These are chat archives for gwydirsam/DickGrayson

16th
Apr 2015
Sam Gwydir
@gwydirsam
Apr 16 2015 01:08
btw found a command that does base64 encoding
uuencode
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:22
hey sam, what type should my Embedding_agent class take in for the message to embed
Sam Gwydir
@gwydirsam
Apr 16 2015 02:22
string?
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:23
that's what I figured. Okay actually that makes sense
Sam Gwydir
@gwydirsam
Apr 16 2015 02:23
are you doing attack or crypt?
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:23
Since the interface to my application is the command line\
crypt
Sam Gwydir
@gwydirsam
Apr 16 2015 02:23
ah yeah then it's all up to you
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:23
sweet
I'm writing all the stubs before I write the tests
Sam Gwydir
@gwydirsam
Apr 16 2015 02:26
Ah
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:33
So I'm thinking of storing an integer in the image that determines how many lsb was used to embed the message
It doesn't seem very insecure since it doesn't say anything about the message itself
Sam Gwydir
@gwydirsam
Apr 16 2015 02:35
steg is all about not revealing you embedded a message though
if theres no other way it's fine
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:35
You're not revealing anything that you embedded a message
The integer would be embedded before the message
Sam Gwydir
@gwydirsam
Apr 16 2015 02:36
i guess it depends on how you decide to encode the lsb type
yeah it's probably fine
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:38
I think it will be like 0x01 means 1lsb, 0x03 means 2lsb, 0x7 means 3lsb. In general n-lsb is encoded as 2^n-1
Sam Gwydir
@gwydirsam
Apr 16 2015 02:38
sure
maybe you could do prepend the padding then say the lsb type, then the message
so (padding)(lsbtype)(message)EOF
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:42
Sure. But as far as the pixel array goes though it's (lsbtype)(message)(EOF)(padding)
Sam Gwydir
@gwydirsam
Apr 16 2015 02:43
EOF is always going to be at the end
you don't actually put that in
I'm saying put the padding at the start, then you can just read till the end
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:43
The pixel array doesn't necessarily end at the end of the bmp file
Sam Gwydir
@gwydirsam
Apr 16 2015 02:43
ah
but you can calculate the size right
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:44
Yes I can look up the size of the pixel array
Sam Gwydir
@gwydirsam
Apr 16 2015 02:44
because if you pad the beginning you can just read from the lsb type till the end of the pixel array
no need for a end of message code
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:45
I'd rather go C style null termination
Actually I suppose the less space I take up with extraneous info the better
Sam Gwydir
@gwydirsam
Apr 16 2015 02:46
that's an entire byte of info though
right
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:46
Alright
So my plan
Is to look at the first bit of the message and pad with the opposite bit
Well no
If I by padding, then I think I would have to assume at least one bit of padding
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:51
I'm going to go null termination. Then the amount of bits available for storage is pixel_array_size*n_lsb-null_size-n_lsb_encoding
where null_size=8 and n_lsb_encoding=1
Sam Gwydir
@gwydirsam
Apr 16 2015 02:54
sounds good
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:58
hmm I don't know if we are allowed to store any extraneous info in the image
Sam Gwydir
@gwydirsam
Apr 16 2015 02:58
can't see how it's extraneous
Martin Fracker, Jr.
@Towerism
Apr 16 2015 02:59
since I believe the reason we want to be able to extract the message is for munchkin to intercept messages from their competitor
Sam Gwydir
@gwydirsam
Apr 16 2015 02:59
ok
so I guess we intuit the lsb
lsb n
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:00
I think that's up to kyle right
I think daugherity said we just have to extract the entire pixel array but I just don't see how that is helpful tot he user of my app
Sam Gwydir
@gwydirsam
Apr 16 2015 03:01
well you're crypt and decrypt
so when you decrypt you have to be able to figure it out too
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:05
Yea I don't how kyle would determine the lsb.
Sam Gwydir
@gwydirsam
Apr 16 2015 03:06
don't worry about him
you're technically adversaries
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:09
I think what I'll do is that for munchkin, I will make their shit nice via making it easy to embed and extract with my tool. But if they want to extract the message tool, they will have to do raw extract via constructing a message from the whole pixel array
Sam Gwydir
@gwydirsam
Apr 16 2015 03:11
how are you hiding that from anyone else
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:15
Well I will be able to nicely display hidden messages embedded with my steg tool since my steg tool can consistently embed info about the embedded message
But if munchkin thinks that an image has a message not embedded with my tool they would have to do a raw extract
Actually for this assignment I think the spec says to assume munchkin's competitors steal their software
Sam Gwydir
@gwydirsam
Apr 16 2015 03:16
sounds good
oh well tehn
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:16
lol
I'm gonna double check that
Sam Gwydir
@gwydirsam
Apr 16 2015 03:17
I would just do the leg work
and not embed info
it's just a bad idea in general
with this stuff anytime you help yourself you're helping them
basically any way of embedding information for yourself is security by obscurity
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:19
So don't embed anything but the message plus null termination?
Sam Gwydir
@gwydirsam
Apr 16 2015 03:19
If you have to do the terminator go for it
but I stil think the terminator is extraneous
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:19
Padding would be the same thing but worse since there would be several bytes all ending with the same bit
or bits
Sam Gwydir
@gwydirsam
Apr 16 2015 03:20
hmmm
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:21
null termination is a little harder to anticipate since 4 same lsb's in a row is not unnatural
Sam Gwydir
@gwydirsam
Apr 16 2015 03:21
maybe if the message is shorter than the pixel array, just start embedding the message again
and where you get the repeat, just truncate
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:22
that would make steganalysis easier in a way similar to how encrypting a sequence with the public key over and over again until you get the original sequence reveals the modulus
Sam Gwydir
@gwydirsam
Apr 16 2015 03:22
I don't see how they're related
this doesn't reveal the mod
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:24
Maybe I was wrong about what it reveals, but using the public key over and over again is part of some attack I read somewhere
Sam Gwydir
@gwydirsam
Apr 16 2015 03:24
yeah
but that's for different reasons
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:24
But anyways,
That would be assuming that the message doesn't repeat itself in anyway.
Sam Gwydir
@gwydirsam
Apr 16 2015 03:25
the message may well repeat itself, but the ciphertext wont
AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqnNkB420teCH6AbOAoYZPNXrs8cFn14+xREvD8xzBdo44lCj+e05963DSwTnlnPPpQ35oFqLyx7MBvBHtU3QRGJjgi6F5bEehI7CN7RdY2Dl4BTZuia53qdQj7F/RaAmDDBWS5D44GPMH4dA40YPm+pnIG7qR/vOqRMrgp2d20GWeHsObHd3w8I4fm5YCt8jZIIt8fBMiOPySsx+HcP6UXg+eKYIVf1ihp9902l+rfqqGfuMlWGqzKFDX4Q4myKikQTn92JuCIY038UNQmTrJ9UYRxoDSIBx0zdxRCNnyBg7DBSbkh3v5dqkngeDSE1bCBJJHkF2hRZdJRQRazc1
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:26
Ah that may be true but our stego tool is standalone, I guess we will assume that it is only used with cipher texts and that the result any use with uncipher-ed text is undefined
That seems a little bit restrictive
Sam Gwydir
@gwydirsam
Apr 16 2015 03:27
AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqnNkB420teCH6AbOAo
YZPNXrs8cFn14+xREvD8xzBdo44lCj+e05963DSwTnlnPPpQ35
oFqLyx7MBvBHtU3QRGJjgi6F5bEehI7CN7RdY2Dl4BTZuia53q
dQj7F/RaAmDDBWS5D44GPMH4dA40YPm+pnIG7qR/vOqRMrgp2d
20GWeHsObHd3w8I4fm5YCt8jZIIt8fBMiOPySsx+HcP6UXg+eK
YIVf1ihp9902l+rfqqGfuMlWGqzKFDX4Q4myKikQTn92JuCIY0
38UNQmTrJ9UYRxoDSIBx0zdxRCNnyBg7DBSbkh3v5dqkngeDSE
1bCBJJHkF2hRZdJRQRazc1
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:27
and an unnecessary assumption
Sam Gwydir
@gwydirsam
Apr 16 2015 03:27
reformatted example
you could ask them if they want to embed plaintext, then base64 encode
though I just realized in that example it's clearly salted
so maybe it wouldn't work as well as I'd like
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:29
Encoding a plaintext in base64 doesn't ensure that the base64 wouldn't repeat itself
Sam Gwydir
@gwydirsam
Apr 16 2015 03:29
it pretty much does
begin-base64 644 encodedpatch.patch
ZGlmZiAtcnVwTiBsY292LTEuMTEvTWFrZWZpbGUgbGNvdi0xLjExLXBhdGNoL01ha2VmaWxlCi0t
LSBsY292LTEuMTEvTWFrZWZpbGUJMjAxNC0wNS0yMyAwNDowMzo0NS4wMDAwMDAwMDAgLTA1MDAK
KysrIGxjb3YtMS4xMS1wYXRjaC9NYWtlZmlsZQkyMDE1LTA0LTE1IDE5OjQ3OjM1LjAwMDAwMDAw
MCAtMDUwMApAQCAtMTUsOCArMTUsOCBAQCBWRVJTSU9OIDo9IDEuMTEKIFJFTEVBU0UgOj0gMQog
CiBDRkdfRElSIDo9ICQoUFJFRklYKS9ldGMKLUJJTl9ESVIgOj0gJChQUkVGSVgpL3Vzci9iaW4K
LU1BTl9ESVIgOj0gJChQUkVGSVgpL3Vzci9zaGFyZS9tYW4KK0JJTl9ESVIgOj0gJChQUkVGSVgp
L2JpbgorTUFOX0RJUiA6PSAkKFBSRUZJWCkvc2hhcmUvbWFuCiBUTVBfRElSIDo9IC90bXAvbGNv
di10bXAuJChzaGVsbCBlY2hvICQkJCQpCiBGSUxFUyAgIDo9ICQod2lsZGNhcmQgYmluLyopICQo
d2lsZGNhcmQgbWFuLyopIFJFQURNRSBDSEFOR0VTIE1ha2VmaWxlIFwKIAkgICAkKHdpbGRjYXJk
IHJwbS8qKSBsY292cmMKZGlmZiAtcnVwTiBsY292LTEuMTEvYmluL2luc3RhbGwuc2ggbGNvdi0x
LjExLXBhdGNoL2Jpbi9pbnN0YWxsLnNoCi0tLSBsY292LTEuMTEvYmluL2luc3RhbGwuc2gJMjAx
NC0wNS0yMyAwNDowMzo0NS4wMDAwMDAwMDAgLTA1MDAKKysrIGxjb3YtMS4xMS1wYXRjaC9iaW4v
aW5zdGFsbC5zaAkyMDE1LTA0LTE1IDE5OjQ3OjM1LjAwMDAwMDAwMCAtMDUwMApAQCAtMzQsNyAr
MzQsOCBAQCBkb19pbnN0YWxsKCkKICAgbG9jYWwgVEFSR0VUPSQyCiAgIGxvY2FsIFBBUkFNUz0k
MwogCi0gIGluc3RhbGwgLXAgLUQgJFBBUkFNUyAkU09VUkNFICRUQVJHRVQKKyAgbWtkaXIgLXAg
YGRpcm5hbWUgJFRBUkdFVGAKKyAgaW5zdGFsbCAtcCAkUEFSQU1TICRTT1VSQ0UgJFRBUkdFVAog
fQogCiAK
====
example
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:29
So the message would have to be pretty long to have any chance of repeating itself in base64
Sam Gwydir
@gwydirsam
Apr 16 2015 03:29
or still use a terminating code
maybe XOR with it?
I don't know
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:35
Yeah so I'll just make our stego tool generic
What's the message to encrypt? What's the input image, output location?
LSB type?
Sam Gwydir
@gwydirsam
Apr 16 2015 03:35
yeah something like
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:35
Then for extracting: input image, and LSB tpye
parties who are sending messages to each other should have some consistency in the lsb used to embed and extract
Sam Gwydir
@gwydirsam
Apr 16 2015 03:36
stego-tool --lsb=2 --image=image.bmp --output=output.bmp
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:36
exactly
Sam Gwydir
@gwydirsam
Apr 16 2015 03:37
yeah you can always just have the user put in lsb type
even for extraction
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:37
parties who are cracking (aka kyle) would have to try different lsb's and determine from the output which one is the actual message
yeah that's what I have in miind
Sam Gwydir
@gwydirsam
Apr 16 2015 03:37
right
I mean he only really has to try two
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:37
Lol yea
Sam Gwydir
@gwydirsam
Apr 16 2015 03:38
I'm still interested to see if you say the image is this height and width, then embed beyond that
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:38
Also I determined that Munchkin's competitors are ripping off their software
Sam Gwydir
@gwydirsam
Apr 16 2015 03:39
okay then that trick is sunk
Martin Fracker, Jr.
@Towerism
Apr 16 2015 03:44
The stego-attack tool is supposed to 3 distinct attacks on stego-crypt
employ 3 distinct attacks*
Sam Gwydir
@gwydirsam
Apr 16 2015 03:45
how many types do you have to do?
Martin Fracker, Jr.
@Towerism
Apr 16 2015 04:17
Just 1 and 2 LSB
I have a problem. I have to calculate peak signal to noise ratio of a stego-image (given the original)
Which kind of blows due to row padding
A BMP library would make reliable access to pixels easier
Martin Fracker, Jr.
@Towerism
Apr 16 2015 04:22
Nevermind, A BMP library might expose the subpixel values but not the unsigned representation of the overall pixel
Well yea, A BMP would make it much easier
Martin Fracker, Jr.
@Towerism
Apr 16 2015 05:01
We don't need other libraries. Screw other libraries. We have TDD as our end all be all library.
Martin Fracker, Jr.
@Towerism
Apr 16 2015 09:47
Sam I don't know why, but one of my dgimg tests consistently causes segfault when i run them using make test-dgimg.
Everything is find if I run either debug or build dgimg tests, but when they are run through the make, there is a sefault.
This is only on build, btw. Both my desktop and laptop successfully complete the tests in all aforementioned cases.
Sam Gwydir
@gwydirsam
Apr 16 2015 17:35
@Towerism weird
@Towerism do
grep dgimg Makefile
Sam Gwydir
@gwydirsam
Apr 16 2015 17:44
could it have to do with
unsigned BMP::max_pixel_value() const {
  unsigned max = std::numeric_limits<unsigned>::min();
  int width = data.width();
setting something called max to the min seems wierd even if it is intended
also I could see gtest being upset with the empty ouput stream
Martin Fracker, Jr.
@Towerism
Apr 16 2015 19:10
Pretty typical when you are optimizing a local maxima. You initialize it to -infinity
Sam Gwydir
@gwydirsam
Apr 16 2015 19:10
as long as you know what you're doing
though it's unsigned so that's 0
but that still makes sense
what compiler are you using?
Martin Fracker, Jr.
@Towerism
Apr 16 2015 19:11
yea there's no reason to use it for unsigned I don't know what I was thinking
Sam Gwydir
@gwydirsam
Apr 16 2015 19:11
have you run it in gdb and done a backtrace?
Martin Fracker, Jr.
@Towerism
Apr 16 2015 19:12
Gcc-4.9
Sam Gwydir
@gwydirsam
Apr 16 2015 19:12
I doubt it, but I'm using 4.9.2 everywhere else
I doubt it matters*
Martin Fracker, Jr.
@Towerism
Apr 16 2015 19:13
I have tried. But it only happens when I run the test through make. Gdb doesn't hook into the test.
Sam Gwydir
@gwydirsam
Apr 16 2015 19:13
did you run that grep?
gdb can hook into the test fine
gdb debug/test/test-name
Martin Fracker, Jr.
@Towerism
Apr 16 2015 19:14
Yea like I said only when the test is run using make test-recipe
Sam Gwydir
@gwydirsam
Apr 16 2015 19:14
I'm wondering if because you have an older makefile you still have the version where make test-name runs both the build and debug versions
run the grep
grep dgimg Makefile
Kyle Wilson
@bluyam
Apr 16 2015 19:34
Got skype to work on my phone. Marty wats ur handle
I found Martin Fracker and Martin L Fracker Jr, both from San antonio
I added the rest of u brw
*btw
Sam Gwydir
@gwydirsam
Apr 16 2015 19:37
neat
you got me as gwydirsam right
I think I have other accounts on there
Kyle Wilson
@bluyam
Apr 16 2015 19:38
Yesh
Sam Gwydir
@gwydirsam
Apr 16 2015 19:43
neat
Kyle Wilson
@bluyam
Apr 16 2015 19:55
My name is bluyamskype
Martin Fracker, Jr.
@Towerism
Apr 16 2015 20:02
redbishop2112
Kyle Wilson
@bluyam
Apr 16 2015 20:03
Kk request sent
Christopher Findeisen
@Atrus7
Apr 16 2015 20:04
Sam get in the call
Rafa get in the call
Sam Gwydir
@gwydirsam
Apr 16 2015 20:06
ah
coming
Sam Gwydir
@gwydirsam
Apr 16 2015 20:51
@ralphie9224 yo you need to commit and push the failing and passing tests
Rafael Moreno
@ralphie9224
Apr 16 2015 22:02
i'm scared
just a simple git push?
or is there something else i need to do to do it?
Kyle Wilson
@bluyam
Apr 16 2015 22:41
We can use OpenSSL right