Lab 1

STEGANOGRAPHY SOFTWARE



There are many software tools that can conceal information in other files or data streams. There is a list of steganography tools by JJTC. These tools can hide pieces of information or a single file in various types of media file, such as .jpeg, .mp3. Usually, the size of the media file in which the secret is hidden will be increased somehow.


To the best of my knowledge, most of the steganography software provides both encryption and decryption function or say concealing and revealing. Now I will give some examples to illustrate how the steganography tools work.

Example 1. Online Image Steganography

Many Tools Steganography is an online steganography tool that can hiding text message or a small image in a host-image.
The tool is very easy to use: input the secret message in the textbox or select an image to hide, and then choose a host-image, click the button "Steganogra-fy!", you will get a new image that hides your secret.

Steg1.png

Figure 1. Hiding text message using An Online Image Steganography Tool

In this example, the size of the image is 96.8KB. When the process is done, it outputs a PNG file. The size of the PNG is 283KB. Figure 2 compares the original image and the new image that hides secret.

GroupGuat2014sm.JPG GroupGuat2014sm-mess.JPG
Original Image
Format: jpeg
Size: 79.3KB
New Image
Format: png
Size: 370.5KB

Figure 2. Comparison of Images.

To decode the image, check the "Decode this image instead" as shown in Figure 3.

steg2.png

Figure 3. Decode

When you click "Steganogra-fy!", you will see:

steg3.png

Figure 4. Revealing the Secret

Example 2. steghide

staghide is a command-line steganography tool that can hiding data in various kinds of image- and audio-files. Specifically, steghide can hide various types of data files. But during my test, I found that the size of the cover file in which the file that will be embedded must be large enough.

To install steghide on linux, type into the command line: "sudo apt-get install steghide"


It is easy to get started. You can find everything in the readme files in the package. Use the command steghide --embed -ef C:\test\0102.jpg -cf C:\test\0103.jpg and set your passphrase, you can get the stego file in seconds. If the cover file is too small, steghide will tell you and refuse to do the embedding job.
screenshot_4.jpg

Figure 5. Embed an image into another image using steghide

Extracting the embedded file can be done by execute the command C:\test\steghide>steghide --extract -sf C:\test\0103.jpg -xf C:\test\0102_extracted.jpg and input the passphrase "stevens". This work can be seen in Figure 5.
screenshot_5.jpg

Figure 6. Extract the image from the cover file

Now let us have a look at these images.

0102.JPG 0102_extracted.jpg 0103.JPG 0103_staghide.JPG
Embed File
Size: 63.7KB
Extracted File
Size: 63.7KB
Cover File
Size: 1.17MB
Stego File
Size: 1.18MB
Figure 7. Comparison of Images.

This comparison give us a basic idea that the size of the cover file will be increased since it hides some information. Embed file has the exactly same size with the extracted file because both of them contain same data.


steghide_0.5.1.tar.gz: Steghide can be downloaded from here.

Example 5. covert_tcp

covert_tcp can hiding data in TCP package running on Linux only. Download the source code from the bottom of its page and compile it using this command:
cc -o covert_tcp covert_tcp.c or gcc -o covert_tcp covert_tcp.c

If the compiler report error of there is no member named "res2" in TCP Header, you can just comment out line 295.
Then, you can send and receive packages with stenganogrphic data. (You can use the command ifconfig to get the IP address of your own machine. )
To send a file a file (secret.txt) via IP Identification field encoding from client_IP to server_IP, you can use the command:
Client sender: covert_tcp -source client_IP -dest server_IP -file secret.txt
Server receiver: covert_tcp -source client_IP -server -file secret.txt

Note here, you should be root to run the program ( sudo). Here is a example of covert_tcp:

anels@anels-desktop:~$ cd test/
anels@anels-desktop:~/test$ ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:21:9b:17:60:07  
          inet addr:155.246.74.194  Bcast:155.246.74.255  Mask:255.255.255.192
          inet6 addr: fe80::221:9bff:fe17:6007/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21696 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12790 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:26146254 (26.1 MB)  TX bytes:1696140 (1.6 MB)
          Interrupt:27 Base address:0xa000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:802 errors:0 dropped:0 overruns:0 frame:0
          TX packets:802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:32400 (32.4 KB)  TX bytes:32400 (32.4 KB)

anels@anels-desktop:~/test$ sudo ./covert_tcp -source 155.246.74.194 -dest 155.246.74.194 -file secret.txt
[sudo] password for anels: 
Covert TCP 1.0 (c)1996 Craig H. Rowland (crowland@psionic.com)
Not for commercial use without permission.
Destination Host: 155.246.74.194
Source Host     : 155.246.74.194
Originating Port: random
Destination Port: 80
Encoded Filename: secret.txt
Encoding Type   : IP ID

Client Mode: Sending data.

Sending Data: I
Sending Data: '
Sending Data: m
Sending Data:  
Sending Data: A
Sending Data: d
Sending Data: a
Sending Data: m
Sending Data: .
Sending Data: 

anels@anels-desktop:~/test$ sudo ./covert_tcp -source 155.246.74.194 -server -file secret.txt
Covert TCP 1.0 (c)1996 Craig H. Rowland (crowland@psionic.com)
Not for commercial use without permission.
Listening for data from IP: 155.246.74.194
Listening for data bound for local port: Any Port
Decoded Filename: secret.txt
Decoding Type Is: IP packet ID

Server Mode: Listening for data.

Receiving Data:  
Receiving Data: 

Receiving Data: l
Receiving Data: e
Receiving Data: v
Receiving Data: e
Receiving Data: r
Receiving Data: a
Receiving Data: g
Receiving Data: e
Receiving Data:  
Receiving Data: t
Receiving Data: e
Receiving Data: c
Receiving Data: h
Receiving Data: n
Receiving Data: i
Receiving Data: q
...

covert_tcp.tar.gz: covert_tcp can be downloaded from here.


Tasks

1. Try to use the tools and test files in different sizes in this package to embed and extract a file into an image- or an audio file. For covert_tcp, demostrait the tranfers of several different files. Document your work using screenshots.
Here is the list of available tools:

  • Steghide 0.5.1 (Win)
  • Steganogra-fy
  • covert_tcp
2. Perform wireshark on covert_tcp. Explain how it is hiding the data.

3. Find, and try out at least 2 more tools that hide data. Write up what you did, and include screenshots.

4. Write a short essay describing how such systems can be a threat to an organization. What can be done to mitigate these dangers?

5. Turn everything in on Moodle as a single DOC file.


Extra DIY

I just list some interesting idea with steganography tools. Try it out now if you are interested in too. smile

  • Try to embed a file A have steganographic content B in another image file C, then try to extract the file B.
  • Try to embed a file A in an image file B that have steganographic content C, then try to extract the file A.
  • Try to use a different tool to extract the steganographic content from the one used to embedded it. *
Topic attachments
I Attachment Action Size Date Who Comment
JPGJPG 0102.JPG manage 63.8 K 2014-02-06 - 04:30 JimSkon 0102
Jpgjpg 0102_extracted.jpg manage 63.8 K 2014-02-06 - 04:31 JimSkon 0102 ext
JPGJPG 0103.JPG manage 1208.3 K 2014-02-06 - 04:31 JimSkon 0103
JPGJPG 0103_staghide.JPG manage 1209.8 K 2014-02-06 - 04:32 JimSkon 0103 Staghide
JPGJPG GroupGuat2014.JPG manage 5713.7 K 2014-02-05 - 22:31 JimSkon Group in Guatemala,January 2014
JPGJPG GroupGuat2014sm-mess.JPG manage 361.9 K 2014-02-06 - 04:05 JimSkon Group in Guatemala,January 2014, Hidden Message
Pngpng GroupGuat2014sm-mess.png manage 361.9 K 2014-02-06 - 04:15 JimSkon Group in Guatemala,January 2014, Hidden Message
JPGJPG GroupGuat2014sm.JPG manage 77.4 K 2014-02-06 - 04:04 JimSkon Group in Guatemala,January 2014
Pngpng Steg1.png manage 31.1 K 2014-02-06 - 03:50 JimSkon Screen Shot
Pngpng Steg2.png manage 27.0 K 2014-02-06 - 04:09 JimSkon Steg 2
Gzgz covert_tcp.tar.gz manage 61.5 K 2014-02-06 - 04:45 JimSkon covert_tcp
Jpgjpg screenshot_4.jpg manage 27.5 K 2014-02-06 - 04:29 JimSkon fig 4
Jpgjpg screenshot_5.jpg manage 17.8 K 2014-02-06 - 04:29 JimSkon Fig 5
Pngpng steg2.png manage 27.4 K 2014-02-06 - 04:16 JimSkon Steg 2
Pngpng steg3.png manage 22.4 K 2014-02-06 - 04:17 JimSkon Steg 3
Gzgz steghide_0.5.1.tar.gz manage 1769.8 K 2014-02-06 - 04:45 JimSkon steghide
Topic revision: r7 - 2016-01-14 - BenjaminKindle
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback