Return to the
comp.compilers page.
Search the
comp.compilers archives again.
| Related articles |
|---|
| Hydan: Information Hiding in Program Binaries (fwd) bear@bolt.sonic.net (bear) (2004-08-15) |
| From: | bear <bear@bolt.sonic.net> |
| Newsgroups: | comp.compilers |
| Date: | 15 Aug 2004 22:15:19 -0400 |
| Organization: | Compilers Central |
| Keywords: | tools, assembler |
| Posted-Date: | 15 Aug 2004 22:15:19 EDT |
<http://crazyboy.com/hydan/>
Hydan [hI-dn]:
Old english, to hide or conceal.
Intro:
Hydan steganographically conceals a message into an
application. It exploits redundancy in the i386 instruction
set by defining sets of functionally equivalent instructions.
It then encodes information in machine code by using the
appropriate instructions from each set.
Features:
- Application filesize remains unchanged
- Message is blowfish encrypted with a user-supplied
passphrase before being embedded
- Encoding rate: 1/110
Primary uses for Hydan:
- Covert Communication: embedding data into binaries
creates a covert channel that can be used to
exchange secret messages.
- Signing: a program's cryptographic signature can
be embedded into itself. The recipient of the
binary can then verify that it has not been
tampered with (virus or trojan), and is really
from who it claims to be from. This check can be
built into the OS for user transparency.
- Watermarking: a watermark can be embedded to
uniquely identify binaries for copyright purposes,
or as part of a DRM scheme. Note: this usage is not
recommended as Hydan implements fragile watermarks.
If you think of anything else, do let me know :)
Platforms Supported:
- {Net, Free}BSD i386 ELF
- Linux i386 ELF
- Windows XP PE/COFF
Download:
Version 0.13
News:
Update: I've finally updated the hydan code, after a long time off.
The encoding rate has been improved to 1/110 (thanks to a tip from
sandeep!), and the code is now much cleaner too. In the mean time,
hydan has been presented at:
CansecWest 04
BlackHat Vegas 04
DefCon 04
A paper is to be published soon as well:
Hydan: Hiding Information in Program Binaries
Rakan El-Khalil and Angelos D. Keromytis.
Which is to appear in the proceedings of the 6th International
Conference on Information and Communications Security (ICICS),
Malaga, Spain. To be published in Springer Verlag's LNCS.
Hydan was initially presented at CodeCon on 02/23/2003.
The following is a list of articles online from that presentation:
- The Register: Hydan Seek
(same article at BusinessWeek, and SecurityFocus)
- Slashdot: Program Hides Secret Messages in Executables
(could it be? crazyboy survived slashdotting?)
- Punto-Informatico: Un tool cela segreti nei programmi
(intl coverage! been getting a lot of hits from them)
- Bruce Schneier's Crypto-Gram: March 15, 2003 Issue
(and not in the snake-oil section either ;)
Like my Work?
Buy me books!
Contact:
Rakan El-Khalil <rfe3 at columbia dot edu>
Return to the
comp.compilers page.
Search the
comp.compilers archives again.