GZSteg
Parchivist (Talk | contribs) (Created page with "{{FormatInfo |formattype=electronic |subcat=Encryption |subcat2=Data Hiding/Embedding |released=1994 }} '''GZSteg''' by Andrew Brown and Ken Pizzini is a modification to the ...") |
Parchivist (Talk | contribs) |
||
Line 6: | Line 6: | ||
}} | }} | ||
− | '''GZSteg''' by Andrew Brown and Ken Pizzini is a modification to the | + | '''GZSteg''' by Andrew Brown and Ken Pizzini is a modification to the [[gzip]] source code that enables hiding a file. |
gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following. | gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following. | ||
− | If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value. Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know | + | If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value. Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know. |
− | You can hide about 1 Kbyte in every 100 Kbytes of uncompressed data | + | You can hide about 1 Kbyte in every 100 Kbytes of uncompressed data. |
== Links == | == Links == | ||
* [http://www.nic.funet.fi/pub/crypt/steganography/gzsteg.tar.gz Original source code patches] | * [http://www.nic.funet.fi/pub/crypt/steganography/gzsteg.tar.gz Original source code patches] | ||
+ | ** [https://ftp.gnu.org/gnu/gzip/gzip-1.2.4.tar gzip 1.2.4 source code] | ||
* [https://dl.packetstormsecurity.net/crypt/stego/DOS/gzsteg.zip DOS port by Preston Wilson plus full source code] | * [https://dl.packetstormsecurity.net/crypt/stego/DOS/gzsteg.zip DOS port by Preston Wilson plus full source code] | ||
** [https://web.archive.org/web/20000816182326/http://linkbeat.com:80/files2/csdpmi4b.zip CSDPMI to run under bare DOS (not DOS under Windows)] ([https://web.archive.org/web/19990427213909/http://www.rit.edu/~pdw5973/files/csdpmi3b.zip older version]) | ** [https://web.archive.org/web/20000816182326/http://linkbeat.com:80/files2/csdpmi4b.zip CSDPMI to run under bare DOS (not DOS under Windows)] ([https://web.archive.org/web/19990427213909/http://www.rit.edu/~pdw5973/files/csdpmi3b.zip older version]) |
Revision as of 01:12, 9 November 2023
GZSteg by Andrew Brown and Ken Pizzini is a modification to the gzip source code that enables hiding a file.
gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following.
If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value. Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know.
You can hide about 1 Kbyte in every 100 Kbytes of uncompressed data.