Somebody’s come up with a program that hides secret messages in executable programs. Well… that’s not so impressive – we’ve all hidden secret
messages in JPEG files before by using programs to ‘flip’ certain pixels (example). This works by changing the image in subtle ways that the human eye won’t detect, but that the descrambling application
will. But here’s the clever bit…
Typically, when encoding a ‘hidden message’ in an executable, one ‘pads’ the file, making it bigger. The technique used when encoding messages in graphics files can’t be used with
executables, because ‘flipping’ bits of the file would stop the program from working (or at least, working as it should), which may arouse suspicion. But this new tool works by
exploiting redundancy in the i386 instruction set, swapping instructions or
blocks of instructions for other ones which are functionally identical. As a result, the original filesize remains the same, and the program maintains full functionality. It would take
an eavesdropper to fully compare the executable with a known original executable in order to determine that there was even a message hidden within it, and (thanks to Blowfish cryptography) yet more effort to decode that message.
Marvellous.