GZSteg

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(Created page with "{{FormatInfo |formattype=electronic |subcat=Encryption |subcat2=Data Hiding/Embedding |released=1994 }} '''GZSteg''' by Andrew Brown and Ken Pizzini is a modification to the ...")
 
Line 6: Line 6:
 
}}
 
}}
  
'''GZSteg''' by Andrew Brown and Ken Pizzini is a modification to the GZip source code that enables hiding a file in a [[gzip]]
+
'''GZSteg''' by Andrew Brown and Ken Pizzini is a modification to the [[gzip]] source code that enables hiding a file.
  
 
gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following.
 
gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following.
  
If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value.  Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know. When the "-s" flag is not used gzip performs as normal.
+
If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value.  Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know.
  
You can hide about 1 Kbyte in every 100 Kbytes of uncompressed data
+
You can hide about 1 Kbyte in every 100 Kbytes of uncompressed data.
  
  
 
== Links ==
 
== Links ==
 
* [http://www.nic.funet.fi/pub/crypt/steganography/gzsteg.tar.gz Original source code patches]
 
* [http://www.nic.funet.fi/pub/crypt/steganography/gzsteg.tar.gz Original source code patches]
 +
** [https://ftp.gnu.org/gnu/gzip/gzip-1.2.4.tar gzip 1.2.4 source code]
 
* [https://dl.packetstormsecurity.net/crypt/stego/DOS/gzsteg.zip DOS port by Preston Wilson plus full source code]
 
* [https://dl.packetstormsecurity.net/crypt/stego/DOS/gzsteg.zip DOS port by Preston Wilson plus full source code]
 
** [https://web.archive.org/web/20000816182326/http://linkbeat.com:80/files2/csdpmi4b.zip CSDPMI to run under bare DOS (not DOS under Windows)] ([https://web.archive.org/web/19990427213909/http://www.rit.edu/~pdw5973/files/csdpmi3b.zip older version])
 
** [https://web.archive.org/web/20000816182326/http://linkbeat.com:80/files2/csdpmi4b.zip CSDPMI to run under bare DOS (not DOS under Windows)] ([https://web.archive.org/web/19990427213909/http://www.rit.edu/~pdw5973/files/csdpmi3b.zip older version])

Revision as of 01:12, 9 November 2023

File Format
Name GZSteg
Ontology
Released 1994

GZSteg by Andrew Brown and Ken Pizzini is a modification to the gzip source code that enables hiding a file.

gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following.

If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value. Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know.

You can hide about 1 Kbyte in every 100 Kbytes of uncompressed data.


Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox