lifehacker.com — Remember those invisible ink kits from when you were a kid? You'd write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better.
Jan 24, 2007 View in Crawl 4
ceriumJan 25, 2007
If you have Mac OS X:Right click and show contents of one of your applications. Make a new folder and name it like one of the others. Something like "Resources". Put your stuff in here. It is not searched by the OS search tools. You can put anything in there like it was a normal file.
alanaktion343Apr 4, 2012
That would be great, apart from the fact that Mac OS X applications are just folders. Finder just hides the contents and loads the ICNS file to display as the icon, then runs the executable file when you open it. If you moved the application to a non-OS X computer or looked at it through another application, it's just a folder, leaving your "hidden" folder very exposed.
mahoneytJan 25, 2007
sweeet
donjaimeJan 25, 2007
Its fairly easy to find unencrypted text hidden in an image. You look at the least significant bits per pixel for high frequency noise (generally colors appear in patches). If you find it you might have a message.You try standard text encodings like ASCII or UNICODE and look for non gibberish. You repeat this moving to a more significant bit. If you automate this, in no time you can rip out unencrypted text. It gets harder if you use other types of binaries to hide stuff in.
luciddr34m3rJan 25, 2007
Sure, using the least significant bit is one way of hiding it, but if I choose to only use the least significant bit of only every other byte, or I use a pattern of some sort, it becomes much more complicated. There are different algorithms that hide data differently, not just the method of hiding in the least significant bit, although that is the most common way (the most common way people think about it anyway). Even then, stego detection tools can only make a guess of how probable it is that stego is in the specified file. And to top it off, every stego tool I used automatically encrypted my message! Also, you can store more than just plain text in files. For example, I hid a GIF image in a JPEG, and the GIF had text on it, but it would not be detected as ASCII even if you found the stego. Obviously, looking at the binary, you would see it was a GIF right off the bat, but you can't just assume that the hidden message is text...You are correct though, hiding files in other binaries is much more interesting, and can be much more difficult to find. Don't go thinking that there's only one way to hide data in an image though... there are hundreds of algorithms. Some are much much better than others.
jeromey11Jan 25, 2007
since on digg this program has been most used for!!!!!......hiding porn!
luciddr34m3rJan 25, 2007
You know, that's only half true... Knowing the location of the ADS is one way, or using a tool that locates an ADS also works. Many forensics tools do this (the ones I am familiar with all do). Alternate Data Streams aren't vulnerabilities in and of themselves! It was actually implemented for compatibility reasons. I hate M$ as much as the next Digger, but I like that these exist. It should just be documented better. Read up here for some more info: <a class="user" href="http://www.bleepingcomputer.com/tutorials/tutorial25.html">http://www.bleepingcomputer.com/tutorials/tutorial25.html</a> Also a Google search returns lots of good pages too: <a class="user" href="http://www.google.com/search?hl=en&q=alternate+data+stream&btnG=Google+Search">http://www.google.com/search?hl=en&q=alternate+data+stream&btnG=Google+Search</a>Used for storing meta data... not really a bad thing. You just need to know they exist if you want to set your foot anywhere near the security world. The only threat with ADS is ignorance.
biterJan 25, 2007
I've been using stego for years with S-Tools. How come it's not mentioned anywhere? It's the easiest tool to use.
precision4uJan 25, 2007
I've actually seen this in action - in a way, except they were trying to filter out the images. Basically trying to corrupt any data that would hidden within a picture before it was sent out of a network. Cool stuff. I also thought I read an FBI article a while back on how they had had someone do a search, albeit a small sample, of images on the net, and found that it was not as rapant as they thought. To me though, this seems ridiculous, as there is no way to be 100% sure the image does or does not have steg in it since who knows what has been developed and is not in the public domain.
eelman99Jun 20, 2008
How to fuse .rar (type of compressed zip file) archives into .png (pictures) and thus hide them. This is useful for transmitting any kind of secret info, but beware, if the authorities get their hands on this file directly, they will probably figure it out.Summarized into easy steps!A. First you will need to download WinRAR archiver, search google, its a free program. If you already have this you can skip this step.B. Now you will learn how to make .rar archives. B1.Create a folder and name it anything you want.B2.Fill it with a few secret goodies.B3.Right click it and a menu will come up with a bunch of things including "add to .rar".B4.Click that and a compressed file will be created in the same location as your original file. It can take a while.B5.Ta da! Its doneC. Now you will learn how to make the FUSION program, dont worry, its super easy.C1.Copy and paste this entire text in between lines (not the lines) and paste it into a blank notepad.------------------------------------------------------------------------------------------------------------------REM v 2.0 > bipedal0@gmail.com@echo offcolor 0ccd C:if exist FUSION goto FUSIONTRUEmkdir C:FUSION:FUSIONTRUEcd C:FUSIONclsecho Bipedal's JPG/PNG + RAR Fusion scriptecho.echo.echo PUT 2 FILES TO BE FUSED IN "C:FUSION"pauseclsif exist *.rar goto RARclsecho ERROR: RAR NOT FOUNDpauseexit:RARif exist *.jp*g goto JPGif exist *.png goto PNGclsecho ERROR: IMAGE NOT FOUNDpauseexit:JPGcopy /b *.jpg + *.rar FUSED.jpgclsecho JPG/RAR FUSION COMPLETEpauseexit:PNGcopy /b *.png + *.rar FUSED.pngclsecho PNG/RAR FUSION COMPLETEpauseexit------------------------------------------------------------------------------------------------------------------C2.Click (x) and save your notepad into your main drive (C:) as "fusion.bat", not "*.txt"C3.Voila, thats the program!D. Now you will learn how to actually fuse .rar and .pngD1.Create a new folder in the (C:) drive and name it FUSION (capitals)D2.Place your previously made .rar archive into this folder as well as a .png image of your choice, i prefer kittens :PD3.Exit the folder and find your "fusion.bat" program, it should be in the same location (C:)D4.Click it "fusion.bat"D5.Click on the screen that pops up and press any keyD6.Wait for it, if your .rar was big it can take several minutesD6.Cest fin! Your new fusion of the two files will look like a picture named FUSED.png (rename it if you want) and will open into a picture if you click on it.E. Now you will learn how to acces your hidden filesE1.To retrieve your goodies, right click on the FUSED.png and choose "open with" and "choose default program"E2.A window will open, click the little arrow on the "other programs" buttonE3.Uncheck "Always use selected program to open this kind of file" (its at the bottom of the window)E4.Scroll down in the window and choose "WinRAR archiver"E5.Click ok.E6.A new window will open. Click "extract to" and chose where you want to open your secret goodies. An annoying little advertising window might open, just close it and ignore.or use "copy B source.gif+source.zip target.gif" in the cmd.exe
alanaktion343Apr 4, 2012
Sadly, newline characters don't work in Digg comments, so that script won't work. Just google "Fusion Script" and you'll find one with the correct line structure.
pokhoDec 21, 2008
Aphex Twin also put a picture of his face into one of his tracks..<a class="user" href="http://www.kempa.com/2004/05/03/more-musical-steganography/">http://www.kempa.com/2004/05/03/more-musical-stega ...</a>
hylasMay 20, 2010
The link in the article "favorite steganography tricks" mentions "Pict Encrypt", really, don't.Nothing screams more I'm "stegging" this .pict, than XX year old half attempts.Try this, I've looked for years for something competent for the Mac, this is it:iSteg 1.5<a class="user" href="http://www.hanynet.com/isteg/index.html" rel="nofollow">http://www.hanynet.com/isteg/index.html</a>Quite brilliant, but if "saved over" the Steg becomes moot.