pureMango.co.uk
there's nothing about mangos or purity. It's just a name..It's important to keep your computer and your home secure, so accept nothing less than the best security equipment to protect you. Find the best security video cameras online to keep your home safe. Installing a surveillance camera system can protect you and your family, so look into surveillance cameras today.
Steganography in PHP
What? Am I insane? Officially, yes, but that's not important. This is a PHP script that can hide files in images. It takes a JPG and converts to PNG. It requires GDlib and is almost totally pointless.
demo - source
This script has almost no purpose; it is insecure in a number of ways (explained below), it is slow, and there are much better programs available. Lastly, I can see no reason that anyone would ever actually *need* PHP to perform steganography.
insecurity explained
Firstly, the script requires that you upload your secret file to my webserver, not only do you have no reason to trust me, but the file transfer could be sniffed, thus rendering the steganography pointless.
Assuming you could get around this (eg by using SSL on a trusted server), the actual implementation of steganography itself is actually very weak; notice that there's no built in encryption - anyone with access to your encoded image can simply pass it through the decode script and reveal the file. Additionally, the bitstream is encoded in a very boring 'left-right-top-bottom' way, so even if the attacker didn't know the details of the decoding, I suspect it would be fairly trivial to guess.
Anyway, like most of the code here, this is a 'concept' piece and not actually designed for a specific use. I wondered if it could be done, noticed that no-one else had done it, and decided to give it a shot.
Incidentally, if any steganography experts are reading this, some tips on steganographising jpegs would be appreciated :-)
If you're interested in 'real' (read: useful) steganography, the following resources offer a wealth of information.
jjtc.com/Steganography/
an authoritative resource providing detailed stego theory as well as downloads.
stegoarchive.com
what can only be termed a steganography portal
steganos.com
the leading commercial steganography company
cotse.com/tools/stega.htm
links to some of the many, many tools out there.
S-Tools
widely acclaimed windows steganography software suite. (free)
User Comments:Who: ferret
When: August 4th, 2005
Says: i gave it a "very good", but i'm a sucker for stego
---
from u24:
yeah, I keep meaning to improve the security by adding a password. (I'll probably have another bash at this tonight)
Who: Jon
When: August 25th, 2005
Says: Quality this. Had never heard of anything like this before. Thanks
---
from u24:
i was bored :-)
Who:
When: November 9th, 2005
Says: Not a bad script .. I wrote something very similar a while ago .. http://www.ooer.com/index.php?section=php&id=4
---
from u24:
very cool, I'll have to look at this in more detail. thanks for showing me this though.
Who: richard
When: May 13th, 2006
Says: Thanks for this fun script. I will be using it for some fun.
Who:
When: June 19th, 2006
Says: Hey, when I decode it, it just downloads and doesn't stop downloading, I got to 800mb d/l'ed from a 5kb file, something isn't right
and did you end up adding password protection?
Who:
When: June 19th, 2006
Says: it works in IE, just not FF
Who: killer0n3
When: July 23rd, 2006
Says: I support the earlier logic, why should anyone use a PHP version while u can make/compile an executable. better still get the precompiled executable.
---
from u24:
agreed - an exe would be much safer - I just wanted to see if it could be done in PHP :-)
Who: http://dotbeyond [.] com/News/article/sid=25 [.] html
When: August 9th, 2006
Says: It could be really useful for feed licensing.
http://dotbeyond.com/News/article/sid=25.html
Who: Master of the Dark Arts
When: December 6th, 2006
Says: if any steganography experts are reading this, some tips on steganographising jpegs would be appreciated
Place the secret data's bits into the JPG coefficients. Get hold of the JPG library and find the example JPG trans code. There is some example code in there for getting at the coefficients.
That should get you started :)
Who: psychward
When: December 6th, 2006
Says: On further thoughts, why bother with jpg. You can do secure stego into png. It uses zlib for it's compression.
The zlib can be modified for stego quite easily, but it's payload is small. However with png and the way it uses the zlib, there is a bit of mucking around with the restart markers and such.
That should get you started :)
---
from u24:
thanks, that's very useful. I'll have a more detailed look at some point. cheers!
Who: UeXThE
When: March 26th, 2007
Says: it's great script..
how if it's not just for JPG/PNG, how if we use BMP?
---
from u24:
yes, you could do it with BMP, easily. But I don't think PHP has the right functions for BMP. Search for "S-tools", it can hide files in BMPs or WAVs
Who:
When: June 19th, 2007
Says: I could see a reason for this - kinda. Think of it more to water mark an image. One could build this script to hide an unknown watermark - then end users could upload the image and the script would say if it was originally from your site. I don't know what would happen if the image was resized, I assume it would break the watermark? Also, one could write a web crawler to find images on the web, check to see if it's got your water mark, then provide a report.
Just a few thoughts :)
---
from u24:
yeah, the trouble is that it would be so easy to destroy the watermark, even unintentionally.
Who:
When: July 17th, 2007
Says: So what exactly does this do again?
---
from u24:
it hides a file inside a png image. You can open the image and you'd have no idea the file was inside it.
Who: UeXThE
When: July 20th, 2007
Says: what's steganograpgy algorithm/method U use for this application?bcoze I want to learn more about steganography for web aplication,but I use Least Significant Bit.What do U think about this?
---
from u24:
i 'designed' my own algo. It's about the most simple I could possibly have done it - Sorry, I'm not a stego-expert.
Who: Celso
When: August 2nd, 2007
Says: How can i get the file inside the picture?
thx
Who: UeXThE
When: August 8th, 2007
Says: ic ic..can u give me your algo,so i can learn more bout your apllication.thx.u can email me lodozzz@yahoo.co.id
thx be4
Add your comments:* denotes a required field.
Your email address will be converted to an image to prevent spambots picking it up.
