Slashdot Mirror


Hydan: Steganography in Executables

An anonymous reader says "Ever wanted to hide a message into an executable? Now you can with Hydan. Presented recently by Rakan El-Khalil at Defcon and Blackhat, this tool lets you embed data into an application without changing its functionality or filesize! Check it out. Use includes steganography as well as embedding a program's signature into itself to verify it's not been tampered with."

2 of 235 comments (clear)

  1. Re:without changing its functionality or filesize! by Carnildo · · Score: 5, Interesting

    Many executable formats include unused space for alignment purposes. For example, I've been working on a Mach-O equivalent of the super-tiny ELF executable mentioned a few days back. The executable produced by GCC includes 300 bytes of code and headers, and 8000 bytes of padding.

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  2. Re:embedding signiature?? by jrockway · · Score: 5, Interesting

    Unless you do it like this (an example is always easy to understand).

    Say you have an executable:

    1337PROGRAM

    Your signature checking routine then does this:

    1_3_3_7_P_R_O_G_R_A_M

    and computes the hash

    deadbabeca

    And then sends:

    1d3e3a7dPbRaObGeRcAaM

    To reverse, we extract the hash (deadbabeca) and the "original" executable.

    Then we compute the hash (of 1_3_3_7...) and check if it matches...

    In summary, we embedded a checksum, but we removed it before we checked it. Simple, really.

    --
    My other car is first.