We want a visually very similar image, such that when some common program saves it (or a crop/resize thereof) as bitmap, we get something extremely close to the bitmap in MOVIE.BMP. Since the image is promoting a movie, it is worth feeding it to a search engine accepting images, in hope to locate the base image used. The header is unremarkable, except perhaps that the 8 bytes for the horizontal and vertical resolution are zero. There is no extra data (a primitive form of steganography is to append the payload at the end of a file, where rendering programs typically ignore it). The 2764854 bytes consists of a 54-byte header (14-byte BMP header and 40-byte BITMAPINFOHEADER) followed by 1280x720 RVB components of 3 bytes each. All this prompts at steganography on low-order bit, or similar. Webmasters almost never uses BMP files that large, especially for an image promoting a movie, where JPEG easily saves an other of magnitude on bandwidth usage. On the particular problem: we are given MOVIE.BMP (2764854 bytes), a BMP (short for bitmap) file on a web page with a message hinting at stego in the image. Worth considering: perhaps few low-order bits are changed this makes conclusively proving the use of stego much more difficult, but worsens the already large bandwidth requirement.
exploit some known/guessed/assumed characteristic of the low-order bits in the base image (like their aforementioned correlation with nearby bits). somewhat get hold of the base image (that would typically apply to the receiver). In that case, we (and the intended receiver) need some information about the low-order bits in the base image. The stego replacing the low-order bits removes this correlation, and instead it is seen low-order bits exhibiting the statistical characteristics of those in the payload if uncompressed and unencrypted or seemingly close to uniformly random and independent otherwise.īut there can be other ways, including XOR-ing the low-order bits of the base image with the hidden information, as in a stream cipher. Detection is based on the fact that in natural images, the low-order bits are correlated with nearby bits (that is, the higher-order bits of the same pixel component, bits of any other color components of that pixel, and bits defining adjacent pixels). In that case, it is often possible to conclude that the image contains a steganographic message (and get at it, unless it is encrypted before insertion). In some systems, the hidden information is the low-order bits of the pixel components. In such system, the low-order bits of the pixel components (gray-scale or RVB or CYMK levels, typically stored as a binary number of 8 bits) are modified in some way to hold information this is hardly visible to the eye (especially on natural images with some degree of noise). One of the simplest textbook example of steganography in a bitmapped image (as opposed to formats providing lossy compression such as JPEG), is low-order-bit steganography. However I am unsure of the follow-up to this methodology, having extracted the byte difference into a separate file, no common file extension seem to yield any executables. How can we generically process to try attack this kind of problem, where we are given an image (especially, an uncompressed one), suspect a primitive form of steganography, and do not know the method (contrary to Kerckhoffs principles, but according to practice as faced by cryptanalyst, especially in the field of practical steganography)?įgrieu has given a few tips such as binary comparison after identifying and proceeding with proper conversion of a clean file to the same format as the encoded file. Steganography comes to my mind but despite several effort at cracking it, nothing works. 
The clue given to me was "anagram" although I could not make much sense of it. I've recently been linked by someone to this particular puzzle which seems to point to a hidden file within the image.
0 kommentar(er)
