Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hydan: Steganography in Executables

Posted by ryuzaki0 on Thursday August 12, 2004 @09:03AM from the something-to-hack-on dept.

An anonymous reader says "Ever wanted to hide a message into an executable? Now you can with Hydan. Presented recently by Rakan El-Khalil at Defcon and Blackhat, this tool lets you embed data into an application without changing its functionality or filesize! Check it out. Use includes steganography as well as embedding a program's signature into itself to verify it's not been tampered with."

2 of 235 comments (clear)

Min score:

Reason:

Sort:

Re:without changing its functionality or filesize! by jdray · 2004-08-12 09:11 · Score: 5, Informative

From the article:
Hydan steganographically conceals a message into an application. It exploits redundancy in the i386 instruction set by defining sets of functionally equivalent instructions. It then encodes information in machine code by using the appropriate instructions from each set.

--
The Spoon
Updated 6/28/2011
Re:Information Theory by Carnildo · 2004-08-12 09:23 · Score: 5, Informative

inc ax
add ax, 1
add al, 1
inc eax
add eax, 1

All of these i386 instructions do the same thing, but they've got different binary representations. If you encode your information by which instruction you use, you can hide the message without changing filesize or functionality.

--
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.