Data Hiding/Embedding

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(Links)
Line 71: Line 71:
 
=== Links ===
 
=== Links ===
 
* [https://www.minitool.com/partition-disk/alternate-data-streams.html How to Create, Open, Detect, and Remove Alternate Data Stream]
 
* [https://www.minitool.com/partition-disk/alternate-data-streams.html How to Create, Open, Detect, and Remove Alternate Data Stream]
 +
* [https://www.threatspike.com/blogs/alternate-data-streams Exploring NTFS Alternate Data Streams from a security standpoint]
 
* [https://learn.microsoft.com/en-us/sysinternals/downloads/streams Streams] - finds files and directories with streams
 
* [https://learn.microsoft.com/en-us/sysinternals/downloads/streams Streams] - finds files and directories with streams

Revision as of 17:01, 28 August 2023

File Format
Name Data Hiding/Embedding
Ontology

Data hiding/embedding is a cruder form of Steganography that relies on not being noticed/looked for in the first place while true steganography tries to remain hidden even when actively being looked for.


Contents

JPEG

There are two main approaches to embedding data in a JPEG file: using the EXIF headers or appending it after the end of image marker (FF D9)

A common tactic is to manually append a zip/rar file to the end of a JPEG. The resulting file will still open as a regular JPEG in any image program, but any archiver will automatically detect and open zip/rar part.

In DOS/Windows command line, files can be appended by using the command:
copy /b host.jpg + hidden.zip combined.jpg

In Linux/Mac the command looks like:
$ cat host.jpg hidden.zip > combined.jpg


Links


PDF

PDF allows embedding complete files in the actual PDF file.

PDF allows adding arbitrary objects anywhere (or almost anywhere) in the file.

PDF allows writing data between objects

PDF allows adding for example white text on a white background or text behind other objects.

Adobe's PDF spec allows at least 1K of fluff after the %%EOF marker (although ISO 32000 does not).


Links


MP3

MP3 files are fairly tolerant of random data being added to the file, so the same file appending strategies for JPEGs can be used.

See also: MP3 wrapper


NTFS Alternate Data Streams

NTFS provides Alternate Data Streams (ADS) for each file and directory.

You can create one from the command line:
echo hello > test.txt:stream

You can also copy an existing file into a stream:
type hidden.txt > test.txt:hidden.txt

To read the stream back:
more < test.txt:stream

They can also be opened directly in notepad:
notepad test.txt:stream

Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox