|\ /|     scroll down for older posts.
= o.o =

Montag, 18. April 2016

pepperpickle - A Steganography Tool Written in Go

The famous Lena image, taken from Wikipedia. This particular image has the first published version of pepperpickle's source code hidden in it. The decryption password is upaig1Aizula2eim
Today I am suffering from a nasty cold and found some time to finish the initial version of a steganography tool I am writing.

It is written in the excellent Go programming language (golang) and the source code can be found over at github: https://github.com/w33zl3p00tch/pepperpickle

Steganography is the art of covertly hiding information in another medium.

Because simply hiding information does not secure it sufficiently, pepperpickle uses encryption to make the data less obvious.

How it works:
The message file, the so-called plaintext, is compressed and encrypted using AES256 where the encryption key is generated by scrypt and a password.
The remaining space is padded with random data to make the detection of steganography harder. We now have the ciphertext.

Then, the ciphertext is converted to a string of bits, ones and zeros. Currently pepperpickle stores the information of the ciphertext by setting the LSB (Least Significant Bit) of the color value of each pixel in the cover image.

An example for two pixels:

The first two pixels of the image have the RGB-color values
{243, 211, 102}{242, 211, 100}

The first six bits of the ciphertext are
{0, 1, 0, 1, 1, 1}

The LSBs of the pixels are then flipped so that they are even or odd according to the ciphertext:
{242, 211, 102}{243, 212, 99}

When decoding, we simply look whether the color value is even or odd. If even, the ciphertext for this value is 0, if odd it is 1.

There are many different methods for hiding information and I will at least try some of them and maybe add them to pepperpickle's features.

My first name for the program was honeypickle, but after a bit of googling I decided against it ;)