************************************************************************ Hide In Picture (HIP) version 2.1 - October, 2002 Copyright (C) 2002 Davi Tassinari de Figueiredo ************************************************************************ --------------------- Table of contents --------------------- - Introduction - License and disclaimer - Legal warning - Available packages - Files in HIP binaries package - Version history - Basic concepts - Features - Using HIP for DOS/Linux - Using HIP for Windows - Error messages - Security recommendations - How HIP works - Translating HIP - Credits ---------------- Introduction ---------------- Hide In Picture (HIP) is a steganography program. It is a program that allows you to "hide" any kind of file inside standard bitmap pictures. The pictures look like normal images, so people will not suspect they contain hidden data. You can use a password to hide your files, and only those who know the password use are able to retrieve them - without it, people cannot even be sure there is something hidden in the image. I hope you enjoy HIP. If you have any doubts, comments, bug reports or suggestions for future versions, please e-mail me at davitf at eml.cc (the address is not written directly to avoid spammers; simply replace at with @). The latest version of this program is available at http://hide-in-picture.sf.net/. If you cannot understand any part of this documentation, I'm sorry; please tell me so that I can improve it. -------------------------- License and disclaimer -------------------------- This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA The full GNU General Public License is in the file COPYING. ---------------------- NOTE: The Win32Lib library (used by the Windows version) has the following license terms: This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. 2. If you use this software in a product, acknowledgement in the product's documentation and binary are required. 3. Altered source versions, and works substantially derived from the it, must... a) be plainly be marked as such, b) not be misrepresented as the original software, c) include this notice, unaltered. ----------------- Legal warning ----------------- Many countries have laws restricting the export or use of cryptography. The algorithms implemented in this program are rather strong, so it might be illegal for you to use it, or you might need to get special permission in order to use it. Before using this program, you should be sure that what you are going to do is legal in your country. If you do not know about the regulations for your country, visit Crypto Law Survey at http://cwis.kub.nl/frw/people/koops/lawsurvy.htm. The author takes no responsibility for illegal use of the program. This program is able to read and write GIF files. However, Unisys has patents for the compression algorithm used by these files (LZW) in the United States, United Kingdom, France, Italy, Germany, Canada and Japan; if you are in any of these countries, you are not allowed to use the GIF reading/writing capabilities without obtaining a license from Unisys (I am not a lawyer, so this information may be inaccurate). ---------------------- Available packages ---------------------- There are several packages available for HIP, all of which can be downloaded from the HIP page. Here is a list, with a brief description of each one. Because of patent concerns in some countries regarding GIF files (see Legal warning), the source code for handling these files is not included in the main source package, but in a separate package. Also, there are two binary packages for each supported language: one of them contains binaries with GIF support and the other one contains binaries without this support. If you are in one of the countries where Unisys has patents on LZW, you should use the _nogif binaries and not use the GIF handling source code; otherwise, you may use any of the packages (it is probably better to use the full-featured program). Source code: - hip21src - source code for HIP 2.1 - hip21gif - source code GIF file reading/writing with HIP 2.1 - hip21msg - message files in several languages for use with HIP 2.1 Binaries: There are binaries (executable files) for all the currently available languages. Each language is represented by a two-letter code in the package name; the package names below have the letters en, for English, and you should replace them by the code for the appropriate language. - hip21_en - binaries for HIP 2.1, with GIF support - hip21_en_nogif - binaries for HIP 2.1, without GIF support All the packages are available from the HIP page, at http://hide-in-picture.sf.net/. --------------------------------- Files in HIP binaries package --------------------------------- DOS/Windows binaries - winhip_XX.exe / winhip_XX_nogif.exe - Windows program file - hip_XX.exe / hip_XX_nogif.exe - DOS program file - hip.htm; hip.txt - Documentation (this file) - COPYING - The GNU General Public License (you may rename the program files before using them, if you wish) ------------------- Version history ------------------- - Version 1.0 : first release. - Version 1.1 : hiding/retrieving is faster, but not compatible with v1.0 hidden files; first Windows version. - Version 2.0 beta : completely rewritten code. Faster, safer, bug fix, support for other encryption algorithms, support for transparent colors, no longer limited to hiding one bit per picture byte, better user interface... not compatible with v1.x hidden files. - Version 2.0 : cleaner code, GUI improvements in Windows version, paletted pictures not compatible with beta version (due to a fix to avoid possible problems when dealing with other graphic formats), added erase option, improved documentation. - Version 2.1 : support for reading and writing GIF files, support for special characters in the program messages, -iX (image format) option in command-line version, new image displaying method in Windows version (less flickering), minor bug fixes, minor code and documentation improvements, smaller binaries (due to new Euphoria version used in compilation). ------------------ Basic concepts ------------------ HIP hides data inside a picture by modifying its colors in a way that is almost unnoticeable by the human eye. When a file is hidden, it conceals each part in an area of the picture; the areas used to store each part of the file are chosen by doing several calculations with the password given. When retrieving a file, the same calculations are done to the password and, knowing which area contains each part of the file, it can be reconstructed. If the wrong password is used when retrieving a file, HIP will try to read the file from the wrong areas and will not find anything there. When a file is hidden in a picture that already has something in it, the new file may be written in areas where the previous data was stored (as HIP has no way of knowing that it was already there), so the old file will be erased or corrupted. Also notice that a large file will need more areas to be fully hidden than a small one, so it may be easier to see the modifications in the picture. If you hide a file that is too large, there will be a lot of "noise" in the picture and it will be easy to notice there is something hidden in the picture, even if other people cannot see what is actually hidden in it. For a somewhat more technical explanation about how hiding works, please read How HIP works. Before using HIP to hide important data, please read Security recommendations. ------------ Features ------------ Here are some HIP features you may want to know about: - Encryption - All data is encrypted before being written to a picture, to increase security. HIP offers several (well, currently only two) encryption algorithms you can choose from; all of them are considered very secure, so you don't have to worry about it unless you have a specific reason for wanting to use a specific algorithm. When retrieving a file, HIP tries using all the available algorithms to find the correct one. - Transparent color support - One color of the picture may be set as 'transparent'; nothing will be stored in areas of this color. This can be useful, for example, when hiding a file in an image from a Web page, as its transparent areas will remain as they were before. To retrieve a file hidden using this option, you must set the transparent color to the same used when hiding it. Transparent colors for GIF files are automatically loaded/saved. - Erase file option - If you want to remove a file hidden in a picture, use this option. It will overwrite the file with random data, so the file will be unrecoverable. If you know the password with which the file was hidden, you can provide it and only the necessary areas will be overwritten, resulting in a very small quality loss; however, if you provide the wrong password, the file will not be erased properly. If you do not provide a password, HIP will overwrite more of the picture to account for all the possible passwords, causing a larger quality loss. --------------------------- Using HIP for DOS/Linux --------------------------- HIP for Dos/Linux is a command-line utility. To hide a file inside a picture, use: hip h source_image input_file [destination_image] [options] If the destination image name is not specified, the destination image is written on top of the source image. To retrieve a file from a picture, use: hip r source_image [output_file] [options] If the output file name is not specified, the name saved in the picture is used. To erase a file previously hidden in a picture, use: hip e source_image [destination_image] [options] If the destination image name is not specified, the destination image is written on top of the source image. Options: -fxxxxxx - file name to write in image By default, the name of the input file is written in the image. Use this option to specify a different name to write. If you use it without specifying a file name, no name is written. -pxxxxxx - password to use When used with the hide or retrieve operations, this option specifies the password to use for hiding/retrieving the file. If you do not use this option, you will be asked to enter a password (recommended). When used with the erase operation, HIP assumes there is a file hidden with the specified password and overwrites only the first bits of the hidden data; if the image contains a file hidden with a different password, it will not be erased correctly. -thh or -thhhhhh - transparent color index or RGB value Use this option to set the transparent color for the image. To specify the palette index for the transparent color of an 8-bit image, use two hexadecimal digits (00-FF). To specify the RGB value for the transparent color, use six hexadecimal digits (the first two represent the red component, the next two represent the green one and the last two, the blue one). If you specify the RGB value for the transparent color of an 8-bit image and there is more than one palette entry with that color, the one with the lowest index will be used. -ex - encryption algorithm Use this option to choose the encryption algorithm: a for Blowfish (default) or b for Rijndael. -ix - image format Use this option to choose the image format for the output file. If the format is not specified, HIP will choose the format based on the file extension; if the extension is not recognized, the file will be saved as a Windows Bitmap (BMP) picture. -c - write the CRC-32 of the data Use this option to append a checksum to the data to identify data corruption. This is enabled by default. -C - do not write the CRC-32 of the data Use this option if you do not wish to append a checksum to the data; see above. -h - hide the password characters If the p option is not used, the program asks the user for the password. Use this option to show *'s (asterisks) instead of the password characters. This is enabled by default. -H - do not hide the password characters Use this option to show the password characters while you are typing them. -v - view file information only Use this option if you only want to see whether the file fits inside the picture when hiding, or the name and size of the hidden file when retrieving. The destination image or output file is not written. -q -quiet mode Use this option if you do not want to see unnecessary messages (such as the file information and status bars). The only things that will be shown are password prompts, confirmation messages and error messages. -y -answer 'yes' to all confirmation questions By default, the program asks for confirmation before overwriting a file that already exists. If this option is specified, you will not be asked for confirmation. ------------------------- Using HIP for Windows ------------------------- HIP for Windows is a GUI (graphical user interface) application, which is intended to be easy to use and understand. You can open a picture by selecting the 'Open picture...' item on the File menu of the main window or by clicking the Open button on the window, and then choosing the file you wish to open. You can also drag and drop a picture into the main window. When you open a picture, it is displayed in a new window. Hiding a file To hide a file inside a picture, select the 'Hide file...' item in the Image menu or click the Hide button, and choose the file you want to hide. You can also drag and drop the file into the picture. An Options window will then appear. In it, you can type the password to use, change the file name which will be written along with the file, choose the encryption algorithm for the file, and say whether you want a checksum to be written along with the file (recommended). Press the Ok button when you are done. The file will then be hidden in the picture. A progress window will be shown during this process; if you wish to abort it, click the Stop button or close this window. When the process is complete, the window containing the picture will show the modified picture. Click the Save button or select the 'Save picture' item in the Image menu to save the modified image on top of the original one. If you do not want to overwrite the original picture, click the Save As button or select the 'Save picture as...' item in the menu. Please note that the file format selected in the Save file dialog box does not really have an effect on the format used to save the picture; the file format is selected from the file extension (this is a bug, not a feature; I hope to be able to fix it soon). Retrieving a file To retrieve a file hidden inside a picture, click the Retrieve button or select the 'Retrieve file...' item in the Image menu, and wait while HIP converts the pixels in the picture into the data which it will try to read. You can cancel the operation by closing the progress window or clicking the Stop button. Next, an Options window will appear. Type the same password used to hide the picture (remember that passwords are case-sensitive). If it is correct, you will see a Save file dialog where you can change the directory and/or the name of the retrieved file if you wish. When you press the Ok button, the file will be retrieved. During this process, you will see the progress window. If you have read this far, you probably already know how to cancel this operation. When the progress window disappears, the retrieving process is finished. If the checksum was written with the data and the hidden file has been corrupted, you will see a warning message. Setting the transparent color To select a transparent color for the picture, select the 'Transparent color...' item in the Image menu. If the picture contains a palette, you will be asked for the palette index of the transparent color; otherwise, you will be asked for its red-green-blue value. Getting information about the picture You can see some information about the picture by selecting the 'Picture information...' item in the Image menu. You will see its file name, its dimensions and number of bits used per pixel, the currently set transparent color and the maximum number of bytes the picture can store. Please note that you cannot hide a file as large as this; some of these bytes will be used to store information about the file (typically, 32 bytes will be used, plus the length of the file name). Remember that, if the file hidden uses too much of the available space, the quality of the picture will be severely reduced. ------------------ Error messages ------------------ xxxxxx is corrupted The bitmap file could not be read because there are errors in it. xxxxxx contains unsupported features The bitmap file is of a type not currently supported by HIP. It may be compressed, or not a 8-bit or 24-bit image. A file name must be specified for retrieving this file The file name was not saved in the picture, so a file name to save the retrieved file must be specified. Aborted by user The user has aborted the execution of the program. Cannot save a x-bit picture as a xxx file The chosen image format cannot store pictures with the bit depth of the current image. If this happens, try choosing another format. Color not found in palette A RGB value for the transparent color of an 8-bit image was specified, but the color was not found in the palette. File is too big to be hidden in picture No need to explain it. Try using a larger picture. File was hidden with a newer version of HIP Newer versions of HIP may contain features (such as compression) which are not known by this version. If this happens, get a newer version of the program. Filesystem error while reading xxxxxx There was a filesystem problem while the program was reading the file. Hidden data is corrupted The program found the data in the image, but there is something wrong with it. Possible causes: a graphics program has corrupted the hidden data, or there has been a transmission or storage error. Anyway, the file is saved, but some or all of it may be unreadable. No hidden file found The program could not find the hidden file in the image. Possible causes: there is no hidden file in it (or it has been erased), the password is wrong, the transparent color in the picture is not set correctly, or the hidden data in the picture has been corrupted. Not enough memory There is not enough memory to load the bitmap image into memory. Transparent color must be a RGB triplet for 24-bit pictures A palette entry was specified for the transparent color of a 24-bit image. Unable to open xxxxxx The program could not open the file for reading or writing. Possible causes: the file does not exist (reading), it is read-only (writing), or it is in use by other program. Unknown error in xxxxxx: xx If this ever happens, there is a bug in HIP. A routine has returned an error code the main program does not know about. Please report this to me. ---------------------------- Security recommendations ---------------------------- Security was a primary concern in HIP's design. However, if you want to be sure nobody will find out that one of your pictures contains hidden data or, even worse, retrieve the hidden file, you should follow these guidelines: - Do not use short passwords or passwords that can be easily guessed (such as your name, phone number, or a single word), as an attacker could automatically try all of these passwords. Use different capitalizations, combinations of words, numbers and punctuation marks, and anything else you can think of. - Do not use pictures available from the Internet or other publicly-available sources. The best source for pictures is scanning photographs - preferably your own. This is because if someone finds the original picture, they will be able to see yours is somewhat different, and may suspect there is hidden data in it - even if they cannot read it. - Erase the original picture after you have hidden the file. The reason is the same as the one above - if someone finds the original picture, they might suspect something. If possible, use a program that wipes (overwrites) the data when deleting it; PGP (http://www.pgpi.org/) is able to do this. - Do not use computer-generated images. They might have large areas filled with a single color or containing linear fades, and small changes in those areas can be easily noticed. It is also possible to identify changes in other computer-generated images such as fractals. - Do not write files that are too big, or the noise in the picture will be easily noticed and someone may suspect there is hidden data in it. For 24-bit images, you should not write files larger than about 40% of the picture size. For 8-bit images, the files should be even smaller. These values are only estimates, and are not valid in all cases. After the hiding proccess, take a close look at the resulting picture - if you think its quality is worse than that of the original, you should use a larger picture. Even if you follow all of these, remember that no program or algorithm is completely safe. The author does not take responsibility for any problems that may arise from security flaws or errors in the program.You should not trust this program for hiding critical data; if that is the case, get professional advice. ----------------- How HIP works ----------------- A bitmap picture is simply a series of numbers representing color intensities, one color for each pixel (point) of the picture. HIP hides a file inside a picture by placing its bits in the least-significant bits of each color in the picture. Suppose you have a picture containing the following bytes: 200 53 2 195 54 69 191 56 The binary values of these numbers are: 11001000 00110101 00000010 11000011 00110110 01000101 10111111 00111000 To hide the character 109 (in binary 01101101), the least-significant bit of each byte would be replaced by a bit of the character. The result would be: 11001000 00110101 00000011 11000010 00110111 01000101 10111110 00111001 Which corresponds to: 200 53 3 194 55 69 190 57 The difference between the new values and the old ones is very small, so it is difficult, if not impossible, for the human eye to identify any difference from the original picture. If the file is large, it may be necessary to modify more than a single bit from each byte of the picture, which can make this difference more visible. With 8-bit pictures, the process is a little more complicated, because the bytes in the picture do not represent color intensities, but entries in the palette (a table of at most 256 different colors). HIP chooses the nearest color in the palette whose index contains the appropriate least-significant bits. The HIP header (containing information for the hidden file, such as its size and filename) and the file to be hidden are encrypted with an encryption algorithm, using the password given, before being written in the picture. Their bits are not written in a linear fashion; HIP uses a pseudo-random number generator to choose the place to write each bit. The values given by the pseudo-random number generator depend on your password, so it is not possible for someone trying to read your secret data to get the hidden file (not even the encrypted version) without knowing the password. A document describing the HIP file format may be written if anyone wants it. If you need it (to analyze it, write a compliant program or for any other reason), please tell me. ------------------- Translating HIP ------------------- If you want to translate HIP into other languages, please get the hip21src or hip21msg package (see Available packages) and translate the messages in m_en.e (please read the information there). I would really like if you could send me the translated file, so that I can include it with future versions and distribute binaries for the translated program. There are already several translations available, and others may become available at any time. The HIP page contains binaries for all the languages. ----------- Credits ----------- HIP has been written in Euphoria by Rapid Deployment Software (http://www.rapideuphoria.com/). The binaries were compiled with version 2.3. It uses many libraries by myself (http://www16.brinkster.com/davitf/). The assembly routines were converted into machine code by Pete Eberlein's ASM to Euphoria converter (http://www.harborside.com/home/x/xseal/euphoria/). The Windows version also uses the Win32Lib library by David Cuny, Derek Parnell and others (http://www.sourceforge.net/projects/win32libex/).