A Major design Bug in Steganography 1.7.x, 1.8 (latest)
 
Disclaimer

This material is presented for informational purposes ONLY. I do not condone or encourage vandalism or theft.

I do not accept any liability for anything anyone does with this information. So, don't shoot the messenger.

 

Remember: Use a computer in ways that ensure respect for your fellows.

 

 

Author

Adonis a.K.a. NtWaK0

Abed a.K.a. NoPh0BiA

 

 

Affected Product

Steganography 1.7.1 and 1.8 (latest).

 

http://www.securekit.com/hidefiles.htm

 

Quiz of the day... Is this  A:

  1. Hidden Feature?

  2. Hidden Backdoor for the Maker or others?

  3. Hidden Honest coding error?

  4. Hello No idea?

Answer: 1-, 2, 3, 4

 

 

Bug Type and Date

Type: Very Bad Design

Date: 01/07/2007

 

 

Bug Results

Cracking encrypted (steganography application 1.7.x 1.8) files without any bruteforce.

 

WHY LOSING TIME ON MATH AND BRUTEFORCE WHEN YOU CAN PLAY WITH YOUR HEX EDITOR :-).

 

 

Bug Description

Firstly, computer forensic investigators can take advantage of this bug to access file protected with (steganography application 1.7.x 1.8) without the knowledge of the original password. Now it is time to check your cold cases for steganography files.

 

You can crack (steganography application 1.7.x 1.8) encrypted files very easy, in fact in less than two minute. The problem is similar to the bug I found in PGP last year.

 

(steganography application 1.7.x 1.8) leave a footprint after you stag a file.

If you look at the end of your stagged file you will notice it will end with 30 00 0X FF FF. So a simple HEX search will reveal all stagged files.

 

So now we have identified the stagged file our next step is to access the HIDDEN messages or files without cracking the password, here is how.

 

Proof-of-Concept (THIS WILL WORK ON HIDDEN MESSAGES and HIDDEN FILES)

 

Step 01

  1. We use a file cover (carrier file) called "picture_original.jpg"

  2. We will hide inside it a message "Hello Adonis"

  3. We will use a password "aaaaaa"

  4. We generated the steged file we will call it "picture_with_hidden_msg.jpg"

 

Step02

To access the hidden message WITHOUT the original password "aaaaaa" we will do the followings:

 

  1. We will use any other picture file say "mypicture.jpg"

  2. We will hide inside it a message "WHATEVER"

  3. We will use a password "a"

  4. We generate the steged file we will call it "mypicture_steg.jpg"

  5. We will open Both pictures in a hex editor

  6. We will replace the last 20 bites of " picture_with_hidden_msg.jpg" with the one from mypicture_steg.jpg

  7. We will Save the picture "picture_with_hidden_msg.jpg"

  8. We will open "picture_with_hidden_msg.jpg" with (steganography application 1.7.x 1.8) using "a" as password. YES we overwrite the password with something we know.

 

Simple hein !!!

 

 

Step 01

 

Step 02

 

 

 

 

 

Peace to you all
 
 
Copyright © 2007 Adonis a.K.a NtWaK0