blob: 3603354d9dff98677f06ef66de0fcd0901f827cb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Hydan steganographically conceals a message into an application. It
exploits redundancy in the i386 instruction set by defining sets of
functionally equivalent instructions. It then encodes information in
machine code by using the appropriate instructions from each set.
Features:
- Application filesize remains unchanged
- Message is blowfish encrypted with a user-supplied
passphrase before being embedded
- Encoding rate: 1/110
Primary uses for Hydan:
- Covert Communication: embedding data into binaries creates a
covert channel that can be used to exchange secret messages.
- Signing: a program's cryptographic signature can be embedded
into itself. The recipient of the binary can then verify
that it has not been tampered with (virus or trojan), and is
really from who it claims to be from. This check can be
built into the OS for user transparency.
- Watermarking: a watermark can be embedded to uniquely
identify binaries for copyright purposes, or as part of a DRM
scheme. Note: this usage is not recommended as Hydan
implements fragile watermarks.
|
