S-Tools For Windows

Version 3.00 for Windows 3.1
(c) 1995 Andy Brown

Version 4.00 for Windows 95
(c) 1996 Andy Brown

The full-size version of this .GIF file contains a secret .JPG picture. The file was hidden with S-Tools using the password S-TOOLS. No one can see the hidden picture unless they have S-Tools and know the password. Click the picture to get the full size (187K) file.

What is steganography? (What is S-Tools?)
The WAV module
The BMP and GIF module
The FDD module
Shareware
A few final words from Andy
How to get S-Tools

Send email to Andy Brown, the writer of S-Tools
Send email to Modemac
First Online Church of "Bob" Home Page


What is steganography?

Steganography is the ancient art of hiding sensitive information amongst inconspicuous information. Many years ago people used to use illustrations to conceal messages. The idea being that one party could send the illustration to the other in reasonable confidence that if the messenger was questioned then the illustration would not arouse any interest from his enemies.

Since the advent of computers there has been a vast dissemination of information, some of which needs to be kept private, some of which does not. S-Tools (Steganography Tools) brings you the capability of `hiding' files within Windows sound files (.WAV), bitmap (.BMP) and CompuServe GIF files. For BMP's and GIF's you can choose whether you want the graphic image to look identical after a file has been hidden inside, or whether you can put up with some degradation of definition in order to gain other advantages. Files hidden inside WAV's will not sound any different to the human ear than the original file. The modified sound file will not increase or decrease in size.

Users of S-Tools can opt to encrypt their information using the strongest state-of-the-art encryption algorithms currently known (and some others) so that even an enemy equipped with a copy of S-Tools cannot be sure that a file is hidden in a graphic unless he has your secret passphrase.

You could use S-Tools to conceal private or confidential information that you don't want to fall into the wrong hands. You could use it to send information to another individual via a broadcast network such as Usenet. By agreeing on a passphrase you can keep the information out of unauthorised hands. Alternatively you could use S-Tools to verify your copyright of an image or sound, by storing an encrypted copyright statement in it and extracting it in the event of a dispute.

In short, S-Tools allows you to place private information in an inconspicuous 'envelope' that will not arouse suspicion.

The WAV module

Sound samples are, by their very nature, inaccurate estimates of the correct value of the sound wave at a particular moment in time. The sound samples in Windows WAV files are stored as either 8 or 16 bit values that eventually get passed to the DA convertor in your sound board. For 8 bit samples this means that the values can range between 0 and 255. 16 bit samples range between 0 and 65535.

All S-Tools does is to `spread' the bit-pattern that corresponds to the file that you want to hide across the least significant bits of the sound sample.

For example, suppose that a sound sample had the following eight bytes of information in it somewhere:

132      134      137       141      121      101      74       38

In binary, this is:

10000100 10000110 10001001 10001101 01111001 01100101 01001010 00100110
       |        |        |        |        |        |        |        |
LSB's -+--------+--------+--------+--------+--------+--------+--------+

Suppose that we want to hide the binary byte 11010101 (213) inside this sequence. We simply replace the LSB (Least Significant bit) of each sample byte with the corresponding bit from the byte we are trying to hide. So the above sequence will change to:

133      135      136       141      120      101      74       39

In binary, this is:

10000101 10000111 10001000 10001101 01111000 01100101 01001010 00100111
       |        |        |        |        |        |        |        |
LSB's -+--------+--------+--------+--------+--------+--------+--------+

As you can clearly see, the values of the sound samples have changed by, at most, one value either way. This will be inaudible to the human ear, yet we have concealed 8 bits of information within the sample. This is how S-Tools does its job. Actually, S-Tools prepends some extra information on to the front of the raw file data. 32 bits of time-dependent random garbage is prepended first. This apparently meaningless step means that two identical hidden files that are encrypted in CBC, or PCBC mode will never encipher to the same ciphertext. Secondly, the 32 bit length of the hidden file is included. This is required for S-Tools to be able to extract the hidden file. Encryption will conceal this value.

In order to further conceal the presence of a file, S-Tools picks its bits from the sample based on the output of a random number generator. This is designed to defeat an attacker who might apply a statistical randomness test to the lower bits of the sample to determine whether encrypted data is hidden there (well-encrypted data shows up as pure white noise). The random number generator used by S-Tools is based on the output of the MD5 message digest algorithm, and is not easily (if at all) defeatable.

The BMP and GIF module

All computer based pictures are composed of an array of dots, called pixels, that make up a very fine grid. Each one of these pixels has its own colour, represented internally as separate quantities of red, green and blue. Within Windows, each of these colour levels may range between 0 (none of the colour) and 255 (a full amount of the colour). A pixel with an RGB value of 0 0 0 is black, and one with a value of 255 255 255 is white.

S-Tools works by `spreading' the bit-pattern of the file that you want to hide across the least-significant bits (LSB's) of the colour levels in the image.

For a 24 bit image this is simple because 24 bit images are stored internally as RGB triples, and all we need to do is spread our bits and save out the new file. The drawback to this is that 24 bit images are uncommon, and would therefore attract the attention of those whose attention you are trying to avoid attracting ! They are also very large as they contain 3 bytes for every pixel (for a 640x480 image this is 640x480x3=921600 bytes).

It is considerably more difficult to hide anything within a 256 colour image. This is because the image may already have over 200 colours which our meddling will carry to way over the absolute maximum of 256.

Looking at a little theory it is easy to see that an image with 32 or less colours will never exceed 256 colours, no matter how much we meddle with it. To see this, visualise the 3 LSB's of an RGB triple as a 3-bit number. As we pass through it in our hiding process we can change it to any one of 8 possible values, the binary digits from 000 to 111, one of which is the original pattern. If one colour can `expand' to up to 8 colours, how many distinct colours can we have before we are in danger of exceeding the limit of 256 ? Simple, 256/8=32 colours. There is no guarantee that 32 colours is our upper limit for every file that you want to hide though. If you're lucky the file will not change a colour to all of its 8 possible combinations and then we are able to keep one more of the original colours. In practice, however, you will often find pictures being reduced to the minimum of 32 colours.

S-Tools tries to reduce the number of image colours in a manner that preserves as much of the image detail as possible. It usually makes a very good job too, I can often not tell the difference between a 256 colour scanned image and one reduced to 32. The caveat is speed. Highly accurate colour quantization takes time -- Anybody wanna give me a DEC Alpha ? No ? Didn't think so.

S-Tools prepends some extra information on to the front of the raw file data before hiding. 32 bits of time-dependent random garbage is prepended first. This apparently meaningless step means that two identical hidden files that are encrypted in CBC or PCBC mode will never encipher to the same ciphertext. Secondly, the 32 bit length of the hidden file is included. This is required for S-Tools to be able to extract the hidden file. Encryption will conceal this value.

In order to further conceal the presence of a file, S-Tools picks its bits from the image based on the output of a random number generator. This is designed to defeat an attacker who might apply a statistical randomness test to the lower bits of the image to determine whether encrypted data is hidden there (well-encrypted data shows up as pure white noise). The random number generator used by S-Tools is based on the output of the MD5 message digest algorithm, and is not easily (if at all) defeatable.

The FDD module

S-Tools allows you to hide files in the unused space on floppy disks. But what exactly do we mean by "unused space". Let's take a little look at the way that DOS organises the files on a disk.

Every floppy disk, when formatted, is divided into what are called sectors. Each sector on a disk can hold (usually) 512 bytes of information. So, on a 1.44Mb disk there are 1440 x 1024 / 512 = 2880 sectors. When you write a file on to disk, DOS computes how many sectors it will need to hold the file and writes this information into a special area at the start of the disk known as the file allocation table (FAT).

S-Tools FDD module works by looking at the FAT to decide which disk sectors have not been used by DOS, and allowing you to hide information in them. S-Tools does not hide information in consecutive sectors on disk, as this would be too easy. Instead it uses a cryptographically strong random number generator to choose which of the free sectors it should use. To further add to the security it also allows you to fill all other unused sectors on the disk with random rubbish to confuse an attacker even more.

Shareware

S-Tools is shareware. That means that if you find it useful and would like to continue to use it after a reasonable trial period, which I consider to be about one calendar month, then you should register your copy of the program with Andy Brown. For your registration fee you will receive a printed manual, a personalised copy of the program, and a copy of the `C' source code.

A few final words from Andy

Please do take the time to read the help files, there are some useful hints amongst the rather dry command descriptions that you may benefit from. If you decide to encrypt your files then don't feel safe just because the algorithm used is immune to attack. An enemy will attack the weakest link in the chain; and that is you. Use "good" passphrases that don't appear in any books or literature. A nonsense phrase that's a combination of two or more meaningful phrases is one such possibility. Oh yeah, don't go leaving the file that you've just hidden sitting around on your hard disk. Use a utility that erases it *properly* (ie. overwrites the actual information multiple times) to get rid of it.

I am also contactable via e-mail at a.brown@nexor.co.uk. I encourage and prefer PGP encrypted mail, and you can get my public keys by fingering asb@vulcan.nexor.co.uk. If you're wondering why the host name must be specified as well as the domain, it's because the gateway host at NEXOR resolves finger queries through the X.500 directory rather than the individual user's .plan file. So now you know.

I generally answer e-mail queries on the same day that I receive them, but since I am at work I can only answer personal mail during my lunch hour and after the working day is over.

This cypherpunk lives in Nottingham, England. Maybe I'll see you there.

Have fun,

Andy

+---------------------------+----------------------------------------------+
| Andy   | PGP key fingerprint: EC 80 9C 96 54 63 CC 97 |
|    finger for PGP key     |                    : FF 7D C5 69 0B 55 23 63 |
+---------------------------+----------------------------------------------+

How to get S-Tools

  • Steganography Info and Archive

    This link will take you to the Stegonography Archive, which contains several useful encryption tools for DOS and Microsoft Windows. S-Tools for Windows is one of the files that can be obtained here both for Windows 3.1 and Windows 95.