NANY 2009 Entry Information
|Short Description|| this tool will attempt to embed text information into a CODE section of|
any PE file. it does so by finding valid opcode strings and replaces
them with "like-minded" opcodes therefore not changing the size or
operability of the file.
|Supported OSes||Windows 32-bit|
|not much, just Win32 OS|
Executable code steganography
I have submitted a rather unusual app that takes a different approach in steganography. I (with the help of friends and Oleh Yuschuk's disassembly engine ) developed this application way back in 2003-2004. The app is called PESplash. It embeds text into windows exe files using interchangeable assembly opcodes.
With this app you can create your own 'keys' (ops.dat file) that will be able to embed/read hidden text via a binary stream based on the interchangeable codes you have in your ops.dat file. So, it embeds this data into the CODE section of your executable file and will run just as originally compiled without error and yet contains hidden data. Now, be warned, if you decide on interchangeable opcodes and you are wrong, then your application will most likely not run correctly. the default ops.dat file contains most zero flag, interchangeable codes that should not be a problem to swap (but it's not perfect).
So to summarize, it embeds text into your executable files. This could be used in nefarious ways (and is the reason i never released it to the public). Use with restraint, but it's a pretty cool way of tracking who is downloading your files (if released in the wild), send messages, etc.
Anyway, that's my submission, enjoy.
Also, please note that this is free and without protection, however, if you plan on using this in a corporate/commercial product, then you must contact me for proper compensation.
unzip this to a dir of your choice and run it
Using the Application
Select an unpacked app, have it scan for the amount of bytes available (per your ops.dat file keyfile) then write the text to the file, done. to retrieve the embedded text, just open the file and select retrieve, done.
just delete the files that you unzipped, done
this will not work with already packed (compressed) executable files. that is, it will seem to work, but the file will not work.