Technology

Program Hides Secret Messages in Executables


Netizens with extreme privacy needs got a new tool for their cyber utility

belts recently with the release of an application that lets users hide

secret messages in virtually any executable computer program, without

changing the program's size or affecting its operation.

The tool is called "Hydan," an old English word for the act of hiding

something, and it's part of a research project by Columbia University

computer science masters student Rakan El-Khalil, who showed off the program

to a small group of open-source programmers and hackers gathered at the

second annual CodeCon conference in San Francisco on Sunday.

Hydan is a novel development in the field of steganography -- the science of

burying secret messages in seemingly innocuous content. Popular stego

programs operate on image and music files, where a secret missive can be

hidden without altering the content enough to be perceived by human senses.

But because they contain instructions for a computer's processor, executable

files are less forgiving of tampering. Improperly changing a single bit of

executable code can render an application completely unusable.

El-Khalil's research focused on redundancies in the Intel x86 instruction

set -- places where at least two different instructions are effectively the

same. Each choice between two redundant options can represent a single bit

of data. "The problem with program binaries is there is just not a lot of

redundancy in them," said El-Khalil.

He found some of that useful redundancy in the instructions that tell the

computer to add or subtract.

A computer instruction to add the number 50 to another value, for example,

can be replaced with an instruction to subtract the number -50 instead.

Mathematically, the instructions are the same. In choosing between the two,

a stego program can get one bit of covert storage out of each addition or

subtraction operation in the executable -- without changing the way the

application runs, or adding a single byte to its size. "If we use a scenario

in which addition is zero, and subtraction is one, we can just go through

and flip them as needed," El-Khalil explained.

El-Khalil concedes that the method is imperfect -- an application that's

been impressed with a secret message has considerably more "negative

subtractions" than an unadulterated program, making it easy to pick out

through a statistical analysis. Hydan could also break programs that are

self-modifying or employ other unconventional techniques. And it's less

efficient than stego programs for image and sound files: good steganography

for a JPEG file can hide one byte of storage in 17 bytes of image, while

Hydan's ratio is one byte of storage to 150 bytes of code.

Future versions of Hydan will

boost that capacity by finding different places to code data, such as in the

order of a program's functions, and the order in which arguments are passed

to those functions. For now, the application is still powerful enough to

secretly stash the United States Constitution and the Declaration of

Independence in a single copy of Microsoft Word.

Beyond the covert uses, the technology could be used to attach a digital

signature to an application, or to embed an executable with a virtual

watermark.

CODECON CONTINUES THROUGH MONDAY.

Held at a San Francisco nightclub and featuring a schedule filled with

practical cryptography, anonymity technologies and open-source, CodeCon is a small and decidedly non-commercial technology conference. Most of the projects presented are volunteer efforts that coders work on in their spare time, or between jobs,

which makes the conference uniquely immune from the ravages of a down

economy. "I'm told we're the only tech conference that's actually grown in

the last year," says organizer Len Sassaman. By Kevin Poulsen


Tim Cook's Reboot
LIMITED-TIME OFFER SUBSCRIBE NOW

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus