[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Applied Steganography



Here is an interesting application of steganography from Eric 
Isaacson's A86 assembler. This method would be low-bandwidth but
hard to detect.

6. A86 takes advantage of situations in which more than one set
   of opcodes can be generated for the same instruction.  (For
   example, MOV AX,BX can be generated using either an 89 or 8B
   opcode, by reversing fields in the following ModRM byte.  Both
   forms are absolutely identical in functionality and execution
   speed.)  A86 adopts an unusual mix of choices in such
   situations.  This creates a code-generation "footprint" that
   occupies no space in your program file, but will enable me to
   tell, and to demonstrate in a court of law, if a non-trivial
   object file has been produced by A86. The specification for
   this "footprint" is sufficiently obscure and complicated that
   it would be impossible to duplicate by accident.  I claim
   exclusive rights to the particular "footprint" I have chosen,
   and prohibit anyone from duplicating it.  This has at least
   two specific implications:

   a. Any assembler that duplicates the "footprint" is mine.  If
      it is not identified as mine and issued under these terms,
      then those who sell or distribute the assembler will be
      subject to prosecution.

   b. Any program marked with the "footprint" has been produced
      by my assembler.  It is subject to condition 5 above.