Feeds

Program hides secret messages in executables

Hydan seek

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

CodeCon Netizens with extreme privacy needs got a new tool for their cyber utility belts recently with the release of an application that lets users hide secret messages in virtually any executable computer program, without changing the program's size or affecting its operation.

The tool is called "Hydan," an old English word for the act of hiding something, and it's part of a research project by Columbia University computer science masters student Rakan El-Khalil, who showed off the program to a small group of open-source programmers and hackers gathered at the second annual CodeCon conference in San Francisco on Sunday.

Hydan is a novel development in the field of steganography -- the science of burying secret messages in seemingly innocuous content. Popular stego programs operate on image and music files, where a secret missive can be hidden without altering the content enough to be perceived by human senses. But because they contain instructions for a computer's processor, executable files are less forgiving of tampering. Improperly changing a single bit of executable code can render an application completely unusable.

El-Khalil's research focused on redundancies in the Intel x86 instruction set -- places where at least two different instructions are effectively the same. Each choice between two redundant options can represent a single bit of data. "The problem with program binaries is there is just not a lot of redundancy in them," said El-Khalil.

He found some of that useful redundancy in the instructions that tell the computer to add or subtract.

A computer instruction to add the number 50 to another value, for example, can be replaced with an instruction to subtract the number -50 instead. Mathematically, the instructions are the same. In choosing between the two, a stego program can get one bit of covert storage out of each addition or subtraction operation in the executable -- without changing the way the application runs, or adding a single byte to its size. "If we use a scenario in which addition is zero, and subtraction is one, we can just go through and flip them as needed," El-Khalil explained.

El-Khalil concedes that the method is imperfect -- an application that's been impressed with a secret message has considerably more "negative subtractions" than an unadulterated program, making it easy to pick out through a statistical analysis. Hydan could also break programs that are self-modifying or employ other unconventional techniques. And it's less efficient than stego programs for image and sound files: good steganography for a JPEG file can hide one byte of storage in 17 bytes of image, while Hydan's ratio is one byte of storage to 150 bytes of code.

Future versions of Hydan will boost that capacity by finding different places to code data, such as in the order of a program's functions, and the order in which arguments are passed to those functions. For now, the application is still powerful enough to secretly stash the United States Constitution and the Declaration of Independence in a single copy of Microsoft Word.

Beyond the covert uses, the technology could be used to attach a digital signature to an application, or to embed an executable with a virtual watermark.

CodeCon continues through Monday.

Held at a San Francisco nightclub and featuring a schedule filled with practical cryptography, anonymity technologies and open-source, CodeCon is a small and decidedly non-commercial technology conference. Most of the projects presented are volunteer efforts that coders work on in their spare time, or between jobs, which makes the conference uniquely immune from the ravages of a down economy. "I'm told we're the only tech conference that's actually grown in the last year," says organizer Len Sassaman.

© SecurityFocus Online

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.