Stegonagraphy has always seemed really neat to me. Here are some
tricks I just ran across.
========================================
Command line - cat your gif and zip
Finally, for those of you comfortable on the command line, reader
Jason H. writes in with a nifty stego trick using built-in tools. The
premise of this technique is to append a .zip file to the end of a
.gif file, resulting in a file which is readable by both .gif programs
and .zip programs.
Jason explains why this works (with the help, he says, from a
long-lost thread at Something Awful):
It works because .gif files keep all of their information in the
headers, while .zip files keep them in the footer. Since that's the
case, .gif viewers read from the front of the file, while .zip readers
read from the end.
Here's how to combine your .gif and .zip.
cat somefile.zip >> somefile.gif
<boblq>
It turns out that this works with .jpg files as well. Just
cat somefile.zip >>somefile.jpg
to retrieve the original somefile:
unzip somefile.jpg
I will leave it to the rest of you to find out what
other image formats work this way.
</boblq>
The problem with this method is that not all zip programs can extract
the resulting file. When I tried, both 7-Zip and Windows built-in
extraction failed, but WinRAR handled it just fine. Still, that's
something the intended recipient should know.
For double super-duper security, password the zip file that you hide
inside the image.
=================================================================
I think this could be the start of a good web service. Have the service
split an incoming image into several parts that are embedded
in other images then return links to the images. Or offer other
ways to get the links that are more obscure. It would be fun to
design and implement this kind of thing as a secure messaging
system. Maybe make it work with Flickr or some such.
Is anyone offering a secure messaging service?
If they are they had better be offshore ;)
BobLQ
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
