📄 wnstorm.doc
字号:
o By default, a signature is pasted indicating that the file is
is encrypted. However there is a stealth mode that removes
this header.
In the current version, the maximum channel size is stored as
the first byte of the stream. This is because decoding the
stream without knowing this value is impossible. This value
is >NOT< stored if the stealth mode is used. You should use
the stealth mode if it is possible. (Knowing the max size can
help a statistician figure out the approximate size of the
plaintext, and most cypher breakers will use statistics!)
o The header (not in stealth mode) only contains the signature
and limitchannel values. It does not contain any CRC or
checksum of the passkey or data. If you enter an incorrect
passkey you will get garbage.
o You will need a error-free storage/transmission medium for
for your encrypted data as any change in the encrypted stream
will result in the total loss of data after the position where
an error was introduced.
A good method of sending data which is far more important to
be kept secret than received would be to take the encrypted
data and send it in portions by several different methods.
By different portions, I don't mean take the 1st 20K or so
of the file, but rather take every 1st byte in every 3 bytes
and send that as the 1st file, every 2nd byte in that same 3
bytes, etc... Then send each piece by a different method.
Since all of the data is required to decrypt any of the data
this makes if far more difficult for a spy to enter into your
system by the delivery routes. Of course if the spy happens
to be someone at the receiving site who is trusted, the data
is jeopardized anyhow, but other precautions can also be taken.
o Currently it is illegal to export encryption systems outside of
the United States of America. Since this is possibly a strong
crypto scheme, is not exportable.
- Theory 8 -
WNINJECT:
The WNINJECT program is used to inject and extract LSB's (Least
Significant Bits) out of a PCX file. When used in conjunction
with WNSTORM, WNINJECT
There are two batch files that can used to hide encrypted data
within pictures. WNHIDE and WNUNHIDE. They call WNINJECT and
WNSTORM as needed to perform this steganographic operation.
You can use them to send encrypted information to others. The
receipient of the stegoed images do not have to have a previous
copy of the image. WNINJECT and WNSTORM will securely extract
information out of an image without needing the original image.
However, the recipient is still required to know the passkey
with which the encrypted file is encoded, the maximum window
size in WNSTORM (-s option), and the number of bits to extract
from the image (for WNINJECT.) This information put together
is the passkey for the encrypted steganographical data.
USAGE:
To get info on a PCX file:
WNINJECT P ORIGINAL.PCX
| |
| +-----------------------> PCX file name
+---------------------------> Print PCX info Command
To extract the lowest significant bits of a PCX image:
WNINJECT E ORIGINAL.PCX LSB.DAT {bits}
| | | |
| | | +--> Number of bits to inject
| | |
| | +------------> Extracted bits output file)
| +------------------------> Original PCX file to hide data into
+---------------------------> Extract bits command
To inject an encrypted document in a PCX image:
WNINJECT I ORIGINAL.PCX CRYPT.DAT STEGO.PCX {bits}
| | | | |
| | | | +-> number of bits to extract
| | | |
| | | +--> Output File with encrypted data
| | +------------> Encrypted data file from WNSTORM **
| +------------------------> Original PCX file to hide data into
+---------------------------> Inject bits command
** Must be the encrypted result of WNSTORM using an WNINJECT extracted PCX
file as the random number file for this to work! See documentation.
** BUG NOTICE: If you use an -s value that's too high, the steganography
will succede, however the last byte of the decoded file
will be mangled. Check for this before you send the PCX.
- WNINJECT 1 -
PCX images contain a type of compression known as Run Length Encoding
or RLE. What this means is that if you have the same value repeated
several times, say 20 red pixels, you don't have to store 20 red
pixels but rather a value indicating "20" and a value indicating "red"
WNINJECT doesn't alter any compressed pixels. Do so would radically
alter the image and make it obvious that it contained steganographical
data. If you were to use WNHIDE (see next pages) to hide a picture
that had large zones of the same color (ie: a fractal image, a cartoon
picture) and no grainyness to it, it would stand out. Luckily scanned
in images tend to have lots of grainyness to them and can be used with
WNINJECT.
WNINJECT is a useful tool for hiding data in pictures even without the
protection given by WNSTORM, however it would be very easy for a bad
guy to extract what you hid in the picture. I strongly reccomend that
you use WNINJECT with WNSTORM. However, in the interests of
completeness, the next paragraphs will indicate how do inject a file
into a picture.
Suppose you wanted to inject a file called "HIDEME.TXT" in a picture
called "BIGPIC.PCX", the following line would do the trick:
WNINJECT I BIGPIC.PCX HIDEME.TXT NEWPIC.PCX 3
You would then send the NEWPIC.PCX file to the intended recipient
of the hidden file. To get the file back, the recipient would have to
type in:
WNINJECT E NEWPIC.PCX HIDDEN.TXT 3.
This is a very very insecure form of encryption because your keyspace
is the number of bits you specify to extract/inject (in this case 3)
A bad guy would simply have to try all four bit sizes and would get
the hidden file immediatly.
Additionally, HIDDEN.TXT would be appended by a lot of garbage which
was the actual low bits of the rest of the picture. If your
hidden.txt file was encrypted by a strong cypher (ie: IDEA, PGP,
RSA, etc.) the bad guy would be out of luck.
However, there's another disadvantage to not using WNSTORM. Since
WNSTORM uses the lsb's that were already there, and doesn't touch
all the bits. Using only WNINJECT would touch all the bits at the
start of the picture, so you'd have a picture that is very noisy
at the top and very clear at the bottom. A dead giveaway that you
were hiding something in the picture!
You should use WNSTORM along with WNINJECT as in the WNHIDE and
WNUNHIDE batch files for security.
- WNINJECT 2 -
You do not need to specifically know how to use WNINJECT to hide sensitive
information in a PCX picture. You can simply use the WNHIDE.BAT and
WNUNHIDE.BAT batch files. Their useage is:
WNHIDE PCXFILE.PCX BITS TOHIDE.TXT PASSWORD {OTHER WNSTORM OPTIONS}
| | | | |
| | | | +-> ie: -s, etc.
| | | +----------> password for WNSTORM.
| | | Use * to enter it by hand
| | +---------------------> file to hide in PCX image
| +----------------------------> number of bits to extract
| from PCX image.
+---------------------------------------> name of the PCX image.
NOTE: Do not use the -o option when using WNINJECT or WNHIDE/WNUNHIDE as the
old version of this program had a bug that didn't correctly allow the
steganographical hiding of files in an image.
The number of bits to extract is the value passed to WNINJECT. The
larger this value, the larger your file to hide may be. You should
start with a large eight bit PCX image (say at least 300-500K,
around 800x600 dots.) to give you plenty of places for WNSTORM to
hide your data. If you find that WNSTORM says that it reached the
end of the RANDOM FILE before completing encryption, increase this
value. Typical values are 1,2,3 or 4. If you still run into this
error, try a lowever value for the max window size that WNSTORM
uses (the -s option.) -s3 or -s2 should do. If you still have
this error, you'll need a larger image.
To extract the hidden data from an image, use WNUNHIDE:
WNUNHIDE WNSTEGO.PCX BITS HIDDEN.TXT PASSWORD {OTHER WNSTORM OPTIONS}
| | | | |
| | | | +--> use same -s as above
| | | +----------> use same password
| | | as above.
| | +----------------------> name of hidden
| | file to extract.
| +----------------------------> use same value as
| above
+--------------------------------------> name of PCX file
containing hidden
encrypted file.
- WNINJECT 3 -
When this batch file finishes, it will generate a PCX image file
called WNSTEGO.PCX. If you like you can modify the WNHIDE.BAT
file to change this name, or take it as an arguement. Please use
a PCX image viewer to preview the resulting PCX image and make
sure that there isn't too much difference between the original
PCX file and the file containing your hidden data. Some PCX
images work better than others. Here's a sample of my experience
with this:
These images are not provided as part of this package, however
these are the results using them:
LC341.PCX - A picture of my old office at Poly. The PC in
the picture is opened. This is because I
installed a tape drive to backup my files off that
machine before moving on to another job.
BEPA1024.PCX - A picture from some Japanese magazine taken from
usenet.
STELE.PCX - The Stele of Awakening - A picture of an Egyptian
tablet.
Of these three pictures, only XBEP1024.PCX (the stegoed version
of BEPA1024) revealed itself as containing steganographical data.
The changes made by WNSTORM and WNINJECT in the other two
pictures are very hard to notice. In STELE.PCX the changes are
invisible to my eye!
As long as the picture is viewed after WNHIDE.BAT runs,
WNSTORM/WNINJECT do a very good job.
- WNINJECT 4 -
Here are the results of compressing the images:
PKUNZIP (R) FAST! Extract Utility Version 2.04g 02-01-93
Copr. 1989-1993 PKWARE Inc. All Rights Reserved. Shareware Version
PKUNZIP Reg. U.S. Pat. and Tm. Off.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -