22nd October, 2006

A MP3 Steganographic File System Approach   

Posted in security, stega | by evilbitz |



Inspired by Paranoia, a book by Joseph Finder, I decided to write this post. Paranoia really had influenced my thinking as I was reading about Adam Cassidy, a young man who was hired to do some dirty industrial espionage work for another firm. The tools that are needed for this kind of work are various, and I’m not going to discuss about these tools but rather about an imminent need for this kind of job, and that is: the place to collect your prize.

Well, you don’t have to be an industrial spy to see the advantages in a steganographic file system, even the most naive and simple PC user can find a Steganographic file system useful, as it can protect him from different kind of threats. Information Hiding can protect users against hacker attacks, and information theft in general, imagine that your password list or your bank account info is hidden in an encrypted way inside your mp3 files (this is what I’m going to talk about).

It looks naive and unsuspicious, who would imagine that your sensitive information is stored over some ordinary looking files. If we will go back to our industrial spy example – let’s say that he needs to get some documents from a competitive firm, first he will apply for a job there, then, after he is actually there and have access to these documents, he needs to steal them – his stolen documents are going to be stored inside some movies or other media files, it is innocent and even if he is getting caught somehow, he can just play the movies at his hard drive / removalble media device (usb key for example).

Design

Whem I’m looking for requirements for such a project, I try to see it as simple as I can. Implementing the file system over regular files let’s you be independent from technologies or operating systems, the stegnographic file system should be portable and easy to implement in any language / OS. The storing media is also taking into account when you can be using your local hard drive or your removable USB key, it let’s you be independant from low level issues. the most innocent looking files I can think of are music files like MP3s, and the media can be any MP3 Player / iPod.

The file system requirements are also not so wide. It should give you the ability to store various files, inside different directories, if it’s feasible. The operations that the file system supports are the follows:

  • Expand: Looping through a list of mp3 files and preparing them for future data.
  • Format: Deleting all files that are currently availble in the file system.
  • Add: Copy a file to the file system or from the file system.
  • Remove: Delete an existing file from the file system.
  • Rename: Changing the name of an existing file.
  • Extract: Copy a file from the file system to any other place.

Simple Implementation

Lets say, that on each MP3 file you have a different amount of free data to store, so the file system overall storing size is the sum of all free size of each and every MP3 file. Each MP3 file should be treated as a stream, that is, the free size will be filled with chunks of the original files that we are storing, each chunk will contain a simple header that describes the chunk. It can be something like the following struct:

typedef struct _ORIGFILE_CHUNK {
/* crc32 of the current chunk */
UINT32 chunk_crc32;
UINT32 origfile_crc32;

struct orig_filename {
UINT8 filename_size;
CHAR filename[];
};

struct orig_data {
/* the offset from the original file */
UINT32 offset;
UINT32 chunk_size;
BYTE chunk_data[];
};

} ORIGFILE_CHUNK, *PORIGFILE_CHUNK;

The original files will be stored in chunks, in any order, over as many files that are needed. The restoring process will be done as follows:

  1. Read all chunks into memory
  2. Validate integrity for all the loaded chunks
  3. Build a dictionary with the original filename as the key
  4. Build the original files from the chunks

When these steps are done, we should validate integrity for each file. We’ll do that using the origfile_crc32 field of each chunk and compare them to the calculated crc32 of the overall original file data of the corresponding chunk.

The underlying steganographic approach can be anything you can think of, a nice project that is looking quite good is mp3stego, and can be used to implement the steganographic part, The data is further protected with encryption.

Conclusion

Armed with our MP3 steganographic file system, our evil spy can go to work, insert his USB key and listen to his favourite music while stealing and collecting info from the firm.

Are you scared? ;-)




This entry was posted on Sunday, October 22nd, 2006 at 10:55 pm and is filed under security, stega. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

There are currently 10 responses to “A MP3 Steganographic File System Approach”

Why not let us know what you think by adding your own comment! Your opinion is as valid as anyone elses, so come on... let us know what you think.

  1. 1 On July 31st, 2007, yoyoys said:

    hello, i’m from indonesia and i need the source code
    of the mp3stego to help me finish my final project in
    my university. Please, can you help me? i’m very stuck to finish my final project

    (sorry my english is bad)

  2. 2 On August 5th, 2007, Parth said:

    I want some more information on the MP3stego….can u please give me??

  3. 3 On September 29th, 2007, erick said:

    please help me,
    what the algorithm to steganografy in sound is can use?
    other discrete cosine transform

  4. 4 On November 15th, 2007, Magesh said:

    Please send me full details about the project ….

    i am selected this as my final year project…….

    so please help me……….

  5. 5 On December 3rd, 2007, moslih said:

    first thank you for the topic.
    second please i want thes project please and i want the code in matlab program.
    third sorry for my english lang.

  6. 6 On March 13th, 2008, .: GAFNO.com - Hot World News Blog :. » Blog Archive » Security guide to customs-proofing your laptop said:

    [...] One answer is steganography, which means concealing data in a way that nobody even knows it’s there. It’s an electronic form of invisible ink. Data can be stored in MP3s, in videos, and even in apparently-empty space on the hard drive. [...]

  7. 7 On May 13th, 2008, memee said:

    hi
    please i want code for hide information iside wave
    by using matlab..
    i have project about this..
    so, can you tell me how to write the code..?

  8. 8 On May 13th, 2008, achmadz said:

    Hi,
    I have implemented another way to hide any type of file inside mp3 file without changing its size and sound quality.
    It is different from mp3stego since my application directly access mp3 file(not wav file) per byte.
    If you interested, you may check at my blog:
    http://achmadz.blogspot.com/2008/05/hide-any-file-inside-mp3-file.html

    The downloaded file is including source code in Borland Delphi 7.

  9. 9 On November 4th, 2008, John Harlow said:

    I think that rather than implement a filesystem, you should just implement a raw device that a filesystem could be created on. Underneath the covers, that device should be RAIDed so that the loss of a file doesn’t impair the integrity of the data. I’d love to have such a device implemented over my iTunes collection.

  10. 10 On February 22nd, 2009, Israel Segundo said:

    I’ve been researching about this stenographic stuff and I am very concerned because it seems that there is not enough information about programming.

Leave a Reply

You must be logged in to post a comment.

Top »
"If you can't join them, beat them!"
Search Evilbitz: