Finding computer files hidden in plain sight

[Lancewen]

I don't like or use any of them. They are all resource hogs that impede my machine's performance. I've never gotten a virus I didn't click on and I've learned what not to click. I can't say that's a best approach for the average user but it's the only solution for me.

 

Being resource hogs used to be more of a problem, but with today's computers and better written programs it not much of a problem anymore. But security also includes a good firewall and there are many stand alone firewalls. One that I used to like a lot was called Blackice, because of the way it created intrusion detection reports. But it's a very hands on system and I don't much want to take the time it requires anymore.

[CraigD]

May I ask you which security software you like the best?

For my personal Windows machines (one where I don’t handle data, like medical or banking data, where criminal or contract law requires I use a specific software products), I’ve long used Microsoft Security Essentials.

 

It’s free, doesn’t use much computing or storage, and folk I know more expert in the subject than I tell me it scores well on various tests – better, at various times, than products like Norton, which charge a yearly subscription fee. Unsurprisingly, being a Micro$oft product, it integrates with Windows well, not replacing other built-in components, like its firewall, as many of more heavy-handed antiviruses do.

 

Although I’m pretty careless on my personal machine (my thinking being that if it gets in trouble, I’ll just re-image it and reload/install everything I use), I’ve never had Security Essentials fail to block a virus, or cause problems on a machine.

 

My main hassle with antivirus and similar security software is that, when I use my personal machine for work, some apps I access check for and refuse me access if they can’t detect a specific antivirus. In every case so far, I’ve been able to figure out how to configure my machine to convince such apps that I have what they want installed without actually installing it.

 

Bump...

This last bump leads to pretty cool, easy to understand stuff. Alas, my practical grasp of graphics files is too poor for me to make any progress on the original riddle, but if I could, according to the gifshuffle page, all I'd need is to compare the color maps of the 2 files, and see which one is in an "unnatural" order.

 

As the bitmaps images of a plain and message-bearing (coded) gifshuffled image are identical, it's impossible to tell one from the other by looking at them or comparing their size.

 

I refuse to just try installing stego tools 'til one recognizes the coded image - I want to know how to do it, not how to find a program someone wrote to do it. This is an ancient failing (or virtue, depending on your POV) of mine - I'm an arguable competent maker of programs, but an uncomfortable user of any that I haven't made.

[CraigD]

I’ve got to further blather/wax poetic about gifshuffle.

 

Even though I still don’t know enough about image coding to use the knowledge to find the message in the OP’s picture, the encoding scheme at its core is a wonderfully simple example of encoding data in the arrangement of an ordered list – hence the “shuffle” in its name.

 

Here’s an example of it implemented in a few short lines of MUMPS code (MUMPS is very terse, so IMHO lends itself to this sort of thing:

>r R s A=1 f I=$l(R):-1:1 s A=A*256+$a(R,I) ;string to integer, 1 prepended as highest order bit
Hello
>s B="",D="," f I=1:1:20 s $p(B,D,I)=I ;natural order map
>s E="",N=$l(B,D) f I=1:1:N s J=A#I+1,A=A\I,$p(E,D,J)=$p(B,D,N-I+1)_D_$p(E,D,J) w J-1," ",E,"  ",A,! ;encode B >-A-> E
0 20,  1578072040776
0 19,20,  789036020388
0 18,19,20,  263012006796
0 17,18,19,20,  65753001699
4 17,18,19,20,16,  13150600339
1 17,15,18,19,20,16,  2191766723
6 17,15,18,19,20,16,14,  313109531
3 17,15,18,13,19,20,16,14,  39138691
4 17,15,18,13,12,19,20,16,14,  4348743
3 17,15,18,11,13,12,19,20,16,14,  434874
0 10,17,15,18,11,13,12,19,20,16,14,  39534
6 10,17,15,18,11,13,9,12,19,20,16,14,  3294
5 10,17,15,18,11,8,13,9,12,19,20,16,14,  253
1 10,7,17,15,18,11,8,13,9,12,19,20,16,14,  18
3 10,7,17,6,15,18,11,8,13,9,12,19,20,16,14,  1
1 10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14,  0
0 4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14,  0
0 3,4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14,  0
0 2,3,4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14,  0
0 1,2,3,4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14,  0
>s A=0,N=$l(B,D) f I=1:1:N s J=$l($e(E,1,$f(D_E_D,D_$p(B,D,I)_D)-3),D),$p(E,D,J,J+1)=$p(E,D,J+1),A=N-I+1*A+J-1 w J-1," ",E," ",A,! ;decode E >-B-> E
0 2,3,4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14, 0
0 3,4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14, 0
0 4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14, 0
0 10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14, 0
1 10,7,17,6,15,18,11,8,13,9,12,19,20,16,14, 1
3 10,7,17,15,18,11,8,13,9,12,19,20,16,14, 18
1 10,17,15,18,11,8,13,9,12,19,20,16,14, 253
5 10,17,15,18,11,13,9,12,19,20,16,14, 3294
6 10,17,15,18,11,13,12,19,20,16,14, 39534
0 17,15,18,11,13,12,19,20,16,14, 434874
3 17,15,18,13,12,19,20,16,14, 4348743
4 17,15,18,13,19,20,16,14, 39138691
3 17,15,18,19,20,16,14, 313109531
6 17,15,18,19,20,16, 2191766723
1 17,18,19,20,16, 13150600339
4 17,18,19,20, 65753001699
0 18,19,20, 263012006796
0 19,20, 789036020388
0 20, 1578072040776
0  1578072040776
>s R="" f  q:A<32  s R=R_$c(A#256),A=A\256 ;integer to string
>w R
Hello

The “>”s indicate where command lines are sent to the language interpreter, the other lines are input or output.

 

The shuffle algorithm works by taking the message to be encoded – in this example, the ASCII string “Hello” prepended with an binary 1, which can be written as the decimal integer 1578072040776 – and extracts from it via simple quotient-and-remainder integer division a sequence of integers specifying positions in which to insert each element of an “unshuffled” ordered list of unique elements – in this example, {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20} – encoding them in a “shuffled” list – {1,2,3,4,10,5,7,17,6,15,18,11,8,13,9,12,19,20,16,14}. Reversing this allows you to rebuild the message integer by “unshuffling” the shuffled list.

 

The algorithm is simple, because the encoding program inserted from the unshuffled list into the shuffled one, rather than shuffling the list “in place”.

 

I’m curious if a similar algorithm could be made using shuffle in place (eg: inverse and forward clearsort). No obvious way pops out at me.

[C1ay]

Even though I still don’t know enough about image coding to use the knowledge to find the message in the OP’s picture, the encoding scheme at its core is a wonderfully simple example of encoding data in the arrangement of an ordered list – hence the “shuffle” in its name.

 

The following may be useful:

GIF File Format Summary

Gif Shuffle Documentation

An Overview of Steganography for the Computer Forensics Examiner

[danielmccorry]

I'd rather just use something like TrueCrypt. Maybe "layer" hidden volumes (a volume within a volume) within steganographed images, or any other feasible file type + keyfiles and/or security tokens and whatnot. Hidden volumes provide plausible deniability, which would seem nice. A topic I always find fascinating.

 

I'll just stick to BitLocker for now, heh. :huh:

[maddog]

you could send heaps with useless info, or you could take of photo of a written message :shrug: probably go unoticed.

Yeah, this is called the Congressional Record (aka "heaps with useless info").

 

maddog