~ Fallite fallentes: Steganography for the masses ~

 


         Petit image    Stego
Version October 2005, in fieri

"Fallite fallentes", all the stego-tools and stego-explanations you may need :-)

Mmm, I see, you are leaving... you are preparing your seeker's rough sack... don't forget the scrolls and wands he.
By the way... wait a moment, the following is something you HAVE TO head before adventuring further alone on the deep deep web...

Introduction    graphic    music    executables and other files    links


Introduction  ("fallite fallentes")


Why

Let's begin from the beginning. In a world that is getting more and more intrusive on our private lifes, finding some (simple) methods to protect our privacy is a sine qua non for the survival of knowledge spreading.

The society we live in recalls more and more "Fahrenheit 451", Ray Bradbury's classic, frightening vision of a future where firemen don't put out fires--they start them in order to burn books.
A society that holds up the appearance of happiness and success as the highest goal -- a place where trivial information and commercial crap is good, and real knowledge and independent ideas are bad.
Hence the need to defend ourself. Seekers must have the means to communicate without the clowns at Echelon snooping their messages
(Echelon is a snooping project paid by the United States' National Security Agency (NSA) that includes stations run by Britain, Canada, Australia and New Zealand, in addition to those operated by the United States: a block of anglophones elites helping each other against the rest of the world and their own citiziens, as it seems... note that Ireland is not part of it... one could begin to wonder if England leaders should be allowed to remain in the European Union, having transformed a glorious european country into something that looks like a supine 'fifth column' of the United states :-)

As the (dutch) authors of contraband wrote: " Steganography tools are the NSA's worst nightmare, if you're smart you'll understand why...".

It is therefore a pleasure for me, in these times of warmongerish madness, to (try to) teach everyone in sight how to "deceive the deceivers".
The more people will learn these tricks, and the more those clowns will have to work to snoop our private data, the better.

"In the information age, we need to re-learn a very old lesson. Despite the sophistication of 21st century technology, today's e-mails are as open to the eyes of snoopers and intruders as were the first crude radio telegraph messages. Part of the reason for this is that, over many decades, NSA and its allies worked determinedly to limit and prevent the privacy of international telecommunications.
Their goal was to keep communications unencrypted and, thus, open to easy access and processing by systems like Echelon.
They knew that privacy and security, then as a century ago, lay in secret codes or encryption. Until such protections become effective and ubiquitous, Echelon or systems like it, will remain with us."

This said, let me point out once more that if you really need absolute secrecy, the BEST "simple" privacy device is nowadays simply uploading and downloading PGP encrypted files while wardriving in a different part of the town with a portable *you bought cash* in another State, and that you use ONLY FOR THIS (of course spoofing its Wifi-MAC address, every time different, when wardriving :-)
But steganography will do almost as well, from home and without hassles :-)

What

The word steganography is derived from greek and means "coverted writing", from stegein: to cover... the same root as in Stegosaur, a quadrupedal, herbivorous ornithiscian dinosauar of Jurassic films celebrity and early Cretaceous times, well known for being quite 'covered' through an armor of triangular bony plates on his back spine.

Steganography is the art (and science) of communicating hiding THE EXISTENCE of communication, in contrast with cryptography. Ideally, your enemies, or those you are fighting against, or even your friends, should not even imagine that there IS a message concealed somewhere.
This very characteristic makes steganography the IDEAL science for hiding messages on the web, which is flooded by noise: non-significant data. Your whole passwords and everything you need can without any problem be hidden inside three or four 'fake' pages you'll have uploaded somewhere, with images like 'my sister Sally and her favourite banana fishes' or whatever.
You will download all fake images from the web (web homepages are a never ending source of incredibly dull lifes and fotographies :-), you will MODIFY them (the greatest risk for steganography is the confrontration between the 'original' image, without concealed message, and the 'steganated' image which contains a message, of course), and only after these modifications you will hide your concealed message inside them with one of the many programs ad hoc.

Basically, using steganography, you can smuggle ("embed") any file, or set of files inside a format ("cover" or "container") which leaves the smuggled data untraceable and unreadable ("stego": the final data containing both the cover noise and the embedded signal).

Caveat

Be warned: you cannot trust all stego programs on the web, and you should definitely NEVER trust any software you do not possess (or re-construct) the source code of.
See the bangla section for more info on gratis software you can trust.
http://www.pipo.com/guillermito/stegano/index.html: If a security software does not explain how it works precisely, don't trust it for serious purposes. In general searchers love working with programs (and onto programs) they have been given the source code of (or else have "reconstructed" it on their own :-)

I'm sure therefore that you'll appreciate the presence of the source code for all these programs, this will also allow you, if you feel like working a little, instead of just leeching ad nauseam, to delve pretty deep inside all mysteries and vagaries of our applied and advanced steganography. Who knows, maybe hundreds of small new steganographical programs will blossom. Each one with a slight different embedding algo.
The NSA clowns, the Echelon wankers and all other slavemasters' lackeys will definitely love this :-)

Data and files can be hidden inside graphic files, inside music files, or even inside executables files, so we will divide the applications by cover.


Cover: Graphic files 


Here you have a link to my own copy of a JPEG graphic format steganograpical utility: jphs_05.zip, by Allan Latham.
JPHIDE.EXE is a DOS program to hide a data file in a jpeg file.
JPSEEK.EXE is a DOS program to recover a file hidden with JPHIDE.EXE

Here you have a link to my own copy of a BMP graphic format steganograpical utility: redCONTRABAND (version 9g, by Hens Zimmerman and Julius Thyssen... their web location is: http://www.jthz.com/puter/. Choose a 24bit BMP (if you have no source to get one, you can create one with 'paintbrush'), then choose any file you want and embed it in the BMP, compare the generated BMP with the original, extract the file from the BMP and compare the result with the original.

It's freeware, and you'll find there also THE COMPLETE SOURCE CODE (in Borland C++ 4,5) of Contraband, which may be of interest for you.

You will find the new 'beta' version of contraband, ("hell edition"), redhere.

Here you have a link to my own copy of a GIF graphic format steganograpical utility: redHide and Seek (version 4.1), by colin maroney. It's freeware, and you'll find also THE COMPLETE SOURCE CODE (in Borland C++ 3.1) of Hide and Seek, which may be of interest for you.


Cover: Music files 




MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then data hidden in the MP3 bit stream. Although MP3Stego has been written with steganographic applications in mind it might be used as a watermarking system for MP3 files. Any opponent can uncompress the bit stream and recompress it; this will delete the hidden information -- actually this is the only attack we know yet -- but at the expense of severe quality loss.

MP3Stego_1_1_16.zip, source code, this program can easily be compiled.

MP3Stego_GUI.zip: graphic interface by Frans Vyncke.


Cover: Executable and other files 


Executable steganography
Xvr, @ Crazyboy (that hosts a mirror of searchlores) has prepared Hydan, a wondrous application, using inter alia mammon's libdisasm.

 "Hydan steganographically conceals a message into an application. It exploits redundancy in the i386 instruction set by defining sets of functionally equivalent instructions.
It then encodes information in machine code by using the appropriate instructions from each set.
Features include:
- Application filesize remains unchanged
 - Message is blowfish encrypted with a user-supplied passphrase before being embedded
- Encoding rate: 1/150
Hydan can be used to watermark (fingerprint) code, sign executables, or simply create a covert communication channel."

redhydan page

Version 0.13: redHydan, by Crazyboy.

Here you have a link to my own copy of wbStego4open. Embeds data into bitmaps, text files, HTML files and PDF files.
wbStego4open is published under the GNU General Public License (GPL). The source code (wbs43open-src.zip) is available for Delphi 5+ and Kylix 1+.



Whitespace steganography
The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.

Snow, page at darkside

Snow, sources

Snow, 32-bit executable


Links 


Steganographical links

http://www.totse.com/en/privacy/encryption/163947.html
Duncan Sellars: An Introduction to Steganography, 1999

a lot to add... soon or later
Petit image

(c) 1952-2032: [fravia+], all rights reserved, reversed, revealed & reviled