From asb@cs.nott.ac.uk Fri Apr 29 19:51:32 PDT 1994 Article: 26045 of sci.crypt Newsgroups: sci.crypt Path: vanbc.wimsey.com!deep.rsoft.bc.ca!agate!howland.reston.ans.net!pipex!warwick!nott-cs!asb From: asb@cs.nott.ac.uk (Andrew Brown) Subject: Hiding things in gzip files (source) Message-ID: <1994Apr28.124902.5107@cs.nott.ac.uk> Organization: practically none Date: Thu, 28 Apr 94 12:49:02 GMT Lines: 135 The attached patches will allow you to hide information inside GZIP compressed files. APPLYING THE PATCHES You need the gzip source code distribution. At the time of writing this is version 1.2.4. The patches are context diffs so you stand a good chance of them working on versions other than 1.2.4. Firstly unpack the gzip source tree, then unpack the attached patches into the main source directory. Now apply the patches thus: patch -c < patch1 patch -c < patch2 patch -c < patch3 Now all you need to do is follow the normal procedure for making gzip. USER INTERFACE A new option is added to gzip, "-s" or "--steg", that provides for the hiding/revealing of files. You hide files during compression and reveal them during decompression. e.g. gzip -s file-to-hide file-to-compress This will hide "file-to-hide" inside file-to-compress as it is compressed. Extracting a file could be done like this: gunzip -s file-to-extract-to compressed-file This will simultaneously decompress the compressed file and extract the hidden file to file-to-extract-to. To extract the hidden file without uncompressing you might do the following: gzip -cds file-to-extract-to compressed-file > /dev/null HOW IT'S DONE gzip uses LZ77 which compresses data by storing length/offset pairs that refer back in the uncompressed data stream to previous occurrences of the information being compressed. gzip considers a length of 3 to be the shortest acceptable length. We allow gzip to find the length/offset pairs and then do the following. If the length is at least 5 then we subtract 1 and set bit 0 to the value of the bit that we need to hide. We have now hidden information in the length without pushing it beyond a valid value. Drawbacks are a slight decrease in compression (very slight) since we have to disallow lengths of 4 and some of our meddling will decrease the actual matched length by 1. The hidden file is totally invisible to the normal operation of gzip, gunzip et al and (if encrypted) will only be visible to those in the know. When the "-s" flag is not used gzip performs as normal. Testing was performed on a 486/33 running Linux, using a 1Mb tar file to hide the test information inside. The patched files (inflate.c, deflate.c, gzip.c) should compile OK on any system that can compile gzip, although non-Unix users may have trouble applying the patches in the first place. My tests have shown that you can hide about 1 Kbyte in every 100 Kbytes of uncompressed data. This ratio would be considerably better if gzip wasn't so damned efficient :) Regards, - Andy -------------------------- cut here ------------------------- begin 600 gzsteg.tar.gz M'XL("*"5ORT"`V=ZKV[7B=C;"7QX=BI[80"Y?G;GUW)+PJ$/OWP7'LSAR806]I=K5:[ MVM\J,S?S)N;:W]H`H&T80-\`XMLRBW=\;IH.@&W;CFTY+;N%78YEV6M@K'V' M-D\S-P%82^(X6_OWM>WM;?#9*'0SUO!J[YD/>[,$F@Z8W9[E])HF/G1;Z[JN M%V1ZFK'Q/5K3ZC5;@G9[N=$[.*;FM(&_DBA\-0T3\%%?!\`=R`(/O`EN1.*E M@?_A(PR@_O.!WZMTTQ9@-$R;IK!VC/8.S6;T;`L_\%<8SV>P_WD&/]?[*/`G M%OG!"!_6G\+.-HRO2>4>Q/,$Y7FAF^!\<93"]@X2X(=]SE@201!E0)3]6JV& M;/3H1O$X<6>3*T`UQH)!IA[Y1$S4HR!D*#WUDF"6QWNCT(633.)M2WQ#\/QYQ?#/>E"7,&Y?PJ8ZFZD@F%I2M9L/\. MAS<1'"@LYQ`JXGMIJS#VW+!0=*FZ-NBE(9`#9!,0^?/2ODZLZAJJH; M`T,53+=WYAT,'+64YOH*[IJV62Q4,W,NH3:J)*;BB\XGRN7(Y!BZ)6X_,'_KZ%`V(87<30*QG/AV3!#%Y\RW-24C^ZLCDG#UAP\ MAZNHM`S-L9M%6)9M&Z:4)2!((8K1'5B&DC4,IVPVSR";,)@E;!'$\U00]I:8 M=Z2W8`0*T0[SC=P=P)N#H^&;O;,7KV%S4[`7@\\&(-&JW,-VMLFR54A'\25< M,KB@[VSB9LL24.$PCL;`HG@^GL`(PY+.@(@Q/T4V(:IH4_>"`6:!:4F'KJW1 M\B*8!#Z#(&MPCCP0:J6+D>9%I`DU:V*Q\EIWRX4^-24BD-VS?M\UH(YH_%/\U'4O"?VV'XS_; M>,1_WPO_!5&!_UXE`>S-QV!:8+9ZMM%K&AQP\?20DSV(_UKVP_C/-!'QF1(" MY!W(D>>:GX+("^=XR-;'U\&L,:E3'V*_(&*0AG3Z7@:1'U_^DS$=':W8C3"U MX0!2=QH-J_O/Q'$"Q"WBP!`2]"NR)+X]&UA=M7;S-1R(K.>J9*PO@V7(USE4U7Y%6R*]3H'% MJG0WJ*1L=_I?QYEW`&2N`AF.%*B0X`H0>!\%4.-6>@!Q2AEYL*0840V,_FI4 M>;L$)%_/1Z.I&X$78XR$<7R!A5#FGJ-_L"A+KG0]FR`*XL\$AT8@X$,M.+(:GU@7WDJ$.TE^_>O'U^<':J,+7L.TM8B^7L;J]E5J.L"S^ M\&;OM^';O;/7P\/]HX]$5.1R<>86($`:H./7ZE+/<@H?&(=R)T_1]"XE8"%S M7>1&-_6"`(\GHR_%KQ='"Y9D>$C[>CS20SJ0(8MSU8]/!4%4PALA*HN'>"AA M#5Z*0U%%21Y#/J;HGEKQ(%"*IUASI6G!1,='U:GHOOK0;4'3[FK-=JO:QZ9C M:$VG+9^]-_5/\X!E>#:*4-?HL_5IZU:CB?@83Q35,7533Q'+1`7+-W$DS,/# M-%@P8LHYDIQ#C#$\$!->\OL!]B!T"PJ'R2?%S2FT!%.(2',1A;=1S;^#]2G# M3>"`2U8:LV[P.9>0\Y_F_'.FG(ZY&D6A+1A/%\1" MX3*=/;3C5LO1++M9[;B%+F"U),43F M#,J^\`KB2-Z7NE;=V#[E,E*4P>]5\G9O)X)(MHSO9BX70KRGT$"S`TD0UA>O M_&J2@=P71W?-FY92,N3G&Y"WKV]&R;9`-@SE\SAEG*UX)@]&HE5&;CD=K=7) MPZK`K4GDS:Z4ZZ%05X,_AJ?O7KTZ^`T!1'#-XE$YI.IFB6"NZ2(%XQK9\:$B MX7!A0X#1">FM*/$L\Y!RS#)\&G)$HKC)V-,0J(T7&M3=\Y[GCR:O?PD/IV^B MHT_):2];_/J'V;1:=MOI=/F*J4@B7I2!T(:7#MNJH:JP,4!D]XHP,!*EEP'= M'?(Y15=Y0>2B:;; MK*QK10F#ZE0WEOG414K6RIF?KIH9BIFS+;I;KI4A.5A.:7).-/L%92[DVPH* MIZVUC:8$3JA1N`^]>!Z18/(/+"I0XR#R^P5(6<;^>.K1#0'FXIT\)>=7"3,Z MY]#+\/#A-B$[W87^>3E;U9"\JUJH*`E&_N#X[?Y19<+CX?N3XZ/#W[\<#U^< M[.^=X??S@Z.]D]^UD_?#=Z?[)Y)U^6WOS4-R3E[F*Z?#1+,*1&12T&]2=I#^IT MB1QSS84:F&^2."F7(SK9YR`;\A(9(_'DY/B$]\HEOSQ[7EUC?H/"!CQ%T1U[ M]3N&P')8]&]PF$)*KG0QA+MM&?^V,6S;MB6'+8D+`_3G4AH]25ZW"V9^>OCQ MD"@5NDFG,X^2/+<+.G_FAFD%#&Z+LK3T2B^D9$0HNL`S_\/G-J3HDF\W5NP& MWXPGH9]?+F0QXE>,%$98E/+WGQ$>D?0#1>EGY1N)W.E(WLGUI.TO^_(=$67M MD'93*;>T/*[RG]O*`6Z;O["^(QU&Q/;;']M@> -V[^P_1<=Q]')`"@``&Z; ` end