Quote:
Program Hides Secret Messages in Executables
Kevin Poulsen
Netizens with extreme privacy needs got a new tool for their cyber utility belts recently with the release of an application that lets users hide secret messages in virtually any executable computer program, without changing the program's size or affecting its operation. The tool is called "Hydan," an old English word for the act of hiding something, and it's part of a research project by Columbia University computer science masters student Rakan El-Khalil, who showed off the program to a small group of open-source programmers and hackers gathered at the second annual CodeCon conference in San Francisco on Sunday. Hydan is a novel development in the field of steganography -- the science of burying secret messages in seemingly innocuous content. Popular stego programs operate on image and music files, where a secret missive can be hidden without altering the content enough to be perceived by human senses. But because they contain instructions for a computer's processor, executable files are less forgiving of tampering. Improperly changing a single bit of executable code can render an application completely unusable. El-Khalil's research focused on redundancies in the Intel x86 instruction set -- places where at least two different instructions are effectively the same. Each choice between two redundant options can represent a single bit of data. "The problem with program binaries is there is just not a lot of redundancy in them," said El-Khalil.
He found some of that useful redundancy in the instructions that tell the computer to add or subtract.
Future versions of Hydan will boost that capacity by finding different places to code data, such as in the order of a program's functions, and the order in which arguments are passed to those functions. For now, the application is still powerful enough to secretly stash the United States Constitution and the Declaration of Independence in a single copy of Microsoft Word.
Beyond the covert uses, the technology could be used to attach a digital signature to an application, or to embed an executable with a virtual watermark.
http://securityfocus.com/news/2623
You can aquire the code here: http://www.crazyboy.com/hydan/
|
i reckon thats a bit scary..
ppl messing with rar or zip .exe's
or
microsoft using it in every file that runs on your system