Steganography: The Art of Hiding Secrets

Steganography is one of the complex fields in computer security. Its complexity comes from the limited resources that explain it because it is rare to find a course about it. However, steganography was always with the human beings. We just do not pay attention to it.

Steganography is the art and science of embedding secret messages in cover message in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. It is a combination of two Greek words which are steganos that means covered and graphia that means writing.

Historically speaking, it has been always with with human beings. For instance, messages between empires tend to be hide in messengers’ heads. In addition, human beings used invisible ink to write their messages in order to hide them. So, steganography is not related by definition to computer science. It has historic roots, and it played an important role in human communication and security.

If you read this definition, you might be confused about the difference between steganography and cryptography. Basically they have almost the same goal which is protecting a message or information from third parties. However, they have different mechanism to protect the information. Cryptography changes the information to unreadable piece of data which cannot be understood without an encryption key. So, it involves another concept which is keys for encryption and decryption. On the other hand, steganography does not change the format of the information. It just hide it from the third parties. It can be used anywhere and anytime just by telling to the other involved part in the communication process how to read or extract the information.

Technically, steganography conceals the existence of the message. It does not alter the structure of the secret messages , but hides it inside a cover-file so it cannot be seen to make the secret message unseen.  Cryptography tends to hide the contents of a secret message from malicious people. So, the structure of a message is scrambled to make it meaningless and unintelligible unless the decryption key is provided. Thus, cryptography encrypts the message but it can be seen.

In this article, I will mention two applications of steganography in two different filetypes. The first one is audio steganography where we will take an audio file which contains a secret message behind it, and we will try to analyze it. It can be seen as meaningless track, but it has an invisible meaning. It can be used in many application mainly in military and governments’ digital security. The second one is image steganography where we will hide a text file inside a picture. And then, we will do the reverse operation to extract the message.

The process of analyzing a modified audio, image or any filetype is called steganography analysis or steganalysis. Technically, it can be linked to another concept which is reverse engineering. It is the process of extracting a hidden piece of data in a different form of filetype. I made the comparison between steganalysis and reverse engineering because they have a common point which is seeing things from the back-end. In other words, it can be defined as breaking the encapsulation layer that is hidden from the end user.

Let’s take a look at an audio file which is basically a .wav file. You can download it it from here: https://www.dropbox.com/s/n4o3hdp9mfkadqf/WAVFile.wav?dl=0 .

It was a challenge in a CTF. You can find another audio file in one of root-me.org steganography challenges that can be solved with the same technique. If you listen to it, you will just hear some noise which is meaningless for us. However, if you use audacity or another audio analyzer software, you will notice that it is not the case. In my experience, I used an old program called gram. You can download it from here if you want to do the experiment: https://www.dropbox.com/sh/x29xyo2vyjv1e8e/AACSTHW_x2pxHpZ4C9caZWska?dl=0 . The environment in which I am running the experiment is Ubuntu Xenial Xerus with installed wine1.6 to run windows programs in Linux-based environment. When you analyze the audio file, you will see the secret messages which is “HackThis!!” in our case.

16176463_1639096633060956_773022007_n

So, you can see a hidden message in a meaningless audio file.

For the image part, a steganography challenge was detecting the used program in hiding a text inside an image. It was quite funny image.

16176958_1639099046394048_1787378066_n

The problem was to analyze two identical images. At this level, we will not talk about file signatures and file extensions. I believe I will talk about them in another article because they are involved in other fields. However, at this stage, I used winhex to analyze the Hexadecimal part of the image. You can use a text editor as well like gedit or notepad just to see the image from another perspective. I found a weird signature at the end of the modified image. This is the original image.

16145509_1639098339727452_1812386025_o

And this is the modified one. You can notice “CDN” at the end of the image.

16145878_1639098073060812_1357068692_o

I looked at this “weird” signature, and I found that it is the appropriate signature of a program called Hiderman which can hide a text file into an image. I used the same program to extract the message.

This was just an overview about steganography. I will try to talk about it in more depth in the upcoming articles. I believe it is an important field to know about since it is rarely covered in universities. It can change your way of seeing files as “cute” piece of data. On the other hand, they can contain secret messages or information.

Image Copyright: WonderHowTo http://img.wonderhowto.com/img/05/12/63537824039022/0/introduction-steganography-its-uses.1280×600.jpg

How to Make your localhost Online on Ubuntu?

I was working on a personal project with my friends. It is hosted on a virtual machine running under Ubuntu Xenial Xerus. And we reached the point where we should access it from other computers which are not in the same LAN in order to test it. I tried first to access it from the host which is running under macOS Sierra. However, I faced many problems with VirtualBox and bridged network since I am connected to a complex network infrastructure. It is not like the default configurations, so I succeeded just in make in visible to the host only which is useless in my case.

Then, I tried to access it from its external IP. It worked, but I needed to configure the router to allow NAT. This step was impossible for me because I did not have the necessary credentials.

I read about this issue, and I found an elegant solution.  I found two tools that allow exposing a local server behind a NAT or firewall to the internet. I will talk about the interesting and unlimited one in this post.

This tool is called ngrok. You can download it from here: https://ngrok.com.  In order to configure it follow these steps:

Step 1: Unzip the downloaded file.

Step 2: run the following command on your terminal ./ngrok help for documentation.

Step 3: run the following command on your terminal: ./ngrok http 80 to make http://localhost:80 accessible online. You can change the port depending on where your application is listening. Check if the firewall is allowing traffic on this specific port.

Step 4: You will see a link in the following form *.ngrok.io in your terminal. This is the link that you can share with your friend to access your localhost. It will be like the following figure:

16128859_1638857829751503_1966082053_n

You can also check the request and the connected devices to your localhost from the link: http://localhost:4040.

P.S: This steps were tested on Ubuntu Xenial Xerus running on VirtualBox.