[Written on February 24nd 2004 - Updated on March 10th 2004 and March 14th 2004]
Steganography strength (is it easy to see there is hidden data?): Low Cryptography strength (is it easy to recover the hidden data?): Low |
1. The softwaresA US company called 1nsight Concepts Inc is selling a variety of softwares, and that includes a few about security. More precisely, two steganography software. One is called C1oak (v7.0) to hide stuff into image files, the second one is called Data Stea1th (v1.0) to hide stuff into multimedia files (video, sound). The interface of their software is well done but so painfully slow that C1oak for example is not really usable on my old computer. Their website has a nice professional look. Both of them are sold for US$ 35 (download) or US$ 48 (on a CD). I broke both of them. It's getting boring, frankly. 2. A first look at the documentationThere is some snake oil on their website and presentation files, but it stays on the average level. A few examples, just for fun: - "Electronic steganography is a very complex and highly structured technology, and C1oak uses a more advanced form of steganography that will make your files virtually undetectable and also irretrievable as well"... Wrong, wrong, wrong, and wrong. Average steganography is a simple technology. C1oak uses an much simpler than average steganography technology. Your hidden files will be very detectable and very retrievable. - "that makes C1oak one of the most reliable secure forms of data protection in the world."... Do I really need to be cruel here? I broke it in less than one hour, without doing any reverse engineering, and I am an simple amateur. - Their encryption algorithms used are called "Scatter, Interlock, C1oak-256, Active, Particle, and Dynamic" and are "all very strong encryption algorithms"... The first rule of computer security is: if the encryption algorithm used is not cited, or developped in-house, and is not one of the few publicly known, studied and trusted strong algorithms, it smells bad. We don't really care anyway, because you can extract the data without breaking the encryption, just by overwriting the password by a new one. - "the option Enhance Encryption systematically scrambles your data after it has been encrypted to further secure your information"... Okay. Writing this phrase means two things: 1. they never read a book about cryptography, and/or 2. their in-house algorithms are really bad. Then there is this strange thing: Certificates. "Certificates are security templates that are used to encrypt and decrypt your data. Without the correct certificate, Data Stea1th cannot correctly decrypt your data."... What is that? A second key? Strong crypto algorithms don't need two keys. One is enough. 3. A first lookTo simplify things and go faster, let's say right away that both of these softwares use the same weak way to hide data. One is for images, the other one for multimedia files, but it's not important, because they both fuse the "hidden" data at the end of the files, a method unfortunately very simple, very bad and very popular, as we already know. The steganography routine doesn't care at all about what your file is (although these softwares are able to view/play the file, so at some point they check the format, but this has nothing to do with steganography). On my self-defined steganography scale, these steganography programs are category 1, the simplest method. An example of hiding a small text file (called "hiddenfile.txt") in a JPEG, with the only encryption algorithm available in the demo version ("Scatter"). The password is "a". I've put in color a few fields I could identified after playing around with these softwares for a dozen of minutes. Remember FFD9 is the marker of the end of a JPEG file:
So, as we can see, some typical errors here, I will just go fast because I'm bored to explain for the hundredth time that: 1. Data fused at the end of a file is easily accessible for everybody to see. 2. When the "hidden" data is formatted nicely, with fields, size of each fields, etc, then an attacker can very easily find this "hidden" data automatically. 3. If you include the password alongside the hidden data, then everything is useless, the security is zero. Ah well, here it's not the password, but its MD5 hash. So, if you want to retrieve the "hidden" data, just replace the MD5 in this field by the password of your choice. Pooof. Cracked. End of story. Next one, please. 4. But I don't see any understandable data here?Ah yes. I forgot to mention that everything is scrambled with an extremely simple fixed substitution algorithm. The changed are resumed in this table. You can see it's regular and simple. The numbers and letters you will need for the MD5 encoding are in yellow.
With this table, we can now decode by hand what was for example in the "Name of file" field above. The first " 90 91 9C 9C 9D 96 9E 91 94 9D D6 8C 80 8C h i d d e n f i l e . t x t Which is the name of the hidden file. But we don't really care about that. It's just to demonstrate the weakness of the cypher used here. More fundamental is the MD5 field, which is stored in a weird overbloated format, but nothing surprises me anymore these days. The first " C89B9BC9CFCD9AC19BC89EC99ACE99C0CBC99BCBC1C19DCACEC1CFCFCACECEC9 0 c c 1 7 5 b 9 c 0 f 1 b 6 a 8 3 1 c 3 9 9 e 2 6 9 7 7 2 6 6 1 This is the MD5 for the string "a", as we already know it from here and you can still calculate it with good free tools like HashCalc. 5. So how do we extract data we don't know the password?I'm too bored to code a program for that. Here is how to do it by hand: 1. Calculate the MD5 of your favorite password. For example, the MD5 of the string "1" is " 2. Translate it in C1oak / DataStea1th substitution alphabet. For example, the above MD5 becomes " 3. Find the password MD5 field in your file containing "hidden" data. A first idea that comes to mind is to do a search for the bytes "20 00 00 00" for example, as a MD5 is always 128 bits, and so 16 bytes, so this field will always be 32 bytes. Be careful, there are two fields with the same size, see the hexa dump above. 4. Overwrite the MD5 bytes with the new ones, with an hexadecimal editor. 5. Extract your data with C1oak or Data Stea1th, entering the new password "1". Et voilą. Have a nice day! Guillermito, February 24th 2004 |