Steganography

Steganography is the art of hiding things within other things, for example hiding a text message within a picture in some way. Normally you would never know that the original message is there if it is well hidden. As far as challenges go steganography levels tend to be simplistic made-up hiding schemes or encoding schemes. Occasionally you will come across a situation where a real method has been used, often with clues as to the method and there are crackers available for some of these methods.

I will consider three groups of steganography - text, graphics and sound. First, however, a message can be hidden anywhere and when you are faced with something new - for example a hidden message in a zip file that otherwise appears normal - the first step that I would make is to get hold of the file format, and examine this in detail and look for anything out of the ordinary. Are there extra bytes at the end of the file, is there a strange section in the file, are there obvious places in the file format that something could be hidden, etc.

Text steganography tends to be fairly simple, and sometimes may appear under encryption rather than steganography. The sort of thing to look out for is - unusual punctuation - characters before and after punctuation, capital letters - start of each sentence, first character of each word - second or third or last characters, every third word - fourth or fifth or more. Check the formatting and see if you notice anything unusual, does it have a pre tag in the html - are there any hidden vertical messages in it ? Check the html - are any characters marked in any way, for example by having different colours. Is there anything unusual in the html ? I have seen hidden messages in html colour codes throughout the page, I have seen messages encoded in tabs and spaces that you would not ordinarily see, etc. It also pays to remember both morse code and bacon ciphers which can be used in encoding. A message that loOKS liKe thIs CAn EaSIlY COntain a Bacon cipher.

Pictures are a popular way of hiding messages. Remember that gifs and bmps are not lossy whereas jpgs are lossy images, so hiding messages within these files tends to follow slightly different methods. In gifs you will often find that colours are important whereas jpgs tend to hide data either more openly in the picture as an image or within the binary file structure (look at the end of the file for additional data - and learn to recognise common file signatures like the 'PK' of zip files). If a gif is a meaningless jumble of colours then you are probably looking at some type of encoding in the colours - check the html codes being used in each (Paint Shop Pro is great for image analysis), count the colours being used and look for a simple encoding scheme. If a gif is a picture then look carefully at the pixels for anything unusual - an area that stands out as not being quite consistent for example. It may contain a binary message encoded in the colour lsb's. Its also worth thinking laterally, the problem could well be an image manipulation problem rather than an encoding problem. But this is often apparent given a particular problem.

There are now two programs to help with solving Steganography challenges. The first is Steganabara by Quangntenemy and it allows colour analysis in an easy way as well as allowing colours to be isolated and viewed. So if there are two slightly different colours then you can see which pixels each one is colouring. The second program is Stegsolve by myself. It will perform analysis of the file structure as well as allowing each bit plane to be viewed on its own. It also allows extracts to be taken from bits, and contains a stereogram solver. Both programs are open source and so you can modify them in whatever way you wish.

Music steganography has not been exploited a great deal. As for images there are lossy (mp3) and non lossy (wav) encodings. The best sound manipulation program is by far Cool Edit Pro. MP3s can have comments, so look at the start and end of the file for anything hidden. If you have a password then chances are that mp3stego has been used. As far as wavs go learn to zoom in on bits of the wav in Cool Edit, and apply transformations to the wav - for example to stretch it out. Look at the file in spectral view, and try using FFT filters on it to zoom in on particular frequencies. One hint for obtaining note information is to select a position in the wav, perform frequency analysis on it, and then find a frequency table on the web to map them to notes.

The book below is a somewhat serious look at steganography unlike most challenge levels which are far more basic puzzles.