I've researched a whole lot on the fileformat lately and found ways to hide information by exploiting the file format (zip). I have not seen this method being described before so I thought maybe it was about time. Along the way I've also made a POC tool to show how it's done and working. It will probably soon be posted under the freeware section accompanied with all the details and information on how to detect it (of course). Question is what kind of software are dealing with this sort of steganography today (ie non-image based)?
The tools used to handle these files on a normal basis (Office, WinRAR, etc), will not complain about any errors with the files, because the file structure is still perfectly healthy after modification.
Joakim
Interesting research, simple yet I don't think its been tried before.
Good work. D
Sorry to ruin the party ( , but this one should be very similar
http//
Oldish (and still loosely "image connected" (powerpoint)
http//
The "general idea" is not really "new"
http//
This is also interesting
http//
though it mainly deals with metadata (which however may include "hidden text").
Just for the record I remember once opening in Open Office a Contract we received by e-mail in Word (maybe 97 or 2000) format .doc that was used with "revisions" .
Quite a bit of relevant info - including the actual numbers/prices that were not visible in Word, became visible.
Never bothered to check how/what had happened, though.
jaclaz
Thanks for the links. But no party has been ruined. D What I've coded has nothing to do with what those links refer to. It is basically about taking advantage of the file format as well as complying to the ooXML specification, and at the same time making room for certain real-life deviations from what the specification otherwise would say (MS Office). It took more time than excepted to finish coding, as I ran into some issue when fragmentizing encrypted data. Hopefully it's finished in a few days. It is currently at around 2000 lines of code, but can probably be shrinked to under the half, when everything is sorted out.
But no party has been ruined. D What I've coded has nothing to do with what those links refer to.
Happy no harm was made D
jaclaz
>Just for the record I remember once opening in Open Office a Contract we >received by e-mail in Word (maybe 97 or 2000) format .doc that was used >with "revisions" .
> Quite a bit of relevant info - including the actual numbers/prices that were >not visible in Word, became visible.
> Never bothered to check how/what had happened, though.
>jaclaz
Word (since DOS days) often does an incremental save of an edited file. Thus the original text will be sequential at the start of the file, and at the end of the file are the corrections, wuith a series of pointers to say where the new data is stored. Looking at a raw file, you will see different data from what you see in Word.
I imagine the XML version will not this - but I have never looked.
Michael