Monday, October 06, 2008

Steganography Without Steganography Tool

Today I learn the most simple way to create steganography, without any steganography tool. Don't you think this is cool? It allows you to bypass most of the forensic checking or DLP solution, and the best part is to make the system administrators mad.

Here's the step to follow:
  1. Prepare a innocent JPEG file and a list of confidential documents (pdf, doc, ppt, xls).
  2. Compress the list of confidential documents using any archiving tool, 7-zip, WinRAR, WinZIP, said confidential.7z (this works the same for RAR/ZIP/etc).
  3. Optional, you can remove the extension of the archive file if you want.
  4. Now issue the command to join the JPEG file and the archive file.
copy /B innocent.jpg+confidential new-innocent.jpg

The new-innocent.jpg file will embed the confidential documents and is ready to be distributed. To retrieve the documents back, simply open the new-innocent.jpg file with any of the archiver tool and extract the files.

You will notice the size of the new-innocent.jpg is the total of the innocent.jpg and the confidential.7z.

If you open the new-innocent.jpg with any graphic editor, try to save it once, all your "attachments" will lost.