[guardian-dev] Pixelknot: a new app

Abel Luck abel at guardianproject.info
Thu Feb 28 10:32:18 EST 2013


I downloaded and compiled stegdetect [1][2], which claims to support F5
detection. Compiling required some hijinkery, as it only works on i686
and modern GCC didn't like a few things. A patch is attached. If you're
on x86_64 prefix 'configure' and 'make' with 'linux32'.

It has two F5 detection modes "normal" and "slow".

1) normal mode does a header lookup for "JPEG Encoder Copyright 1998,
James R. Weeks and BioElectroMech"

    Harlo did not include this string in her port, so we can ignore it.

2) slow mode, does more complicated detection, though there is no
documentation, so I do not know which paper (if any) it is implementing.

    I tested 10 images, 5 knotted, 5 normal using the command
    ./stegdetect -fF to use the F5 slow detection method.

    Of the 5 "knotted" images, it detected 2.

    Of the 5 normal images, it detected 0.

So, stegdetect is not foolproof, but it works some of the time.

~abel

[1]: http://www.outguess.org/detection.php
[2]: http://www.outguess.org/stegdetect-0.6.tar.gz


Mark Belinsky:
> Hey Guardians,
> 
> This hacker union *needs your help*! The team has been working on an app
> experiment called Pixelknot. The idea is to create a steganography app on
> Android.
> 
> Before we go public with it, we'd love feedback from the trusted devs and
> users on this list. Whether it's about the graphics, user experience, code,
> security or just finding bugs, we need some smart minds on this. Right now,
> there are a lot of stego apps out there but we thought we might be able to
> do a better job. Hopefully we can.
> 
> Our goal is to make a stego app that:
> 
>    1. Has the original image appear, to the trained human eye, *unedited*.
>    2. Has the bytes of the image appear, to a trained analyst, *undistorted* so
>    much so as to arouse suspicion.
>    3. Has the complete message be *recoverable* no matter how it is
>    transmitted.
> 
> The good news is that we're well on our way to achieving this.
> 
> You can *download **latest APK* straight to your Android phone here -
> 
>    - https://bit.ly/pkfeb4
> 
> Or via qr code:
> [image: Inline image 1]
> 
> Here's the code if you want to dig into it:
> 
>    - https://github.com/guardianproject/PixelKnot
>    - https://github.com/harlo/F5Android port of the F5-steganography
>    library to android
> 
> Thanks so much! It's always exciting to launch a new experiment and we're
> happy to have you all along for the ride. Have a great weekend, internets!
> 
> All the Best,
> Mark
> 
> P.S. We know there are some bugs with the camera on the Galaxy S3 so sorry
> to those users. For everyone else, please get the app here
> https://bit.ly/pkfeb4
> P.P.S Thanks for keeping this quiet and not spreading it around on the
> social medias... for now.
> 
> --*
> @mbelinsky <https://twitter.com/mbelinsky> | guardianproject.info | phone:
> +1-347-466-9327 | ostel: 1003 **| pgp:
> 0xEFBFA7278D8EFFDA<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEFBFA7278D8EFFDA>
> *
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
> 
> You are subscribed as: abel at guardianproject.info
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: stegdetect-gcc-fix.patch
Type: text/x-patch
Size: 923 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130228/5b6b8c38/attachment.bin>


More information about the Guardian-dev mailing list