Steganography: Difference between revisions

Reference

• http://resources.infosecinstitute.com/steganography-and-tools-to-perform-steganography/

OutGuess

• OutGuess is a steganography tool developed by Niels Provos.
• Quite secure, although some attacks exist.
• Package available for Windows, Linux, Cygwin...
• OutGuess works by storing information in the LSB of non-zero DCT coefficient, while preserving first-order statistics.

Basic usage

$ outguess -k "password" -d secret.txt original.jpg embedded.jpg
$ outguess -k "password" -d secret.txt -p 100 original.jpg embedded.jpg   #Max jpeg compression for max capacity

Example of output:

Reading original.jpg....
JPEG compression quality set to 75
Extracting usable bits:   105949 bits
Correctable message size: 49783 bits, 46.99%
Encoded 'secret.txt': 144 bits, 18 bytes
Finding best embedding...
    0:    76(43.7%)[52.8%], bias    68(0.89), saved:     0, total:  0.07%
   21:    84(47.7%)[58.3%], bias    55(0.65), saved:    -1, total:  0.08%
  115:    77(44.3%)[53.5%], bias    59(0.77), saved:     0, total:  0.07%
115, 136: Embedding data: 144 in 105949
Bits embedded: 174, changed: 77(44.3%)[53.5%], bias: 59, tot: 106258, skip: 106084
Foiling statistics: corrections: 55, failed: 0, offset: 40.125000 +- 65.879625
Total bits changed: 136 (change 77 + bias 59)
Storing bitmap into data...
Writing embedded.jpg....

• usable bits are the number of LSB of the DCT coeffecient that are available
• Correctable message size are the subset of these LSB that can effectively be used without detection
• One may specify the quality settings of output image (option -p) to increase the capacity. However this quality settings should match the quality of the input file.

Patch on OutGuess 0.2

• There is a small bug in OutGuess 0.2 that makes estimate of the correctable message size to be negative for big images. Here's a patch that correct this.

--- outguess-0.2/jpg.c       2001-02-13 01:29:07.000000000 +0100
+++ outguess-0.2/jpg.c       2009-08-25 16:06:05.242378300 +0200
@@ -176,7 +176,7 @@
                        fprintf(stderr, "Can not calculate estimate\n");
                        res = -1;
                } else
-                       res = 2*bitmap->bits*b/(a + b);
+                       res = 2*(long long)bitmap->bits*b/(a + b);         /* Fixed: multiply was overflowing for big images */

                /* Pending threshold based on frequencies */
                for (i = 0; i < DCTENTRIES; i++) {

• To apply the patch on Cygwin, first fetch Outguess-0.2

$ /setup.exe&                               #Select Outguess-0.2 sources
$ cd /usr/src
$ cat > outguess-0.2.patch                  #Copy patch above in patch file
$ ./outguess-0.2-1.sh -v -c prep conf
$ patch -lNp0<outguess-0.2.patch            #Apply the patch
$ ./outguess-0.2-1.sh -v -c make install
$ cp -rv outguess-0.2/.inst/* /             #Install

Analysing OutGuess 0.2

• The Correctable message size generally increases with the JPEG quality of the input image
• When using option -p to specify the JPEG quality of the output image, the best Correctable message size is generally achieved while using same output JPEG quality as input image.
• Without specifying output JPEG quality,
  • Output file size is almost equal and minimum when input JPEG quality is 75% or 100%, and has its maximum around 85%.
  • Max. Correctable message size is obtained when input JPEG quality is 78%...81%.
• Using pamscale (with default param), all the generated images have lost in capacity efficiency (i.e. ratio Correctable message size / Image size) (→ To Do: look effect of other rescaling algorithms).

StegHide

• StegHide

Stegdetect

• stegdetect, a generic tool to break steganography scheme.
• http://theevilbit.blogspot.fr/2013/01/backtrack-forensics-steganoghraphy.html