Executable Stenography… With A Difference

Somebody’s come up with a program that hides secret messages in executable programs. Well… that’s not so impressive – we’ve all hidden secret messages in JPEG files before by using programs to ‘flip’ certain pixels (example). This works by changing the image in subtle ways that the human eye won’t detect, but that the descrambling application will. But here’s the clever bit…

Typically, when encoding a ‘hidden message’ in an executable, one ‘pads’ the file, making it bigger. The technique used when encoding messages in graphics files can’t be used with executables, because ‘flipping’ bits of the file would stop the program from working (or at least, working as it should), which may arouse suspicion. But this new tool works by exploiting redundancy in the i386 instruction set, swapping instructions or blocks of instructions for other ones which are functionally identical. As a result, the original filesize remains the same, and the program maintains full functionality. It would take an eavesdropper to fully compare the executable with a known original executable in order to determine that there was even a message hidden within it, and (thanks to Blowfish cryptography) yet more effort to decode that message.

Marvellous.

1 reply to Executable Stenography… With A Difference

Leave a Reply

Your email address will not be published. Required fields are marked *