Steganography

--DT 22:26, 28 October 2008 (UTC)

Introduction

This homework is due on Wed. Oct 29th, at 11:59 p.m. + 1min.

It deals with steganography, and specifically the problem of decoding an images where the least significant bit of each byte is used to store one eighth of an ascii character.

An example will illustrate the concept. Assume that the first 16 bytes of a BMP image file are as follows:

         A2 
         B2 
         C7 
         FF 
         00 
         20 
         31 
         30 

         AA 
         AA 
         AB 
         AB
         00 
         20 
         21 
         21 

Let's rewrite the same 16 bytes, but this time we write next to each byte its least significant bit as a separate entity:

         A2 0
         B2 0
         C7 1
         FF 1
         00 0
         20 0
         31 1
         30 0

         AA 0
         AA 0
         AB 1
         AB 1
         00 0
         20 0
         21 1
         21 1

You notice that when the byte contains an even number, the LSB is 0, and 1 otherwise.

Now, let's group these 16 least significant bits as 2 bytes. We get 00110010 00110011, or 0x32 0x33. We recognize here the ASCII codes for the character '2' and for the character '3'. We have in effect "hidden" the string "23" in the first 16 bytes of the image, and we have done so in such a way that the image still looks like an original when viewed by a human being. This is because the human eye cannot notice a 1-bit change in a color coded in 8 bits.

Of course, we assumed here that the MSB of the ASCII charcter is the first one that gets stored in the pixel bytes, but it could just as well be the LSB. You have to figure out how the secret message gets encoded into the pixel bytes...

Assignment

Your assignment is to write an "extractor" program that will take the name of a BMP file on the command line, load the image in memory, and extract from the least significant bits of the bytes forming the image a series of ASCII bytes that it will then print on the screen.

As is the convention for character strings in C, the secret message is terminated by a 0-byte, i.e. a byte whose 8 bits are 0 (as we did in class on Wed. Oct 22nd).

Use the following files as a skeleton for working with BMP files:

• makegreyBmp.asm
• mytools2.inc
• fileio2.inc

To open a bmp file and process it with makegreyBmp.asm, proceed as follows (assume the image file is called mountains.bmp):

             nasm -f elf -F stabs makegreyBmp.asm
             ld -o makegreyBmp makegreyBmp.o

             makegreyBmp  mountains.bmp

Once the program returns to the Linux pompt, the mountains.bmp file will have been processed by your code, and hopefully the hidden contents will have been listed on the screen.

Test Files

Here are 4 images that contain secret information that your program should be able to decode:

• media:CSC231_secret1.bmp
• media:CSC231_secret2.bmp
• media:CSC231_secret3.bmp
• media:CSC231_secret4.bmp

Note that the first three images look absolutely identical, but all 3 contain different messages. I find it pretty remarkable that the secret message is stored in the first bytes of the first row of the bmp file, and for the Woodstock images, this first row is white, or appears white, but the bits are there, impossible to detect!

Requirements

You must use functions!

Submission

Once your program extracts a string that looks like English text, and no strange characters, you're done! Nothing else to submit except your program! Submit your program (called hw6.asm) as follows

     submit hw6 hw6.asm

Debugging

Lei Lei and I found a good way to debug the program with ddd. The problem is that the program is supposed to start with the name of a bmp file on the command line, which makes it harder to debug with ddd.

One solution is to modify the program slightly for debugging:

        section .data
errorMsg db     "Error accessing file!",0x0A
errorLen equ    $-errorMsg
filename db     "secret1.bmp", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 
        section	.bss
 
;filename resb   255		; reserve 255 chars for filename
handle   resd	1		; file descriptor
noRead	 resd	1		; contains number of bytes read
lWidth	 resd	1		; the line width rounded to the nearest
     				; dword boundary lWidth=(((width-1)/4)+1)*4 	

 . . .
 	
;;; ---------------------------------------------------------
;;; code area
;;; ---------------------------------------------------------

section .text global _start

_start:
;          jmp       start2

;;; --- check that user entered more than 1 argument on command line ---

pop ebx ; get # of arguments on command line cmp ebx,1 jg process ; if user forgot file name, exit dumpStr "Syntax: progName filename" jmp exit

;;; --- get filename from command line ---
process:	

pop ebx ; pointer to argv[0] (name of program) pop ebx ; pointer to argv[1] mov edi,filename ; pointer to filename

copy:	mov	al,[ebx]	; copy name of file from argv[1] to

mov [edi],al ; filename string, until \0 is copied inc ebx inc edi cmp al,0 jne copy

start2:	
;;; --- open file ---
       openFile filename, [handle], errorMsg, errorLen
       

If you want to debug your program with ddd, just remove the semicolon in front of the jmp start2 instruction, and the part of the code that gets the file name from the command line is removed from the code, and the file secret1.bmp is used as the default.

Fun stuff

For your enjoyment, a movie...