Today I have learned a new trick. You can do very basic pseudo-stegonography by simply using winrar and the rudimentary windows copy command. If you are to lazy to click on a link, let me show you how:
First let’s create ourselves a file containing a secret message:
echo this is a secret message > secret.txt
Let’s find a suitable image to hide our text. I picked this monkey picture for our sample:
There is a very easy way to concatenate files in windows using the copy command. This is what we are going to use to hide our info. Your first instinct may be to do this:
copy /b monkey.jpg secret.txt new_monkey.jpg
This will produce a perfectly viewable image that will contain your text. The text file is simply appended to the end of the jpeg data. Neat part is that most programs out there will completely ignore this tacked on data. So you effectively embedded text in an image. This is cool, and everything but there is no easy way to extract your message from the image.
How do we get around this? It’s simple: compress your text file using winrar, or winzip first, and then concatenate:
copy /b monkey.jpg secret.rar new_monkey.jpg
Part two of this trick, is the fact that WinRar and many other compression apps will completely ignore the jpeg data that precedes the archive. You can take the image, and unrar it just like a normal archive. Please, go ahead and save this monkey pic and try extracting it with winrar. I promise you that it will work:
This is a cool trick to share with your friends and etc. The hidden files are somewhat obfuscated, and yet readily accessible if you know where to look for them. How good is this method at concealing the message? Let’s take a look:
As you can see in the picture above, the text is still plainly visible inside of the file. If I had used a longer text, the compression would probably scramble it a little bit, but it could still be recovered easily. This is more or less a pseudo stego exercise. If you really want to hide something, simple concatenation is not going to cut it.
First you will likely need encryption. Hiding things in plain sight is neat as a concept, but if you embed plaintext files into images, they will be easily detected. You will also need scatter your information throughout the whole image. Concatenation does not work, because it puts the hidden data in one place, where it can be easily isolated and attacked. You want to evenly distribute you payload throughout the host file so that it appears like random noise.
Of course there is no easy way to do this type of stuff. You usually need to hack up your own stego-encoder, or grab one of the existing stego apps on the maket. I recommend a nifty free tool wbstego to do the task.
For example, the monkey picture below, also contains the hidden text:
The data is encrypted with Blowfish cipher. See if you can crack it. Btw, if you download wbstego the password for the bitmap above is terminally-incoherent.
[tags]steganography, monkey, encryption, security, lifehacker, concatenation, winrar, copy[/tags]
For the first image, I was able to see the secret message by opening the photo in TextEdit (Mac)
You can also use windows Notepad or any text ediror for that matter. :) I picked a hex editor, cause it looks more awesome on a screenshot. :mrgreen:
My point was there is no easy way to separate these two files. At least not compared to the zipped method where you can just extract the textfile from the image.
This method explained in the video is much better and far easier:
http://www.metacafe.com/watch/394838/the_girl_in_the_duck/
I think they actually might be using the same technique I presented above to do this though… :)