Results 1 to 8 of 8

Thread: Stego Scanner

  1. #1
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    331

    Stego Scanner

    Does anybody know if there is such a thing as a stego scanner. Basically, tools like camaflouge hide files inside of other files. Which are usually text in side of a picture of somesort. Or another tool like, mp3stego. Hides text inside of audviously *.mp3's.

    Or executablestego. Hides txt in executable. I actually think the last one works more like a wrapper.

    None the less, does anybody out there know of a tool, that will scan a folder, or a drive. That looks for some of the "signatures" left by some of the aforementioned tools. This tool doesn't have to be network ready. Just local scanning is fine.

    If this tool doesn't exist, perhaps it might be worth looking into.

    Thanks all,

    Be safe and stay free
    Your heart was talking, not your mind.
    -Tiger Shark

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I was searching for tools like you are looking for but have come up with little.

    http://www.infosyssec.com/infosyssec/stendig1.htm

    check out the "Countermeasures to Attacks" section.

    * An Introduction to Watermark Recovery from Images, by Neil F. Johnson, SANS Intrusion Detection and Response (ID'99), Proceedings. San Diego, CA, February 9-13, 1999.
    A PDF version is available (2.9MB)

    * A Role for Digital Watermarking in Electronic Commerce, by Neil F. Johnson, Zoran Duric and Sushil Jajodia. Accepted for publication ACM Computing Surveys, 1999.

    * Recovering Watermarks from Images , by Zoran Duric, Neil F. Johnson, and Sushil Jajodia. Informaion & Software Engineering Technical Report ISE-TR-99-04, April 1999. Submitted to IEEE Transactions on Image Processing, 1999.

    * In Search of the Right Image: Recognition and Tracking of Images in Image Databases, Collections, and The Internet by Neil F. Johnson, Center for Secure Information Systems Technical Report CSIS-TR-99-05-NFJ, April 1999.
    [HTML][PS (1.7MB)]

    * Recovery of Watermarks from Distorted Images by Neil F. Johnson, Zoran Duric and Sushil Jajodia. Submitted to the Third Information Hiding Workshop - Dresden, Germany - 29 September - 1 October 1999.

    * On "Fingerprinting" Images for Recognition, by Neil F. Johnson, Zoran Duric and Sushil Jajodia. Submitted to Fifth International Workshop on Multimedia Information Systems (MSIS'99) Palm springs, California, October 21-23, 1999.

    * Additional Reading for Steganography and Digital Watermarking - these are some of the documents I am using in my steganography and digital watermarking research through the Center for Secure Information Systems at George Mason University.

    * Digital Image Steganography and Digital Watermarking Tool Table
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    711
    You might look through some of the past SANS and USENIX preceedings... I know I've been in a few discussions re:steganography and the like (more likely at USENIX) in the past few years at one of those -- you can probably get a few of the essays or conference notes on it... if you can't find anything, PM me or something and I'll see about going through some of my past notes for you.

    ...though, and you probably knew this... finding watermarks and stego's in pieces of work is generally, well... part of the premise is that a "good" piece of stega blends in so well with the original document that it's virtually undetectable unless you know exactly what you are looking for, etc...
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  4. #4
    Steganography Detection with Stegdetect

    Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are

    * jsteg,
    * jphide (unix and windows),
    * invisible secrets,
    * outguess 01.3b,
    * F5 (header analysis),
    * appendX and camouflage.
    I stumbled accross this tool because it was used by one of the contestants in the scan of the month challenges from project.honeynet.org.
    You can download source code or binaries from:
    http://www.outguess.org/download.php

    Cheers
    noODLe

    edit:
    maybe not excactly the tool you are looking for because it does not detect stegano from the programs you mentioned.

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Clearly the steganography programs aren't very good if these kinds of trivial analysis reveals signatures.

    Ideally the program should not put a "signature" into the image or sound files.

    Even someone with the same tool *should* be unable to differentiate an image containing a message encrypted with another key, and an image containing no message.

    The only bulletproof stegano detection method is to obtain a digital original of the medium involved and do a comparison on them.

    I am dubious about putting messages into executables. Executables are not derived from analogue data, and although there was an article (in New Scientist I think) which described a method to store encrypted data in executable code, it is fairly easy to detect.

    You can only really truly use stegano from data whose origins were analogue. And the noisier the better (unless it's so noisy that it arouses suspicion)

    Scramdisk's stegano system (which works with wav files) tries to ensure this. In fact it doesn't even have a message for "incorrect password", because it can never tell whether a file contains anything or not, it simply tries the supplied key and all enabled ciphers and algorithms in turn, and if none of them makes sense gives up.

    So in order to defend against attacks on stegano, you *must*
    - Obtain the original data from an analogue source
    - *NOT* keep copies of the originals without the stegano.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Hiya,

    Yea im in the process of coding a steganography scanner type app using python for both internet based files and local files, its my first proper project in python and its actually working ok ish, need to clean it up allot as ive been living in a room with a T1 line and it worked there and now working on a 56k modem so my program times out now so need to sort some stuff out........i want my T1 back :-(

    i had never intended to look for the signatures left by programs but instead kinda scan the files for words, i know this wouldnt work for encrypted files but its a start,

    im looking into the signatures now as well, does anyone know of a good paper about these??

    cheers

    i2c

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    207
    .. a late post, and slightly directed towards the first post (ignoring all the others), but...

    where I'm interning, some of the professors are currently making a stego 'super-scanner' that looks for the signatures from ALL the major stego tools out there. So far, with the alpha's we've been testing, we're getting pretty damn good results. We might also incorporate decryption for the tools that offer encryption. I'll let the AO community know when/if we release it, if anybody wants it.

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    that is great plastic..looking forward to the post
    thnx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •