From asb@cs.nott.ac.uk Fri Apr 29 19:51:32 PDT 1994
Article: 26045 of sci.crypt
Newsgroups: sci.crypt
Path: vanbc.wimsey.com!deep.rsoft.bc.ca!agate!howland.reston.ans.net!pipex!warwick!nott-cs!asb
From: asb@cs.nott.ac.uk (Andrew Brown)
Subject: Hiding things in gzip files (source)
Message-ID: <1994Apr28.124902.5107@cs.nott.ac.uk>
Organization: practically none
Date: Thu, 28 Apr 94 12:49:02 GMT
Lines: 135

The attached patches will allow you to hide information inside GZIP
compressed files.


APPLYING THE PATCHES

You need the gzip source code distribution. At the time of writing
this is version 1.2.4. The patches are context diffs so you stand a
good chance of them working on versions other than 1.2.4. Firstly
unpack the gzip source tree, then unpack the attached patches into the
main source directory. Now apply the patches thus:

patch -c < patch1
patch -c < patch2
patch -c < patch3

Now all you need to do is follow the normal procedure for making gzip.


USER INTERFACE

A new option is added to gzip, "-s" or "--steg", that provides for the
hiding/revealing of files. You hide files during compression and
reveal them during decompression. e.g.

gzip -s file-to-hide file-to-compress

This will hide "file-to-hide" inside file-to-compress as it is
compressed. Extracting a file could be done like this:

gunzip -s file-to-extract-to compressed-file

This will simultaneously decompress the compressed file and extract
the hidden file to file-to-extract-to. To extract the hidden file
without uncompressing you might do the following:

gzip -cds file-to-extract-to compressed-file > /dev/null


HOW IT'S DONE

gzip uses LZ77 which compresses data by storing length/offset pairs
that refer back in the uncompressed data stream to previous
occurrences of the information being compressed. gzip considers a
length of 3 to be the shortest acceptable length. We allow gzip to
find the length/offset pairs and then do the following.

If the length is at least 5 then we subtract 1 and set bit 0 to the
value of the bit that we need to hide. We have now hidden information
in the length without pushing it beyond a valid value.  Drawbacks are
a slight decrease in compression (very slight) since we have to
disallow lengths of 4 and some of our meddling will decrease the
actual matched length by 1. The hidden file is totally invisible to
the normal operation of gzip, gunzip et al and (if encrypted) will
only be visible to those in the know. When the "-s" flag is not used
gzip performs as normal.

Testing was performed on a 486/33 running Linux, using a 1Mb tar file
to hide the test information inside. The patched files (inflate.c,
deflate.c, gzip.c) should compile OK on any system that can compile
gzip, although non-Unix users may have trouble applying the patches in
the first place. My tests have shown that you can hide about 1 Kbyte
in every 100 Kbytes of uncompressed data. This ratio would be
considerably better if gzip wasn't so damned efficient :)


Regards,

- Andy <asb@cs.nott.ac.uk>


-------------------------- cut here -------------------------
begin 600 gzsteg.tar.gz
M'XL("*"5ORT"`V=Z<W1E9RYT87(`[5GM4]LX$^=K^"N6W!5L:@<[CN.\--S0
MEDZ9H=`!>KV[7B=C;"7QX=BI[80"Y?G;GUW)+PJ$/OWP7'LSAR806]I=K5:[
MVM\J,S?S)N;:W]H`H&T80-\`XMLRBW=\;IH.@&W;CFTY+;N%78YEV6M@K'V'
M-D\S-P%82^(X6_OWM>WM;?#9*'0SUO!J[YD/>[,$F@Z8W9[E])HF/G1;Z[JN
M%V1ZFK'Q/5K3ZC5;@G9[N=$[.*;FM(&_DBA\-0T3\%%?!\`=R`(/O`EN1.*E
M@?_A(PR@_O.!WZMTTQ9@-$R;IK!VC/8.S6;T;`L_\%<8SV>P_WD&/]?[*/`G
M%OG!"!_6G\+.-HRO2>4>Q/,$Y7FAF^!\<93"]@X2X(=]SE@201!E0)3]6JV&
M;/3H1O$X<6>3*T`UQH)!IA[Y1$S4HR!D*#WUDF"6Q<E]4I06^)]SV8;N]"#"
M83@/LEF<0D>WNCT(633.)M2WQ#\/QYQ?#/>E"7,&Y?PJ8ZFZD@F%I2M9L/\.
MAS<1'"@LYQ`JXGMIJS#VW+!<T3!!,8J*_3?X!S!/)Y"P;.&&?4$.$(R4?.V[
M@XX*-T*PU6TT.KC+N39<.K6<5-?[>0=*FZ-NBE(9`#9!,0^?/2ODZLZAJJH;
M`T,53+=WYAT,'+64YOH*[IJV62Q4,W,NH3:J)*;BB\XGRN7(<Z#TC5)7=5GY
M@5-*)-4K>Y!BZ)6X_,'_KZ%`V(87<30*QG/AV3!#%Y\RW-24C^ZLCDG#UAP\
MAZNHM`S-L9M%6)9M&Z:4)2!((8K1'5B&DC4,IVPVSR";,)@E;!'$\U00]I:8
M=Z2W8`0*T0[SC=P=P)N#H^&;O;,7KV%S4[`7@\\&(-&JW,-VMLFR54A'\25<
M,KB@[VSB9LL24.$PCL;`HG@^GL`(PY+.@(@Q/T4V(:IH4_>"`6:!:4F'KJW1
M\B*8!#Z#(&MPCCP0:J6+D>9%I`DU:V*Q\EIWRX4^-24BD-<HO+Y6V$J1(HQ<
MK%:3:+\,3(F8A2F[2[$Y4/XCG#LG*G24IKDM'DC`'8T'`UGEKRM\2X<M+#5O
MPKR+(=\/7$A":3;334VP\VYM:7_IX%Y?>VS?M\UH(YH_%/\U'4O"?VV'XS_;
M>,1_WPO_!5&!_UXE`>S-QV!:8+9ZMM%K&AQP\?20DSV(_UKVP_C/-!'QF1("
MY!W(D>>:GX+("^=XR-;'U\&L,:E3'V*_(&*0AG3Z7@:1'U_^DS$=':W8C3"U
MX0!2=QH-J_O/Q'$"Q"WBP!<H[I(0Y_$K1:%5G:MJ7\9ZRV3*N2I$7B8!BBNA
MJLA9Q-XOT>`2]"NR)+X]&UA=M7;S-1R(K.>J9*PO@V7(USE4U7Y%6R*]3H'%
MJG0WJ*1L=_I?QYEW`&2N`AF.%*B0X`H0>!\%4.-6>@!Q2AEYL*0840V,_FI4
M>;L$)%_/1Z.I&X$78XR$<7R!A5#FGJ-_L"A+KG0]FR`*XL\$AT8<UY"3<90S
M=;T)AE@J4C<'4!-WP<!LZ[2QLQ@W%$$D**PQ;L#;%UO<P0GQI5,W#,G+I\P/
MYE.8XORAVA""?G4Q9,D;$U=$A9LP"@O3:B#20/`+6,BA-OO'SU%TY$,\@G-T
MM@M5RX?;*T\1V^YH=MNJ3A&[XVAVM[N,6'UTITO0(=-W%XT('Q1E'J7!.&*^
M>@X$,M.+(:GU@7WDJ$.TE^_>O'U^<':J,+7L.TM<CRT65!'X+$FT^I]_?GCB
M:T_\CW4-+G5?@Z@,EKO0E`QHT,HB6BK:/=4@C04@=1%)[UJ@E`!+E9%EB?^0
MAN.N*OBB35,`I4)#=`$_YCOBQ;,K&6UC]\WZM^5_ZX?F_W;+:.;YO]7$_^+^
MI_V8_[]7_N<IUZN=3>8B^7<Q__>L;J]E5<F?:![(_/@QOI+YNQVM:4@QRSO,
M5A&S^.'I),\U;A+0Z94*3[Z?ZY<(I"2%%<;<R_A5$C\PZ:%?CO*K)>J.L"S^
M\&;OM^';O;/7P\/]HX]$5.1R<>86($`:H./7ZE+/<@H?&(=R)T_1]"XE8"%S
M7>1&-_6"`(\GHR_%KQ='"Y9D>$C[>CS20SJ0(8MSU8]/!4%4PALA*HN'>"AA
M#5Z*0U%%21Y#/J;HGEKQ(%"*IUASI6G!1,='U:GHOOK0;4'3[FK-=JO:QZ9C
M:$VG+9^]-_5/\X!E>#:*4-?HL_5IZU:CB?@83Q35,7533Q'+1`7+-W$DS,/#
M-%@P8LHYDIQ#C#$\$!->\OL!]B!T"PJ'R2?%S2FT!%.(2',1A;=1S;^#]2G#
M3>"`2U8:LV[P.9>0\Y_F_'.<?HS:12"HT/(HT.5)KC&^EL5@&BZ-5:PDR\70
M&!0[@P''5:!T/$9$<25+B6(]"Z9,",JEG.52_#C:0A>FG(ZY&D6A+1A/%\1"
MX3*=/;3C5LO1++M9[;B%+F"U)<P^BA"BP]'Q\.7!":E3!SW!T7*#L"N>,43F
M#,J^\`KB2-Z7NE;=V#[E,E*4P>]5\G9O)X)(MHSO9BX70KRGT$"S`TD0UA>O
M_&J2@=P71W?-FY92,N3G&Y"WKV]&R;9`-@SE\SAEG*UX)@]&HE5&;CD=K=7)
MPZK`K4GDS:Z4ZZ%05X,_AJ?O7KTZ^`T!1'#-XE$YI.IFB6"NZ2(%XQK9\:$B
MX7!A0X#1">FM*/$L\Y!RS#)\&G)$HKC)V-,0J(T7&M3=\Y[GCR:O?PD/IV^B
MHT_):2];_/J'V;1:=MOI=/F*J4@B7I2!T(:7#MNJH:JP,4!D]XHP,!*EEP'=
M'?(Y15=Y0>2B:;;<K1YWKE;7U%K=CGR<_'!#(#4M\KXYTM[?:Y"5X+=I:7:S
M(X%?"\%OJWWONO:^"7`J7(^$=4O[+IOW`;KSA+D7_*)/:)AN]40)6!R5*<L>
MK*QK10F#ZE0WEOG414K6RIF?KIH9BIFS+;I;KI4A.5A.:7).-/L%92[DVPH*
MIZVUC:8$3JA1N`^]>!Z18/(/+"I0XR#R^P5(6<;^>.K1#0'FXIT\)>=7"3,Z
MY]#+\/#A-B$[W87^>3E;U9"\JUJH*`E&_N#X[?Y19<+CX?N3XZ/#W[\<#U^<
M[.^=X??S@Z.]D]^UD_?#=Z?[)Y)U^6WOS4-R3E[F<E;PUT:$K*J"EM[$@(2*
MBH%&F@TI4,MQ7HXK<CVN/K6:E5ZW\HIQ#JH%]>*Z?#1+,*1&12T&]2=I#^IT
MB1QSS84:F&^2."F7(SK9YR`;\A(9(_'DY/B$]\HEOSQ[7EUC?H/"!CQ%T1U[
M]3N&P')8]&]PF$)*KG0QA+MM&?^V,6S;MB6'+8D+`_3G4AH]25ZW"V9^>OCQ
MD"@5NDFG,X^2/+<+.G_FAFD%#&Z+LK3T2B^D9$0HNL`S_\/G-J3HDF\W5NP&
MWXPGH9]?+F0QXE>,%$98E/+WGQ$>D?0#1>EGY1N)W.E(WLGUI.TO^_(=$67M
MD'93*;>T/*[RG]O*`6Z;O["^(QU<?HL5DJ$NW22B&.26NGW\R>&Q/;;']M@>
-V[^P_1<=Q]')`"@``&Z;
`
end