How much information can the best steganography program stuff into a 1135 x 757 pixel photo, without making it ridiculously obvious it's been tampered
with? The image below, for example: it looks pretty normal, right? How much would you guess it has embedded in it?
Would you believe an entire novel? Would you even believe, not some puny, wimpy, skimpy novel, but Tolstoy's massive epic, War and Peace, as sourced
from Project Gutenberg, weighing in at nearly 1300 pages?? Stegmeister accomplishes the task with ease, and the still-innocent-looking forest scene
now contains the complete work, waiting to be extracted with the right password. Because compression is one of the steps during embed, the extracted
text is several hundred thousand bytes larger than the image it's embedded in!
2,579,910 forest.bmp 2023 Oct 4 06:44:10 <=== 1135 x 757 pixels
3,359,630 WarAndPeace.txt 2023 Oct 4 06:56:09
forest.bmp . To extract 3.3 MB of text from this 2.6 MB image, use password "abc" (3 letters, no quotes).
forest.bmp original . Here's the original, before stuffing.
WarAndPeace.txt . Here's what Stegmeister stuffed. If you asked your steg program to embed it, could it?
I chose a particularly high embed ratio, 90% of the maximum the program can perform, for this demonstration, to show off what Stegmeister can do.
More typical, and more appropriate for photos that have areas of sky or other relatively uniform colors that can look a bit grainy with very high
ratios, would be a 50% embed ratio (the difference is huge, because we're giving up embedding in higher-order bits, the loss of each one of which
results in a cutting in half of the possible extent of change to a given pixel-color value). If I'd asked for 50%, I'd have gotten a 1456 x 970
pixel output image, still small enough to view full size on a 1920 x 1080 desktop background.
Pretty neat, no? For anyone who thinks, as I do, that steganography is interesting, you can run Stegmeister yourself, if you've got 64-bit Windows.
The program is wrapped ("boxed") with Enigma Virtual Box, which should make it portable: just drop the .exe anywhere and run it. Then download forest.bmp,
extract from it, and you'll have War and Peace! You know you've always wanted to read it.
Stegmeister version 1.05
If Windows says the download is a threat (my four Windows 10 computers sometimes say it is, and sometimes not), and you trust that I'm not pushing a virus,
go to Start, Windows Security, Virus & threat protection, Virus & threat protection settings (Manage settings), Real-time protection: turn off.
Download the file, then, before you turn that switch back on, go to Exclusions (near bottom of page), Add or remove exclusions, Add an exclusion,
File, navigate to the .exe name, add it. Then you can turn the Real-time protection switch back on.
Or, you can download the source and build it yourself, using Visual Studio 2022.
Stegmeister version 1.05 source for Windows
Please let me know if you experience any problems or have suggestions for making it more intuitive.
And ... here's a command-line (CLI) version of Stegmeister for Linux:
Stegmeister version 1.05 source for Linux
Stegmeister version 1.05 executable for Linux (64-bit PC hardware, Ubuntu compatible)
First, instead of embedding the same amount (1 bit?) in every image byte, dark pixels are left mostly undisturbed and bright pixels get more bits
embedded into them. This is an obvious practice, but not all programs do it.
Second, Stegmeister provides a huge range of embed degrees, up to several bits per image byte and down to small fractions of a bit per byte (realized
of course with an occasional one-bit embed), all under user control. Detecting that an image has been lightly stuffed would be virtually impossible.
Third, Stegmeister solves a vexing problem that comes about when for example a grey cloud has RGB values 127, 128, 128. In binary, 127 is 01111111
and 128 is 10000000. They're almost the same intensity at the start, but any bits we embed in the former will replace 1's and so will make that
color darker (unless the embedded bits are also all 1's), while any bits we embed in the latter will replace 0's and so make that color brighter.
Even with fairly low embed ratios this becomes noticeable as phantom colors, and as we try to stuff more information in, it gets worse and worse.
Stegmeister finesses this problem by invoking a mathematical sleight of hand that makes the brightness of any given pixel color always equally
likely to go up or down, no matter what the starting value or the number of bits embedded. When each color brightness is held the same on average,
hue and saturation also stay the same on average. Of course one may need to blur output pixels together to experience the original color, but that's
already what the eye does automatically when we view an image from a normal distance. This technique allows for the highest possible embed ratios
connected to undistorted-looking output images.
(If an image is going to be subject to careful scrutiny, one would of course employ lower embed ratios than when seeking only a pleasing look from a
distance. How paranoid are you? No problem, Stegmeister can accommodate.)
Fourth, Stegmeister makes it phenomenally difficult to pull out any embedded information, even if an attacker is certain the image is stuffed with
something. The exact number of bits embedded in a particular pixel-color is pseudo-random, so even assembling a still-encrypted correct sequence of
bytes, without having the program and the correct password, would be a Herculean task.
Combining steganography with pgp (I'm using gpg4win) adds another layer of security. Here's my public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZb+2RxYJKwYBBAHaRw8BAQdAaMJHnjlI8nw07vDhHFLQ/c+tg6H66dQdVRQk
kpWKfkm0H2FkYXB0dW5lIDxhZGFwdHVuZUBjb21jYXN0Lm5ldD6IkwQTFgoAOxYh
BPn3kt9+8DhW816UZTvuOihrVJB+BQJlv7ZHAhsDBQsJCAcCAiICBhUKCQgLAgQW
AgMBAh4HAheAAAoJEDvuOihrVJB+AecBALiJ+z5pZJzTcWUguUDTNQ3yyOhR1Icc
CuQOjjIClXJsAP9igyu1BptKAVcZGP37qEPF6YtMXQKhgc+VibxlA1bMCLg4BGW/
tkcSCisGAQQBl1UBBQEBB0B/8HccEMNjzCg/3T6z4jCa7OqWYxKmD/BGeNIIldGh
LwMBCAeIeAQYFgoAIBYhBPn3kt9+8DhW816UZTvuOihrVJB+BQJlv7ZHAhsMAAoJ
EDvuOihrVJB+T9EBAM25ikbZ44JeLk3WQrA1bnHn47LlcdGZu37UYMGMrWnYAQDQ
/cyUX8j1xYyzuprERnbZ7KAT/J0KSy3uCMLbPE8mCg==
=rsAD
-----END PGP PUBLIC KEY BLOCK-----
adaptune_0x6B54907E_public.asc
Comments? Email 1 2
Return to home page