grondilu (OP)
Legendary
 Offline
Activity: 1288
Merit: 1076
|
 |
January 01, 2011, 04:12:22 PM
Last edit: February 13, 2011, 01:14:44 AM by grondilu |
|
Edit: I realised during this thread that there are FOSS programs to do this. "steghide" is one of them. I was starting to write this but I'm getting lazy so I just put the beginning of it, in case someone would like to end it. The idea is to store your wallet, or an encrypted version of it, into an image file. The program creates a quasi identical image, with the data steganographied in it. The data can be retreived by comparing the two almost identical images. Therefore you need to store both images, possibly in two different places on cyberspace. Requires ImageMagick to convert the file in Ascii PPM format. #!/bin/bash
if [[ -z "$1" ]]
then echo "usage: $0 image-file [input-data]" 1>&2; exit 1
elif [[ ! -s "$1" ]]
then echo "$1 is empty or does not exist" 1>&2; exit 2
elif image="$1"; ! identify "$1" 1>&2
then echo "couldn't understand image format for $1" 1>&2; exit 3
else
ppmimage="${1%.*}.ppm"
convert "$image" -compression none "$ppmimage"
data=$(mktemp)
xxd -p "${2:-/dev/stdin}" |
while read -N 2 x
do
n=$((0x$x))
: please continue
done
fi
|
|
|
|
|
|
|
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
fabianhjr
Sr. Member
Offline
Activity: 322
Merit: 250
Do The Evolution
|
|
January 01, 2011, 04:17:44 PM |
|
Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline.  |
|
|
|
grondilu (OP)
Legendary
Offline
Activity: 1288
Merit: 1076
|
|
January 01, 2011, 04:25:32 PM |
|
Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Let me make it clear, stenography is only a way to hide data. It's not proper encryption. It's quite useful, though, since then you can store your wallet pretty much anywhere (any image storing web service), or even wikipedia. But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself. You might possibly use a passphrase that the image reminds you of. |
|
|
|
fabianhjr
Sr. Member
Offline
Activity: 322
Merit: 250
Do The Evolution
|
|
January 01, 2011, 05:10:56 PM |
|
Let me make it clear, stenography is only a way to hide data. It's not proper encryption. It's quite useful, though, since then you can store your wallet pretty much anywhere (any image storing web service), or even wikipedia.
But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself. You might possibly use a passphrase that the image reminds you of.
Yeah that is my point. It is better that your wallet never touches the public Internet.  Also I just realized you use the Netpbm format. That is great. Sorry, I was half sleep and couldn't read the whole code. I see no flaw with your code. Great job.  http://www.youtube.com/watch?v=BA6kG-tOkBs - McFrontalot - Secrets from the Future |
|
|
|
|
Nefario
|
|
January 01, 2011, 05:27:37 PM |
|
You should encrypt it before using steganography to attempt to hide it, encrypted data often cannot be differentiated from random data.
|
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1005
Bringing Legendary Har® to you since 1952
|
|
January 01, 2011, 09:55:26 PM |
|
I was starting to write this but I'm getting lazy so I just put the beginning of it, in case someone would like to end it. The idea is to store your wallet, or an encrypted version of it, into an image file. The program creates a quasi identical image, with the data steganographied in it. The data can be retreived by comparing the two almost identical images. Therefore you need to store both images, possibly in two different places on cyberspace. Requires ImageMagick to convert the file in Ascii PPM format. #!/bin/bash
if [[ -z "$1" ]]
then echo "usage: $0 image-file [input-data]" 1>&2; exit 1
elif [[ ! -s "$1" ]]
then echo "$1 is empty or does not exist" 1>&2; exit 2
elif image="$1"; ! identify "$1" 1>&2
then echo "couldn't understand image format for $1" 1>&2; exit 3
else
ppmimage="${1%.*}.ppm"
convert "$image" -compression none "$ppmimage"
data=$(mktemp)
xxd -p "${2:-/dev/stdin}" |
while read -N 2 x
do
n=$((0x$x))
: please continue
done
fi
There is already Linux, open source command-line software for just this: http://steghide.sourceforge.net/Checked, it works. You can use it under windows with cygwin. Also, it encrypts the data with a password, so you are fully protected. |
|
|
|
grondilu (OP)
Legendary
Offline
Activity: 1288
Merit: 1076
|
|
January 01, 2011, 11:22:08 PM |
|
Indeed ! I searched once "apt-cache search steganography" and I had found nothing. Now I see why, the description was in my mother tongue, so I should have written "stéganographie" instead. Thanks, I'm sure this thread will be usefull anyway, for it will allow people to be aware of this tool. |
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
January 01, 2011, 11:24:00 PM |
|
|
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1005
Bringing Legendary Har® to you since 1952
|
|
January 02, 2011, 02:42:51 AM |
|
Indeed ! I searched once "apt-cache search steganography" and I had found nothing. Now I see why, the description was in my mother tongue, so I should have written "stéganographie" instead. Thanks, I'm sure this thread will be usefull anyway, for it will allow people to be aware of this tool. FYI, it is present in many of current linux distros' repositories as well. I use Gentoo and i have this in repo. |
|
|
|
|
gene
|
|
January 11, 2011, 05:41:12 PM |
|
Be careful with these methods: http://freshmeat.net/projects/stegdetect/Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, invisible secrets, outguess 01.3b, F5, appendX, and camouflage. Using linear discriminant analysis, it also supports detection of new stego systems. Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide, and OutGuess 0.13b.
Stego detection is an area of active research. |
*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES | YES | |
|
|
HostFat
Staff
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
January 11, 2011, 06:40:33 PM |
|
|
|
|
|
kkndrs
Newbie
Offline
Activity: 1
Merit: 0
|
|
February 13, 2011, 12:04:57 AM |
|
But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself. You might possibly use a passphrase that the image reminds you of.
You don't need both images to retrieve steganographically hidden data. You need a modified image and a shared secret key. Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Everybody uses compressed format nowadays. Using BMP is suspicious by itself. There are, indeed, very secure steganographic techniques for JPEG domain, just google it. It is also more convenient  |
|
|
|
|
ZenMondo
Newbie
Offline
Activity: 2
Merit: 0
|
|
February 13, 2011, 11:03:43 PM |
|
Another problem if you want to hide it plain sight on an image hosting site, all of them process the images they host and display on the web, therefore probably losing any steganographic data. In fact I am in the market for some public anonymous imagehost that hosts raw images for a steganography experiment. I have not looked HARD yet, but so far have not found any hosting service that does not process the images.
|
|
|
|
|
tifanny357
Newbie
Offline
Activity: 2
Merit: 0
|
|
March 26, 2014, 03:01:12 AM |
|
As far as I am concerned, I have ever tried to display the image, not to hide the JPEG images. But an advanced image processing control may enables you to both display and hide the images. |
|
|
|
|
UberNifty
Full Member
Offline
Activity: 168
Merit: 100
AltcoinWarrior.com
|
|
March 28, 2014, 09:24:47 PM |
|
Question: Would the following scenario be practical under real-world usage?
Let's say that you were to render your initial stenographed image as a BMP. Then let's say that you compress both the original image and the stenographed image into an identically compressed JPG setting (i.e. 90% JPG compression), and then proceed to upload both to the Internet Archive (does not manipulate / reformat images in any manner whatsoever).
Would the above scenario even be practical? The basic idea here, is to obfuscate the stenographed image enough to make detection at least a bit more difficult.
Naturally, each oth the two images would be stored on separate and unique Archive pages.
|
"Remember, the blockchain is truth..."
|
|
|
|
12648430
|
|
March 29, 2014, 07:17:36 PM |
|
Question: Would the following scenario be practical under real-world usage?
Let's say that you were to render your initial stenographed image as a BMP. Then let's say that you compress both the original image and the stenographed image into an identically compressed JPG setting (i.e. 90% JPG compression), and then proceed to upload both to the Internet Archive (does not manipulate / reformat images in any manner whatsoever).
Would the above scenario even be practical? The basic idea here, is to obfuscate the stenographed image enough to make detection at least a bit more difficult.
Naturally, each oth the two images would be stored on separate and unique Archive pages.
Not remotely. Steganographed data is put into the lowest order bits of the image. JPEG compression is lossy. When you convert BMP->JPEG->BMP, the resulting image will not have the same low order bits as the inputs. |
|
|
|
|
enrapha
Newbie
Offline
Activity: 52
Merit: 0
|
|
March 29, 2014, 08:10:01 PM |
|
it would be interesting if printers and scanners/phone cameras got to the point that they could print and read something like this. you could hide your wallet in a simple photo of your wife in a frame.
|
|
|
|
|
|
