Bitcoin Forum
November 08, 2024, 03:42:45 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: steganography: Hiding your wallet in a JPEG image  (Read 5669 times)
grondilu (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
January 01, 2011, 04:12:22 PM
Last edit: February 13, 2011, 01:14:44 AM by grondilu
 #1

Edit:  I realised during this thread that there are FOSS programs to do this.  "steghide" is one of them.

I was starting to write this but I'm getting lazy so I just put the beginning of it, in case someone would like to end it.

The idea is to store your wallet, or an encrypted version of it, into an image file.  The program creates a quasi identical image, with the data steganographied in it.   The data can be retreived by comparing the two almost identical images.  Therefore you need to store both images, possibly in two different places on cyberspace.

Requires ImageMagick to convert the file in Ascii PPM format.

Code:
#!/bin/bash

if [[ -z "$1" ]]
then echo "usage: $0 image-file [input-data]" 1>&2; exit 1
elif [[ ! -s "$1" ]]
then echo "$1 is empty or does not exist" 1>&2; exit 2
elif image="$1"; ! identify "$1" 1>&2
then echo "couldn't understand image format for $1" 1>&2; exit 3
else
    ppmimage="${1%.*}.ppm"
    convert "$image" -compression none "$ppmimage"
    data=$(mktemp)
    xxd -p "${2:-/dev/stdin}" |
    while read -N 2 x
    do
        n=$((0x$x))
        : please continue
    done
fi

fabianhjr
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


Do The Evolution


View Profile
January 01, 2011, 04:17:44 PM
 #2

Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Tongue

grondilu (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
January 01, 2011, 04:25:32 PM
 #3

Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Tongue

Let me make it clear, stenography is only a way to hide data.  It's not proper encryption.  It's quite useful, though, since then you can store your wallet pretty much anywhere (any image storing web service), or even wikipedia.

But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself.  You might possibly use a passphrase that the image reminds you of.

fabianhjr
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


Do The Evolution


View Profile
January 01, 2011, 05:10:56 PM
 #4

Let me make it clear, stenography is only a way to hide data.  It's not proper encryption.  It's quite useful, though, since then you can store your wallet pretty much anywhere (any image storing web service), or even wikipedia.

But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself.  You might possibly use a passphrase that the image reminds you of.
Yeah that is my point. It is better that your wallet never touches the public Internet. Smiley

Also I just realized you use the Netpbm format. That is great. Sorry, I was half sleep and couldn't read the whole code. I see no flaw with your code. Great job.  Grin

http://www.youtube.com/watch?v=BA6kG-tOkBs - McFrontalot - Secrets from the Future

Nefario
Hero Member
*****
Offline Offline

Activity: 602
Merit: 513


GLBSE Support support@glbse.com


View Profile WWW
January 01, 2011, 05:27:37 PM
 #5

You should encrypt it before using steganography to attempt to hide it, encrypted data often cannot be differentiated from random data.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1006


Bringing Legendary Har® to you since 1952


View Profile
January 01, 2011, 09:55:26 PM
 #6

I was starting to write this but I'm getting lazy so I just put the beginning of it, in case someone would like to end it.

The idea is to store your wallet, or an encrypted version of it, into an image file.  The program creates a quasi identical image, with the data steganographied in it.   The data can be retreived by comparing the two almost identical images.  Therefore you need to store both images, possibly in two different places on cyberspace.

Requires ImageMagick to convert the file in Ascii PPM format.

Code:
#!/bin/bash

if [[ -z "$1" ]]
then echo "usage: $0 image-file [input-data]" 1>&2; exit 1
elif [[ ! -s "$1" ]]
then echo "$1 is empty or does not exist" 1>&2; exit 2
elif image="$1"; ! identify "$1" 1>&2
then echo "couldn't understand image format for $1" 1>&2; exit 3
else
    ppmimage="${1%.*}.ppm"
    convert "$image" -compression none "$ppmimage"
    data=$(mktemp)
    xxd -p "${2:-/dev/stdin}" |
    while read -N 2 x
    do
        n=$((0x$x))
        : please continue
    done
fi


There is already Linux, open source command-line software for just this:

http://steghide.sourceforge.net/

Checked, it works. You can use it under windows with cygwin.
Also, it encrypts the data with a password, so you are fully protected.

grondilu (OP)
Legendary
*
Offline Offline

Activity: 1288
Merit: 1080


View Profile
January 01, 2011, 11:22:08 PM
 #7

There is already Linux, open source command-line software for just this:

http://steghide.sourceforge.net/

Indeed !

I searched once "apt-cache search steganography" and I had found nothing.

Now I see why, the description was in my mother tongue, so I should have written "stéganographie" instead.

Thanks, I'm sure this thread will be usefull anyway, for it will allow people to be aware of this tool.

davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1008


1davout


View Profile WWW
January 01, 2011, 11:24:00 PM
 #8

There is already Linux, open source command-line software for just this:
http://steghide.sourceforge.net/
Nice!

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1006


Bringing Legendary Har® to you since 1952


View Profile
January 02, 2011, 02:42:51 AM
 #9

There is already Linux, open source command-line software for just this:

http://steghide.sourceforge.net/

Indeed !

I searched once "apt-cache search steganography" and I had found nothing.

Now I see why, the description was in my mother tongue, so I should have written "stéganographie" instead.

Thanks, I'm sure this thread will be usefull anyway, for it will allow people to be aware of this tool.


FYI, it is present in many of current linux distros' repositories as well.
I use Gentoo and i have this in repo.

gene
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
January 11, 2011, 05:41:12 PM
 #10

Be careful with these methods:

http://freshmeat.net/projects/stegdetect/

Quote
Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, invisible secrets, outguess 01.3b, F5, appendX, and camouflage. Using linear discriminant analysis, it also supports detection of new stego systems. Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide, and OutGuess 0.13b.

Stego detection is an area of active research.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
January 11, 2011, 06:40:33 PM
 #11

Please give a look at this one also  Grin
http://www.ollydbg.de/Paperbak/index.html

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
kkndrs
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
February 13, 2011, 12:04:57 AM
 #12

But if you want to store your two images (both images are required to retrieve data) on the web, then you must use an encrypted wallet, not the wallet itself.  You might possibly use a passphrase that the image reminds you of.
You don't need both images to retrieve steganographically hidden data. You need a modified image and a shared secret key.

Something to note is that if the image is a JPG/PNG or other compressed format it would be easy to detect if someone tampered with it. I suggest you only use BMPs. This is a nice idea. Though, I would suggest having the original uploaded and the one with your wallet on it to stay offline. Tongue
Everybody uses compressed format nowadays. Using BMP is suspicious by itself. There are, indeed, very secure steganographic techniques for JPEG domain, just google it. It is also more convenient  Wink
ZenMondo
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 13, 2011, 11:03:43 PM
 #13

Another problem if you want to hide it plain sight on an image hosting site, all of them process the images they host and display on the web, therefore probably losing any steganographic data.  In fact I am in the market for some public anonymous imagehost that hosts raw images for a steganography experiment. I have not looked HARD yet, but so far have not found any hosting service that does not process the images.
tifanny357
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
March 26, 2014, 03:01:12 AM
 #14

As far as I am concerned, I have ever tried to display the image, not to hide the JPEG images. But an advanced image processing control may enables you to both display and hide the images.
UberNifty
Full Member
***
Offline Offline

Activity: 168
Merit: 100

AltcoinWarrior.com


View Profile WWW
March 28, 2014, 09:24:47 PM
 #15

Question: Would the following scenario be practical under real-world usage?

Let's say that you were to render your initial stenographed image as a BMP. Then let's say that you compress both the original image and the stenographed image into an identically compressed JPG setting (i.e. 90% JPG compression), and then proceed to upload both to the Internet Archive (does not manipulate / reformat images in any manner whatsoever).

Would the above scenario even be practical? The basic idea here, is to obfuscate the stenographed image enough to make detection at least a bit more difficult.

Naturally, each oth the two images would be stored on separate and unique Archive pages.

"Remember, the blockchain is truth..."
12648430
Full Member
***
Offline Offline

Activity: 144
Merit: 100


View Profile
March 29, 2014, 07:17:36 PM
 #16

Question: Would the following scenario be practical under real-world usage?

Let's say that you were to render your initial stenographed image as a BMP. Then let's say that you compress both the original image and the stenographed image into an identically compressed JPG setting (i.e. 90% JPG compression), and then proceed to upload both to the Internet Archive (does not manipulate / reformat images in any manner whatsoever).

Would the above scenario even be practical? The basic idea here, is to obfuscate the stenographed image enough to make detection at least a bit more difficult.

Naturally, each oth the two images would be stored on separate and unique Archive pages.

Not remotely. Steganographed data is put into the lowest order bits of the image. JPEG compression is lossy. When you convert BMP->JPEG->BMP, the resulting image will not have the same low order bits as the inputs.
enrapha
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile WWW
March 29, 2014, 08:10:01 PM
 #17

it would be interesting if printers and scanners/phone cameras got to the point that they could print and read something like this. you could hide your wallet in a simple photo of your wife in a frame.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!