ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º S-Tools for Windows º ÇÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĶ º Version 1.00 º º (c) 1994 Andy Brown º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ What is steganography ? ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Steganography is the ancient art of hiding information in some otherwise inconspicuous information. Many years ago people used to use illustrations to conceal messages. The idea being that one party could send the illustration to the other in reasonable confidence that if the messenger was questioned then the illustration would not arouse any interest from his enemies. Since the advent of computers there has been a vast dissemination of information, some of which needs to be kept private, some of which does not. S-Tools brings you the capability of `hiding' files within Windows sound wave (.WAV) files. The modified .WAV file that contains your hidden file will not sound any different to the human ear than the original file. The modified file does not increase or decrease in size, it remains the same. I suppose you could look at this as a kind of infinite compressor for the file that you are hiding, since you can quite happily delete it after you've hidden it, extracting it from the WAV file whenever you need it. Shareware ÄÄÄÄÄÄÄÄÄ S-Tools is shareware. That means that if you find it useful and would like to continue to use it after a reasonable trial period, which I consider to be about one calendar month, then you should register your copy of the program with me. The registration fee for S-Tools is 15 UK pounds sterling. To register S-Tools, send a cheque drawn against a UK bank, International Money Order, International Postal Order or Sterling travellers cheques for 15 pounds to the address below: Andy Brown 28 Ashburn Drive Wetherby West Yorkshire LS22 5RD United Kingdom For your registration fee you will receive a printed manual, a personalised copy of the program, and a copy of the `C' source code. I can be reached by e-mail at until June 1994. Using S-Tools ÄÄÄÄÄÄÄÄÄÄÄÄÄ S-Tools comes with a Windows help file that you can activate by pressing F1 or by selecting the appropriate option from the Help menu. This help file documents every command and option that is available within S-Tools. As such, there is little point in duplicating all that information here. Instead, the rest of this manual will consist of how-to sessions that walk you through the process of hiding and retrieving files. I would recommend that you read the appendices at the end of this document so that you are familiar with the limitations of, and the techniques employed by S-Tools. How to hide a file ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ In order to hide a file you need to be in possession of three pieces of information. These are: 1. The name of the file that you want to hide. 2. The name of the WAV file that you want to hide it in. 3. A name for the new WAV file that contains the hidden file. If you are experimenting with S-Tools for the first time then you might like to try hiding something inside the ORIGINAL.WAV file that is supplied with S-Tools. When you've figured out the above three pieces of information you need to follow the following steps. 1. Select the `Open WAV file' option from the `File' menu. Use the Windows file selection box to choose the name of the WAV file that you want to hide your file in. If the WAV file is one that S-Tools understands then you will see a representation of the sound wave in the main window area. In addition to this, you will see a few extra pieces of information about the file in the status bar at the bottom of the screen. This tells you some miscellaneous things like the playback frequency of the file, the number of bits per sample and, more importantly, the maximum size file that you hide within this WAV file. 2. Assuming step 1 went ahead without any trouble, you can now choose the file that you want to hide. Select the `Hide file' option from the `File' menu. Now use the Windows standard file selector to choose the name of the file that you want to hide. Assuming that the file is not too large to hide in the WAV file that you loaded, there will be a short delay and then the waveform display will change. The areas marked in red on the waveform are areas of the sound wave that were altered by the concealment process. The areas in black just happened to not have to be altered in order to conceal the file. 3. Naturally you will now want to save your modified wave file so that you can send it to the person that you are exchanging secret information with (!). To do this, simply select the `Save wave file as' option from the `File' menu. Use the Windows standard file selection box to choose the name of the new WAV file. 4. Well that's just about all there is to it. Except perhaps one thing. After you've hidden a file inside a wave, you might like to compare the sound of the original file to the sound of the modified one. The two `Play' options under the `Options' menu will do this for you. See if you can spot the difference between the original and the modified version ! Do you think you could spot a concealed file if you didn't have the original to compare to ? No way ! Revealing a hidden file ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ If you are experimenting with S-Tools for the first time then you might like to try extracting the hidden message within the file HIDDEN.WAV. The hidden file is comprised only of text, so you can use the `Screen' option to display the message. Revealing a hidden file is even easier than hiding a file. All you need to do is to follow these steps. 1. Select the `Open WAV file' from the `File' menu. Use the Windows standard file selector to choose the name of the WAV file that contains the information that you want to extract. The main Window will change to display information about the WAV file, and a representation of its wave form. 2. Now choose the `Reveal file' option from the `File' menu. S-Tools will now try and guess whether the sound wave has a hidden file within it. It is quite possible that S-Tools will tell you that a there could be a hidden file in a wave when there isn't one, but never the other way around. It will never tell you there is no hidden file when there is one. If it thinks the wave might have a concealed file then you will be shown a dialogue box with the length of the file in it, together with two buttons that allow you to either save the concealed file to disk or to show it in a window. Naturally, the latter option is only relevant if the file consists only of text. If you choose to save the concealed file to disk then you should use the Windows standard file selector to select a name for the extracted file. Please note that it is not possible to reconstruct the original sound wave, but then you couldn't hear the difference anyway could you ? Limitations ÄÄÄÄÄÄÄÄÄÄÄ The WAV file format is quite complex and is extensible. S-Tools supports the most common subset of the WAV format, known as Microsoft PCM format. S-Tools supports 8 and 16 bit samples, in mono or stereo. It does not support files that contain extra information other than the wave data itself. Luckily nearly all WAV files (including those supplied with Windows 3.1) are of this limited form. You should never use any `lossy' compressor programs on WAV files that have files hidden within them, this will result in your hidden file being corrupted. Extra information ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ If you intend to use S-Tools for hiding sensitive information then you should be aware of a few basic facts. Firstly, you need to assume that any potential enemy has his own copy of S-Tools and is aware that you might be trying to hide information from him. You need to be able to say "I am not hiding anything, all my wave files are part of my extensive sound sample library". The encryption option provided in the registered version of S-Tools provides just that capability, and should always be used. If you are using the unregistered shareware version of S-Tools then you need to encrypt your files with an encryption package that uses a strong encryption algorithm. Such a package should be able to perform "raw" encryption of files, i.e. it should not tag any "magic numbers" on the front of encrypted files that are used to identify the file as being encrypted with that package. If it did then our aforementioned enemy would immediately know what kind of file he has just extracted. We want him to think that he's got junk, and not a hidden file at all. The PGP package, originally by Phil Zimmerman satisfies the first requirement of strong encryption, but unfortunately it tags magic numbers on to the front of its encrypted files. There is a new development called Stealth-PGP that does away with the magic number identifiers, and this would appear to satisfy all our conditions. I have only included the encryption option in the registered version of S-Tools since it is illegal to export strong encryption packages from the U.S.A. and this would make distribution of the shareware version via U.S. based BBS's and ftp sites illegal. It is, however, perfectly legal to import such software into the U.S. so I would have no trouble sending you the registered version. Daft ? You bet, complain to your local politician ! How it's done ÄÄÄÄÄÄÄÄÄÄÄÄÄ Sound samples are, by their very nature, inaccurate estimates of the correct value of the sound wave at a particular moment in time. The sound samples in Windows WAV files are stored as either 8 or 16 bit values that eventually get passed to the DA convertor in your sound board. For 8 bit samples this means that the values can range between 0 and 255. 16 bit samples range between 0 and 65535. All S-Tools does is to `spread' the bit-pattern that corresponds to the file that you want to hide across the least significant bits of the sound sample. For example, suppose that a sound sample had the following eight bytes of information in it somewhere: 132 134 137 141 121 101 74 38 In binary, this is: 10000100 10000110 100001001 10001101 01111001 01100101 01001010 00100110 ³ ³ ³ ³ ³ ³ ³ ³ LSB's ÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÙ Suppose that we want to hide the binary byte 11010101 (213) inside this sequence. We simply replace the LSB (Least Significant bit) of each sample byte with the corresponding bit from the byte we are trying to hide. So the above sequence will change to: 133 135 136 141 120 101 74 39 In binary, this is: 10000101 10000111 100001000 10001101 01111000 01100101 01001010 00100111 ³ ³ ³ ³ ³ ³ ³ ³ LSB's ÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÙ As you can clearly see, the values of the sound samples have changed by, at most, one value either way. This will be inaudible to the human ear, yet we have concealed 8 bits of information within the sample. This is how S-Tools does its job. Actually, S-Tools prepends some extra information on to the front of the raw file data. 32 bits of time-dependent random garbage is prepended first. This apparently meaningless step means that two identical hidden files that are encrypted in CBC mode will never encipher to the same ciphertext. Secondly, the 32 bit length of the hidden file is included. This is required for S-Tools to be able to extract the hidden file. Encryption will conceal this value.