Hydan
From Just Solve the File Format Problem
Hydan by Rakan El-Khalil is an open source steganography program that hides data in i386 applications.
BSD i386 ELF, Linux i386 ELF, and Windows XP PE/COFF are supported.
Encoding rate: 1/110
Message is Blowfish encrypted with a user-supplied passphrase before being embedded
It exploits redundancy in the i386 instruction set by defining sets of functionally equivalent instructions. It then encodes information in machine code by using the appropriate instructions from each set.
Links
- Archived Homepage
- Download v0.13
- Download v0.10
- NetBSD GitHub
- Hydan: Hiding Information in Program Binaries - original paper
- Information Hiding in Program Binaries (Blackhat presentation) (slides)
- Detecting Hydan- Statistical Methods for Classifying the Use of Hydan Based Stegonography in Executable Files
- Steganalysis of Hydan
- Description of how Hydan works - chapter from book "Malware: Fighting Malicious Code"
