Steganography: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
== Reference == |
|||
* http://resources.infosecinstitute.com/steganography-and-tools-to-perform-steganography/ |
|||
== OutGuess == |
== OutGuess == |
||
* [http://www.outguess.org/ OutGuess] is a steganography tool developed by Niels Provos. |
* [http://www.outguess.org/ OutGuess] is a steganography tool developed by Niels Provos. |
||
Line 67: | Line 70: | ||
** Max. ''Correctable message size'' is obtained when input JPEG quality is 78%...81%. |
** Max. ''Correctable message size'' is obtained when input JPEG quality is 78%...81%. |
||
* Using <tt>pamscale</tt> (with default param), all the generated images have lost in capacity efficiency (i.e. ratio ''Correctable message size'' / ''Image size'') (→ '''To Do''': look effect of other rescaling algorithms). |
* Using <tt>pamscale</tt> (with default param), all the generated images have lost in capacity efficiency (i.e. ratio ''Correctable message size'' / ''Image size'') (→ '''To Do''': look effect of other rescaling algorithms). |
||
== StegHide == |
|||
* [http://steghide.sourceforge.net/ StegHide] |
|||
== Stegdetect == |
|||
* [https://github.com/abeluck/stegdetect stegdetect], a generic tool to break steganography scheme. |
|||
* http://theevilbit.blogspot.fr/2013/01/backtrack-forensics-steganoghraphy.html |
Latest revision as of 14:19, 10 May 2017
Reference
OutGuess
- OutGuess is a steganography tool developed by Niels Provos.
- Quite secure, although some attacks exist.
- Package available for Windows, Linux, Cygwin...
- OutGuess works by storing information in the LSB of non-zero DCT coefficient, while preserving first-order statistics.
Basic usage
$ outguess -k "password" -d secret.txt original.jpg embedded.jpg
$ outguess -k "password" -d secret.txt -p 100 original.jpg embedded.jpg #Max jpeg compression for max capacity
Example of output:
Reading original.jpg.... JPEG compression quality set to 75 Extracting usable bits: 105949 bits Correctable message size: 49783 bits, 46.99% Encoded 'secret.txt': 144 bits, 18 bytes Finding best embedding... 0: 76(43.7%)[52.8%], bias 68(0.89), saved: 0, total: 0.07% 21: 84(47.7%)[58.3%], bias 55(0.65), saved: -1, total: 0.08% 115: 77(44.3%)[53.5%], bias 59(0.77), saved: 0, total: 0.07% 115, 136: Embedding data: 144 in 105949 Bits embedded: 174, changed: 77(44.3%)[53.5%], bias: 59, tot: 106258, skip: 106084 Foiling statistics: corrections: 55, failed: 0, offset: 40.125000 +- 65.879625 Total bits changed: 136 (change 77 + bias 59) Storing bitmap into data... Writing embedded.jpg....
- usable bits are the number of LSB of the DCT coeffecient that are available
- Correctable message size are the subset of these LSB that can effectively be used without detection
- One may specify the quality settings of output image (option -p) to increase the capacity. However this quality settings should match the quality of the input file.
Patch on OutGuess 0.2
- There is a small bug in OutGuess 0.2 that makes estimate of the correctable message size to be negative for big images. Here's a patch that correct this.
--- outguess-0.2/jpg.c 2001-02-13 01:29:07.000000000 +0100
+++ outguess-0.2/jpg.c 2009-08-25 16:06:05.242378300 +0200
@@ -176,7 +176,7 @@
fprintf(stderr, "Can not calculate estimate\n");
res = -1;
} else
- res = 2*bitmap->bits*b/(a + b);
+ res = 2*(long long)bitmap->bits*b/(a + b); /* Fixed: multiply was overflowing for big images */
/* Pending threshold based on frequencies */
for (i = 0; i < DCTENTRIES; i++) {
- To apply the patch on Cygwin, first fetch Outguess-0.2
$ /setup.exe& #Select Outguess-0.2 sources
$ cd /usr/src
$ cat > outguess-0.2.patch #Copy patch above in patch file
$ ./outguess-0.2-1.sh -v -c prep conf
$ patch -lNp0<outguess-0.2.patch #Apply the patch
$ ./outguess-0.2-1.sh -v -c make install
$ cp -rv outguess-0.2/.inst/* / #Install
Analysing OutGuess 0.2
- The Correctable message size generally increases with the JPEG quality of the input image
- When using option -p to specify the JPEG quality of the output image, the best Correctable message size is generally achieved while using same output JPEG quality as input image.
- Without specifying output JPEG quality,
- Output file size is almost equal and minimum when input JPEG quality is 75% or 100%, and has its maximum around 85%.
- Max. Correctable message size is obtained when input JPEG quality is 78%...81%.
- Using pamscale (with default param), all the generated images have lost in capacity efficiency (i.e. ratio Correctable message size / Image size) (→ To Do: look effect of other rescaling algorithms).
StegHide
Stegdetect
- stegdetect, a generic tool to break steganography scheme.
- http://theevilbit.blogspot.fr/2013/01/backtrack-forensics-steganoghraphy.html