~ Fallite fallentes: Steganography for the masses ~
Version May 2005, in fieri
"Fallite fallentes", all the stego-tools and stego-explanations you may need :-)
Mmm, I see, you are leaving... you are preparing your seeker's rough sack... don't
forget the scrolls and wands he.
By the way... wait a moment, it is still early in the morning, and the following
you HAVE TO head
before adventuring further alone on the deep deep web...
Let's begin from the beginning. In a world that is getting more and more
intrusive on our private lifes, finding some (simple) methods to protect
our privacy is a sine qua non for the survival of knowledge spreading.
The society we live in recalls more and more "Fahrenheit 451", Ray Bradbury's classic,
frightening vision of a future where
firemen don't put out fires--they start them in order to burn books.
A society that holds up the appearance
of happiness and success as the highest goal -- a place where trivial
information and commercial crap is good, and real knowledge and independent
ideas are bad.
Hence the need to defend ourself. Seekers must have the means to communicate without
the clowns at Echelon snooping their messages
is a snooping
project paid by the
United States' National Security Agency (NSA) that
includes stations run by Britain, Canada, Australia and
New Zealand, in addition to those operated by the United States:
a block of anglophones elites helping
each other against the rest of the world and their own citiziens, as it seems... note that Ireland is not
part of it...
one could begin to wonder if England leaders
should be allowed to remain in the European Union, having
transformed a glorious european country into something that looks like a supine
'fifth column' of the United states :-)
As the (dutch) authors of contraband
wrote: " Steganography tools are the NSA's worst nightmare,
if you're smart you'll understand why...".
It is therefore a pleasure for me, in these
times of warmongerish madness,
to (try to) teach everyone in sight how to "deceive the deceivers".
The more people will learn these tricks, and the more those clowns will have to
work to snoop our private data, the better.
"In the information age, we need to re-learn a
very old lesson. Despite the sophistication of
21st century technology, today's e-mails are as open to the
eyes of snoopers and intruders as were the first crude radio
telegraph messages. Part of the reason for this is that, over
many decades, NSA and its allies worked determinedly to limit
and prevent the privacy of international telecommunications.
Their goal was to keep communications unencrypted and, thus,
open to easy access and processing by systems like Echelon.
They knew that privacy and security, then as a century ago,
lay in secret codes or encryption. Until such protections become
effective and ubiquitous, Echelon or systems like it, will remain
This said, let me point out once more that if you really need absolute secrecy,
the BEST "simple" privacy device is nowadays simply
uploading and downloading PGP encrypted files while
wardriving in a different part of the town
with a portable *you bought with cash* in another State, and that you use ONLY FOR THIS (of course spoofing its Wifi-MAC address, every time different,
But steganography will do almost as well, from home and without hassles :-)
The word steganography is derived from greek and means "coverted writing", from
stegein: to cover... the same root as in Stegosaur, a quadrupedal, herbivorous
ornithiscian dinosauar of Jurassic films celebrity and early Cretaceous times, well
known for being quite 'covered' through an armor of triangular bony plates on
his back spine.
Steganography is the art (and science) of communicating hiding THE EXISTENCE of
communication, in contrast with cryptography. Ideally, your enemies, or those
you are fighting against, or even your friends, should not even imagine
that there IS a message
concealed somewhere. This very characteristic makes steganography the IDEAL
science for hiding messages on the web, which is flooded by noise: non-significant
data. Your whole passwords and everything you need can without any problem be
hidden inside three or four 'fake' pages you'll have uploaded somewhere, with
images like 'my sister Sally and her favourite banana fishes' or whatever. You
will download all fake images from the web (web homepages are a never ending source
of incredibly dull lifes and fotographies :-), you will MODIFY them (the greatest
risk for steganography is the confrontration between the 'original' image, without
concealed message, and the 'steganated' image which contains a
message, of course), and only after
these modifications you will hide your concealed message inside them with one of
the many programs ad hoc.
Basically, using steganography, you can smuggle ("embed") any file, or set of files
inside a format ("cover" or "container")
which leaves the smuggled data untraceable and unreadable ("stego": the final
data containing both the cover noise and the embedded signal).
Be warned: you cannot trust all stego programs on the web, and you should
definitely NEVER trust any software you do not possess (or re-construct) the source code of.
See the bangla section for more info on gratis software you can trust.
If a security software does not explain how it works precisely,
don't trust it for serious purposes.
general searchers love working with programs (and onto programs) they have been
given the source
(or else have "reconstructed" it on their own :-)
I'm sure therefore that you'll
appreciate the presence of the source code for all these programs, this will also
allow you, if you feel like working a little, instead of just leeching ad nauseam,
to delve pretty deep inside all mysteries and vagaries of our applied and
advanced steganography. Who knows, maybe hundreds of small new steganographical
programs will blossom. Each one with a slight different embedding algo.
The NSA clowns, the Echelon wankers and all other slavemasters' lackeys
will definitely love this :-)
Data and files can be hidden inside graphic files,
inside music files,
or even inside executables files, so we will divide the applications
Cover: Graphic files
Here you have a link to my own copy of a JPEG graphic format steganograpical
utility: jphs_05.zip, by Allan
JPHIDE.EXE is a DOS program to hide a data file in a jpeg file.
JPSEEK.EXE is a DOS program to recover a file hidden with JPHIDE.EXE
Here you have a link to my own copy of a BMP graphic format steganograpical
CONTRABAND (version 9g,
by Hens Zimmerman and
Julius Thyssen... their web location is:
Choose a 24bit BMP (if you have no source to get one, you can create
one with 'paintbrush'), then choose any file you want and embed it
in the BMP, compare the generated BMP with the original, extract
the file from the BMP and compare the result with the original.
and you'll find there also THE COMPLETE SOURCE
CODE (in Borland C++ 4,5) of Contraband, which may be of interest for you.
You will find the new 'beta' version of contraband, ("hell edition"),
Here you have a link to my own copy of a GIF graphic format steganograpical
Hide and Seek (version 4.1), by
colin maroney. It's freeware,
and you'll find also
THE COMPLETE SOURCE
CODE (in Borland C++ 3.1) of Hide and Seek, which may be of interest for you.
Cover: Music files
MP3Stego will hide information in MP3 files during the compression process.
The data is first compressed, encrypted and then data hidden in the MP3 bit
stream. Although MP3Stego has been written with steganographic applications in
mind it might be used as a watermarking system for MP3 files. Any opponent can
uncompress the bit stream and recompress it; this will delete the hidden
information -- actually this is the only attack we know yet -- but at the
expense of severe quality loss.
"Hydan steganographically conceals a message
into an application. It exploits redundancy in the i386 instruction
set by defining sets of functionally equivalent instructions.
It then encodes information in machine code by using the
appropriate instructions from each set.
- Application filesize remains unchanged
- Message is blowfish encrypted with a
user-supplied passphrase before being embedded
- Encoding rate: 1/150
Hydan can be used to watermark (fingerprint) code,
sign executables, or simply create a covert communication channel."
Hydan, by Crazyboy.
Here you have a link to my own copy of wbStego4open.
Embeds data into bitmaps, text files, HTML files and PDF files.
wbStego4open is published under the GNU General Public License (GPL).
The source code (wbs43open-src.zip) is available for Delphi 5+ and Kylix 1+.
The program snow is used to conceal messages in ASCII text by appending
whitespace to the end of lines. Because spaces and tabs are generally
not visible in text viewers, the message is effectively hidden from casual
observers. And if the built-in encryption is used, the message cannot
be read even if it is detected.