Steganography

oradba4u · July 17, 2020, 08:20:42 AM

All:
Does anyone know how to hide text in a file (e.g. .jpg or .dll)
and retrieve it (both hide and seek) using Winbatch?

Thanks in advance
perplexed in Poughkeepsie

td · July 17, 2020, 09:47:52 AM

What do you mean by "hide"? Are you referring to encoding or encryption? Also, modifying a DLL in any way may cause it to be flagged as a security risk if it is also codesigned.

oradba4u · July 17, 2020, 09:55:43 AM

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video

"Hide" would be to conceal the message into a file.
"Seek" would be to retrieve the message from the file.

Ref: https://www.edureka.co/blog/steganography-tutorial
https://www.youtube.com/watch?v=xxSbjUAuzSU

ChuckC · July 17, 2020, 01:06:03 PM

I don't think the definition of Steganography was being questioned or misunderstood on Tony's part.

As for the "how to" part, unless you're using some kind of ready made library to do the heavy lifting for you, you're going to need to understand how the target file type in question has its data structured so that you can find places to hide any kind of unrelated data within it that won't otherwise corrupt the file and make it unusable. The whole idea of steganography is to hide the data and not give any telltale clues like visual glitches/artifacts of any kind, causing a code signing validation failure, etc...

In the case of JPG files, they make a good target because they are a not a lossless form of data compression. This means that you can replace some amount of low-order-bit data from a certain number of pixels and use them to store unrelated data w/o making the reduction in image quality visible to the human eye.

A bitmap, on the other hand, would be visibly degraded. Much the same goes for a DLL, in the there's much in the way of used space that can be hijacked to hide data in w/o affecting how the DLL functions.

Going back to using JPG files, you could start with reading the specifications for the JPG image format and go from there.

https://jpeg.org/jpeg/

https://www.w3.org/Graphics/JPEG/jfif3.pdf

https://en.wikipedia.org/wiki/JPEG_File_Interchange_Format

https://www.fileformat.info/format/jpeg/egff.htm

stanl · July 17, 2020, 01:48:16 PM

Probably not related, but I played around with alternate streams in 2010

Code (WINBATCH) Select



;quick 'geek trick' - only works with NTFS/Alternate Streams
;Stan Littlefield, November 11, 2010
firstfile = dirscript():"secret.txt"
fileput(firstfile,"There is Nothing Important in this File":@CRLF)
newfile = dirscript():"secret.txt:moresecrets.txt"
fileput(newfile,"Well that is not exactly true":@CRLF)
message("",fileget(firstfile):@CRLF:fileget(newfile))

td · July 17, 2020, 01:54:31 PM

Quote from: oradba4u on July 17, 2020, 09:55:43 AM
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video

"Hide" would be to conceal the message into a file.
"Seek" would be to retrieve the message from the file.

Ref: https://www.edureka.co/blog/steganography-tutorial
https://www.youtube.com/watch?v=xxSbjUAuzSU

I am well aware of the meaning of the word steganography. Tweaking bits in an image file is certainly within the capabilities of the binary buffer functions once you know which bits can safely be tweaked as Chuck pointed out. However, you would need a significant amount of time and computer power to modify a signed file in such a way that the hash remained valid. If a dll is not hashed, you could stick some information into several of the dll's image segments using binary buffer functions. Again the key would be understanding which bits are safe to fiddle with. In the latter case, it would be simpler to just encrypt the information and append it to the end of the file . It would be difficult to detect unless you have another exact copy of the original dill to compare it with.

td · July 17, 2020, 02:29:47 PM

Need to correct my previous comment. I remembered that not all parts of a dll or exe file are hashed in the image hash. In part, this is because the signature stored in the file would alter the hash. So it would be possible to modify a dll outside of the hashed areas of the file without invalidating the signed hash. The area after the highest segment offset is also left out of the hash calculation. This is an area that can be modified by adding information at or near the end of the file.

JTaylor · July 17, 2020, 07:14:19 PM

What are you trying to accomplish?

Jim

oradba4u · July 17, 2020, 10:36:22 PM

Hide some text in a .jpg file using winbatch on both the "Hide" side, and the "seek" side.

JTaylor · July 18, 2020, 08:57:10 AM

I meant to what end.....but maybe that is a secret or maybe just doing this is the goal rather than having a real purpose. Didn't know if someone might have a suggestion for accomplishing your real goal in a different way.

Jim

td · July 18, 2020, 10:05:47 AM

Quote from: oradba4u on July 17, 2020, 10:36:22 PM
Hide some text in a .jpg file using winbatch on both the "Hide" side, and the "seek" side.

Jim makes a good point but this also leads back to my original question. "Hide" can mean more than one thing with regard to steganography. Text messages are often encrypted as well as embedded in an image. In the simplest case, encoding a message in an image is just a matter of flipping the least significant bit of a range of bytes as need that make up the jpeg image file. The LSBs of the range of image pixels represent the bit values of each byte of the ASCII text message. If you want to encrypt the text message as well, things get more complicated but this can also be done using WinBatch.

oradba4u · July 18, 2020, 05:21:40 PM

Guys, you're making this more difficult than it needs to be. I said NOTHING of encryption! and (forgive me being direct here) my reasoning for doing this is my business, to be blunt about it and it has no bearing whatsoever on the task at hand

ChuckC · July 18, 2020, 05:35:38 PM

Regardless of whether you want to "hide" plain text, obfuscated text or outright encrypted text in a JPG, it's all the same "heavy lifting" exercise w/respect to spending the intellectual capital necessary to develop a script to do what you want. Yes, without a doubt, WinBatch can be used to achieve the goal you have set for yourself.

The question... are you willing to spend the intellectual capital necessary to achieve it. I already pointed out the URLs that you need to follow up on regarding the structure of a JP[E]G file. What I am not going to do is read/explain their content to you. That's an exercise best left to the student, and the final exam is a simple pass/fail grade in terms of whether or not you can successfully make use of the knowledge after you do some meaningful learning exercises. Having a degree in mathematics myself, I can say that if you're not seriously math-oriented, then the long-form explanation of how a JP[E]G works isn't going to be of much use to you.

If that's not a sufficient answer, then I would suggest that you perform some more expanded Google searches related to code libraries and other pre-canned components that can do the heavy lifting for you, and then figure out how to make use of their functionality from within a WinBatch script.

JTaylor · July 18, 2020, 07:27:06 PM

Sometimes people are looking for a solution to a problem so such a question does have bearing in that situation. Apparently you are not looking for a solution so I will bow out.

Jim

Quote from: oradba4u on July 18, 2020, 05:21:40 PM
Guys, you're making this more difficult than it needs to be. I said NOTHING of encryption! and (forgive me being direct here) my reasoning for doing this is my business, to be blunt about it and it has no bearing whatsoever on the task at hand

stanl · July 19, 2020, 04:04:17 AM

Quote from: ChuckC on July 18, 2020, 05:35:38 PM
If that's not a sufficient answer, then I would suggest that you perform some more expanded Google searches related to code libraries and other pre-canned components that can do the heavy lifting for you, and then figure out how to make use of their functionality from within a WinBatch script.

Like Chuck wrote. There are command-line options, free products, C# code scattered about a Google search.

td · July 19, 2020, 11:39:11 AM

Quote from: oradba4u on July 18, 2020, 05:21:40 PM
Guys, you're making this more difficult than it needs to be. I said NOTHING of encryption! and (forgive me being direct here) my reasoning for doing this is my business, to be blunt about it and it has no bearing whatsoever on the task at hand

Given the generalized nature of your original post and the fact that most steganography software has the ability to encrypt messages before embedding the message, it seemed like a reasonable question to ask. Asking questions to collect requirements aids in making an informed response.

td · July 28, 2020, 11:37:38 AM

While not directly related to this topic because of the expressed desire to use jpeg files, here is a link to a steganography example using WIL CLR hosting and more specifically the System.Drawing .Net Framework assembly on bitmaps files. The example is not a substitute for one of the many available steganography applications available on-line but it does illustrate how to use a compiled in memory dotNet class as a helper to work around CLR hosting limitations.

https://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/dotNet/System_Drawing+Use~System.Drawing~for~Steganograhpy.txt

News:

Steganography