- Aug 28, 2015
- 517
- 1,679
I was reading about steganography - hiding data in pictures - when i thought it would be fun to write a script which hides a bitcoin private key in a picture file.
The idea is that each pixel in common picture formats has an r, g, b value. It is possible to alter the least significant bit (the bit on the right most side) of these palette values to encode information into the picture which isn't noticeable to the naked eye.
First effort in python: https://github.com/surg0r/steg
I have managed to write an extremely simple library which encodes an image with a private key, and can extract the same private key from the altered image.
What I need to add is some creative thinking to allow encoding of a private key into a lossy image format such as a jpg - some form of redundancy with multiple checksums is probably a reasonable approach.
Once I have the above sorted I will play around with different methods of encoding the data as LSB manipulation is pretty obvious to an attacker or image processing software on the lookout for such a trick. Open to suggestions for some more exotic means of encoding the private key ..
Finally it would be fairly trivial to add two factor with something like bip38 and a passphrase to the image file.
edit: added automatic string length check and a checksum using the last 4 bytes of a sha(256) of the key
edit2: tidied up the library so that it works very simply now..
The idea is that each pixel in common picture formats has an r, g, b value. It is possible to alter the least significant bit (the bit on the right most side) of these palette values to encode information into the picture which isn't noticeable to the naked eye.
First effort in python: https://github.com/surg0r/steg
I have managed to write an extremely simple library which encodes an image with a private key, and can extract the same private key from the altered image.
What I need to add is some creative thinking to allow encoding of a private key into a lossy image format such as a jpg - some form of redundancy with multiple checksums is probably a reasonable approach.
Once I have the above sorted I will play around with different methods of encoding the data as LSB manipulation is pretty obvious to an attacker or image processing software on the lookout for such a trick. Open to suggestions for some more exotic means of encoding the private key ..
Finally it would be fairly trivial to add two factor with something like bip38 and a passphrase to the image file.
edit: added automatic string length check and a checksum using the last 4 bytes of a sha(256) of the key
edit2: tidied up the library so that it works very simply now..
Last edited: