Svrops.com - Camera Shy

home > camera/shy and steganography

Camera/Shy and Steganography
09.02

Steganography has no definition in Webster's dictionary. The entry for Steganography only refers you to Cryptography. So what is Steganography (steg·a·nog·ra·phy)? Simply, it is the hiding of messages in graphics files, video files, audio files and any other means that is not readily apparent. Shaving someone's head, tattooing a treasure map on their shaved head and then having the person's hair grow back to hide the map, could be a form of Steganography.

Camera/Shy, a program developed by the group Hacktivismo, uses steganography to hide messages in graphics files. The raison d'être of this program, according to the Hacktivismo web site is, "Camera/Shy was developed for democracy activists operating from behind national firewalls". This program, according to it's makers, will allow information that would otherwise be banned, to reach the citizenry of countries where Free Speech is considered antigovernment and contrary to the needs of the masses.

It should be noted that Hacktivismo is an offshoot of the well known "hacker group", Cult of the Dead Cow. Because of this association, they too, are considered a hacker group - though Hacktivismo might argue this. And being notorious, especially since 9-11, can have it's down side. Shortly after Camera/Shy was released, it was labeled a "hacker tool" and at least one software company, NetIQ, updated it's software to "help the IT community combat Camera/Shy".

Regardless of your opinion on the issue, Camera/Shy, for those who are interested, can effectively encrypt and decrypt information into and from graphics files (actually, at his point, only .gif files). This program is open source software which means it's not only free, but it's in a constant state of development (is this a good thing?).

Below is a .gif image I made. Some Orcas swimming happily, looking for fish. Encrypted in this picture is the first five amendments of the Bill of Rights (what is the first one?) . To see Camera/Shy do it's thing, and view this hidden information, do this:

1. Copy the URL of this web page onto your clipboard by going up to the address bar of your browser, click the URL, right click and choose Copy.

2. Download Camera/Shy here (1.3MB) - or the zipped version (628KB). The program is a single executable file that does not require installation. Simply download the file and then double click it to open Camera/Shy (the zipped version you need to unzip first). A web page might load in Camera/Shy, but just ignore that for now.

3. Once Camera/Shy is open, go to the top of the program window and in the 2 fields where you see asterisks, replace the asterisks with the word - happy. Do this in both fields. Encrypted images require a password to view the information hidden in them.

4. Click the View menu on the menu bar and uncheck "Don't show gif steg window".

5. Next to the password fields is an address field where you can enter a web page URL. Click the field, right click and choose Paste. This should paste the URL of this web page into the field. If not, just type it in. Press enter to go the web page.

6. You should be taken to this web page. It will show up in the top left window in Camera/Shy. Below the web page window is another smaller window that should have the URL of the Orca picture. Click the URL. You should now see the text that is hidden in the picture. It will show up in the Camera/Shy browser window and in a small window to the right. If you don't see the URL for the Orca picture, go back and reenter happy in the password fields, and then reload the web page.

	Camera/Shy Screen Shot

That's all there is to it. All you need to know is the web page that has a Camera/Shy encrypted image file, and the password and signature (signature is just a second password).

Along with viewing stegged images, you can create them with Camera/Shy:

1. Open Camera/Shy. Click the View menu and uncheck "Don't show gif steg window" if it is checked.

2. You have 2 choices here, navigate to a web page to encrypt or encrypt text from a file.
To encrypt text from a file, you can enter the path to the file in the Camera/Shy browser window address field. Do this in the format of f:///c:\docs\mydoc.txt. That is, f:/// followed by the path to your text file. You have to use a text file. No MS Word or Excel files.
Instead of using the Camera/Shy browser window, you can copy and paste the text in the little window to the right that says "Content to put in gif".

Note: The amount of information you can encrypt is dependent on the size of the image file. Camera/Shy will tell you how much text you can encrypt. The bigger the image file, the more text you can add.

3. Create a password and signature, in the fields with the asterisks, at the top of Camera/Shy. This is the password and signature that others will enter to see the text in the encrypted graphics file.
Once again, what Camera/Shy calls a signature is just a second password. It can be the same as the first password if you want.

4. Next, you need to load a .gif image file that you will be encrypting. Click the blue arrow up by the password fields that says "Load Image" when you move the mouse over it.
Note: At this time, Camera/Shy supports only .gif image files.

5. Once you have your passwords set, the image file loaded and text to encrypt (or a web page), click either the "Encrypt Text" button above the window where you paste text, or click the "Encrypt current web page" button above the Camera/Shy browser window - depending on where you loaded your information from.

6. Finally, go back to the top of the program window and the click the blue arrow that says
"Unload and Save Image" when you move your mouse over it.

You will now have an image file with encrypted information that you can put on a web page or email someone.

Camera/Shy is an effective steganography tool. However, it could use some improvements. The support of larger amounts of text in smaller image files. Supporting more image file types (in addition to .gif files), and hopefully they will improve the Help in the program. These are minor things, and being an open source program, Camera/Shy will only improve over time as different developers add to the program... at least that is one of the ideas behind open source software.
How you use Camera/Shy, if you do find a use for it, is up to you. You can use it for good or bad, the choice is yours.

Links

Source Forge - you can find the latest build of Camera/Shy here:
http://sourceforge.net/projects/camerashy/

Other Steganography software:
http://www.jjtc.com/stegoarchive/stego/software.html

A technical discussion of Steganography
http://www.jjtc.com/stegdoc/steg1995.html

Outguess - a program that can detect stegged images:
http://www.outguess.org/detection.php

Another site discussing the defeat of stegged images:
http://www.citi.umich.edu/u/provos/stego/