Author Topic: Interesting info about .jpg files!!  (Read 4688 times)

0 Members and 1 Guest are viewing this topic.

Offline GlennSpriggTopic starter

  • Super Contributor
  • ***
  • Posts: 1259
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Interesting info about .jpg files!!
« on: November 27, 2020, 01:29:47 pm »
I've played around in the past, with something called 'Steganography', and associated software. It's used to 'hide' information
within Image files. (Been around for years!). The password protected & encrypted info/files is actually hidden quite cleverly, by
modifying the actual pixel colors by small unnoticeable amounts, to secretly package the hidden data. But this is different!!...  8)

I found out recently that JPEG images have always had the ability, at least in Windows), to have .zip & .rar files stored within them!!
However, I do not know how the data is interlaced, or appended. (I have an example below for you...). Here's how it is done...  ;D

Place a .jpg image in a directory.  Then place an 'archived' file in that same directory. Technically, it works with .ZIP & .RAR files,
but .RAR was proven to be less problematic, so it is what I have used in my example, further below.
First, open a DOS style 'Command' Prompt. (cmd.exe). To make things easier, type 'CD\' to go back to the Root Directory, and
then type 'CD foldernamepath' to go to where you stored the Image & Compressed file you want to use. Now the fun part...
type   copy /b myphotoname.jpg + myarchivefile.rar modphotoname.jpg   and hit Enter.
(The '/b' option specifies that it is or could be a Binary file).
A new 'image' file is created, which contains the hidden embedded .rar file!  Below, is one I've created...



Download/Copy this image to your computer. Now either Right-Click on it within Windows File Explorer, and select 'Open-With',
and select the temp option as being 'WinRar.exe', or 1st run WinRar, and then 'Open', but change to 'All Files', and select this
photo, and you will see that there is a 'hidden file' within, called 'Jokes.txt'. Which you can extract, like usual!!   :)

I thought I would also mention about photographic 'EXIF' information within most image files !!!...  :P
Virtually all digital cameras store MUCH more info than most people realize, within their images! (Exchangeable Image File format).
This is also specially embedded within most images, and is helpful, but often says more than you may want to make public!!
Virtually all decent Software can access and show this information. Even 'Windows' itself, can, by Right-Clicking on such a .JPG
and selecting 'Properties', and then the 'Details' Tab, and scrolling down. You would be surprised what some 'Camera' systems
can show/reveal about such photos! To edit/delete such info, usually requires special, and usually 'free' software.

Many other specialized Graphics Software packages, like 'Photo-Reactor' etc, also utilize this Image Data Embedding ability, to
store all their Data/Flows within, so that the information is usable/reclaimable to apply to OTHER photos etc...
The point being, that an 'Image' may NOT be what it seems!!  Have fun!  :D
Diagonal of 1x1 square = Root-2. Ok.
Diagonal of 1x1x1 cube = Root-3 !!!  Beautiful !!
 
The following users thanked this post: SilverSolder

Offline GlennSpriggTopic starter

  • Super Contributor
  • ***
  • Posts: 1259
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Re: Interesting info about .jpg files!!
« Reply #1 on: November 27, 2020, 01:40:19 pm »
Hmmm!!!...
I just tried downloading the above pic myself, and it didn't work!!!
This forum or 'imgur' must have changed the file...
Create one yourself though, and you will see !!   :D
« Last Edit: November 27, 2020, 01:42:19 pm by GlennSprigg »
Diagonal of 1x1 square = Root-2. Ok.
Diagonal of 1x1x1 cube = Root-3 !!!  Beautiful !!
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Interesting info about .jpg files!!
« Reply #2 on: November 27, 2020, 04:32:56 pm »

This is a good topic @GlennSprigg.

Many people are unaware of the amount of possibly sensitive data in the JPEG tags that they are leaking out when, for example, they upload pictures to Facebook or send via email etc. - many cameras include the GPS coordinates where the picture was taken, for example!
 
The following users thanked this post: GlennSprigg

Online madires

  • Super Contributor
  • ***
  • Posts: 8126
  • Country: de
  • A qualified hobbyist ;)
Re: Interesting info about .jpg files!!
« Reply #3 on: November 27, 2020, 04:55:09 pm »
There's much more data you can extract from publicly available files, like office docs or PDFs. One tool for doing that is FOCA (https://github.com/ElevenPaths/FOCA).
 
The following users thanked this post: GlennSprigg

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11706
  • Country: my
  • reassessing directives...
Re: Interesting info about .jpg files!!
« Reply #4 on: November 27, 2020, 05:56:50 pm »
there is one scene Rat communicated with Josh this way in The Core, i cant find it in youtube. could be the real Al-Qaeda way of sending messages... but not with RAR i guess, that could be a bad hack.. https://intelligence-security.rs/assets/img/Steganografija.pdf


« Last Edit: November 27, 2020, 06:00:19 pm by Mechatrommer »
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 
The following users thanked this post: GlennSprigg

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1334
  • Country: pl
Re: Interesting info about .jpg files!!
« Reply #5 on: November 27, 2020, 06:15:30 pm »
This applies not only to JPEG (or, more specifically, JFIF and EXIF), but to many binary formats. Usually binary data contains a header that indicates in some way the range of actual data. Most of software is buggy and ignores everything else instead of at least producing a warning or rejecting the file altogether. Therefore not only JPEG images may contain additional data: you may try appending it to many other formats.

Why WinRAR accepts that file is a greater puzzle. My suspicion is that it’s due to its self-extracting archive feature.(1) WinRAR would not run the executable, but instead detect presence of the archive bundled in it. Appending unrelated data after a proper PE file was common back in the day. It’s possible that this is how the archive is detected.

Be aware of few things, though:
  • Not being advertised is not the same as being hidden. Steganogaphy hides data in a way that leaves no obvious traces. Detecting it requires pre-existing suspicion to run the right tests. And even them may be inconclusive, in which case it bears the feature of plausible deniability.
  • This is against format specifications. While it may work with many tools, it may produce warnings or errors in other.
  • Files like that may be blocked by anti-spam/anti-virus filters if e.g. sent through email or hosted on the web. And that’s a reasonable procedure.

____
(1) Yes, a long time someone had that “bright” idea and people were actually using that.
People imagine AI as T1000. What we got so far is glorified T9.
 
The following users thanked this post: GlennSprigg

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18017
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Interesting info about .jpg files!!
« Reply #6 on: November 27, 2020, 07:12:50 pm »

This is a good topic @GlennSprigg.

Many people are unaware of the amount of possibly sensitive data in the JPEG tags that they are leaking out when, for example, they upload pictures to Facebook or send via email etc. - many cameras include the GPS coordinates where the picture was taken, for example!


I believe facebook may strip that out.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11706
  • Country: my
  • reassessing directives...
Re: Interesting info about .jpg files!!
« Reply #7 on: November 27, 2020, 07:19:58 pm »
conversion jpg -> bmp -> jpg will destroy everything other than color informations. well what can you do? people like to selfie than get educated, they get what they not paid for..
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline andersm

  • Super Contributor
  • ***
  • Posts: 1198
  • Country: fi
Re: Interesting info about .jpg files!!
« Reply #8 on: November 27, 2020, 07:34:57 pm »
You used to see this sometimes on image boards back in the day. When you saw small images posted that still were several megabytes in size, you knew there was a RAR appended.

And as long as the topic is RAR and file format weirdness, I can't resist to bring up that RAR files used to be able to contain bytecode for a virtual machine.

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Interesting info about .jpg files!!
« Reply #9 on: November 27, 2020, 07:57:29 pm »

This is a good topic @GlennSprigg.

Many people are unaware of the amount of possibly sensitive data in the JPEG tags that they are leaking out when, for example, they upload pictures to Facebook or send via email etc. - many cameras include the GPS coordinates where the picture was taken, for example!


I believe facebook may strip that out.

...after storing it for their own purposes!  :D
 
The following users thanked this post: Ed.Kloonk, newbrain

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1334
  • Country: pl
Re: Interesting info about .jpg files!!
« Reply #10 on: November 27, 2020, 08:22:13 pm »
conversion jpg -> bmp -> jpg will destroy everything other than color information. well what can you do?
JPEG → BMP → JPEG conversion will destroy much more than the “hidden” data. The second step includes dropping some of the image information. That ranges from losses from sharing CbCr channels between pixels to removing some frequencies, possibly made worse by poor implementation that does lossy conversion between the spatial and the frequency domains. That’s not something that must happen, but very often will. Xkcd 1683 makes fun of. In this case one would destroy even proper steganographic data.

Non-standard data will be lost in an even simpler scenario. Many tools, that work on such files, will simply not copy it to the modified version.
« Last Edit: November 27, 2020, 08:24:21 pm by golden_labels »
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline dave j

  • Regular Contributor
  • *
  • Posts: 137
  • Country: gb
Re: Interesting info about .jpg files!!
« Reply #11 on: November 27, 2020, 08:37:26 pm »
You can do something similar with any file type using extended attributes and alternate data streams.
I'm not David L Jones. Apparently I actually do have to point this out.
 

Offline Gyro

  • Super Contributor
  • ***
  • Posts: 9911
  • Country: gb
Re: Interesting info about .jpg files!!
« Reply #12 on: November 27, 2020, 08:40:54 pm »
Grainy pictures? Your payload is too high!  :)
Best Regards, Chris
 
The following users thanked this post: SilverSolder

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11706
  • Country: my
  • reassessing directives...
Re: Interesting info about .jpg files!!
« Reply #13 on: November 27, 2020, 08:43:20 pm »
includes dropping some of the image information. That ranges from losses from sharing CbCr channels between pixels to removing some frequencies, possibly made worse by poor implementation that does lossy conversion between the spatial and the frequency domains. That’s not something that must happen, but very often will.
that must not happen when you want to print building size or 64 bits deep art. jpg may not even be the appropriate format in the first place. but what do you care about countless and worthless 20Mpixels selfies in fartbook? if its up to me i will recompress them to 10% quality jpg for space saving or just delete them entirely from memory.
« Last Edit: November 27, 2020, 08:45:18 pm by Mechatrommer »
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1334
  • Country: pl
Re: Interesting info about .jpg files!!
« Reply #14 on: November 27, 2020, 10:58:11 pm »
that must not happen when you want to print building size or 64 bits deep art. jpg may not even be the appropriate format in the first place. but what do you care about countless and worthless 20Mpixels selfies in fartbook? if its up to me i will recompress them to 10% quality jpg for space saving or just delete them entirely from memory.
Without a doubt you are right. In the general case. That was a reply to a message about losing steganographic data; posted in a thread about hiding data.
People imagine AI as T1000. What we got so far is glorified T9.
 
The following users thanked this post: gorge441

Offline gorge441

  • Contributor
  • !
  • Posts: 33
  • Country: de
Re: Interesting info about .jpg files!!
« Reply #15 on: November 28, 2020, 12:21:43 pm »
 ::) ??? Interesting!!!
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Interesting info about .jpg files!!
« Reply #16 on: November 28, 2020, 01:31:20 pm »

This whole thread reminds me of an episode a while back, where it was found that Windows WMF images could contain arbitrary code...  and security researchers at the time felt it could only have been intentional!   https://www.grc.com/wmf/wmf.htm

 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1334
  • Country: pl
Re: Interesting info about .jpg files!!
« Reply #17 on: November 28, 2020, 09:11:03 pm »
If anyone is interested in the topic in a wider context, google for “polyglot files”, “polyglot” in computing and the related terms. That should also shine some light on the security implications of the approach.
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline Syntax Error

  • Frequent Contributor
  • **
  • Posts: 584
  • Country: gb
Re: Interesting info about .jpg files!!
« Reply #18 on: November 28, 2020, 09:47:01 pm »
This whole thread reminds me of an episode a while back, where it was found that Windows WMF images could contain arbitrary code...  and security researchers at the time felt it could only have been intentional!
In tech support, we closed out the ability for our computers to run any WMF (aka WTF) files, at the registry level. We reasoned some 80% of network sourced malware infections in the 2K's were down to this 'by-design' exploit. Internet radio stations were notorious for streaming WMF files with 'executable' payloads.

As for Jpeg, remarkable to think that the Jpeg algorithm is a fourier transform function that compresses and decompresses on most computers in near real time. And let us not forget motion jpeg M-JPEG. Not to be confussed with MPEG.
« Last Edit: November 28, 2020, 09:48:42 pm by Syntax Error »
 
The following users thanked this post: SilverSolder

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9201
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Interesting info about .jpg files!!
« Reply #19 on: November 30, 2020, 12:28:25 am »
Rather than remove the EXIF data, what about replace it with fake but plausible data so whoever tries to collect information from it gets junk?
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 
The following users thanked this post: SilverSolder

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1334
  • Country: pl
Re: Interesting info about .jpg files!!
« Reply #20 on: November 30, 2020, 12:59:35 pm »
Why would you do that to anyone? If you don’t want to publish some data, simply don’t publish it. What’s the point of spreading invalid information?
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Interesting info about .jpg files!!
« Reply #21 on: November 30, 2020, 01:11:29 pm »
Why would you do that to anyone? If you don’t want to publish some data, simply don’t publish it. What’s the point of spreading invalid information?

If people choose to spy on you for fun and profit, why make life easier for them than it has to be?
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 5023
  • Country: si
Re: Interesting info about .jpg files!!
« Reply #22 on: November 30, 2020, 01:49:29 pm »
This will work with most other file formats too.

The reason for that is twofold. Most file types out there can be appended past the end of the file with random junk and not care. Its the easiest for a computer to read a file from beginning to end, so most formats read in that order. So its common for file formats to have a small header area that describes what the file is and provides detailed information about what exact format variation is used. For example BMP files contain some fixed fields to identify it as a bitmap followed by the resolution, color depth, compression scheme... So the application just reads the header and then reads enough information to describe the image. If there is too little information then the file is probably incomplete (some apps might refuse to open it, while others might open just part of the image that is there) while they typically just stop reading once it has enough, so who cares if there is extra data there. There are also files that inherently read from start to end like mp3 or mp4, so even if the last half of a mp4 video is corrupt the first half plays back just fine. There are things that make use of it such as ID3 tags in MP3 files that pack extra information and even album art pictures onto the end of a mp3 file.

The other half of the reason why this works is that most file compression software is designed to start reading a file at the start and continue reading until it notices something that looks like a zip,rar,tar, 7z etc.. format. So appending an compressed archive to any type of file works (As long as the original file contents don't confuse it, such as appending an archive file to another archive file). The reason for this is yes self extracting archives. So why don't they just put a marker into a self extracting file to tell it where in the file the archive is? Well one reason is that WinRAR wants to be able to open WinZIP self extracting archives and vice versa, but the other reason is that the self exacting archive needs to look like a EXE to Windows. These self extracting archives use the same trick as sticking a ZIP into a JPEG. Its just simply stuck to the end of an EXE file, so when windows reads it it gets a valid EXE header and continues reading the file to load the program into memory, but ignoring the rest since it doesn't know what to do with it. So as far as WinRAR is concerned your weird ZIP inside JPEG is just a weird self extracting archive, maybe its a Apple OSx self extracting archive? Maybe a Linux one? Maybe its an executable for an new OS from the year 2057? Who cares, there is a ZIP file inside and i know how to read those buggers.

As far as hiding your files this way, it is not very effective. Any filesystem forensic software will pick these right up and flag them as suspicious file content. If you really wanted to hide data then you would write a piece of software that encodes data into video noise of a huge video file. Video files are the largest lossy compressed piles of data commonly in use by the public. So it is not a suspicious file while giving you plenty of space to encode information by slightly altering the lossy compressed data. Since the video encoder already slightly alters the data to make it more compressible (this is why it is lossy compression) means that it is near impossible to tell if there is data hidden inside.
« Last Edit: November 30, 2020, 01:51:58 pm by Berni »
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1334
  • Country: pl
Re: Interesting info about .jpg files!!
« Reply #23 on: November 30, 2020, 07:13:51 pm »
If people choose to spy on you for fun and profit, why make life easier for them than it has to be?
Why are you assuming that a person reading EXIF metadata is spying on you? In the context of this thread such motivation may be assumed. But if one is following NiHaoMike’s advice, that assumption will be invalid: everyone will be the recipient of such photos, not just the selected subset of people spying on you.
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Interesting info about .jpg files!!
« Reply #24 on: November 30, 2020, 07:35:53 pm »
If people choose to spy on you for fun and profit, why make life easier for them than it has to be?
Why are you assuming that a person reading EXIF metadata is spying on you? In the context of this thread such motivation may be assumed. But if one is following NiHaoMike’s advice, that assumption will be invalid: everyone will be the recipient of such photos, not just the selected subset of people spying on you.

There's no reason to send disinformation to people that you don't mind sharing information with, obviously?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf