Steganalysis [Question]

That could be a zip file hidden at the end or even encrypted text as you said it. Look for any file headers such as rar or zip, in that case it’s easy, otherwise you will deal with encrypted text (given that the hex is not readable by the editor).
I’m probably not helping much.

Mm, thanks for replying. The header corresponds to the extension, and the file itself is quite ok (it’s an image and it’s a bit corrupted - like some strips are shifted left or right).

Can we see the image?

Unfortunately, not yet. It’s a project I’m trying to solve, and I’ll be able to give details in a couple of days. But thank you very much for your helpful attitude. :) I’ll keep you updated if more ideas come to me.

I’ll help all i can

Hey SFisher, you can put anything inside another file, picture, sound, video, music, spoken message, text file, virus, trojan - whatever you want. If you want to use a HEX Editor on a picture file just open the picture file with your HEX Editor go to the end of the file, insert some space at the end. Put your cursor at the first address of where inserted the space. Now select file and insert file. Select the file you want to insert and then save the modified picture file as whatever you want to call it with the pictures extension. So if you have a data.jpg file you would save the modified jpg file as data2.jpg or whatever name you want to give it. When you preview the jpg file all you will see is the picture. But you know there is something inside it. The only way you might know there is something not right with the jpg file is when you check its properties and see that it is quite a large file foe a picture if you have hidden a mp4 video file in it. Okay? :)

Hi @Trinity, thank you for joining! :)
Also thank you for your insightful reply. Some time ago I investigated some things related to this, one of them was obtaining a shell through an image file, it is a very interesting topic.
I am aware of some of the methods of inclusion / detection (I do know there is something there! :) ) but I’m looking for ways to do extraction of data.
I promise I’ll upload the image for everyone to analyse in a couple of days. I just don’t want to put it there and ask for a “solution” now (you will understand why, later). :)

No not stupid at all SFisher I understand and will keep an eye out for your project. :)

Yes I see that now but at the time it just read as part of his question. :)

That was his signature Trinity :p

Exactly! :)
In about 7 hours I’ll release info. Still trying to make progress…

A bit more of info, it is apparently an ‘heuristic technique for a BMP file’…

[quote=wikipedia]…a heuristic is a technique designed for solving a problem more quickly when classic methods are too slow, or for finding an approximate solution when classic methods fail to find any exact solution..[/quote]
Apparently, you have to find a solution which doesn’t require too much time and is approximate to the exact one. It could be some kind of a mind game or probably a very stupid encryption which you can solve only by experience.

Hm, that sounds about right, @kamzhik. Thank you for sharing!
I have already asked for clearance in order to publish the file here. I’ll let you know.

Hello again. I know it’s been quite a while but finally I got clearance for posting this.
I am not allowed to post the image itself, however I took the hex and divided it in 5 parts:

Part 1 http://pastebin.com/e9CWUntQ
Part 2 http://pastebin.com/EmSf42sX
Part 3 http://pastebin.com/D4YpvzDV
Part 4 http://pastebin.com/m7zDvMuH
Part 5 http://pastebin.com/frZp3yrf

Please, copy the hex and put it in a hex editor (like HxD for example), then save it as *.bmp (for example card.bmp).
The text in Pastebin will expire in 1 month from now. So, if you’re reading this after it expired, just send me a message and we’ll see what we can do.
If you find the solution - great! Just don’t post it here; if you do, only post the first and the last letter (with no * in between), that way others will be encouraged to work on it for themselves.
You have clues in the previous posts.

Enjoy!!