How to hide data in a JPG file

hide data jpgAs you can see, what I'm proposing and 'enter data within of image files, especially in JPG files. The choice of using the JPG files to hide data is not ' was taken randomly. The JPG files in the last few years have seen a spread high, in fact, can they be 'found everywhere, starting from the most websites, to get to the digital photo albums.

[adsense:block:adcontenuto]
 
Surely if Now run the following command
 
$ Find /-name *. Jpg
 
in your home computer will blow out several hundred files (Better gloss over that images)
 
So 'for the principle that the best things are hidden in the confusion and inside of other things that do not draw attention files JPG I seemed the best choice. But before you start, an explanation that says something about the JPG format.
 
The JPG files are formed by a number of segments, each one which can 'a maximum length of 65535 (2 ^ 16) bytes and begins with a marker. Each marker and 'consists of 2 bytes, the first ever with value 0xFF and the second with a value between 0x01 and 0xFE.
 
The second byte specifies the type of marker. If the segment contains data bytes that follow the 2 the marker
show the size of the data. If, instead, the segment is not contains data after the marker immediately begins the next segment.
 
Each segment so 'has the following structure:
 
[FFxx] [nnnn] [Data]
 
| | Data (nnnn Byte - 2)) Parts
| Integer containing the length of the data + 2 (2 bytes))
 
Optional
Marker (2 bytes)
 
Note that the number containing the size of the data and 'stored with the notation Bin Endian and Little Endian not as was' used in x86 systems. All JPG files begin with a segment without data identified from FFD8 marker and ending with a segment always without data identified by FFD9 marker. Between these two segments can be found a number any other segments.
 
To better understand you take in the following example representation hexadecimal (partial) of a JPG file. How can 'see the first 2 bytes are exactly the start marker image FFD8. Since this marker does not provide  dditional data for the segment, the following 2 Byte must necessarily be the marker of a new segment. And and in fact '
just so ', the next segment and' identified by marker FFE0.
 
Since this marker provides data, the following 2 Byte identify the size of the data segment.
At this point, knowing that address starts the segment just after add the address of the next byte to mark the size of the data, then 0x00000004 + 0x00000014 = 0x0010. At this address it is just that FFED and 'a valid marker.
 
The last 2 Byte the files are FFD9 or the marker that identifies the end image.
 
00000000 FFD8 FFE0 0010 4A46 4946 0001 0201 012 C ...... JFIF .....,
00000010 012C 0000 5068 6F74 6F73 686F 00AA FFED., ...... Photosho
00000020 7020 3000 332E 3842 0000 0000 494D 03ED p 3.0.8BIM ......
00000030 0010 0002 0002 012B 012B FFD9 FFD9 0002 ... + ....... + ....
494D 03F3 00000040 0002 3842 0000 0000 0008 0000 .. 8BIM ..........
00000050 0000 0000 0000 3842 494D 2710 0000 0000 ...... 8BIM '.....
00000060 000A 0001 0000 0000 0000 0002 3842 494D ............ 8BIM
00000070 03F4 0000 0000 0012 0035 0000 0001 002D ......... 5 ..... -
...
...
...
00006780 E8DF 87EC D37C 8B6B 5F6F E1EB 5DF1 4D07 ..... |. K_o ..]. M.
00006790 D7F5 053A 573A 469D CFD0 A60D 4AF5 DF3F ...: W: F. .. J. ...?
000067A0 FFD9 ..
 
In reality 'things are a bit' more 'complicated, but for the understanding and realization of what I suggest you do not need to know more. The idea that I 'came to hide data and' very simple.
 
Each image begins with the marker FFD8 and ends with the FFD9 marker. Any and all data following this  marker are ignored by browsers or by management programs of images as the image and ' already 'ended. So a great place to hide data and ' precisely the end of the file.
 
To test that everything does not create problems for programs management images try to run a command like
$ Cat >> trash image.jpg and then try to open the image. You will not notice anything strange. If instead of appending it accodasse trash a file containing significant (encrypted of course ... prudence and 'never too) is
get a JPG fully functional, containing the our data.
 
[adsense:block:adcontenuto]
 
For most people this will seem 'image normal, while for those that know the secret of this will buy 
a particular value. Below I listed the two little programs pseudo-idiots involved respectively to encrypt a file and merge data with a file JPG and extract and decrypt the data previously entered.
 
Short description of JPG-Fusion.c Requires three input file names: the name of the JPG file, the name File
containing the data to be hidden and the file name will be ' created. The program trivially copy the contents of the file in the new JPG file, crypt the data file and appends the new file ever created.
 
As encryption algorithm and 'was used a key algorithm symmetrical. The key is created by taking 16 Byte 16 Byte random JPG files. The Data is encrypted by the XOR between them and the key. Is exploited fact that A XOR B = C and C XOR B = A.
 
The program returns two numbers that are needed to JPG-Split.c or retrieve the data. The first number is not 'nothing but greatness JPG file, knowing this, of course you know where to begin the data file. The second number instead 'the number of bytes of JPG file to which you begin to withdraw the key for encryption.
possible improvements It would be possible without too much effort also enter the name of the file Output data within the file. For the moment, the name of the file is lost, it will be focused on providing input to JPG-Split.
 
- If you wish you could change encryption algorithm in one key public and private.
- It might be added at the end of the file created the marker end image (FFD9) so 'that the file may seem proper to analysis surface.
 
Short description of JPG-Split.c Requires four input parameters: the name of the file from which to get the data, the name of the file to be created, the length of the JPG file and the number of Bytes which to begin to create the key to decrypt the data.
 
The program trivially extract the data, decrypts and saves them on files. But wanting to reach the same result by opening the jpg with a editorHEX and adding at the end of the data.
Offline Utility: 

Similar Content

Identify harmful Web Shell with PHP Shell Detector

webshell php

A web shell is a script, commonly written in PHP, which can provide access as the root user to a web server compressed. Trojan also renamed PHP can be very harmful if used correctly by an attacker, it is therefore important to periodically analyze the platform's web in search of intruders.
Development: 

Direct Marketing and Email Marketing: Difference and comparison

direct marketingThe pioneers of direct marketing (DM) Bob Stone, Martin Baier and Henry J. Hoke Jr spoke of the discipline of direct marketing as an interactive system of marketing that uses one or more advertising media to derive a measurable response and quantifiable, and a transaction at any place, with the added possibility that all this activity is not indifferent to being stored in a special archive (database).
Web Marketing: 

Google is chaos: quarterly report already released by mistake.

google chaosThe publication ahead of schedule of the accounts of Google, made public by hours in advance while the press was still incomplete, has been a "human error rather than a systemic problem." This was stated by the CEO of the company specializes in printing services financial RR Donnelley, Tom Quinlan, in an interview with the Wall Street Journal.
News Magazine: 

The @ mentions of Instagram translated automatically on Twitter

instagram on twitterA small and fast news about Instagram is sure to please lovers of this now proven compatibility mobile application but also aficionados of Twitter.
 
For non-experts and for the less "geek" is a little cumbersome to understand at first, but not impossible.
News Magazine: