lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hpr-knowledge-base/hpr_transcripts/hpr2712.txt

247 lines
21 KiB
Plaintext
Raw Permalink Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 2712
Title: HPR2712: Steganography
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2712/hpr2712.mp3
Transcribed: 2025-10-19 07:59:37
---
This is HPR Episode 2712 entitled Teconography.
It is hosted by Klaatu and in about 22 minutes long and Karima Cleanflag.
The summary is Klaatu wraps up his miniseries about Teconography.
This episode of HPR is brought to you by an Honesthost.com.
Get 15% discount on all shared hosting with the offer code HPR15.
That's HPR15.
Bittersweb hosting that's Honest and Fair at An Honesthost.com.
Hello folks, Kay Wisher here to remind you that's that time of year again.
Time for the Hacker Public Radio New Year's Eve Show.
For those who don't know, on New Year's Eve December 31st, 2018, at 10am UTC,
that is 5am Eastern Standard Time, we will have a recording going on the HPR Mumble Server
for anyone to come on and say Happy New Year and talk about whatever they want.
We will leave the recording going until January 1st, 2019, 12am UTC.
That will be 7am Eastern Standard Time or until the conversation stops.
Please visit hackerpublicradio.org to find all the details and links about how to set up
the PC Mumble Client, your favorite mobile app, the mobile server connection details.
Our Etherpad show notes and the live audio stream if you only prefer to listen in on the
lively banter.
So please stop and say hi and maybe join in the conversation with other HPR listeners
and contributors.
This is my final episode in the mini series on Stagnography that I've been doing.
Some of you may not have known that I was doing mini series on Stagnography because I
didn't really announce it in audio.
I did make a note of it, just kind of for fair warning, I made a note of it in the show
notes that I was doing a mini series on Stagnography.
But I didn't elaborate on how this was a series about Stagnography because apparently the first
two episodes were actually not about Stagnography at all.
So first of all let's talk about what Stagnography is and I'm just going to go straight to Wikipedia
and read out what the definition, the widely accepted definition is.
Stagnography is the practice of concealing a file message image or video within another
file message image or video.
The word Stagnography combines the Greek words staganos meaning covered, concealed or protected
and graphene meaning writing.
So there you go.
Stagnography is it's sending secret messages which I mean give me a break as a kid that
was all I ever wanted out of life was to be able to send secret messages to somebody.
That was that seemed really cool to me.
So I thought I'd do a little mini series about it to kind of maybe demonstrate just how
to get started with Stagnography.
I'm certainly no expert but it's just it's something that I find pretty interesting.
So the first I think the first principle would be in Stagnography well aside from the definition
which I guess we could call that the zero if principle that's what Stagnography is right.
So I would say that one of the first things to keep in mind when when deciding to engage
in Stagnography is that really good Stagnography is is not something that you recognize as
Stagnography.
I mean someone ought to recognize it I guess because if you're sending a message there's
the implication that you that you have someone that you want to have received that message.
So if they don't know to look for it or where to look then then it's no longer Stagnography
almost.
It could probably just be argued that it's that it's just it's just you know your message
might be there but it's just basically bloat because no one knows that it is there.
And so you've just sort of shouted into the world but maybe that's what you want to do
maybe you just want the thing there and who knows how many files on your computer today
you've downloaded from the internet has some message it concealed in it that wasn't meant
for you and is not being seen by you who knows I don't know.
So the fact that I was doing a miniseries on Stagnography quite quite literally probably
would have not been known hadn't I included a note in the show notes stating that I was
doing a miniseries on Stagnography and I did that as as fair warning because I didn't
feel like the hacker public radio audience I mean the hacker public radio audience I believe
sort of at least in part trusts me as a person and so I didn't want to include information
you know in in hacker public radio material without telling you or or at least implying
that there might be something else going on so I did that as a I guess a courtesy but
also because no one none of you know would would would would know to look for a message
if I hadn't stated hey this this has a message embedded in it or there there this is about
Stagnography which it would a little bit of a tip that there may be something somewhere
that that isn't as simple as it seems.
So in the first episode in Scribus I was talking about well Scribus I was talking about
a program Scribus and and innocently mentioned that the end goal of Scribus very frequently
was to produce a PDF and so I stepped through the process of making the PDF file from Scribus
kind of talked about some of the different options and so on and then I posted the Scribus
file and the resulting PDFs online and to someone who hadn't read the show notes they would
have gone to that to the to the link probably and and they would download the file and for
them it would be or who hadn't read the show notes carefully you'd have to read them
to get the link but you go there you download the thing you'd look at it it would be exactly
what it claimed to be it's a Scribus file with some fonts and some images and two PDFs
and that's it and that's fair enough that's exactly what was advertised and you are you
can disassemble the Scribus file and you can look at the resulting PDFs and and you'll
have hopefully learned something that was the that was the goal of that episode at least
I was one of the goals of the episode teach people about Scribus because I think it's
a great application and I think people do kind of over think it and kind of get confused
about it so there you go Scribus it does this thing second episode was about ghost script
and once again there's there's actual application to this episode it's it's actually really
useful information if you have PDFs that are really really big and ugly and you need to print
them and you just want to use just your black ink and you don't want to have to print a bunch
of images that you're never going to look at anyway or if you can't get the PDF to load on your
stupid little mobile because your mobile is not powerful enough to render all these images quickly
then this is a great tip ghost script can can help you with both of those problems and I use it
very frequently for my own stuff and and and it's very useful so once again there was real
actual information in those episodes and I feel like like they were both useful in in and
as of themselves now in the ghost script episode I was I kind of mentioned at the end that you
could look at PDFs like at the source of PDFs like at the you know you can look into a PDF by
opening an e-max and you can see that there are streams of binary data that you can't really read
it's just a bunch of binary bits and PDFs open even with these things deleted well as it turns out
PDFs also open with new information inserted into these streams now it doesn't always work and you
have to play around where you can insert it and where you know what what breaks and what doesn't
break but if you go if you do download the the files that I provided from the street the
the scribus episode if you download those files and you do e-max example dash no bleed that dot PDF
and like I said in the original episode it'll try to render that file for you to make it look
pretty and stuff and you can just you can get around that with control c control c and then if you
there you go and then if you scroll down in e-max you're looking at all this ugly text keep
scrolling down to pay to line I think it was 651 yep there it is 651 then you'll find that the
ugly binary data that's in there by default or you know as part of the actual PDF sort of comes
to an end I mean I'm saying this I'm speaking this and frankly it's really not that easy to tell
you'll see it once you see it but you won't it is not immediately obvious because what looks it
looks like a bunch of gobbly gook then ends up as a bunch of other gobbly gook and you can't really
tell the two from one another if you're not sort of looking for it I mean it depends on how much
syntax highlighting and stuff you have on too but 651 starts this block which is actually of course
you're you're probably already figuring out where I'm going with this but it's actually a block of
base 64 so if you extract that block of of text just the the stuff from 651 well really
literally online 651 so 652 is the word end stream so just the text on 651 if you extract that
put it into its own file so I'll just select it control space to set my mark go all the way down
to 652 control w to cut it and now I'll do a new file control x control f I'll just call it
base base dot 64 return and then paste it in there okay so control x control s to save control x
control c to close now I have a new file called base dot 64 I can decode that with base 64 that's
b-a-s-e64-d for decode space and then base I called it base dot 64 and then redirect into file dot
og and I told you that the key you needed was og in the original episode in the show notes rather
sorry so again I mean in order for this to be useful you would have to have known that it was
there I I can't see people stumbling across it and then saying oh I wonder if it's an og file
and so on so I mean maybe but but probably not and now if you if you do all of that if you've
done all of that then you end up with an audio file that sounds a little bit something like this
hey there clever listener you have discovered an embedded audio file in a pdf if you contact me
at clatu at member dot fs f dot org before my reveal of this secret file has been aired then I
will send you no matter where you are in the world a free copy of my game petition and you have
my eternal respect for having found this ended down and that's it that was the that was the
stegonography that was a stegonographized message it was a little audio file embedded in a pdf so
that the audio file came out to like 52 kilobytes so adding it into a I don't know whatever the
the actual file ended up being I think it was it was um no bleed so it was yeah I was about
900 kilobytes integrating the base 64 version of that audio file in the pdf was really quite
trivial now it could have been anything it could have been an audio file could have been an image it
could have been text that was encoded into something else it could be text that was gpg encoded
and then the just the gpg stuff could have been pasted in there you know there's any number of
things you could you could embed into into that that particular file format and the pdf very
frequently doesn't care again you'll probably have to test this in practice but it is it is as
straightforward as I have just made it sound so there's not a whole lot for me to say otherwise
so because the the process has been drawn out over several different episodes I'm going to
condense everything here I'm going to talk about exactly how to replicate what I've done just in
case you're not clear on it so the first step would be to get or to create a pdf I I created my
own in scribus because I could because it was a good excuse to do a scribus episode right so create
a pdf or or get a pdf then open that pdf in a text editor I use emax but I imagine several other
good text editors would work just as well again in emax it'll try to render it so do control c
to get out of that view scroll through the pdf and find the clause or the phrases that start with
the word stream and end with the word end stream there will be a lot in there because this is
basically all the important stuff in a pdf is encoded in this completely undesirable binary blob
and and that binary blob is contained within stream and end stream now from what I can tell
and I'd have to look at the pdf spec to really determine whether this is correct but what up from
what I can tell if something's in a stream and before the in stream tag so if something's in those
tags or in those those buffeted by those two words stream and in stream well and there's something
to do with the object as well but anyway so if they're in there if it's in there and it's not
referred to directly by the pdf structure then it just gets ignored I mean that's that's as far
as I can tell so you should be able to insert data into a stream and and not really see any kind
of failure now there there are exceptions there's one stream and in stream I think the first one
usually seems to define the page area or maybe the the active area of the page maybe and I've
I've broken a lot of pfs by messing with that too much so I kind of avoid the first one but you can
try I mean it could depend on the pdf and could depend on what exactly you're doing mucking around
in there what you delete what you keep etc so but but inserting data from what I can tell is
generally pretty harmless now the question is how to get that data into a form that you can just
paste into a text editor right well the answer there the common answer is base 64 and base 64
is a command that you probably already have on your Linux machine if not you can install it just
search around for it and base 64 translates the contents of a file into base 64 encoding which
happens to be very friendly for pasting into text editors because it is alpha numerically based so if
you do a if you if you just go into like your I don't know go into your images folder or something
wherever you keep photos or or go into your your your music folder whatever it is do base 64
and then point it at some file this is non-destructive don't worry so it's not it's not going to do
anything to your file it reads the file and then outputs base 64 now if you just type in base 64
space you know my my vacation photo dot jpeg then it's going to it's going to spit out a bunch of
stuff you probably don't really want that so I'm just going to pipe that to head so base 64 here's
landscape dot jpeg pipe head and there's there's a pretty good representation of a base 64 for you
okay so the the way to do this in emax is you would do the base 64 and then whatever you're trying
to embed whether it's an audio file or a text file or whatever or a photo photograph and then
you redirect it so that's the the greater the ensemble to some file so let's just say base 64 dot
txt there now it's just dumped the the base 64 version of this photo that I'm using at this
example into a file called base 64 dot txt located in my pwd photos directory okay so now I'd go
back to emax and I'm my my cursor is somewhere within that stream stream and in stream somewhere
in there I'm not going to interrupt the binary flow I'm just going to put it right before or right
after all that binary data so in other words right after the word stream or right before the word
industry and then I'm going to do it control x and then i so that's just control x and then
take your fingers off and then press i the i key that means insert the contents of a file then
you can navigate you can point emax to the file that you want to insert which in this case is home
plateau photos base 64 dot txt return and that dumps the contents of base 64 dot txt into right
into the pdf control x control s to save control x control c to close and now go back out to your
file manager and click on that pdf to make sure that it still opens in your pdf viewer and that
it's not completely mangled or corrupted or that it hasn't done anything too strange but if
your experience is anything like mine it will open and act exactly as it always has nothing
to look out for here you can break the pdf you and you probably should review the pdf pretty
closely because it sometimes it's it's weird random thing of that go awry like a color channel
gets thrown off so everything looks pink instead of blue or whatever so if you've if you've done
something bad you you'll see it but it might not be immediately obvious as i said in i think my
second episode the ghost script one if you delete binary data sometimes it it'll delete unexpected
things you know it'll just delete the letter f from one paragraph because you you know what
whatever you deleted just happened to be the letter f from a from a thing that was tracing a
font and and you deleted that that glyph or whatever so look out for that sort of thing and also
look out for what you're dumping into a pdf because certainly if a pdf is expected to be 23
megabytes hundred megabytes whatever let's say a hundred megabytes because pdf's are all too
often very large if it's expected to be a hundred megabytes and you deliver one that is 200 megabytes
then someone's going to think gee that's odd and they're going to either we're going to use
ghost script to compress it more or they're going to open it up in a doby acrobat reader or something
something's going to tip them off right that there's a big blob of data in that file that that
shouldn't be there now on the other hand if it's the a re implementation of an existing pdf then
take a look at the size of the pdf use ghost script to compress it down and then use your own
stegonographized message to blow it back up to where it used to be and now suddenly if you've got
a you know you've got an existing 33 megabyte pdf and you're sending out a a 32.3 size pdf
that no one's going to that's not a big deal right that's basically the same size now little do
people know that the all the images have been down raised to 150 dpi instead of 300 dpi and the
rest of that the rest of the bloat there is a hidden message from you then that's that's a
that's a better hidden message than something that that causes a pdf to blow back up to 200 megabytes
or whatever so basics before should not be mistaken as encryption it is not it is it in a way
actually conceals your message I mean it does for people who don't know how to how to manipulate
basics before but generally speaking that it's not don't think of it as encryption it is not it
is simply encoding and decoding a message from one character set essentially to another so
decoding basic 64 as I've already said is as easy as typing in basic 64 dash d for decode or
dash dash decode and then a file containing all of that basic 64 data and then redirect that to
some other file and you're done that's it so it is it is it in no way really conceals your message
or or well it doesn't encrypt your message in other words it it simply transforms it into a format
friendly to being pasted in somewhere obviously the danger here would be that it is discoverable
I mean it is we say it's not in plain sight it's it's concealed but at the same time I mean I guess
people could find it right I mean it would be something that you could feasibly discover so you
would want to make sure that if it was a message that that mattered to you you would want to make
sure that it was somehow encrypted and and made into something that that was not I guess decipherable
very easily but it is something I mean that's that's a vector that is a a thing that you can do
into PDFs and there's a lot more you can do with PDFs you can just you can it's a really bizarrely
bloated and forgiving format it's just it's so easy to put stuff into a PDF it's it's kind of
frightening and yet PDFs are so common I mean you could you can make PDFs for on any subject matter
and distribute it and appear like that's all you're doing is distributing subject you know you're
you're distributing this PDF on this very specific subject and then as a Stagnography
exercise you could have a completely different message integrated into that PDF for those who
know where to look so hopefully this has been informative and hopefully my little proof of
concept has shown that Stagnography Stagnography done right wouldn't appear as Stagnography at all
and yet be just as effective I mean I tipped my hand by tipping you off that these were this was a
mini series about Stagnography but aside from that I feel like there was really not a whole lot
to indicate that my shows weren't completely innocent and just about creating and compressing PDFs
thanks for listening I will talk to you next time
you've been listening to Hacker Public Radio at Hacker Public Radio. We are a community podcast
network that releases shows every weekday Monday through Friday today's show like all our shows
was contributed by an HBR listener like yourself if you ever thought of recording a podcast
and click on our contributing to find out how easy it really is Hacker Public Radio was found
by the digital dog pound and the infonomicum computer club and it's part of the binary revolution
at binrev.com if you have comments on today's show please email the host directly leave a comment
on the website or record a follow-up episode yourself unless otherwise stated today's show is
released on the creative comments attribution share a like 3.0 license
Reference in New Issue Copy Permalink