Steganography in xkcd comics without the img alt tag

March 10, 2012 By Leave a Comment

Inspired by a recent Hackaday post [austin] decided to try his hand at steganography. Steganography, or ‘concealed writing’ has come a long way from ancient Greek slaves/couriers shaving their head, tattooing a message on their scalp, and regrowing their hair. We recently saw a music file masquerading as a picture of a kitten, but that method of hiding data required running a Ruby script. [austin] thought steganography would be a great way to hone his JavaScript skills, so he made an image encoder and decoder purely in JS and HTML.

Like the previous incarnation, [austin]’s work takes a regular .PNG image file and hides stuff in the pixel data. A few of the lower bits for each pixel are modified (three bits from the red and blue, two bits from the green – a good choice, the human eye is very sensitive to green) and a file is embedded inside the .PNG image.

For an example, [austin] embedded some stuff inside the xkcd comic underneath this post’s title. Even though the image is mostly white, we can’t see anything wrong with the colors. If you’d like to decode the message, [austin] put his encoder and decoder up on github. Feel free to take a shot at it.

Filed Under: security hacks Tagged With: ,

USB dongle generates and enters your passwords so you don't have to

March 5, 2012 By Leave a Comment

usb-password-dongle

Like many businesses out there, [Joonas Pihlajamaa’s] employer requires him to change his password every few months. Instead of coming up with a complex, yet easy to remember password again and again, he built a small USB device to do the work for him.

He dismantled an old USB memory stick, fitting it with an ATtiny85 with its required components on a small piece of perfboard. Using the knowledge he gleaned from his previous USB HID tinkering, he programmed the ATtiny to act as a USB keyboard which enters his password for him whenever he plugs it in.

The USB dongle not only types his password in for him, it can generate a new password with a few simple keystrokes whenever he desires. Obviously it merely takes someone getting their hands on his USB stick to compromise security, but it does beat a Post-It under the keyboard any day.

Continue reading to see a short video of his USB password dongle in action, and be sure to swing by his site for more details on how it was all put together.

[Read more…]

Filed Under: ATtiny hacks, security hacks Tagged With: , , , ,

This image contains a hidden audio track

February 27, 2012 By Leave a Comment

This image contains a hidden audio track which you’re very familiar with. Well, it used to. We’d bet we messed up the careful encoding that [Chris McKenzie] used to hide data within an image when we resized the original.

He’s using a method called Steganography to hide a message in plain sight. Since digital images use millions of colors, you can mess with that color data just a bit and the eye will not really be able to pick up any difference. Each pixel has had the eight least significant bits swapped out for the data [Chris] is hiding. Since the image uses 24-bit color, the largest possible change (going from 0 to 255) in those bottom eight bits will only result in a color change of about 0.15%. And that’s only for one pixel; in most cases the change will be much less.

He shows his work, both decoding and encoding using Ruby, and even provides a one-liner which lets you playback the audio without downloading anything (just make sure you’ve got all of the dependencies installed). Never gonna give, you, up…

[via Reddit]

Filed Under: security hacks Tagged With: , , , , ,

Sony Google TV devices running unsigned kernels

February 20, 2012 By Leave a Comment

The proud cry of “I am root” rings true once again, this time on Sony Google TV devices. Although a low-level exploit was found on previous firmware versions, a downgrade process lets you run unsigned kernels on updated TV or Bluray models of the Internet streaming devices.

These systems are Android-based, which currently run version 3.1 Honeycomb. This version patches the previous exploit, but with three different USB sticks you can downgrade, exploit, and upgrade to an altered and unsigned hack of the most recent kernel. This gives you the root access you may have been longing for, but other than the features discussed in the forum thread there’s not a whole lot of changes rolled into the exploit yet.

We’re always looking out for open source projects running on living-room devices and hope that someday we’ll see a branch of XBMC for the GTV. Until then we’ll just have to keep our fingers crossed for the viability of a RaspberryPI XBMC.

Filed Under: security hacks Tagged With: , , , , , ,

RFID reader gets user inputs and smart card write capability

February 9, 2012 By Leave a Comment

[Navic] added a slew of abilities to his RFID reader. It’s now a full-featured RFID reader and smart card writer with extras. When we looked at it last time the unit was just an RFID and smart card reader in a project enclosure. You could see the RFID code of a tag displayed on the LCD screen, but there wasn’t a lot more to it than that.

The upgrade uses the same project enclosure but he’s added four buttons below the display. These allow him to access the different features that he’s implemented. The first one, which is shown in the video after the break, allows him to store up to six tags in the EEPROM of the Basic Stamp which drives the unit. He can dump these tag codes to a smart card (pictured above), but also has the option of interfacing with a PC to read from and write to that card.

We don’t think you can directly write RFID tags with the device, but we could be wrong.

[Read more…]

Filed Under: security hacks Tagged With: , , ,
Newer Posts »