Quote from: g3gg0 on January 23, 2014, 11:50:35 AM
so anyone - provide me a "uint32_t cr2_inject(char *cr2_filename, char *jpg_name)" and i will embed it
Happy to give it a go . But, being quite unfamiliar with CR2 file structure, ML source code and having not touched C++ in 13 years, it might take me some time.
I am guessing that to implement this properly, you'd need to:
1) Extract only the Huffman compressed DCT data from the source JPEG. The reason for this is to reduce the chance of anyone brute forcing the password until they detect any common JPEG structures or image sizes within the decrypted data. The obvious downside of stripping these headers would be that image parameters such as image size, colour format and etc would not be stored. The user would have to supply those while extracting the images. Also, a non-easily identifiable method of storing the Huffman tables would also have be devised.
2) Encrypt this data using the password supplied.
3) Extract raw sensor data from target CR2 as a bitmap (I image that there should be code for this at dcraw)
4) Store encrypted data inside the least significant bits of the pixels from the bitmap image decoded from the CR2 raw sensor data. The pixels that are modified would have to be dispersed throughout the image in a random fashion based on a part of the password. If sequential pixels are modified instead, an attacker may notice an increased amount of noise in the certain areas of the image.
5) Re-compress and save the CR2 file (I imagine ML would have some utilities for this) ensuring that the created/last updated timestamps are not updated.
The user must also be forced to give at least a 10 character password otherwise the whole thing is still quite vulnerable to brute force attacks.
This would need to be done properly as people tend to (perhaps foolishly) put a great deal of faith in encryption.
Thanks,
Alfred