lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070106193921.759.qmail@securityfocus.com>
Date: 6 Jan 2007 19:39:21 -0000
From: thesinoda@...mail.com
To: bugtraq@...urityfocus.com
Subject: Cracking Steganography Application in less than ONE minute

Good day

Direct Link to Advisory
http://homepage.mac.com/adonismac/Advisory/steg/steganography.html

Affected Product
================
Steganography 1.7.1 and 1.8 (latest). http://www.securekit.com/hidefiles.htm


Bug Type and Date
=================
Type: Bad Design
Date: 01/06/2007

Bug Results
===========
Cracking encrypted steganorgaphy files without any bruteforce.

Bug Description
===============
You can crack steganography encrypted files very easy in fact in less than one minute. The problem is similar to the bug I found in PGP last year.


First you have to identify the steged files. Steganography application leave a footprint after you stego a file.

If you look at the end of your steged file you will notice it will end with 30 00 02 FF FF. So a simple HEX search will reveal all steged files. 

So now we have identified the steged, the next step is to access the HIDDEN message without cracking the password. Here is how
 

Proof-of-Concept
================

Step 01
========
1- We use a file cover (carrier file) called "picture_original.jpg"

2- We will hide inside it a message "Hello Adonis"

3- We will use a password "aaaaaa"

4- We generated the steged file we will call it "picture_with_hidden_msg.jpg"
 

Step02
======
To access the hidden message WITHOUT the original password "aaaaaa" we will do the followings:

1- We will use any other picture file say "mypicture.jpg"

2- We will hide inside it a message "WHATEVER"

3- We will use a password "a"

4- We generate the steged file we will call it "mypicture_steg.jpg"

5- We will open Both pictures in a hex editor

6- We will replace the last 20 bites of " picture_with_hidden_msg.jpg" with the one from mypicture_steg.jpg

7- Save picture "picture_with_hidden_msg.jpg"

8- Open it using a as password. YES we overwrite the password with something we know.


Simple hein !!!


Peace

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ