Re: stego and executable files

["Tomas Wolf" <tomas () skip cz>]

Hello,

 I have researched a little around steganography and the whole idea behind this is somehow simple. I would like to note 
that it doesn't matter what kind of data one hides inside another data.
 The bottom line is to find media with a supportive structure. I would like to demostrate on JPG and BMP picture 
formates, but this general idea could be applied on any data formats.

 Steganography tries to deny the existence of the hiden data, therefore in digital environment, the host must be 
formated in a way, that if we add the data into another file, the original shoud look, taste, sound, and feel as the 
one with embended data.
 Now to the structure of BMP files. I'll do this from the top of my head, so please the exact numbers are just for 
ilustration. The structure is give and it has a lot of data. First is the first header, which identifies the filetype, 
lenght and color depth. Second header is giving us lenght in bytes, hight, wideness, number of collors used (RGB)... 
Then comes the most important part, (from steganographical point of view) color table. In BMP if the color depth is 8 
bits then the palette (color table) has 8x256 colors. Each color is 4 bytes (Red, Green, Blue, Reserved), the values of 
each base-color gives us RGB value, by other word -- i.e. R=255, G=255, B=255 --> then the color = BLACK. Now the best 
BMP pictures to hide file in is one that is grayscale only (or black and white), but is still saved as 8bit. Than we 
have many values in the color palette that can be changed without having ANY impact on the picture itself; therefore 
there is no visual way of discovering hiden data. Each stego program probably uses different technique of hiding data, 
but the changes to the file is usually flipping values of R, G, B, or Reserved, by one. I must note that "Reserverd" 
value is almost always zero(0) in the original - at least in all cases I've seen.

 Now JPG has structure more suitable for storage, since it doesn't manage colors the same way as BMP. It compress 
certain colors into a palette that was defined by the user (or program). Therefore a lot of colorfull details can 
dissapear when converting some TIFF into JPG, since some of the colors are matched to the "closest" one. This way there 
is no much space to waste, when the color table is fixed and program decides what will be substituted for what... But 
that is pretty much all I have on JPGs :-)

 And now we can apply this to any kind of suitable media. If (just an example) I knew that AVI format has somehow 
wasteful (or shall I say rich?) file architecture and knew the structure, I would be able to append some data to it, 
without destroying, or corrupting the file (of course MD5 will change).

 I hope it was of some help... And if not, or it is too confusing, let me know... I'll be more than happy to answer 
whatever will be in my knowledge range...

 Good luck -- Tomas

> I have just had what I believe is my first encounter with
> a .jpg stego embedded executable file.
> I know that there has been success embedding stego executables
> in .mp3 and .avi files, but was unawares that someone had developed
> a way to do .jpgs......
> Can someone please provide detailed info on this ??
> (and yes, I've googled)
> Thanks in advance.
>
> Rockit
>
> =====
> www.interz0ne.com
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------