Results 1 to 25 of 25

Thread: PNG Image Steganography

  1. #1
    Join Date
    Aug 2006
    Location
    London
    Posts
    2,021
    Mentioned
    2 Post(s)
    Quoted
    0 Post(s)

    Default PNG Image Steganography

    Can you tell the difference between these images?










    The first one is the original, and the rest have files hidden inside them by flipping bits.
    The second uses the last bit of every pixel, the third image uses the last 2 bits and the last image uses the last 4 bits. It is distorted noticeably but the rest are almost undetectable to the naked eye.

    http://en.wikipedia.org/wiki/Steganography

    "Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity."


    And now, my dear SRL, I present to you my own implementation, written in c. Attached to this post.


    The files I hid in the pictures of the car are almost random, I got them from my swap disk and split it until it almost filled the image to capacity. Its a worst cast scenario.

    If you want to extract from those images, here are the md5sums in case you want to check.
    Code:
    md5sums for the files hidden in output1.png 2.png and 4.png
    
    a126ce1e7342edc51fd6ae21dc9ca15f  message.txt
    d863a0408f2cd9151d4c609a83cf12d5  message.txt
    ea0f8d5cbedd61c2edc17ae6762ec5f0  message.txt

    My code uses the LodePNG library for processing png images. It includes a makefile.


    Here is another example.

    original


    hidden file n last 4 bits




    to use it, download and extract the zip file.
    run
    Code:
    make
    to build


    to extract from image picture.png and save to new file message.txt, run
    Code:
    png e picture.png message.txt
    to hide file message.txt into the image picture.png using the last 2 bits of every byte, run.
    Code:
    png h2 picture.png message.txt

    before you hide, you may want to learn the maximum file size your image can hold. run
    Code:
    png c picture.png
    example output
    Code:
    $ ./png c input1.png
    capacity of input1.png:
    BitPerByte	Capacity / bytes
    1		239967
    2		479983
    4		959991
    Last edited by Yakman; 11-18-2009 at 12:32 AM.
    Join the Official SRL IRC channel. Learn how to Here.

  2. #2
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    6,136
    Mentioned
    28 Post(s)
    Quoted
    17 Post(s)

    Default

    Wow. Crazy. Technically out-of-my-league, but very intriguing...and usefull too. Anxious to know what's in the box
    SRL is a Library of routines made by the SRL community written for the Program Simba.
    We produce Scripts for the game Runescape.

  3. #3
    Join Date
    Apr 2007
    Location
    The Netherlands
    Posts
    5,553
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Sounds pretty awesome, and I understand the talking about it, but that's it .
    ~Hermen

  4. #4
    Join Date
    Jun 2007
    Location
    Wednesday
    Posts
    2,446
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default


    Be in awe of the Russian dolls! 3 pics in 1.

    Edit:
    Quite large so hyperlinked instead image!
    Last edited by mixster; 11-18-2009 at 01:03 AM.
    By reading this signature you agree that mixster is superior to you in each and every way except the bad ways but including the really bad ways.

  5. #5
    Join Date
    Aug 2006
    Location
    London
    Posts
    2,021
    Mentioned
    2 Post(s)
    Quoted
    0 Post(s)

    Default

    Hey good idea mixster.



    The mechanism of how this works is actually quite simple, except I did a bad job of explaining it in my first post.


    As I'm sure you know, images are made up of a list of pixels, each pixel can be represented as 4 bytes, each containing the red, green, blue and alpha component.

    My program relies on the fact that if you change the low bit, you effectively change the number 255 to 254, almost invisible to the human eye.

    Now suppose I wanted to hide the number 74 which is 01001010 in binary. I have an image made up of 2 pixels, containing 4 bytes each.

    All we do is just cycle though each bit of the number and copy it into the last bit of each image byte.

    Number = 01001010

    Unmodded image =
    11111111 10101000 01011010 01101001 11111111 10111101 01110000 01100001

    Modified image =
    11111110 10101001 01011010 01101000 11111111 10111100 01110001 01100000



    Or if I want to make it really obvious whats happened.
    Modified image =
    11111110 10101001 01011010 01101000 11111111 10111100 01110001 01100000


    Thats all there is to it.
    Join the Official SRL IRC channel. Learn how to Here.

  6. #6
    Join Date
    Oct 2007
    Location
    #srl
    Posts
    6,102
    Mentioned
    39 Post(s)
    Quoted
    62 Post(s)

    Default

    Intense.

  7. #7
    Join Date
    Apr 2007
    Posts
    3,152
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    yea, i tried quite hard, but i could only tell the difference between the first 3 and last
    SCAR Tutorials: The Form Tutorial | Types, Arrays, and Classes
    Programming Projects: NotePad | Tetris | Chess


  8. #8
    Join Date
    Dec 2007
    Location
    Somewhere in Idaho
    Posts
    480
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    I've done this before, and it is pretty neat. The problem with stenography is the fact that most is completely security through obscurity.

    Might I make a suggestion for a better stenographic algorithm?

    Use RSA to determine where each bit should be placed. This requires keeping track of where former bits have been placed, but makes the displacement of bits seem almost completely random (In normal stenographic images, there are noticeable lines). To use an RSA like password, I would take the text password, and then use BlumbBlumbShub on it until I had a couple of prime numbers sufficiently large enough for your security purposes.

    Thus, without the correct password, the data is very hard to retrieve. It adds the benefit of a strong crypto algorithm on top of the obscurity of stenography in the first place.

    BTW, Stenography works best with not digital photos. People expect digital photos to be smooth. They do not, however, expect a real life photo to be smooth, thus they interpret the extra bits as grain instead of useful data.

    Yakman, if you like, I could post some RSA / BlumbBlumbShub code that I have.

    (Yes, I've played with stenography, it is fun to dink around with )

  9. #9
    Join Date
    Nov 2009
    Posts
    52
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    nice work yakman. reminds me of hackthissite... is that site still alive?

  10. #10
    Join Date
    Feb 2007
    Location
    Access Violation at 0x00000000
    Posts
    2,865
    Mentioned
    3 Post(s)
    Quoted
    18 Post(s)

    Default

    Quote Originally Posted by boberman View Post
    I've done this before, and it is pretty neat. The problem with stenography is the fact that most is completely security through obscurity.

    Might I make a suggestion for a better stenographic algorithm?

    Use RSA to determine where each bit should be placed. This requires keeping track of where former bits have been placed, but makes the displacement of bits seem almost completely random (In normal stenographic images, there are noticeable lines). To use an RSA like password, I would take the text password, and then use BlumbBlumbShub on it until I had a couple of prime numbers sufficiently large enough for your security purposes.

    Thus, without the correct password, the data is very hard to retrieve. It adds the benefit of a strong crypto algorithm on top of the obscurity of stenography in the first place.

    BTW, Stenography works best with not digital photos. People expect digital photos to be smooth. They do not, however, expect a real life photo to be smooth, thus they interpret the extra bits as grain instead of useful data.

    Yakman, if you like, I could post some RSA / BlumbBlumbShub code that I have.

    (Yes, I've played with stenography, it is fun to dink around with )
    Do you have like... A GUI where the magic is done?
    Ce ne sont que des gueux


  11. #11
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Floor66 View Post
    Do you have like... A GUI where the magic is done?
    Real men don't use GUI's.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  12. #12
    Join Date
    Feb 2007
    Location
    Access Violation at 0x00000000
    Posts
    2,865
    Mentioned
    3 Post(s)
    Quoted
    18 Post(s)

    Default

    Hmm what about .bat / console ? (I don't use GUI's often tbh)
    Ce ne sont que des gueux


  13. #13
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Floor66 View Post
    Hmm what about .bat / console ? (I don't use GUI's often tbh)
    I was thinking about bash.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  14. #14
    Join Date
    Dec 2006
    Location
    Copy pastin to my C#
    Posts
    3,788
    Mentioned
    8 Post(s)
    Quoted
    29 Post(s)

    Default

    Quote Originally Posted by NCDS View Post
    Intense.
    Took the words out of my mouth.

  15. #15
    Join Date
    May 2008
    Location
    Canada
    Posts
    665
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

    Default

    Whoa.

  16. #16
    Join Date
    Feb 2006
    Location
    Belgium
    Posts
    3,137
    Mentioned
    3 Post(s)
    Quoted
    5 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    Real men don't use GUI's.
    Neither do cavemen

  17. #17
    Join Date
    Jun 2007
    Location
    Wednesday
    Posts
    2,446
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Cavemen didn't have computers silly.
    By reading this signature you agree that mixster is superior to you in each and every way except the bad ways but including the really bad ways.

  18. #18
    Join Date
    Apr 2007
    Posts
    3,152
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by mixster View Post
    Cavemen didn't have computers silly.
    said the liar to the beached whale!
    SCAR Tutorials: The Form Tutorial | Types, Arrays, and Classes
    Programming Projects: NotePad | Tetris | Chess


  19. #19
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,691
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Dan Cardin View Post
    said the liar to the beached whale!
    I'm beached bro? I'm beached as!

    Anyway... It's a cool way of encrypting data, yakman.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  20. #20
    Join Date
    Sep 2006
    Location
    include srl/srl.scar ( aussie)
    Posts
    2,875
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    Real men don't use GUI's.
    Big man.

  21. #21
    Join Date
    Dec 2006
    Location
    Banville
    Posts
    3,914
    Mentioned
    12 Post(s)
    Quoted
    98 Post(s)

    Default

    Might want to more evenly disperse the data into the picture. It seems that the pictures accumulate a "green shift". This might depend on the data, but it's happened to everything I've done so far... It would help if this could be remedied, as the human eye is really only good at looking for patterns, and "green" is certainly a distinguishable pattern. Also, if a file is less than the picture, split it up so that a bit is every n bytes, so it is harder to see.

    I forget how PNG stores the image data, so you might have to do a few sets of storing in the specified bits, then the next, and so on, to avoid fucking up the image completely.

    EDIT

    To illustrate my point, here is an image with the two things I am talking about. You will see the background, which, due to it being an oil painting, has many swirls and color variations. You will also see the shirt, which is mainly black. There is a semi-checked pattern amongst the whole image, yet this is only noticeable on his shirt; there is also a stark dividing line. Try to find differences in the background. You will see a slight green-shift that I mentioned before, but it is relatively hard to see without looking. NOTE: If you have a large monitor and can see both pictures at once, it might appear obvious, but only because of the line. I put a zip file in this, so the tree takes up the first part, ergo, the density in bits making the picture white. I couldn't find a picture big enough to put text into, the program erred with code 75.



    Last edited by R0b0t1; 06-05-2010 at 10:18 AM.
    The jealous temper of mankind, ever more disposed to censure than
    to praise the work of others, has constantly made the pursuit of new
    methods and systems no less perilous than the search after unknown
    lands and seas.

  22. #22
    Join Date
    Aug 2006
    Location
    London
    Posts
    2,021
    Mentioned
    2 Post(s)
    Quoted
    0 Post(s)

    Default

    Russian spies used this technique.
    http://www.newscientist.com/article/...n-the-web.html
    Join the Official SRL IRC channel. Learn how to Here.

  23. #23
    Join Date
    Jun 2013
    Posts
    6
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    awesome and powerful, i know the technique

  24. #24
    Join Date
    Mar 2008
    Posts
    426
    Mentioned
    1 Post(s)
    Quoted
    116 Post(s)

    Default

    That's awesome..
    Totally out of my depth.. But awesome, lol.

    EDIT: God damn.. Grave dug..

    This kid before me put it on the new posts page...

    Ass.



  25. #25
    Join Date
    Jun 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    nice post

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •