Re: easy stealth encryption?

"Anonymous" <anon-bounces@deuxpi.ca> wrote in message
news:f013d8f02a723f74317714528f2e71f0@deuxpi.ca...
> How about this?
>
> you encrypt a file and call it abc.dll. You have another dll, xyz.dll.
> That could also be an encrypted file.
>
> You run a little program that exchanges every other byte between the two
> files.
>
> Could the TLA figure out that they are something other than ordinay binary
> garbage?

Easily. In each architecture there are operations that are much more common
than others, in RISC systems for example load and store ops are very
frequent, and in CISC ops containing embedded loads and stores are frequent
as well. It would be actually rather trivial to determine that it's not
really a dll if one were to look intently at it. As steganography goes this
would be rather weak. What you'd probably want to do instead is make abc.dll
a container format such that it had some portions that were not executed
(common) use the portions to hide your encrypted data, from there if you
make abc.dll support a cryptographic interface, say for example the Windows
Logon interface (can't remember the name) it would almost certainly contain
quite a bit of code to make use of what could easily appear to be binary
cruft. I suspect you might be able to use as much as 1% of such a dll
without being caught. Not exactly high bandwidth, but could be sufficient.
                Joe
Received on Thu Jan 19 03:45:06 2006