Home > IT, Security > Steganography Password Bypass

Steganography Password Bypass

January 11th, 2007 Leave a comment Go to comments

While this isn't software that I would consider "overly popular", I thought the idea behind a recent advisory was interesting.

The advisory introduced two things...

  1. A simply string of bytes that identifies image produced via this software.
  2. A method of opening any file without knowledge of the password and without any cracking or brute force methods.

I guess the first thing I should do is point out that the software involved is Steganography, an application which allows you to hide files and messages in other files, such as images and audio files.

The first thing that was introduced, the string of bytes, I found humourous. In the advisory they reference this string as being the hex string 30 00 0X FF FF, where X can be any character. The authors then provide two screenshots as part of their demonstration of the second item. In these images you can clearly see the following strings: 3B 00 02 FF FF and 30 00 02 FF FF. Which leads me to believe one of two things. They misplaced the X, or they jumped to conclusions during testing. The actual pattern should be either: 3X 00 02 FF FF or 3X 00 0X FF FF. I don't have access to a Windows box at the moment (the software only runs on Windows), so I will have to confirm one of these patterns at a later date.

The second item is the really interesting one. A simple process is provided in the advisory:

Proof-of-Concept (THIS WILL WORK ON HIDDEN MESSAGES and HIDDEN FILES)

Step 01

  1. We use a file cover (carrier file) called "picture_original.jpg"

  2. We will hide inside it a message "Hello Adonis"

  3. We will use a password "aaaaaa"

  4. We generated the steged file we will call it "picture_with_hidden_msg.jpg"

Step02

To access the hidden message WITHOUT the original password "aaaaaa" we will do the followings:

  1. We will use any other picture file say "mypicture.jpg"

  2. We will hide inside it a message "WHATEVER"

  3. We will use a password "a"

  4. We generate the steged file we will call it "mypicture_steg.jpg"

  5. We will open Both pictures in a hex editor

  6. We will replace the last 20 bites of " picture_with_hidden_msg.jpg" with the one from mypicture_steg.jpg

  7. We will Save the picture "picture_with_hidden_msg.jpg"

  8. We will open "picture_with_hidden_msg.jpg" with (steganography application 1.7.x 1.8) using "a" as password. YES we overwrite the password with something we know.

I find this funny... or sad. I'm not sure which. We live in an age where security is constantly being discussed, where data breaches are headline material. Yet we have a company out there that treats the entire world like idiots... There are more advanced and in depth methods that they could be using to secure these files, yet they rely on something so simple. In a world of "Month of X Bugs", Full Disclosure and profitability in vulnerabilities and exploits, they might have well left the password in plain text.. Or stored it with the string "This is the password: " in front of it.

We all know the expression, "It's like a lock on a door, it's there to keep the honest people honest". Well in a time of alarm systems, motion sensors and video surveillance, SecureKit has given us a privacy lock for the bathroom door.

Categories: IT, Security Tags:
  1. No comments yet.
  1. No trackbacks yet.