Hacker News new | ask | show | jobs
by BirbSingularity 888 days ago
Modern forensic analysis tools would be able to detect the high entropy encrypted data within the host file fairly easily. Additionally, the process of embedding the unencrypted session key, salt, file size, and then the encrypted data as a struct like you are would increase the detection of embedded data.

Half the battle is making sure the hidden data cannot be detected and the second is that the data cannot be read if detected. A more algorithmic approach to the embedding and extraction which uses properties of the host file to determine the relative locations of the session key, salt, file size, and data would likely better hide the presence of the embedded/encrypted data.

I recently made a novel implementation of, "An Image Steganography Algorithm using LSB Replacement through XOR Substitution (DOI:10.1109/ICOIACT46704.2019.8938486)" which you can find here: https://github.com/JustinPack/XOR_LSB_Stego

While my approach is a simple one lacking any inherent encryption, it could easily be added. I think you will find the paper a highly interesting read and it is also in my project.

Cheers and great work nonetheless.
2 comments
lobito14 887 days ago
Thank you for your valuable insights and recommendations. I genuinely appreciated both the suggested paper and your project, as they contributed to my learning. I completely agree that File Hider techniques have significant room for improvement in terms of seamlessly integrating the hidden data within the host file more organically. Regarding the session key, it is encrypted https://github.com/x011/File_Hider/blob/0f46058731d08c06a110....
link
BirbSingularity 886 days ago
Hey there. I must have missed the section that handles encrypting the session key, my bad.

It's more the struct method of embedding though that I was emphasizing. Structured encrypted data has high entropy which can give away it's presence. Try running some of your before and after images through aperisolve or the cyberchef entropy analysis tool and see how the analysis changes.

https://www.aperisolve.com/

https://gchq.github.io/CyberChef/#recipe=Entropy('Curve')

link
lobito14 877 days ago
Here are the results of the Entropy Curve analysis:

Original: https://cloud.screenpresso.com/g5MIc/2024-01-25_01h15_08.png

With hidden data: https://cloud.screenpresso.com/lIvFc/2024-01-25_01h11_22.png

The differences appear to be on the right side of the spectrum, which I assume is the end of the file where the hidden data is stored. The CyberChef tools are awesome, thanks!

Here are the Aperisolve results:

https://www.aperisolve.com/1f1b2593242e7e690101155741f40aa0

Aside from the string results, everything seems normal here.

link
lobito14 877 days ago
No problem, your suggestions are always welcome. I managed to reduce the high entropy by base64 encoding the encrypted data. Meanwhile, I've developed CryptoFrame (https://github.com/x011/CryptoFrame), which hides encrypted data inside a video, split across multiple frames. It uses stegano LSB under the hood but adds a layer of encryption, which is missing in stegano.

I'll definitely give apersolve.com a try, although it's a pity it only handles images, since File Hider can be used for all types of files.

P.S.: Sorry for the late reply, but I became a father about a week ago. :)

link
lobito24 888 days ago
Thank you for your valuable insights and recommendations. I genuinely appreciated both the suggested paper and your project, as they contributed to my learning. I completely agree that File Hider techniques have significant room for improvement in terms of seamlessly integrating the hidden data within the host file on a more organic way.
link