in the original file:

¡ ‹ì›¼ÏÄRÕ¯´+´¦Š"aYåy&z„qâH+‹

and with the hidden message (hidden in the kitty on the right):


You see what I'm saying? That cat is just downright mean ;)

As promised, later this week, we'll take a look at some more advanced forms of steganography. In the meantime, the odds are that no one (except the person you tell) will notice this sort of secret-message-passing. And the best part is that you don't need to invest in any extra software to get the job done :)


, Mike

Iker Landajuela had this suggestion as an alternate solution to getting at information hidden in hex files!

To watch for string inside a BMP picture we can execute:

$ hexdump -C hiddenimage.bmp | grep "hidden message"

Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.