Author

Topic: steganography: Hiding your wallet in a JPEG image (Read 5671 times)

newbie
Activity: 52
Merit: 0
it would be interesting if printers and scanners/phone cameras got to the point that they could print and read something like this. you could hide your wallet in a simple photo of your wife in a frame.
full member
Activity: 144
Merit: 100
Question: Would the following scenario be practical under real-world usage?

Let's say that you were to render your initial stenographed image as a BMP. Then let's say that you compress both the original image and the stenographed image into an identically compressed JPG setting (i.e. 90% JPG compression), and then proceed to upload both to the Internet Archive (does not manipulate / reformat images in any manner whatsoever).

Would the above scenario even be practical? The basic idea here, is to obfuscate the stenographed image enough to make detection at least a bit more difficult.

Naturally, each oth the two images would be stored on separate and unique Archive pages.

Not remotely. Steganographed data is put into the lowest order bits of the image. JPEG compression is lossy. When you convert BMP->JPEG->BMP, the resulting image will not have the same low order bits as the inputs.
full member
Activity: 168
Merit: 100
AltcoinWarrior.com
Question: Would the following scenario be practical under real-world usage?

Let's say that you were to render your initial stenographed image as a BMP. Then let's say that you compress both the original image and the stenographed image into an identically compressed JPG setting (i.e. 90% JPG compression), and then proceed to upload both to the Internet Archive (does not manipulate / reformat images in any manner whatsoever).

Would the above scenario even be practical? The basic idea here, is to obfuscate the stenographed image enough to make detection at least a bit more difficult.

Naturally, each oth the two images would be stored on separate and unique Archive pages.
newbie
Activity: 2
Merit: 0
As far as I am concerned, I have ever tried to display the image, not to hide the JPEG images. But an advanced image processing control may enables you to both display and hide the images.
newbie
Activity: 2
Merit: 0
Another problem if you want to hide it plain sight on an image hosting site, all of them process the images they host and display on the web, therefore probably losing any steganographic data.  In fact I am in the market for some public anonymous imagehost that hosts raw images for a steganography experiment. I have not looked HARD yet, but so far have not found any hosting service that does not process the images.
newbie
Activity: 1
Merit: 0
But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself.  You might possibly use a passphrase that the image reminds you of.
You don't need both images to retrieve steganographically hidden data. You need a modified image and a shared secret key.

Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Tongue
Everybody uses compressed format nowadays. Using BMP is suspicious by itself. There are, indeed, very secure steganographic techniques for JPEG domain, just google it. It is also more convenient  Wink
staff
Activity: 4270
Merit: 1209
I support freedom of choice
Please give a look at this one also  Grin
http://www.ollydbg.de/Paperbak/index.html
sr. member
Activity: 252
Merit: 250
Be careful with these methods:

http://freshmeat.net/projects/stegdetect/

Quote
Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, invisible secrets, outguess 01.3b, F5, appendX, and camouflage. Using linear discriminant analysis, it also supports detection of new stego systems. Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide, and OutGuess 0.13b.

Stego detection is an area of active research.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
There is already Linux, open source command-line software for just this:

http://steghide.sourceforge.net/

Indeed !

I searched once "apt-cache search steganography" and I had found nothing.

Now I see why, the description was in my mother tongue, so I should have written "stéganographie" instead.

Thanks, I'm sure this thread will be usefull anyway, for it will allow people to be aware of this tool.


FYI, it is present in many of current linux distros' repositories as well.
I use Gentoo and i have this in repo.
legendary
Activity: 1372
Merit: 1008
1davout
There is already Linux, open source command-line software for just this:
http://steghide.sourceforge.net/
Nice!
legendary
Activity: 1288
Merit: 1080
There is already Linux, open source command-line software for just this:

http://steghide.sourceforge.net/

Indeed !

I searched once "apt-cache search steganography" and I had found nothing.

Now I see why, the description was in my mother tongue, so I should have written "stéganographie" instead.

Thanks, I'm sure this thread will be usefull anyway, for it will allow people to be aware of this tool.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
I was starting to write this but I'm getting lazy so I just put the beginning of it, in case someone would like to end it.

The idea is to store your wallet, or an encrypted version of it, into an image file.  The program creates a quasi identical image, with the data steganographied in it.   The data can be retreived by comparing the two almost identical images.  Therefore you need to store both images, possibly in two different places on cyberspace.

Requires ImageMagick to convert the file in Ascii PPM format.

Code:
#!/bin/bash

if [[ -z "$1" ]]
then echo "usage: $0 image-file [input-data]" 1>&2; exit 1
elif [[ ! -s "$1" ]]
then echo "$1 is empty or does not exist" 1>&2; exit 2
elif image="$1"; ! identify "$1" 1>&2
then echo "couldn't understand image format for $1" 1>&2; exit 3
else
    ppmimage="${1%.*}.ppm"
    convert "$image" -compression none "$ppmimage"
    data=$(mktemp)
    xxd -p "${2:-/dev/stdin}" |
    while read -N 2 x
    do
        n=$((0x$x))
        : please continue
    done
fi


There is already Linux, open source command-line software for just this:

http://steghide.sourceforge.net/

Checked, it works. You can use it under windows with cygwin.
Also, it encrypts the data with a password, so you are fully protected.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
You should encrypt it before using steganography to attempt to hide it, encrypted data often cannot be differentiated from random data.
sr. member
Activity: 322
Merit: 250
Do The Evolution
Let me make it clear, stenography is only a way to hide data.  It's not proper encryption.  It's quite useful, though, since then you can store your wallet pretty much anywhere (any image storing web service), or even wikipedia.

But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself.  You might possibly use a passphrase that the image reminds you of.
Yeah that is my point. It is better that your wallet never touches the public Internet. Smiley

Also I just realized you use the Netpbm format. That is great. Sorry, I was half sleep and couldn't read the whole code. I see no flaw with your code. Great job.  Grin

http://www.youtube.com/watch?v=BA6kG-tOkBs - McFrontalot - Secrets from the Future
legendary
Activity: 1288
Merit: 1080
Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Tongue

Let me make it clear, stenography is only a way to hide data.  It's not proper encryption.  It's quite useful, though, since then you can store your wallet pretty much anywhere (any image storing web service), or even wikipedia.

But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself.  You might possibly use a passphrase that the image reminds you of.
sr. member
Activity: 322
Merit: 250
Do The Evolution
Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Tongue
legendary
Activity: 1288
Merit: 1080
Edit:  I realised during this thread that there are FOSS programs to do this.  "steghide" is one of them.

I was starting to write this but I'm getting lazy so I just put the beginning of it, in case someone would like to end it.

The idea is to store your wallet, or an encrypted version of it, into an image file.  The program creates a quasi identical image, with the data steganographied in it.   The data can be retreived by comparing the two almost identical images.  Therefore you need to store both images, possibly in two different places on cyberspace.

Requires ImageMagick to convert the file in Ascii PPM format.

Code:
#!/bin/bash

if [[ -z "$1" ]]
then echo "usage: $0 image-file [input-data]" 1>&2; exit 1
elif [[ ! -s "$1" ]]
then echo "$1 is empty or does not exist" 1>&2; exit 2
elif image="$1"; ! identify "$1" 1>&2
then echo "couldn't understand image format for $1" 1>&2; exit 3
else
    ppmimage="${1%.*}.ppm"
    convert "$image" -compression none "$ppmimage"
    data=$(mktemp)
    xxd -p "${2:-/dev/stdin}" |
    while read -N 2 x
    do
        n=$((0x$x))
        : please continue
    done
fi
Jump to: