2021-11-24 隐写术破解思路与方法(2021-11-24 steganography cracking ideas and methods)

隐写术破解思路与方法:

图像隐写术:

一般拿到一张图片,先看图片格式。常见的有JPG,PNG和BMP。JPG比起PNG,是有过压缩的图片,所以JPG格式的图片通常是没必要放到图片分析器里去看的。由于进过压缩,所以里面是不能放下二维码的。而我们使用图片分析器来分析图片,60%是为了找到里面隐藏的二维码。

BMP是位图文件,能放的东西就更多了,可以拿去PS里看一下,说不定在就出现了两个图层了。

PNG格式的图片首先就可以考虑藏二维码的问题了,不过也不是说他里面不会藏有其他文件。

JPG格式的图片通常里面都有藏着另外的东西,大体上是压缩文件之类的,当然,也有往里面放音频的……所以先丢去binwalk分析才是正确的。

第一步:

先右键查看属性——>详细信息看有没有隐藏东西。如果没发现东西。

第二步:

将数据类型进行改写(rar或者zip数据改为jpg等格式)根据各种类型图像的固定格式,隐藏数据,修改图像开始的标志,改变其原来图像格式,在图像结束标志后加入数据,在图像数据中加入数据,不影响视觉效果情况下修改像素数据,加入信息。

利用隐写算法将数据隐写到图片中而不影响图像(仅限于jpg图像) 隐写常用的算法有F5,guess jsteg jphide。

用Stegsolve打开,看图层是否隐藏了东西,如果还是没有

第三步:

则用Winhex打开图片,查看图片十六进制数据中是否隐藏了东西,有时候还需要修改图片的十六进制数据。

检查图像的开头标志和结束标志是否正确,若不正确修改图像标志恢复图像,打开查看是否有flag或ctf信息,(往往gif属于动图,需要分帧查看各帧图像组合所得数据 若不是直接的ctf或flag信息 需要考虑将其解码)

jpg图像开始标志:FF D8 

            结束标志 :FF D9

gif图像开始标志:47 49 46 38 39 61 (GIF89)结束标志:01 01 00 3B

bmp图片开始标志:42 4D //92 5B 54 00 00 00 00 00 

                结束标志:00

png图片开始标志:89 50

图片放置在kail系统中,执行binwalk xxx.jpg 查看图片中是否是多个图像组合或者包含其他文件(若存在多幅图像组合,再执行foremost xxxjpg会自动分离;若检测出其他文件修改其后缀名即可,如zip)

使用StegSolve对图像进行分通道扫描,查看是否为LSB隐写。

在kail下切换到F5-steganography,在java Extract运行命令:java Extract 123456.jpg图片的绝对地址 -p 123456

判断是否为F5算法隐写。

在kali系统中使用outguess-master工具(需要安装),检测是否为guess算法隐写。

图种,只要将图片保存为zip压缩包格式,然后解压出来就可以了。

压缩包隐写术:

先解压缩,看能不能解压缩出来

拿binwalk看一下压缩包里面有没有隐藏东西。

————————

Steganography cracking ideas and methods:

Image steganography:

Generally, when you get a picture, look at the picture format first. Common are JPG, PNG and BMP. Compared with PNG, JPG has compressed images, so jpg images usually don’t need to be put in the image analyzer. Because it has been compressed, the QR code cannot be put down inside. We use the image analyzer to analyze the image, 60% of which is to find the hidden QR code.

BMP is a bitmap file, which can put more things. You can take it to PS and have a look. Maybe there are two layers in.

PNG format pictures can first consider the problem of hiding QR codes, but it does not mean that there will be no other files in them.

Jpg format pictures usually contain other things, such as compressed files. Of course, some also put audio in them… So it is correct to throw binwalk analysis first.

Step 1:

Right click to view properties – & gt; See if there is anything hidden for details. If you don’t find anything.

Step 2:

Rewrite the data type (change the RAR or zip data to JPG format) hide the data according to the fixed format of various types of images, modify the mark of the beginning of the image, change its original image format, add data after the end of the image, add data to the image data, modify the pixel data and add information without affecting the visual effect.

The steganography algorithm is used to write data into the picture without affecting the image (only JPG image). The commonly used steganography algorithms are F5, guess jsteg jphide.

Open it with stegsolve to see if the layer is hidden. If it is still not

Step 3:

Then use WinHex to open the picture and check whether something is hidden in the picture hexadecimal data. Sometimes it is necessary to modify the picture hexadecimal data.

Check whether the beginning flag and end flag of the image are correct. If the image flag is not correct, restore the image and open it to check whether there is flag or CTF information. (often GIF belongs to moving picture, and it is necessary to check the data obtained from the image combination of each frame by frame. If it is not direct CTF or flag information, it is necessary to consider decoding it.)

Jpg image start flag: FF D8

End flag: FF D9

Gif image start flag: 47 49 46 38 39 61 (gif89) end flag: 01 01 00 3B

Bmp picture start sign: 42 4D / / 92 5B 54 00

End flag: 00

Png picture start flag: 89 50

Place the picture in Kail system, execute binwalk xxx.jpg to check whether the picture contains multiple image combinations or other files (if there are multiple image combinations, execute foremost xxxjpg to automatically separate; if other files are detected, modify their suffix names, such as zip)

Use stegsolve to scan the image by channel to see whether it is LSB steganography.

Under Kail, switch to F5 steganography and run the command in Java extract: Java extract 123456.jpg absolute address of picture – P 123456

Judge whether it is F5 algorithm steganography.

Use the outguess master tool (to be installed) in Kali system to detect whether it is steganography of guess algorithm.

For image types, just save the image as a zip package format and extract it.

Compressed packet steganography:

Decompress it first to see if you can decompress it

Take binwalk to see if there is anything hidden in the compressed package.