Page 1 of 1

Steganography on Windows

PostPosted: Sat Oct 29, 2011 6:56 pm
by Heatnix
Hello. I have a question. When Windows blends a .rar with a .jpg, how is the image changed? Ergo, what is process that allows such operation? I am asking because I am interested in replicating such a feat with a program of my own.

Re: Steganography on Windows

PostPosted: Sat Oct 29, 2011 7:54 pm
by mShred
Not sure what you mean.. Do you mean compressing it into a .rar file?

Re: Steganography on Windows

PostPosted: Sat Oct 29, 2011 8:03 pm
by Heatnix
I mean when you do this:

http://www.computerhope.com/issues/ch000861.htm

How does windows change the image? How does it convert into an image that still works?

Re: Steganography on Windows

PostPosted: Sun Oct 30, 2011 1:44 pm
by tucak
I think you just append the .rar to the end of the .jpg.

Re: Steganography on Windows

PostPosted: Mon Oct 31, 2011 7:40 pm
by VPR3
Your not really changing the image, your just hiding your secret data in the image data. Basically what is happening is the data your wanting to hide is being hidden in the least significant bit of the image data. To the windows program that is just viewing the image, the hidden data will be background noise that has no effect on how a windows program converts or interprets the image itself.

Re: Steganography on Windows

PostPosted: Tue Nov 01, 2011 12:53 pm
by pertti123
VPR3 wrote:Your not really changing the image, your just hiding your secret data in the image data. Basically what is happening is the data your wanting to hide is being hidden in the least significant bit of the image data. To the windows program that is just viewing the image, the hidden data will be background noise that has no effect on how a windows program converts or interprets the image itself.


That's one way to implement steganography, but the technique you're describing isn't used in this case. This is much more simpler technique.

This just seems to be appending the compressed(doesn't have to be compressed) file after the image.

Code: Select all
$ hexdump.exe -C bla.rar
00000000  52 61 72 21 1a 07 00 cf  90 73 00 00 0d 00 00 00  |Rar!.....s......|
00000010  00 00 00 00 91 80 74 20  90 2c 00 08 00 00 00 08  |......t .,......|
00000020  00 00 00 02 54 24 33 7e  a4 9b 61 3f 1d 30 07 00  |....T$3~..a?.0..|
00000030  20 00 00 00 62 6c 61 2e  74 78 74 00 f0 bc f4 5d  | ...bla.txt....]|
00000040  62 6c 61 0a 62 6c 61 0a  c4 3d 7b 00 40 07 00     |bla.bla..={.@..|
0000004f
$ hexdump.exe -C hidden.jpg | tail
000115e0  13 92 e3 56 ea 69 f7 60  67 44 b7 e9 c7 df 1b 4f  |...V.i.`gD.....O|
000115f0  87 1e ab 5a 34 1b 8c 6d  84 b1 c4 72 6f 8a d3 7a  |...Z4..m...ro..z|
00011600  62 cb 84 53 54 4f 6c 77  50 22 ef dd 8a f4 ae 1d  |b..STOlwP"......|
00011610  d8 fa 43 ff d9 52 61 72  21 1a 07 00 cf 90 73 00  |..C..Rar!.....s.|
00011620  00 0d 00 00 00 00 00 00  00 91 80 74 20 90 2c 00  |...........t .,.|
00011630  08 00 00 00 08 00 00 00  02 54 24 33 7e a4 9b 61  |.........T$3~..a|
00011640  3f 1d 30 07 00 20 00 00  00 62 6c 61 2e 74 78 74  |?.0.. ...bla.txt|
00011650  00 f0 bc f4 5d 62 6c 61  0a 62 6c 61 0a c4 3d 7b  |....]bla.bla..={|
00011660  00 40 07 00                                       |.@..|
00011664


Edit: Oops, I skipped tucak's post.