Data Hiding/Embedding

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
 
(5 intermediate revisions by one user not shown)
Line 27: Line 27:
 
* [[Camouflage]]
 
* [[Camouflage]]
 
* [[Cloak]]
 
* [[Cloak]]
 +
* [[Clotho]]
 
* [[Data Stash]]
 
* [[Data Stash]]
 
* [[Data Stealth]]
 
* [[Data Stealth]]
 +
* [[DeEgger Embedder]]
 
* [[FileStegano]]
 
* [[FileStegano]]
 
* [[GRL RealHidden]]
 
* [[GRL RealHidden]]
 
* [[HideMyFile]]
 
* [[HideMyFile]]
 
* [[Hider]]
 
* [[Hider]]
 +
* [[Hiderman]]
 
* [[Masker]]
 
* [[Masker]]
 
* [[Max File Encryption]] (formerly X-EXE)
 
* [[Max File Encryption]] (formerly X-EXE)
Line 40: Line 43:
 
* [[Safe & Quick Hide Files and Folders (SQHideFile)]] (aka Secure Box)
 
* [[Safe & Quick Hide Files and Folders (SQHideFile)]] (aka Secure Box)
 
* [[Smuggle Bus]] - more sophisticated file appending
 
* [[Smuggle Bus]] - more sophisticated file appending
 +
* [[Steganofile]]
 
* [[StegoMagic (MrMugiwara)]]
 
* [[StegoMagic (MrMugiwara)]]
 
* [[StegoStick]]
 
* [[StegoStick]]
Line 106: Line 110:
 
* [[Zipped Steganography]]
 
* [[Zipped Steganography]]
 
* [https://www.codeproject.com/Messages/1453994/A-few-thoughts Discussion of more ways to hide data in Zip files]
 
* [https://www.codeproject.com/Messages/1453994/A-few-thoughts Discussion of more ways to hide data in Zip files]
 +
 +
 +
 +
== [[GZIP]] ==
 +
 +
 +
=== Links ===
 +
* [[GZSteg]]
  
  
Line 188: Line 200:
 
=== Links ===
 
=== Links ===
 
* [[BDV DataHider]]
 
* [[BDV DataHider]]
 +
* [[S-Tools]]

Latest revision as of 16:47, 11 November 2023

File Format
Name Data Hiding/Embedding
Ontology

Data hiding/embedding is a cruder form of Steganography that relies on not being noticed/looked for in the first place while true steganography tries to remain hidden even when actively being looked for.


Contents

[edit] Generic appending

Appending a file to the end of another often results in a file that continues to work as usual, with the file viewer/player ignoring the extra bytes at the end.

A common tactic to take advantage of this behavior is to manually append a zip/rar file to the end of a file. The resulting file will still open as regular, but any archiver will automatically detect and open zip/rar part.

In DOS/Windows command line, files can be appended by using the command:
copy /b host.jpg + hidden.zip combined.jpg

In Linux/Mac the command looks like:
$ cat host.jpg hidden.zip > combined.jpg

This can work with JPEG, GIF, MP3, some executables and more


[edit] Links


[edit] JPEG

There are two main approaches to embedding data in a JPEG file: using the EXIF headers or appending it after the end of image marker (FF D9)


[edit] Links


[edit] PNG

[edit] Links


[edit] BMP

[edit] Links


[edit] MP3

MP3 files are fairly tolerant of random data being added to the file, and not just the end, but also the beginning.

Hence wrapping an MP3 in a zip/rar with no compression will still be playable.

See also: MP3 wrapper


[edit] Video

[edit] Links


[edit] ZIP

[edit] Links


[edit] GZIP

[edit] Links


[edit] Office Open XML

Office XML (Microsoft Office 2007+ DOCX, XLSX, PPTX, etc) files are just ZIP files with other files inside. If you don't care about the file opening successfully afterwards, you can just add anything you want in there.

To get the file to open, you'll need to edit [Content_Types].xml so office programs don't complain about a corrupted file.

If you save any changes in the Office document after you hide a file, the embedded file will be lost.


[edit] Links


[edit] Microsoft Compound File

Older Microsoft Office files


[edit] Links


[edit] PDF

PDF allows embedding complete files in the actual PDF file.

PDF allows adding arbitrary objects anywhere (or almost anywhere) in the file.

PDF allows writing data between objects

PDF allows adding for example white text on a white background or text behind other objects.

Adobe's PDF spec allows at least 1K of fluff after the %%EOF marker (although ISO 32000 does not).


[edit] Links


[edit] NTFS Alternate Data Streams

NTFS provides Alternate Data Streams (ADS) for each file and directory.

You can create one from the command line:
echo hello > test.txt:stream

You can also copy an existing file into a stream:
type hidden.txt > test.txt:hidden.txt

To read the stream back:
more < test.txt:stream

They can also be opened directly in notepad:
notepad test.txt:stream


[edit] Links


[edit] Unused Disk Space

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox