Images carrying an encrypted data payload

encrypted-data-image

This is a tidy looking banner image. But according to [Ian] it contains 52KB of source code. You can’t just read out all of that data. Well, you can but it will be gibberish. Before hiding the bits in plain sight he encrypted them with two different keys.

He’s using AES-256 encryption to keep his data away from prying eyes. But if that wasn’t enough, he also wrote a PHP program to hide the bits in a PNG image. Not just any picture will do (otherwise your eye will be able to see something’s awry). The post linked above focuses mainly on how to choose an image that will hide your data most easily. We asked him if he would share his techniques for actually merging the encrypted file with the picture and he delivered. Head on over to his repository if you want to take a look at the generator code.

Comments

  1. CoolMod says:

    Yes, well known technique called steganography. :) http://en.wikipedia.org/wiki/Steganography

  2. biozz says:

    im guessing without reading it changes color or something by one bit … maybe with some Reed–Solomon for error correction
    you cant just hide it in the header/footer it self or it will get lost in conversion …

  3. Yarr says:

    Time for the weekly buttcoin-shilling article on HaD…

  4. FourthDr says:

    There already is an app that does this…it’s called camouflage.

  5. Henry boogerface says:

    Wouldn’t think it would be difficult to hide this information in a randomly chosen image, depending on the file type. You could shift values a nearly immeasurable amount, or shift attribute values only but not DAC information. I’m no expert but this shouldn’t be hard to do to any random image.

  6. ive used http://sourceforge.net/projects/hide-in-picture/ before to do the same thing many years ago

  7. pcf11 says:

    I heard a rumor once that half the porn on the Internet contains encoded messages for terrorists. Think about that the next time you’re pulling your pud!

  8. Fapjuice says:

    @pcf11 I shall go and conduct some research straight away!!!

  9. r3 says:

    simple fiddling with HDR in photoshop revealed a lotsa stuff btw

  10. fartface says:

    Really? We Have been doing this cince 1993. Hack a day, Where people get credit for discovering things that have been around for decades.

    Tomorrow on HAD, SamFun47 discovers the light bulb!

    • NewCommentor1283 says:

      resizing the horizontal of a BMP file then expanding it to original width would provide the opportunity for every second pixel to contain data, simillar in value to previous.

      original picture data: 122,124,153,159
      resized (smaller horizantal): 123,156
      re-resized (original size): 123,123,156,156
      with added data: 123,124,156,155
      hidden data: 1,0

      this is for binary file data.

      but could also convey DIRECT picture data using several image filters at once;
      1) every second pixel
      2) convert to greyscale using remaining(non data-encoding) bits
      3) subtraction from original data equals new data
      4) multiply(bitshift) to increase contrast so image is visible

      just watch out for the “end of the row” may have padding that is NOT picture data and would be lost during conversion or the entire picture after that spot corrupted

      • the program i linked a few posts up used ‘random’ pixels thruout the entire image, to prevent easy detection and extraction like that

        the seed for the random number generator is based on the same pw used to encrypt it, so without the pw, you cant even detect the changes

  11. Joey says:

    We learned about this in class the other day, and my professor wrote up a batch file over the weekend that does steg on BMP files to both hide plain-text, and full-fledged files of any kind. It is certainly a fun thing to do!

  12. sarupriya says:

    its cool. thank u

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,295 other followers