English
资源说明:A multi-file multimedia-based steganographic system that integrates with FUSE.
Polysteg is a steganographic file system that uses multiple multimedia files for storage. Requirements: Tcl 8.5 or later (http://tcl.tk/) Itcl 3.4 or later Tcl FUSE bindings (http://sourceforge.net/projects/tcl-fuse/) Tcllib (http://tcllib.sourceforge.net/) FUSE kernel interface INTRODUCTION Steganography is the art of concealing data such that discovery of its existence is made extremely difficult or impossible. Most digital steganographic systems take one of two forms: o hide one file in another (eg, steghide) o use a randomised area of raw disk (StegFS) The former has limited use, while the latter is error prone and suspicious in and of itself, since most people do not have large, "unused" portions of disk space outside of partitions (or rather, partitions with no file- system). Polysteg is different in that it allows hiding a proper filesystem in multiple multimedia files. In order to open a Polysteg system, the following must be provided: o the files the system is hidden within, with their original filenames o the name of the first file in the system o the master password of the system o any options that affect the order, distribution, or number of bits If any of these are lost, or any files modified close enough to the beginning or in such a way as to affect the system's bits, the entire system is irrecoverably lost. This is by design: Steganography is generally used in cases where discovery of data is worse than that data's destruction. CREATING a POLYSTEG SYSTEM First, you will need some multimedia files. See SUPPORTED FILE TYPES for a list of what Polysteg supports, and the data density you will get out of it. You will want to pick and name files such that the collection will not be suspicious; what exactly this means depends on the nature of the files and what would be considered "normal" for someone like you. You must also make sure that the originals of the files cannot be obtained; if they can be, a binary comparison will easily expose the presense of steganography. Place all the files under one directory (or subdirectories thereof), and choose one of them as the "root" file. Remember the name of the root file, relative to the root directory. For example, if the root directory is /the/path, and your root file is /the/path/to/file.mp3, then you provide the root file name as "to/file.mp3". It is highly recommended to place the Polysteg system on a physical filesystem that always writes file data back to the same location --- good examples are FAT16/FAT32. A horrible example is NilFS. If writes do not go back to the same disk location every time, forensics may be able to tell that the file has been written to many times, increasing suspicion. If this is a serious use of steganography, make sure you are not using a shell that saves your history; on Debian/Ubuntu, try "dash". Note that system size is severely limited by how much RAM you have available; the basic rule of thumb is that each 1GB of RAM will allow you to use 250kB of storage space (of course, on a 32-bit system, you are limited to effectively 4GB of RAM for the Tcl process). You may want to tinker with the stride options to reduce data density as necessary. To initialise your polysteg system, run ./polysteg.tcl -d-r -format For example, ./polysteg.tcl -d /the/path -r to/file.mp3 -format -mp3stride 13 Make sure the password you enter is secure. If you make a mistake, copy the old files over the new system so that effective bit usage is not raised by a second initialisation. At this point, you may freely add more files to the collection --- they will be silently ignored by Polysteg. Adding files reduces detection probability, since fewer of the files will be modified. MOUNTING YOUR POLYSTEG SYSTEM To mount your Polysteg system, run the same command you used to initialise it, except with the -mount option instead of -format: ./polysteg.tcl -d -r -m For example: ./polysteg.tcl -d /the/path -r to/file.mp3 -mnt /mnt -mp3stride 13 If successful, you will get a filesystem in the given mount point with a single file named "data". This file (which cannot be renamed, deleted, or resized) represents the whole of data available in the Polysteg system. The simplest way to use Polysteg is to tar up some files and write them: tar -c top_secret | gzip -c9f | dd of=/mnt/data conv=notrunc dd with notrunc is necessary since most commands will try to truncate the file on opening, which is not a supported operation. You can get this data back as you would expect: th frame. This evenly reduces the data density in the file, reducing casual detectability of audio and/or side information modification. Wave Type: Microsoft RIFF Waveform Format Extensions: .wav Limitations: o Only supports uncompressed formats o Only supports the single-DATA format o Does not support k-bit files, where k = 2^(3*i)+1 (i is an integer), if -wavehd is used o Does not support 4-bit or lower files Density: Commonly 1/16 to 1/4 Speed: medium to high Casual detection: low to very low Formal detection: low Deniability: very high Notes: o Having .wav files in a collection is suspicious for most people. However, compressing them with FLAC for long-term storage mostly eliminates this suspicion while preserving the data. o The -wavhd causes Polysteg to use two bits per sample point instead of one; it doubles the data density, in exchange for slightly increasing sound distortion. o The -wavstride takes one argument and causes Polysteg to only use every th bit. This reduces data density and evenly reduces sound distortion. Bitmap Type: Microsoft Device-Independent-Bitmap Extensions: .bmp, .dib Limitations: o Only supports 16-, 24-, and 32-bit formats o Only supports uncompressed bitmaps o Only supports Windows 3.1 bitmaps and later; OS/2 formats not supported Density: 3/32 to 6/16 Speed: medium to high Casual detection: low Formal detection: low; possibly high with -bmpalpha Deniability: very high; medium to low with -bmpalpha in most cases Notes: o The bitmap engine modifies the least significant bit(s) of colour components of pixels. o Normally, one bit per colour component is used; if -bmphd is specified, it uses two instead. o Colours that have fewer bits than twice the bit density are ignored. o By default, the alpha channel is not modified, as it is non-noisy in the vast majority of images; this can be changed by using -bmpalpha. o Data density (and therefore colour distortion, evenly) can be reduced by using -bmprstride and -bmpcstride; the former makes Polysteg only use every th row; the latter makes it use only every th column within a row. It is recommended to use both of these in conjunction. o Having uncompressed bitmaps is often in and of itself suspicious. This suspicion can be reduced or eliminated by compressing the images with PNG for long-term storage, which is a more common format which will preserve Polysteg's data. (DON'T USE JPEG!) HOW IT WORKS Usable bits within each file are enumerated, then shuffled by encrypting the data not used by Polysteg with a key; the first key comes from the master password, the rest from the previous file in the chain. The first 640 bits are used to identify the next file in the chain and its scrambling key; they are encrypted with another key based on the master password. At the whole system level, all bits not in the first 640 are enumerated and shuffled using encryption on a stream of zero bytes and a key also derived from the master password. The data in the bits are then encrypted with another password-derived key. All encryption uses AES-CBC, except for the highest level of encryption (system-wide data encryption), which uses AES-ECB. PROGRAM USAGE REFERENCE Usage: ./polysteg.tcl options... -h, -help, --help Display this help message and exit. -v, -verbose Show extra messages. -debug Show debugging messages. -d, -dir arg Specify system root directory, defaults to . -r, -root arg Indicate the first media file to use. -m, -mount arg Specify mount directory. -nourandom Use /dev/random instead of /dev/urandom. -format Create a new system in the root directory. -password arg Specify password on the command line. -noshuffledevbits Don't shuffle bits within devices. -noshuffleallbits Don't shuffle global bits. -o arg Pass options to FUSE. -bmphd Use more bits in Microsoft Device Independent Bitmap files. -bmpalpha Modify alpha in Microsoft Bitmap files (generally a bad idea). -bmprstride arg Only use every th row in Microsoft Bitmap files. -bmpcstride arg Only use every th column in Microsoft Bitmap files. -mp3apadding Enable modification of MP3 padding bytes (only relevent with -mp3audio). -mp3framestride arg Only use every th MP3 frame (defaults to 1). -mp3checkcrcs Verify CRCs of protected MP3 frames. -mp3audio Enable modification of MP3 audio data (default if none specified). -mp3sideinfo Enable modification of MP3 side information. -mp3bits Enable modification of MP3 unused bits. -wavhd Use more bits in Microloft Waveform Audio Files. -wavstride arg Only use every th bit within Microsoft Waveform Audio Files.
本源码包内暂不包含可直接显示的源代码文件,请下载源码包。
