Steghide basic info

2024-09-08 21:14:28 +02:00 · 2024-09-08 21:14:28 +02:00 · 2b6d14c354
commit 2b6d14c354
parent 7c2e4e6b0f
5 changed files with 28 additions and 11 deletions
--- a/opsec/steganography/index.html
+++ b/opsec/steganography/index.html
@ -69,8 +69,8 @@

 <p>That means that whilst complementary to cryptography, steganography on itself is less secure than the mathematically provable security provided by cryptography. Think of it as tucking away your valuables in secret location versus putting them into a sturdy safe. The safe may draw immediate attention by burglars, but provides reliable resistance to attacks, whilst whether they find your hidden stash is up to chance.</p>

-<h2><b>The why use steganography at all?</b></h2>
-<p>In military science, there is the concept of the <i>Integrated Survivability Onion</i> &mdash; in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shot at you and that they can't shot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, <b>it just shouldn't be all your rely on</b>. In our example, a hidden safe is better than either option on its own.</p>
+<h2><b>Then why use steganography at all?</b></h2>
+<p>In military science, there is the concept of the <i>Integrated Survivability Onion</i> &mdash; in short, it describes the idea that they can't kill you if they don't hit you, that they can't hit you if they don't shoot at you and that they can't shoot at you if they don't see you. The same thing applies to every good digital defense-in-depth approach. Using steganography can't harm you, <b>it just shouldn't be all your rely on</b>. In our example, a hidden safe is better than either option on its own.</p>

 <p>The main strength of it is that <b>steganography can conceal metadata</b> to some extent. Metadata (i.e. data about data and communications) is the primary way that state actors identify targets. When you can become guilty by association, <b>your primary concern may be communicating in public without anyone noticing</b> and not the confidentiality of your communications. (In fact, since many cryptographic schemes attest the identity of the sender, e.g. signatures, you should avoid those when looking for <u>plausible</u> deniability in case of compromise.)</p>

--- a/opsec/steghide/apod20240824.jpg
+++ b/opsec/steghide/apod20240824.jpg
--- a/opsec/steghide/difference.jpg
+++ b/opsec/steghide/difference.jpg
--- a/opsec/steghide/index.html
+++ b/opsec/steghide/index.html
@ -60,25 +60,42 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
+				<h2><b>Basic Use</b></h2>
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>Zesc - 2024-08-30</ba></p>
 <h1>Hiding files in images with steghide</h1>

 <p>steghide is a mature GPL-licensed CLI tool for hiding arbitrary data inside of of image files (and some archaic audio formats). Its official web presence is located at <a href="https://steghide.sourceforge.net/">https://steghide.sourceforge.net/</a>, but it is ubiquitously mirrored in various repositories and package managers (<a href="https://github.com/StegHigh/steghide"></a>. If you use APT, simply install it with</p>
-<pre><code class="nim">
-# apt install steghide
+<pre><code class="nim"># apt install steghide
 </code></pre>

-<p></p>
+<!-- <p>steghide conceals data inside a larger coverfile in a way that is indistinguishable to first-order statistical analysis. This means that without comparing to exact copy of your original coverfile, there are no anomalies to it.</p> -->

-<p></p>
+<p>steghide uses subcommands, and the three most important ones are <code>info</code>, <code>embed</code> and <code>extract</code> which will be explained in sequence. For this tutorial, we are going to use the <a href="https://apod.nasa.gov/apod/astropix.html">Astronomy Picture of the Day</a> of 2024-09-08, a beautiful image of the Andromeda galaxy:</p>
+<img src="apod20240924.jpg" style="width:250px">
+<p>Our example file to hide is going to be <a href="https://bitcoin.org/bitcoin.pdf">Bitcoin: A Peer-to-Peer Electronic Cash System</a>, the original paper by Satoshi Nakamoto.</p>

-<p></p>
+<p>As mentioned above, the cover image must be larger than the file you wish to embed, <b>as a rule of thumb your coverfile should be 20 times larger</b>. We can check how many bytes steghide can embed by using <code>steghide info <i>file</i></code>. In our case, it tells us that it can embed 232 KB and asks whether an attempt should be made at reading embed data without extracting. As there is nothing embedded yet, we decline with <kbd>n</kbd>.</p>

-<p></p>
+<pre><samp>"apod20240824.jpg":
+  format: jpeg
+  capacity: 232.6 KB
+Try to get information about embedded data ? (y/n) 
+</samp></pre>

-<p></p>
+<p>The PDF is only 180 KB, so it fits. Next, we use <code>steghide embed -cf <i>coverfile</i> -ef <i>embedfile</i> -sf <i>destination</i></code> and get asked for a passphrase (make sure to remember it or safe it in a password manager). After re-entering the passphrase (you can set it beforehand with the <code>-p</code> option) it will write the processed file to the specified destination. You can also leave out the <code>-sf</code> option, in which case it defaults to overwriting the coverfile. Look at it and try to find a visual difference to the original:</p>
+<img src="output1.jpg" style="width:250px">
+<p>It's completely lost in the visual noise. As an experiment, let's try taking the difference of both images with a program like GIMP. This is what it looks like:</p>
+<img src="difference.jpg" style="width:250px">

-<p></p>
+<p>A difference of zero means a fully black pixel. Try zooming in and you'll see that only a few pixels are slightly lighter than black. These are the pixels that contain parts of your embedded file.</p>
+
+<div><b>WARNING: changing the output file in anyway will make the embedded file irretrievable. This is especially important for every form of lossy compression!</b></div>
+
+<p>Now let's try to extract the file we've just hid. For this, use <code>steghide embed -sf <i>input</i></code></p>. This will prompt you for the passphrase. Enter it, and the contents will be extracted into the working directory. In our case we will be asked whether we want to overwrite the file with the same name that already exists. (You can suppress this warning with <code>-f</code> or by specifying an alternative output destination with <code>-xf</code>. Here, I used the later so we can confirm the files to be identical with md5sum:
+<pre><samp>d56d71ecadf2137be09d8b1d35c6c042  bitcoin.pdf
+d56d71ecadf2137be09d8b1d35c6c042  output.pdf</samp></pre>
+
+<p>And they are! This concludes the basic introduction to steghide. Some advanced details follow below, but in most cases, reading the well-written man page suffices.</p>

          
 	       </div>
@ -91,7 +108,7 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>Initial Setup </b></h2>
+          <h2><b>Advanced Use</b></h2>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
--- a/opsec/steghide/output1.jpg
+++ b/opsec/steghide/output1.jpg