I've developed File_Hider, a Python tool designed to securely conceal and encrypt a file within another file. It employs multiple layers of AES-256 encryption, and the AES key is further encrypted using RSA. I welcome any insights, advice, or critiques.
Modern forensic analysis tools would be able to detect the high entropy encrypted data within the host file fairly easily. Additionally, the process of embedding the unencrypted session key, salt, file size, and then the encrypted data as a struct like you are would increase the detection of embedded data.
Half the battle is making sure the hidden data cannot be detected and the second is that the data cannot be read if detected. A more algorithmic approach to the embedding and extraction which uses properties of the host file to determine the relative locations of the session key, salt, file size, and data would likely better hide the presence of the embedded/encrypted data.
I recently made a novel implementation of, "An Image Steganography Algorithm using LSB Replacement through XOR Substitution (DOI:10.1109/ICOIACT46704.2019.8938486)" which you can find here: https://github.com/JustinPack/XOR_LSB_Stego
While my approach is a simple one lacking any inherent encryption, it could easily be added. I think you will find the paper a highly interesting read and it is also in my project.
Thank you for your valuable insights and recommendations. I genuinely appreciated both the suggested paper and your project, as they contributed to my learning. I completely agree that File Hider techniques have significant room for improvement in terms of seamlessly integrating the hidden data within the host file more organically. Regarding the session key, it is encrypted https://github.com/x011/File_Hider/blob/0f46058731d08c06a110....
Hey there. I must have missed the section that handles encrypting the session key, my bad.
It's more the struct method of embedding though that I was emphasizing. Structured encrypted data has high entropy which can give away it's presence. Try running some of your before and after images through aperisolve or the cyberchef entropy analysis tool and see how the analysis changes.
The differences appear to be on the right side of the spectrum, which I assume is the end of the file where the hidden data is stored. The CyberChef tools are awesome, thanks!
No problem, your suggestions are always welcome. I managed to reduce the high entropy by base64 encoding the encrypted data. Meanwhile, I've developed CryptoFrame (https://github.com/x011/CryptoFrame), which hides encrypted data inside a video, split across multiple frames. It uses stegano LSB under the hood but adds a layer of encryption, which is missing in stegano.
I'll definitely give apersolve.com a try, although it's a pity it only handles images, since File Hider can be used for all types of files.
P.S.: Sorry for the late reply, but I became a father about a week ago. :)
Thank you for your valuable insights and recommendations. I genuinely appreciated both the suggested paper and your project, as they contributed to my learning. I completely agree that File Hider techniques have significant room for improvement in terms of seamlessly integrating the hidden data within the host file on a more organic way.
Does the resulting file’s “signature,” that being the first handful of bytes, match the fake extension such that obvious stenography type checks will pass? In other words, we want the carpet to match the drapes and make it harder to detect at first pass.
Half the battle is making sure the hidden data cannot be detected and the second is that the data cannot be read if detected. A more algorithmic approach to the embedding and extraction which uses properties of the host file to determine the relative locations of the session key, salt, file size, and data would likely better hide the presence of the embedded/encrypted data.
I recently made a novel implementation of, "An Image Steganography Algorithm using LSB Replacement through XOR Substitution (DOI:10.1109/ICOIACT46704.2019.8938486)" which you can find here: https://github.com/JustinPack/XOR_LSB_Stego
While my approach is a simple one lacking any inherent encryption, it could easily be added. I think you will find the paper a highly interesting read and it is also in my project.
Cheers and great work nonetheless.