Thread: Does the .png image format have a text metadata field?
View Single Post
  #52  
Old February 14th 20, 08:18 PM posted to alt.windows7.general,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default [OT]Does the .png image format have a text metadata field?
Shadow wrote:
On Fri, 14 Feb 2020 10:10:51 +0100, "R.Wieser"
wrote:

Shadow,

Since almost all image formats are compressed, do you know a
tool that can un-compress the data to look for "hidden" text or files?
There's a lot of apps that do steganography,
What makes you think that steganography is limited to the uncompressed data
? :-p

One form of it might make use of a slightly altered compression engine,
which returns the same uncompresed (short) byte sequences for two input
values, and regard those two input sequences as being a Zero and One.

As for your question, a standard Windows installation comes with a few DLLs
(GDI, GDI+) that will uncompress images (into memory) and allow you to
inspect their contents (using "GetPixel" style calls).

But don't assume that that is all you need to do. The data itself might
have been encrypted and strewn around the image in a non-lineair pattern
(possibly even using a seeded random generator). It will make it rather
hard to find the bits themselves, and the order in which they should be
read.

In other words, steganography normally doesn't stop at layer #1. :-)

I'm beginning to get that. But *bad guys* would tend to hide
terrifying messages like "don't kill the president" using
freeware/open-source programs which don't leave a money trail.
I doubt many of them are expert programmers or into crypto.
Whatever, it was just a passing curiosity.
[]'s

There are two ways to pass a message in a JPG.

Formats that use 4CC codes, the parser ignores things that
are not part of the format. For example:

ABCD length series-of-bytes-encrypted-compressed

If ABCD is a 4CC that doesn't exist in JPG, it is ignored
while you're looking at the picture.

Then, you need a simple tool to look for ABCD to find
the "packet" with the information, whatever it is.

This would be considered an out-of-band method.

The next method is in-band, and uses the dots you would
hope would have been used for your purposes.

*******

An example of steganography, is how the Secret Service has
a series of yellow dots embedded in color prints on color
printing devices. The Secret Service is tasked with currency
crimes, such as counterfeit currency. To aid them, a color
printing device adds yellow dots to the image, and via some
self-synchronizing mechanism, they can get a serial number
from the dot pattern. Presumably the pattern is fine enough
and repeats enough (redundancy) so that items as small as
a dollar bill will have a serial number in it.

This does not guarantee the printer can be tracked down.
If the customer pays cash for the printer, then the evidence
trail ends. Except for circumstances where a retailer
"scrapes your face" for a transaction, and of course we'll
never know they're doing that.

You can see the yellow dots, in the picture on this page.
You have to use the zoomed-in version of the picture to see them.

https://en.wikipedia.org/wiki/Machin...ification_Code

The chicanery with printers, is amazing.

https://en.wikipedia.org/wiki/Counte...tates_currency

"Albert Talton, was sent to prison for counterfeiting the United States
one hundred-dollar bill and the United States twenty-dollar bill.

Produced over 7 million dollars in counterfeit US currency using
a standard inkjet printer, and was convicted and sent to prison
in May 2009."

They figured it out, when he was caught smiling at the cash
when buying new cartridges for the printer. Nobody ever
smiles when buying ink :-)

Paul
Ads