
Show HN: SpeakingJpg – Hide encrypted text messages inside jpeg images - wolframhempel
https://github.com/WolframHempel/speaking-jpg
======
jmull
I think they are sticking the encrypted message into a jpeg metadata field?

I've been thinking for a while that a subtler version of this -- where the
encrypted message is overlayed into the picture data -- would be very hard to
detect.

I'm thinking down a path where using strong encryption would be illegal and
all communications are monitored, so hiding the fact that an encrypted message
even exists is important.

The idea is that the encrypted signal would be essentially indistinguishable
from random noise so as long as the message isn't very dense relative to the
picture it would be hard to determine it was even there. Also, people
naturally and normally send all kinds of inane pictures back and forth so it
seems like it would be hard to even infer the existence of an encrypted
conversation from data sharing patterns.

~~~
wolframhempel
Agreed, though that would require a lossless format (e.g. png) and would limit
exchanges to sources that don't change the image (e.g.as email attachment) but
not social networks that resize or otherwise reprocess the image

~~~
anfractuosity
You don't have to use a lossless format for steganography, for example:

'Statistically Undetectable JPEG Steganography: Dead Ends, Challenges, and
Opportunities'

[http://dde.binghamton.edu/tomas/pdfs/Pev07-ACM.pdf](http://dde.binghamton.edu/tomas/pdfs/Pev07-ACM.pdf)

------
scandox
[https://en.wikipedia.org/wiki/Steganography](https://en.wikipedia.org/wiki/Steganography)

I remember being told that Al-Qaeda used this mechanism to exchange messages
pre-9/11\. Surely there are longer established tools for this?

Edit: [https://www.openstego.com/](https://www.openstego.com/)

~~~
cvwright
> I remember being told that Al-Qaeda used this mechanism to exchange messages

I don't think that was ever confirmed. Niels Provos and Peter Honeyman went
looking for stego content "in the wild", examining over 2 million images,
which was a lot at the time. Their search came up empty.

[http://www.citi.umich.edu/u/provos/papers/detecting.pdf](http://www.citi.umich.edu/u/provos/papers/detecting.pdf)

Edit: Apparently they did find one image, created as a demonstration for the
ABC News story.
[http://www.citi.umich.edu/u/provos/stego/abc.html](http://www.citi.umich.edu/u/provos/stego/abc.html)

------
tyingq
Cool, but it appears to embed in a jpeg comment section with a predictable
constant that marks what it is. So fun to play with, but not terribly covert.

~~~
wolframhempel
true - would make sense to make the identifier configurable and/or just
iterate trough all comments in the jpg

------
notheguyouthink
Really cool! I actually read about this idea years ago in a book _(Dean
Koontz, The Husband iirc)_. Ever since then I've wondered why it isn't more
common to try to obscure messages through normal means.

I guess the data formats are too inefficient in most scenarios. Eg, encoding
bytes as words is insanely inefficient, but somehow encoding them in such a
way that they make grammatical sense as to not seem "off" \- I imagine would
be nearly impossible and/or crazy inefficient.

Double that with trying to encrypt your encoded bytes, such that if they
_were_ discovered, the encoded bytes wouldn't be blatantly obvious. That's...
a lot of damn data haha.

------
anfractuosity
Nice, I haven't looked at the code yet, but I'm curious what the 65k limit is
due to?

I was just thinking though, if you're using the meta data field, couldn't that
make it obvious data is hidden?

I wrote a little program a while ago to send data, by changing the intervals
between packets:

[https://www.anfractuosity.com/projects/timeshifter/](https://www.anfractuosity.com/projects/timeshifter/)

~~~
tyingq
The data is going in an APPn jpeg metadata block (jpg "comment"), max size of
65k. You could use multiple comment blocks, but this doesn't implement that.

------
Gys
Having text in the comment section does not seem very useful as most online
services will resize the image and very likely strip comments (as mentioned in
the readme).

A suggestion: would svg not be better ? That is a lossless format in xml
format. An image could have lots of details in a very small section, actually
composed of readable text that is (in some way) turned into xml. The svg in
total has to be valid though.

------
staticelf
An interesting experiment would be to sent pictures of airports to eachother
using this tool to send meaningless messages to different parties and see how
good the authorities actually is in detecting it.

Anyone?

------
westmeal
This reminds me of DesuDesuTalk used for embedding text into images posted to
imageboards.

------
tianshuo
There are techniques in Chinese articles supported by CPC on the topic of
detecting steganography and decrypting it. Tampering a file will leave prints
that aren't normal, and that could be found. So steganography maybe isn't a
good idea at all.

~~~
jstanley
Surely you're no worse off sending any content steganographically compared to
in the clear?

Worst case, they find it, and you're in the same position as you would be if
you sent it without steganography.

