From: Atman.Soul on
I am looking for any type of steganalysis program, preferably for WAV
and MP3 files, but Steganalysis for images is okay. Thanks.

From: Ertugrul Soeylemez on
"Atman.Soul" <Atman.Soul(a)gmail.com> (06-03-12 12:05:25):

> I am looking for any type of steganalysis program, preferably for WAV
> and MP3 files, but Steganalysis for images is okay. Thanks.

I assume, by 'steganalysis' you mean finding steganographically hidden
content, and in the ideal case, retrieving the hidden message. You
cannot do this programmatically, if it has been done properly. However,
there is a little chance that you could write such a program yourself.

Let's, for example, take a sound file (i.e. waves). Normally, a hidden
message is itself encrypted, to make sure that even if its existence
gets revealed, the actual message content doesn't. Normal sequences of
wave samples can be compressed easily. But an encrypted message can't,
because to the compression program it looks like random garbage.

You could extract certain bits, e.g. the low bits of the samples, and
try to compress them. If they compress better than the other bits, then
this indicates that normal plaintext could have been steganographically
integrated into the sequence, because normal plaintext tends to be
highly redundant; more than real wave samples. If they don't get
compressed at all, then this could indicate a hidden ciphertext.

Well, it looks like you have to do this yourself. I can't find any
automated program for this. By the way, if the message has been
integrated properly, then you won't be able to do this. Personally I
would try to add redundant (but meaningless) information into the hidden
message, so it compresses as well as the innocuous container message
(i.e. the wave file).


By the way, you don't have to repost a message just to fix a typo. ;)


Regards.
From: vedaal on

Atman.Soul wrote:
> I am looking for any type of steganalysis progrma, preferably for WAV
> and MP3 files, but Steganalysis for images is okay. Thanks.

don't know of any offhand for sound files,
but here is a very good one for image files:

http://www.outguess.org/detection.php


vedaal

From: Harris on
Ertugrul Soeylemez <never(a)drwxr-xr-x.org> wrote in news:20060313020803.26f62287(a)kill.mine.nu:

> "Atman.Soul" <Atman.Soul(a)gmail.com> (06-03-12 12:05:25):
>
>> I am looking for any type of steganalysis program, preferably for WAV
>> and MP3 files, but Steganalysis for images is okay. Thanks.
>
> I assume, by 'steganalysis' you mean finding steganographically hidden
> content, and in the ideal case, retrieving the hidden message. You
> cannot do this programmatically, if it has been done properly. However,
> there is a little chance that you could write such a program yourself.
> ..............
> .....................But an encrypted message can't,
> because to the compression program it looks like random garbage.
>
> You could extract certain bits, e.g. the low bits of the samples, and
> try to compress them..........................If they don't get
> compressed at all, then this could indicate a hidden ciphertext.
> .......................


Steganographic analysis works in the same logic as steganography itself, only in reverse. When you
find a way to embed a hidden message to a carrier signal (data), you always think of ways that this
could be detected.

In simple stego tools, the message is spread in the spatial domain using minimal content change to
the carrier. In most cases, this means that you only use the LSB of each carrier byte/word. If the
message is compressed or encrypted, the end result would be something like adding white noise to
the original signal. However, this works the other way too: if the original carrier is "crystal-clear" and
you add a LSB-stego message to it, the modification will be easily detectable by proper statistical
analysis. This does not mean that every time you detect random sequences in LSB you have e stego
message - it could easily mean just noise.

More advanced techniques employ spread-spectrum message embedding: the modification of the
carrier is conducted in the frequency spectrum (FFT, DCT, DWT, etc). This approach provides more
control over the noise-like characteristics of the final signal and usually it's much harder to detect,
even for increased stego message sizes. For example, an image that has been processed by LSB-
stego would appear to have some random noise in the form of speckles. If the same image is
processed by spread-spectrum stego, the embedded message is "encoded" as artifacts of all sizes
and shapes instead of pixel-level noise. This means that the final image may look like a low-quality
jpeg (blurred edges and/or block-like artifacts), but no other evidence of tampering. In this case,
steganalysis is much more difficult to be successful and requires multiple levels of processing in the
spectrum domain.

In both cases, signal processing and statistical analysis are the only tools you have when conducting
"blind" steganalysis, unless you have evidence of specific algorithms/tools used (by examining file
header, stack area, etc). Also, the best stego tools are the ones nobody else knows about them -
otherwise, their output may have already been examined and registered by corresponding
steganalysis tools.



--
Harris
From: Dave Turner on
I don't think you'll find too many automative steganalysis programs because
each steganographic embedding technique is different ... consider for
example changing the least significant bit in several pixels in a bitmap vs
embedding data in comment data fields in a JPEG file - if a programmatical
approach is to be taken then each method needs to be addressed individually
because no algorithm will work for all methods, similarly to how every
encryption algorithm needs to be treated individually - on its own merits