Data hiding is a method of doing exactly what the name suggests, hiding sensitive data. This can be used to watermark images, hide exploitative code, and transfer secret messages. This paper will cover 4 techniques used for data hiding, as well as the tools employed in these techniques.
First, we will cover Steganography. Steganography is “The practice of hiding a secret message inside of… something that is not secret. (Stanger, 2020) One of the core focuses of steganography is to “focus on the imperceptivity of both the hidden data and the act of data embedding.” (Shi et al., 2016) In other words, not only is it important to successfully conceal data in another cover medium, but the integrity of that medium must not be noticeably deteriorated. If you choose to hide data within an image, a human must not be able to notice that the image quality has decreased. This technique is commonly used with images to embed an invisible watermark in them. If somebody were to steal the image, this could be proven by looking at where this watermark data is hidden.
There is an online steganography tool (https://stylesuxx.github.io/steganography/) that can be used to freely hide messages within images.
As you can see above, it is as easy as selecting an image and typing a message. The two images (before and after steganography) are below, and there is no noticeable difference. We can send this photograph to somebody else, who can then use the decoding function to view our original message.
Another method of data hiding is code obfuscation. When you write malicious code, you probably do not want it to be reverse engineered, especially by the blue team. By obfuscating your code, you make it incredibly difficult to understand, by adding an overwhelming amount of redundancy. For example, instead of writing a function that prints out “Hello World”, you can write a function that calls out to some random internet page with the word “Hello” in the HTML code. Rip that word out from the HTML and store it into a variable, then display that variable followed by the word “World.” Once run, both functions would accomplish the same task, but one of them is more difficult to understand, especially by a human reader. There is a free online JavaScript obfuscation tool that can employe this very method (https://obfuscator.io/). Below, we can see the stark difference between a simple Hello World script, and that same code once it has been obfuscated.
The third method of data hiding is bit shifting. This is when you shift the bits of data to make readable material look like gibberish. You can perform this on almost any medium, as to get your original data back you only need to shift the bits back to their original position. This can be used with code to make it appear as a binary file or some other oddly-formatted file. Because the computer analyzes the hex values of the file, you likely will not be able to run a bit-shifted piece of code until you reverse the bit-shift process. The online tool Dcode (https://www.dcode.fr/circular-bit-shift) will allow us to bit-shift a message and make it literally unreadable.
The last technique covered will be hiding data in bad blocks. When a computer looks for places to store information, it knows not to looked at marked bad blocks. These are “blocks [that] have (supposedly) gone bad.” (Verhasselt, 2009) These locations will not be looked at by the file system. If we tell the filesystem which blocks are bad (even if they aren’t), we can hide data there and the filesystem will never check it. This is more useful on older machines, as this technique is a bit out-dated, but most valuable infrastructure is on dated machines. Creating and using bad blocks is a straightforward, but fairly technical process. If you want to see an in-depth example on this technique, see the following blog post: https://davidverhasselt.com/hide-data-in-bad-blocks/
References
dCode. (2022). Circular bit shift. Online Decoder, Encoder, Solver, Translator. Retrieved February 14, 2022, from https://www.dcode.fr/circular-bit-shift
Kachalov, T. (n.d.). JavaScript obfuscator tool. JavaScript Obfuscator Tool. Retrieved February 13, 2022, from https://obfuscator.io/
Shi, Y.-Q., Li, X., Zhang, X., Wu, H.-T., & Ma, B. (2016). Reversible data hiding: Advances in the past two decades. IEEE Access, 4, 3210–3237. https://doi.org/10.1109/access.2016.2573308
Stanger, J. (2020, July 6). The ancient practice of steganography: What is it, how is it used and why do cybersecurity pros need to understand it. Default. Retrieved February 13, 2022, from https://www.comptia.org/blog/what-is-steganography
stylesuxx@gmail.com. (n.d.). Steganography Online. Steganography online. Retrieved February 14, 2022, from https://stylesuxx.github.io/steganography/
Verhasselt, D. (2009, April 22). Hide data in bad blocks. Retrieved February 14, 2022, from https://davidverhasselt.com/hide-data-in-bad-blocks/