diff --git a/opsec/steganography/index.html b/opsec/steganography/index.html index 0f27002..500c0e3 100644 --- a/opsec/steganography/index.html +++ b/opsec/steganography/index.html @@ -69,8 +69,8 @@
That means that whilst complementary to cryptography, steganography on itself is less secure than the mathematically provable security provided by cryptography. Think of it as tucking away your valuables in secret location versus putting them into a sturdy safe. The safe may draw immediate attention by burglars, but provides reliable resistance to attacks, whilst whether they find your hidden stash is up to chance.
-In military science, there is the concept of the Integrated Survivability Onion — in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shot at you and that they can't shot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, it just shouldn't be all your rely on. In our example, a hidden safe is better than either option on its own.
+In military science, there is the concept of the Integrated Survivability Onion — in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shoot at you and that they can't shoot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, it just shouldn't be all your rely on. In our example, a hidden safe is better than either option on its own.
The main strength of it is that steganography can conceal metadata to some extent. Metadata (i.e. data about data and communications) is the primary way that state actors identify targets. When you can become guilty by association, your primary concern may be communicating in public without anyone noticing and not the confidentiality of your communications. (In fact, since many cryptographic schemes attest the identity of the sender, e.g. signatures, you should avoid those when looking for plausible deniability in case of compromise.)
diff --git a/opsec/steghide/apod20240824.jpg b/opsec/steghide/apod20240824.jpg new file mode 100644 index 0000000..2f58bfa Binary files /dev/null and b/opsec/steghide/apod20240824.jpg differ diff --git a/opsec/steghide/difference.jpg b/opsec/steghide/difference.jpg new file mode 100644 index 0000000..7dea286 Binary files /dev/null and b/opsec/steghide/difference.jpg differ diff --git a/opsec/steghide/index.html b/opsec/steghide/index.html index c7937ed..edd5a21 100644 --- a/opsec/steghide/index.html +++ b/opsec/steghide/index.html @@ -60,25 +60,42 @@
steghide is a mature GPL-licensed CLI tool for hiding arbitrary data inside of of image files (and some archaic audio formats). Its official web presence is located at https://steghide.sourceforge.net/, but it is ubiquitously mirrored in various repositories and package managers (. If you use APT, simply install it with
-
-# apt install steghide
+# apt install steghide
-
+
-
+steghide uses subcommands, and the three most important ones are info
, embed
and extract
which will be explained in sequence. For this tutorial, we are going to use the Astronomy Picture of the Day of 2024-09-08, a beautiful image of the Andromeda galaxy:
+
+Our example file to hide is going to be Bitcoin: A Peer-to-Peer Electronic Cash System, the original paper by Satoshi Nakamoto.
-
+As mentioned above, the cover image must be larger than the file you wish to embed, as a rule of thumb your coverfile should be 20 times larger. We can check how many bytes steghide can embed by using steghide info file
. In our case, it tells us that it can embed 232 KB and asks whether an attempt should be made at reading embed data without extracting. As there is nothing embedded yet, we decline with n.
-
+"apod20240824.jpg":
+ format: jpeg
+ capacity: 232.6 KB
+Try to get information about embedded data ? (y/n)
+
-
+The PDF is only 180 KB, so it fits. Next, we use steghide embed -cf coverfile -ef embedfile -sf destination
and get asked for a passphrase (make sure to remember it or safe it in a password manager). After re-entering the passphrase (you can set it beforehand with the -p
option) it will write the processed file to the specified destination. You can also leave out the -sf
option, in which case it defaults to overwriting the coverfile. Look at it and try to find a visual difference to the original:
+
+It's completely lost in the visual noise. As an experiment, let's try taking the difference of both images with a program like GIMP. This is what it looks like:
+
-
+A difference of zero means a fully black pixel. Try zooming in and you'll see that only a few pixels are slightly lighter than black. These are the pixels that contain parts of your embedded file.
+
+WARNING: changing the output file in anyway will make the embedded file irretrievable. This is especially important for every form of lossy compression!
+
+Now let's try to extract the file we've just hid. For this, use steghide embed -sf input
. This will prompt you for the passphrase. Enter it, and the contents will be extracted into the working directory. In our case we will be asked whether we want to overwrite the file with the same name that already exists. (You can suppress this warning with -f
or by specifying an alternative output destination with -xf
. Here, I used the later so we can confirm the files to be identical with md5sum:
+d56d71ecadf2137be09d8b1d35c6c042 bitcoin.pdf
+d56d71ecadf2137be09d8b1d35c6c042 output.pdf
+
+And they are! This concludes the basic introduction to steghide. Some advanced details follow below, but in most cases, reading the well-written man page suffices.
diff --git a/opsec/steghide/output1.jpg b/opsec/steghide/output1.jpg
new file mode 100644
index 0000000..25a6b57
Binary files /dev/null and b/opsec/steghide/output1.jpg differ