Tuesday, March 29, 2016

Bend common and uncommon file formats for camouflaging/hiding data

If you have not been living under a rock or a bricked computer, tablet, or smartphone, you have heard and read about data encryption more than you may have wanted.

So, the blogster decided to come back to a different favorite: how to hide data and some psychological aspects that can improve hiding data.

No, the topic is not new at all. This is just one of many articles that says it: Data hiding has been with us as long as there have been digital computers and networks. The author of the 2007 article considers the practice as a threat, saying In a sense, we've been living in a fool's paradise because today's crooks and criminals seldom take extraordinary measures to conceal data. Most of the forensics work in law enforcement that I'm aware of involves very basic data recovery techniques with a few popular forensics tools.

Others have a different view and study the subject with the aim of improving network processing and security, for example this one from the University of Toronto.

This post describes practical ways and tools to hide data at rest, in other words, data that sit on a device. Things like banking details, passwords, or files you want to keep private.

It is called steganography, and is literally the oldest trick in the book. Here is a list of great free tools. They hide data in image files or audio files, some tools come with added encryption.

They are all you need if you are a normal computer user.

For the more adventurous among you, another tool out of the basement of the K-Landnews is available here as an executable package and with the full source code. It supports the standard image file storage as well as homemade .wav audio.

More interesting, though, are other formats. Some are "beta" or somewhat experimental, others stable. See the section of supported output file formats at the end of the post.

Psychological aspects of hiding data:
1) Playing with cultural stereotypes and taboos, a light hearted description is in the older post Staganography -- hiding text in nudie pics
On a more serious note, childrens' drawings are likely to score high on the "not interesting" index, unless your kid is a prodigy.

2) Scare a snooper
The output file list at the end of the post has an entry "Java .jar file". To a snooper, this looks like an executable file, a program. Our implementation is simplistic, it merely replaces the content of a standard main.class file of Java executable jar with the scrambled message. But, to a snooper, a Java executable won't look as interesting as a text file and he or she will initially treat it as an unknown executable. Other executable formats would even be more formidable, say you wrote a C/C++ program with pernicious code to crash the operating system and hide your message somewhere in the executable.

3) Use formats from your work or something related to your hobbies. Yes, Item 1 can be a hobby, but that's not what we mean.
The sample formats "DNA sequence" and "empty xml file" are meant as examples for work/hobby related steganography. If you are a biologist, some "DNA txt files" on your device will look perfectly natural.
If you are an English teacher, put the data into the "empty xml" and add a public domain book or poem  from Project Gutenberg. Again, a folder with "nothing" but Mark Twain books or some random English romantic poet's deeds provide good cover.

Suggestions for other professions:
If you are an engineer, extend the tool, write some output files based on standard formats from your daily work. How about a fake electronics component wiring diagram or some ChemDoodle Web drawings with a custom reader?
If you are a musician, use "note xml" or use standard musical notation with a customized optical character recognition module - similar to but more elaborate than the sample "hieroglyphs .png" implementation of the K-Landnews stego tool.

Computer games should be a fun container, too. You can make people play a game in order to reassemble data.

    The following formats are supported
     "binary or executable file": Using the File menu entries "Make binary double" 
    and "Combine binary double", you can now process binary files or
    executable (program) files. Similar to the Double Strand text feature,
    two output files will be created. The first one contains the scrambled 
    bytes of the binary file, the second the scrambled byte positions. To combine
    the two and recreate the original binary file, select the two files (bin1) and 
    "numbers" bin. Cuttlefish will write out a file ending in "redone" as the
    fully functional binary file. 

    "Double Strand": the text is saved into two files, one containing the characters,
    the other named "filename_nubers.txt" containing the positions of
    the characters in the original text. The order of the characters is 
    randomized, so you need both files (in the same directory) to extract the
    message text. 

    ".avi movie": the text is saved as a .avi movie and is displayed as a pink
    bouncy ball in case you play the movie in a movie player.
    WARNING: The format of avi rendering changed with v. 1.1. Previous avis
    will not be decoded correctly.
    Configure the bouncy image to "pacman"  by changing the aviBlip "star" to
    Configure a footer image by replacing the existing footer.png. The new footer
    image should be at least 500 pixels wide and 200 high. If it is higher, it
    will automatically scroll upwards.
    "PDF .pdf": a file in portable document (pdf) format.
    "QR code .png": a Quick Response code .png file. Limit of 4200 characters.
    ".wav audio": a Wave audio file. Use CuttleFish to open a .wav message file.

    "empty .xml file": saves the message in "metadata" of an .xml file. The file
    is filled with unrelated text from a default template. Anybody reading the
    text will only see the adventures of Huck Finn. You can replace this file,
    which is an equivalent of "packing peanuts".
    "plain .png image": the message is saved in a plain image file.    
    "javascript .html": saves the message in the javascript section of an html file. 
    You can replace the default file with any file that has a javascript section.
    ".asp vb html": saves the message in an html file that has a Microsoft asp 
    vb script section.  You can replace the default file with any file that has such a section.

   "Java .jar file": saves the message in a Java (tm) .jar file. A template jar is 
    included in the package. You can replace it with any other .jar, but your
    replacement must have a manifest file with a "Main-class" entry.

   "DNA sequence .txt": turns your message into a "DNA sequence" using only the four
    basic building blocks ACGT. Mimicking of one or more common scientific formats 
    will be added.

    [BETA] "hieroglyphs .png": turns a message into an image file with hieroglyphs. 
    You need the font "Gardiner.ttf" (free download from http://users.teilar.gr/~g1951d/).
    Limitations of the BETA module: Only a couple of hundred of characters (need to add
    page handling).
    FONT DEPENDENCY: This module may fail if the graphics capabilities on the machines
    of sender and recipient are too different. Please TELL us about issues!

    [experimental] "CSS stylesheet .css": saves in a cascading stylesheet. This is a very rudimentray 
    implementation, really a proof of concept. You should change the source code CSSHandling
    class to get a good implementation.

No comments:

Post a Comment