Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Hiding data in images

By joostje in News
Sat Jul 22, 2000 at 01:50:01 PM EST
Tags: Freedom (all tags)

With imghide you can store any data in an innocent looking image, for example the DeCCS code in an image of the Statue of Liberty. It's pretty simple, but opens a lot of possibilities. You can make people distribute DeCCS code without them knowing it, or, maybe you are already unknowingly distributing code? Scary...

The way it works (just storing the data in the lower bits of the png image) is so simple that it must have been done before already. But I haven't yet heard about people acutally using this to do fun things (like distributing DeCCS in the statue of liberty). Nor am I aware of any discussion about who is guilty if you are unknowingly distributing illegal data with images you pulled from the net.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o imghide
o Also by joostje

Display: Sort:
Hiding data in images | 44 comments (32 topical, 12 editorial, 0 hidden)
Wonder about the ethics (2.00 / 1) (#5)
by Knile on Sat Jul 22, 2000 at 10:39:26 AM EST

The author's right: it is pretty scary what could be done. Having people unknowingly distribute code, especially controvery-causing code like DeCSS, is awfully sketchy... How would you feel if somebody placed in your briefcase a set of documents with criminal nature (knocking off so-and-so, terrorist acts, etc.)? It's very similar. If someone tucked a nice little virus into nakedgirlypicture.jpg and they passed it on to you, and so on down the line, Real-life parallel for that might be if someone sprinkled strains of Mad Cow on the burgers you were serving at your barbecue. Like all these other "new & wonderful" technologies (e.g. human genome mapping, MP3, etc.) people need to sit & meditate for a bit about good ideas vs. bad ideas for how to use this stuff.

Re: Wonder about the ethics (none / 0) (#9)
by acb on Sat Jul 22, 2000 at 11:05:03 AM EST

yeah, thing which concerns me is how this be used against innocent people so easily. Call me paranoid, but hey :P
Government puts pretty picture on website (say in http://www.pm.gov.au/) and puts "confidential" data on the machine, then ASIO (if they find there way out of the forest) come and bust you down and steal your computer, mars bars, women, arrest you, tease you, give you 15 seconds of fame et al, simply cause you got some of their bad shit.

Of course this is "extreme" and they'd be dopey bastards to bother with a thing like this, but yeah. "Bad" shit could be leaked out of "high-security" places into your hands, and you get em chopped off cause you were looking at a nice piece of pr0n

</paranoid hat>

I could see uses for this sort of technology for nerdish (stereotype, sorry guys'n'gals) people to scan in pics of people and embed lots of info into the pic about them :P

ps: i refer to .au things cause that's where i live :P
--- acb #kuro5hin
[ Parent ]
Re: Wonder about the ethics (none / 0) (#23)
by SPUI on Sat Jul 22, 2000 at 07:52:48 PM EST

Except that in your mad cow analogy, everyone that eats the burgers gets infected. In this case the virus is only activated if you take it out deliberately.

[ Parent ]
Not as Sketchy as all That (4.00 / 1) (#31)
by Crutcher on Sun Jul 23, 2000 at 09:12:55 AM EST

This is a bit of information theory, but basicaly, messages are created by the reader. Unless the reader has the ability to recognize a message frame, there is no message for that reader. So there is no real problem with distributing 'hidden' messages, if the readers to who you distribute them cannot reasonably be expected to be able to recognize the message frame.

And stuff.

Crutcher - "Elegant, Documented, On Time. Pick Two"
[ Parent ]
Why just images ? (3.00 / 2) (#13)
by ejf on Sat Jul 22, 2000 at 12:15:25 PM EST

[sorry, posted this as a editorial comment by mistake before]

Steganography is in interesting field IMHO. But why limit yourself to something as obvious as a picture (after all, it DOES seem suspicious if a picture of the statue of liberty would be exchanged a few thousand times amongst a select group of people ... you DO have to know how to decode it as well ;-).

You could hide data in voice communications, music, HTML code, indenting of C code, spaces in between words, links, DNA, and any number of other things (magic ink, anybody ?). Its far less conspicious if you have a little voice-chat over the net and hide data in the stream than sending back and forth that have seemingly no connection to each other or to you (well ... you could always send the pictures from the last vacation :).

Combined with cryptography, this is a very powerful tool. Ciphertext is usually not distinguishable from line noise, and inserting that into another data stream would probably just create that - random line noise. This is very useful in countries that actively spy on their citizens and assume you to be hiding something if you use cryptography to protect your privacy (and your life). Examples of this would be China and the U.S.A. ...

In reply to the author : Yes, it has been done before. And I bet that the DeCSS sourcecode is floating around in some popular image by now. Problem is, nobody knows how to decode the data, and thus it is just line noise :)

--- men are reasoning, not reasonable animals.
Steganography (5.00 / 1) (#14)
by Gadget on Sat Jul 22, 2000 at 02:44:38 PM EST

To the author, as others have pointed out, this is a very old trick. It is typically done using pictures, and simply setting the least significant bit from each pixel to be a bit from the "hidden" data. There's a couple of things to remember tho. If everyone hides data using similar tools/protocols, it's not really "hidden" anymore. This is where encryption comes in. One important thing to remember, tho, is that in order for your data (either the data you're hiding or the data of your original image/sound/movie/whatever) to remain a valid file, you can't use a lossy form of compression for the file you're hiding data in. So you're stuck using formats like PNG and GIF. Then you have to worry about the data being noticed. If you use 8-bit color in your "cover image", the changing ANY bits is going to have a fairly significant (and thus obvious) effect. So your 8-bit picture with only a few colors, that compressed down very effectively, will become a very ugly, very large, essentially uncompressible file. Using more bits of color would make the noise unnoticeable, but if you wanted to use 16 bits, you've gone from a 7:1 image to data ratio to 15:1. Although.. hm.. 16 bit color is not truly 65k colors, the last bit is usually just alpha anyway... so your image wouldn't degrade at all. You might even be able to use one of the actual color bits, thus bringing your ratio back up.. that seems a bit "magical" tho.. hm.. (I think the color would degrade too much.. that's a good question tho, but it's not my point..) You could use 32-bit color and use all the extra alpha bits for signal.. Anyway!

An idea you could try is instead of keeping perfectly, bit for bit, valid data hidden, you could hide lossfully-compressed files. So yeah, no text files (actually I'm working on a lossy text compression app as a joke.. :). But you could hide other things and get greater savings.

There's shortcomings involved in steganography. Here's an idea I've had for a while tho, that I'd love to try one day (someone beat me to it please!). The idea is to basically hide HTML files inside images. The hidden HTML would be encrypted (and compressed :). This is nothing new so far. It gets interesting when you create, say, a web-browser plugin that automatically detects images with messages in them. If you have the necessary key in your keyring, it gives you a link to the hidden HTML. Click the link, and it automatically takes you to the "invisible" page. And that webpage has links to other pages, hidden in other pictures. So I could put up a website on Geocities, and fill it with pictures of my cat, computer, car.. Then I give each of my friends the keys they need to access them. They now have access to an entire website that is completely invisible to everyone else. Sure, it's not SSL, but I'm sure there could be some cool uses for it. :)

Sorry for the long post. There's a few problems with steg, but you could do some cool stuff with it. :)

Re: Steganography (none / 0) (#16)
by BlacKat on Sat Jul 22, 2000 at 03:17:00 PM EST

If you wanted to go a further step register a domain with one of the 'alternate' TLD providers and host your hidden site there :o)

[ Parent ]
Duh... (oops ;) (none / 0) (#29)
by Gadget on Sun Jul 23, 2000 at 12:20:20 AM EST

Nevermind my silly comment about using 2 bits from a 16-bit color pixel.. I needed sleep! Yeah, that's it... ;)

[ Parent ]
Hiding in lossy formats (none / 0) (#37)
by Anonymous Hero on Sun Jul 23, 2000 at 07:51:50 PM EST

There are some handy tools (like JSteg) for hiding data in lossily compressed carrier images. The hiding is done during the lossy encoding process, not at the bitmap level of the image. You do not have to use a lossless carrier format to hide your data. I have also seen tools for hiding data in .mp3 files. Another nifty little tool is Scramdisk, which allows the hiding of data (in the form of a virtual drive like PGPDisk) in .wav files. I don't see what would stop you from burning your hidden-FS .wav files off to a standard audio CD, which could even be played in a normal CD player.

[ Parent ]
Great to hear I wasn't the first, but (none / 0) (#15)
by joostje on Sat Jul 22, 2000 at 03:15:31 PM EST

Ah, great to hear I wasn't the first, and that there are many more people working on steganography.

But still, after quite a long time in the free-source/debian/internet community, I never heard of it, and also loads of kuro5hin users +1-ed this story, so they apparently also didn't hear about it before.

Could this then serve for the `newer' users (counting myself with about 3 years of `free-source' time as newbee) to tell them about steganography?

Also, after a (admittedly short) search I didn't find free tools for steganography tools for pictures (only for audio files), so maybe my little tool could serve at least to for that.

Anyway, thanks, kuro5hin community, for teaching me a lot!

DeCSS source code was hidden in an image here (3.50 / 2) (#18)
by xyzzy on Sat Jul 22, 2000 at 03:30:13 PM EST


Re: DeCSS source code was hidden in an image here (5.00 / 1) (#22)
by fluffy grue on Sat Jul 22, 2000 at 05:21:09 PM EST

Thanks, I was actually only coming to the comment section to mention this, but someone else did it for me. I guess my little half-hour hackjob has gotten to be more popular than I thought. :)

My enstegging/destegging process does change the md5sum of a .tar.gz file, since it assumes that your tar utility will exit after it's finished unarchiving (most do), but it's also much more difficult to tell that there's hidden data in the image (since the lowest bit exists for the whole thing). Also, mine just uses PNM files so you can use any of the standard netpbm utilities and use any image format you want (assuming that the compression works out to be lossless; in the case of .gif this isn't the case unless it's a greyscale image though). Also, the two example images of mine have the decryption source *in the image* (what good does it do if you just encrypt it and don't give any simple way to decrypt it?) though there's no reason this has to be the case.

Again, I just did the 'Not the DeCSS Source' thing as a half-hour hackjob just to show how easy it is. It can be used for anything, and should be easy to modify to work with many sorts of data as well (such as .au files or whatever).

Of course, this imghide program is much more user-friendly and deals with PNGs directly. The former is a feature, though the latter is IMO a bug. :) Theoretically one could fix my stuff so that it behaves as just a normal part of a PNM transformation pipeline, though I've been too lazy to do that (not that it'd be at all hard to fix), and that way would be much more powerful and the like IMO.

Anyway. Thanks for the ego boost. :)
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Re: DeCSS source code was hidden in an image here (none / 0) (#26)
by krach42 on Sat Jul 22, 2000 at 11:37:22 PM EST

*laugh* I was only going to comment that it was there, too, because he said he didn't know of it being done, but I was guessing that you had already covered it, because you seem to read Kuro5hin all the time.

BTW, Fil should be fine, and the flower in the fridge is for Sarah, so don't eat it!
Krach42, the universe's most death-resistant entity. *** VACUUM BAD!!! ***
[ Parent ]

Re: DeCSS source code was hidden in an image here (none / 0) (#35)
by fluffy grue on Sun Jul 23, 2000 at 04:23:38 PM EST

Actually, I had to feed Fil, because you left his food dish completely empty and he was starving. He's also almost completely out of food now.

(For anyone who's wondering wtf we're talking about: krach42 is my housemate, and Fil is the ferret he's "taking care of.")
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Conspicuousness (3.00 / 1) (#19)
by PresJPolk on Sat Jul 22, 2000 at 03:36:54 PM EST

If you're worried about eavesdroppers getting suspicious about the number if images you're exchanging, do it a different way:

If you and the person you're communicating with both set up web pages, both with an "image of the week" or whatnot, then you get a perfectly valid excuse to be sending images frequently. Then use the picture of the week to carry your messages. Since the images are transferred via the web servers, that also adds a slight amount of indirection to your communications.

Yup, it's a little work coming up with new images, but it's a lot more work being interrogated by the secret police. :-)

Re: Conspicuousness (5.00 / 2) (#24)
by Christopher Biggs on Sat Jul 22, 2000 at 09:33:13 PM EST


A web cam is basically a continuous near-random data stream, into which you can insert steganographic messages at prearranged times (just like the enigmatic "numbers channel" radio broadcasts).

[ Parent ]

Re: Conspicuousness (none / 0) (#44)
by robin on Mon Jul 24, 2000 at 06:07:56 PM EST

Check out the 12 hour ISBN JPEG project -- maybe this is already under way...


Updated every 12 hours, make nice wallpaper (I tint and maxpect them with a Perl script), seemingly harmless, but could they be the product of a stego numbers station..?
W.A.S.T.E. (do not antagonise the Horn)
[ Parent ]
Neat application for steganography (4.00 / 2) (#20)
by Skippy on Sat Jul 22, 2000 at 04:09:52 PM EST

Is the steganographic file system.. It allows you to steganographically hide data on your drive in the data which already exists there. IIRC the amount of data on the drive must be at least 3x the amount of data you want to hide in it. I have not tried this so this is not an endorsement, simply me saying, "neat".

On the other hand, I'm beginning to think I need to start encrypting or (what's the verb for steganography?) my data. I don't have anything I'd normally need to hide, but these days everyone's a data peeping tom.
# I am now finished talking out my ass about things that I am not qualified to discuss. #

Re: Neat application for steganography (none / 0) (#32)
by Anonymous Hero on Sun Jul 23, 2000 at 09:18:57 AM EST

One of the problems with the stegFS as I understand it, is that you can lose the data, even i you use it properly. Something to do with thresholds. That made me reject it as a system, if data is worth hiding its worth keeping. Not sure if we are talking about the same system but its the one Ross Anderson did.

[ Parent ]
Some problems (5.00 / 1) (#21)
by scheme on Sat Jul 22, 2000 at 05:19:48 PM EST

This was discussed recently on sci.crypt and a few problems with using steganography were raised. First, you really need to encrypt your data since information hidden in the low order bits will stand out. Even this isn't enough since the encrypted data will not have the same distributions as the original low order bits. This means that you either have to accept the fact that other people may discover the existence of the message (which may be unacceptable) or somehow massage your encryptors to create the right sort of distributions (which is difficult).

Another problem with steganography is that it requires a lot of bandwidth. Assuming you get 1 bit of information for every 15 bits of noise, you'll need a fairly high bandwidth connection to routinely pass around information.

One of the biggest problems with steganography is that who you talk to is often as useful as what you talk about to others. If you're being watched then the people watching may be able to obtain a lot of by the people you talk to and the timing of these conversations. For example if you are a group of terrorists and the FBI is observing you, then a bunch of messages before a bombing occurs would probably indicate to them that you had something to do with it and the people the messages were sent to would be other people in the cell. By monitoring the people you talk to and the frequency and length of the messages that are exchanged over a period of time people watching you may be able to get quite a lot of information.

Although steganography is neat and all, it really doesn't hide information very well in reality unless you also use another channel. For example, you create a bunch of gifs or pngs with messages, upload it to a free homepage using a public computer, and then somehow indicate to the people you want that it message is at the homepage (e.g. have them check the web page every week or something). Steganography is useful for one time or infrequent usuage since it doesn't seem very unusual to exchange pictures every once in a while but emailing pictures or wavs every day is odd. It's also useful if you can embed several files in a filesystem and then pull out non incriminating ones if someone demands it but thats a slightly different matter.

"Put your hand on a hot stove for a minute, and it seems like an hour. Sit with a pretty girl for an hour, and it seems like a minute. THAT'S relativity." --Albert Einstein

Re: Some problems (none / 0) (#30)
by Chris Andreasen on Sun Jul 23, 2000 at 01:22:24 AM EST

A picture with lots of color might be difficult to disguise data with, but what about a greyscale image of a plain old paper document? Seeing as how photocopiers tend to leave lots of random dots and blotches all over your copies, it would look rather innocent if you were to hide a message in it and use some fax software or something to send it.
Is public worship then, a sin,
That for devotions paid to Bacchus
The lictors dare to run us in,
and resolutely thump and whack us?

[ Parent ]
Re: Some problems (none / 0) (#33)
by scheme on Sun Jul 23, 2000 at 12:38:08 PM EST

Although the black and white picture may be noisy and full of dots, the distribution of the dots is probably going to be different if you use encrypted data. The normal noise may not be entirely random but have a tendency to appear near letters or something like that but the encrypted data will not. By examining the low order bits and analyzing its distribution, you may be able to determine that a message is hidden in the image. This information may be as important as the contents of the message itself.

"Put your hand on a hot stove for a minute, and it seems like an hour. Sit with a pretty girl for an hour, and it seems like a minute. THAT'S relativity." --Albert Einstein

[ Parent ]
Re: Some problems (none / 0) (#43)
by Anonymous Hero on Mon Jul 24, 2000 at 04:43:55 PM EST

upload it to a free homepage using a public computer, and then somehow indicate to the people you want that it message is at the homepage

I'd suggest using a public computer to post it to Usenet, in one of the binaries/porn groups. Set it up as spam for a porn site. Degraded image quality is par for the course.

Since Usenet messages are effectively broadcast and copied widely throughout the net, it should be more difficult to discover someone receiving the message. Free hosting sites are somewhat more centrally located when compared to the thousands and thousands of news hosts that could be used to retrieve the data.

[ Parent ]

Just an idea. (none / 0) (#25)
by Anonymous Hero on Sat Jul 22, 2000 at 10:12:04 PM EST

This may sound dumb, but how about a system that uses two keys: one containing a list of urls pointing to dynamic pages (stories on news sites, pics of the day, etc.), and another consisting of the coordinates of each letter or word the corresponding page. After a doy or so the keys would be totally useless. There would of course be some kind of engine that, given a list of urls, would piece together the keys. Yeah, the more I think about it the dumber it sounds, but it could be a start to something similar.

Re: Just an idea. (none / 0) (#38)
by Anonymous Hero on Mon Jul 24, 2000 at 07:16:39 AM EST

Perhaps you're interested in secret sharing. Using Shamir's scheme, you can create multiple keys that, separately look like random noise, but can be combined (or some subset combined) to recreate the data. I think this would be a great thing for freenet to layer on top of its data decentralization.

In short, for a block, each key contains a point on a polynomial, and f(0) is the key. You can get it by interpolation using the keys you have, if you have enough. Typically, the polynomial's over a Galois field instead of modulo some prime, because that way you can use GF(2**n), which packs things neatly into bytes.

[ Parent ]
JPG's and MP3's (1.00 / 1) (#27)
by krach42 on Sat Jul 22, 2000 at 11:55:36 PM EST

I don't know if anyone has commented about this yet... but I remember seeing a page with an MP3 embedded in a JPG image. Now, this is hardly startling since they use the same file format, just with different information headers, so that the conversion process from JPG -> MP3 involved merely changing the extention. This is a very lame way to hide your MP3's, especially if the picture is small, but the file is big... (a bit unusual) or even at all, a large picture is still going to have a lot of MP3 data in it (for any decent song that you'd want to hide)

Still, this was an interesting topic to me at the time that I found the picture.
Krach42, the universe's most death-resistant entity. *** VACUUM BAD!!! ***

Re: JPG's and MP3's (none / 0) (#36)
by fluffy grue on Sun Jul 23, 2000 at 04:29:28 PM EST

Uh, what makes you think they're the same format? The fact their extensions both end in 'PG' and the fact that both of them primarily use DCTs in their CODEC?
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Re: JPG's and MP3's (none / 0) (#39)
by ksandstr on Mon Jul 24, 2000 at 12:37:20 PM EST

MPEG audio layer 3 uses FFT, not DCT. Ogg Vorbis uses DCT. JPEG does, too.

[ Parent ]
Re: JPG's and MP3's (none / 0) (#42)
by fluffy grue on Mon Jul 24, 2000 at 03:54:28 PM EST

I thought MPEG-1 Audio Layer 3 used DCTs also. My bad. I don't see how this negates my point in the slightest though (namely that krach42 was assuming a lot of things based on vaguely circumstantial evidence).
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Re: JPG's and MP3's (none / 0) (#40)
by jovlinger on Mon Jul 24, 2000 at 01:31:27 PM EST

yaa. The jpg file format is very low-level, what with special quantisation tables that specify the length of each compressed 8x8 block. It would port very poorly to other content.

This in contrast to quicktime or MPG, which I understand are content-neutral file-formats. anyone want to back me up, shoot me down?

[ Parent ]

Outguess also provides steganography (none / 0) (#28)
by Anonymous Hero on Sun Jul 23, 2000 at 12:16:34 AM EST

Check out http://www.outguess.org. It just lets you hide data in JPG & PNM images, but is still pretty nice.

It's already in (int'l) kernel loopback filesystem (none / 0) (#41)
by Anonymous Hero on Mon Jul 24, 2000 at 01:51:08 PM EST

Um, this has been in the (international crypto) kernel loopback filesystem for some time. The only gotcha is you need to use a data format which can handle the low-order bits being tweaked.

Anyway, the first loopback filesystem does the stego embedding, and a second loopback filesystem does the encryption (to mask the hidden data). Over a year ago I hid a copy of the Bible (one of the most widely banned books in history) and a small .jpg picture in a .wav file containing a Chuck Magione song - there was no perceivable difference even when using some very good headphones. It made an impressive demonstration - the embedded filesystem was over 4 MB in size, yet there was no perceivable performance hit when copying data into/from an encrypted stego filesystem.

One of the lesser-known tricks here is that you can hide information in multiple places - allowing you to hide a greater sin by confession of a lesser one. E.g., the low bit of every byte documents your affair with the bishop's wife, while the second-lowest bit of every dword contains information you really want to hide. Or that picture I hid within the song (pictures of the bishop's wife?) itself contains information hidden within!

Hiding data in images | 44 comments (32 topical, 12 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!