Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1316435626.60243.YahooMailNeo@web120711.mail.ne1.yahoo.com>
Date: Mon, 19 Sep 2011 05:33:46 -0700 (PDT)
From: firstname lastname <psykosonik_frequenz@...oo.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Steganography Passphrase Cracking

Yes, it does give a Failure Keyword when we enter the wrong passphrase. Below is the output when I enter the wrong password:

**************************************************************************************

Steganography\MP3Stego>Decode.exe -X sample.mp3
MP3StegoEncoder 1.1.17
See README file for copyright info
Input file = 'sample.mp3'  output file = 'sample.mp3.pcm'
Will attempt to extract hidden information. Output: sample.mp3.txt
Enter a passphrase:
Confirm your passphrase:
the bit stream file sample.mp3 is a BINARY file
HDR: s=FFF, id=1, l=3, ep=on, br=9, sf=0, pd=0, pr=1, m=1, js=2, c=1, o=1, e=0
alg.=MPEG-1, layer=III, tot bitrate=128, sfrq=44.1
mode=j-stereo, sblim=32, jsbd=8, ch=2
[Frame 3832]using bit allocation table alloc_2
[Frame 3833]js_bound bad layer/modext (4/2)
**************************************************************************************

js_bound bad layer/modext is the keyword which tells us that we entered a wrong passphrase. However, it does generate an output file, "sample.mp3.pcm" even though we enter a wrong password.

Regards,
NeonFlash




----- Original Message -----
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Cc: 
Sent: Monday, September 19, 2011 1:28 PM
Subject: Re: [john-users] Steganography Passphrase Cracking

On 2011-09-19 09:01, firstname lastname wrote:
...
> For instance, MP3Stego tool by Fabien Petitcolas can be used to hide
> text files inside an MP3 file. You can protect your hidden data using
> a passphrase.
>
> While decoding, we need to supply the passphrase to extract the
> hidden data from the mp3:
>
> decode.exe -X -P<pass>  sample.mp3
>
> I did some research on how to extract the hash from this mp3 file and
> didn't make much progress. It uses 3DES to encrypt the hidden data
> and SHA-1 to generate pseudo random bits.

What happens if you supply the wrong password to decode.exe? Does it 
recognise it was wrong, or does it extract garbage data? If it's the 
latter, we may have no way to detect a correct guess unless there's 
known plaintext (eg. file magic) in the hidden data.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.