[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak steganography



Eric Hollander writes:
>Another problem is that encrypted files look different from executable
>files.  Encrypted files have a uniform histogram (that is, all 256 different
>possible byte values are equally frequent), but exe files do not.  The
>appending of an encrypted file to an executable file will be very obvious.

So write an encryption routine that wastes bandwidth but outputs executable
code.  You could even encapsulate it within procedures which randomly call
one another, to make it look more like real code.  (Your encrypted data would
be limited to shuffling data between registers and operations within registers,
e.g.:

  mov ax, bx
  add ax, cx
  mov bx, dx
  or  ax, bx

It's not a crime to write bad assembler code... yet.

A nice piece of misdirection would be a homebrew compiler for some
really bizarre language.  A compiler which produces output remarkably
like the output of your encryption program.

If someone asks why you are only using a small subset of the instruction
set, you shrug and claim that optimized code generation is on your "to-do"
list.

Bear Giles