[DONE] Optional Image Encryption

Started by Se7eN, January 13, 2014, 09:25:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Se7eN

So while I am fairly new to magic lantern (registered to post this but have been using ML for well over a year) i did take the time to search to see if anyone had suggested something similar before (turns out they had: http://www.magiclantern.fm/forum/index.php?topic=9541.msg91565#msg91565).

now all that being said, it seemed to me that it got somewhat brief and negative responses. i find that to be slightly disappointing as there is a large user base here who would benefit from having some method to put at least the most basic of encryption on their photos.

I guess I'll give some background on why I find this to be so important. I live in Washington, USA, a place that lies under the 9th U.S. Circuit Court of Appeals' jurisdiction, a recent ruling  in Cotterman v. United States (http://www.scotusblog.com/case-files/cases/cotterman-v-united-states/) says that unless I am suspected of a crime in which access to the device in question would furnish proof of said crime (read: reasonable suspicion) that the authorities have no right to either 1) compel me to decrypt the device 2) forcefully decrypt said device.  not everyone has these protections, but as of today (January 13th 2014) the Supreme Court of the United States has denied their Petition for Certiorari, meaning this case will never be heard by that court, cementing this into legal precedent. that being said as someone who regularly takes his camera places that are off limits, to photograph things that would later be incriminating, the ability to encrypt my photos would be extremely useful to my continued freedom.

I currently use ML on a 600D and love it, I'd just also like to have the option to encrypt my photos, perhaps using a unique password selected via the front scroll wheel or via the back arrow keys (although the first method would ensure compatibility across all camera's)

let me know what you think or if my limited coding abilities, use of Google, or generally snarky attitude could possibly be of any help.

-Se7eN

g3gg0

Didn't notice the other thread. Love that idea.
reporter support for not-so-friendly countries.

will think about it :)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

Se7eN

Quote from: g3gg0 on January 14, 2014, 01:55:15 AM
Didn't notice the other thread. Love that idea.
reporter support for not-so-friendly countries.

will think about it :)

Thanks! that's all I can ask for, let me know if there is anyway I might be able to help.

-Se7eN

g3gg0

already had success with a simple hack, XORing the CR2 files with a fixed pattern and it worked ;)
- start camera
- enable hack
- shoot: saves the CR2
- repower
- try to view images, none worked
- repower
- enable hack
- try to view images, worked

but it was very hackish, trying to make it more portable and *a bit stable*
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

Se7eN

Quote from: g3gg0 on January 14, 2014, 11:24:40 PM
already had success with a simple hack, XORing the CR2 files with a fixed pattern and it worked ;)
- start camera
- enable hack
- shoot: saves the CR2
- repower
- try to view images, none worked
- repower
- enable hack
- try to view images, worked

but it was very hackish, trying to make it more portable and *a bit stable*
Awesome! I wasn't expecting anything nearly that quick, Thanks!

-Se7eN

g3gg0

encryption is only one part that has to be done.

scenario 1:
lets assume the photographer is a reporter in some unstable country and gets caught shooting photos.
his SD/CF gets removed and being checked in-depth for photos on some computer.
full CR2/JPG/MOV encryption will successfully prevent the footage from being revealed.

scenario 2:
he is forced to show the images on his camera.
when viewing the shots, the camera ask for a password (using IME interface) or just displays "Image could not get displayed".
not a good idea. in the worst case he is getting tortured until he gives out the password or "fixes" the issue.

scenario 3:
some on-demand password dialog could be useful for other scenarios where there will be no punishment to fear.
e.g. on a set or where losing the footage would cause financial loss and thus needs to be encrypted.


to make the images not only non-readable, but also deniable as it would be the best in scenario 2, it should
open some template file (e.g. a flower) instead whenever an encrypted image is tried to be displayed.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

Se7eN

the easiest workaround i can think of would be to simply let the user select a "safe" photo to be displayed from the available photos already on the SD card.

on a side note, while I may be willing to be charged with contempt of court to protect my images, I've yet to shoot anything that I'd be willing to let myself be tortured over. However, I would be fairly surprised if there wasn't someone out there somewhere who would be willing to go to that length to protect their images. there's also the chance that revealing the photos carries worse consequences than being tortured, indefinite incarceration is an example that comes to mind.

maybe hiding the password prompt as an action (button press maybe?) you have to perform while viewing one of the "safe" photos. kinda like pressing the delete button to enter the ML menu, except you'd press something else (white balance perhaps? ISO?).

-Se7eN

blade

I love the idea, however if the files are present, but not readable there is no plausible deniability. Something like saving in a true chript file would solve this issue.
eos400D :: eos650D  :: Sigma 18-200 :: Canon 100mm macro

RenatoPhoto

http://www.pululahuahostal.com  |  EF 300 f/4, EF 100-400 L, EF 180 L, EF-S 10-22, Samyang 14mm, Sigma 28mm EX DG, Sigma 8mm 1:3.5 EX DG, EF 50mm 1:1.8 II, EF 1.4X II, Kenko C-AF 2X

g3gg0

Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

g3gg0

Quote from: blade on January 15, 2014, 07:46:47 PM
I love the idea, however if the files are present, but not readable there is no plausible deniability. Something like saving in a true chript file would solve this issue.

this:

Quote from: g3gg0 on January 15, 2014, 12:24:04 AM
to make the images not only non-readable, but also deniable as it would be the best in scenario 2, it should
open some template file (e.g. a flower) instead whenever an encrypted image is tried to be displayed.

Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

Se7eN

Quote from: blade on January 15, 2014, 07:46:47 PM
I love the idea, however if the files are present, but not readable there is no plausible deniability. Something like saving in a true chript file would solve this issue.

that's why i like g3gg0's idea of simply displaying a "safe" photo, everything works it's just all a little off. they may wonder why there's 100 copies of the exact same photo, but a simple I liked the way it looked, or "WTF?! you broke it!" seems like a simple enough way to get past that, assuming the password prompt is something that isn't easily stumbled upon. once they start getting prompted for a password then the "fun" begins.

all in all I don't think we're trying to make it so these photos are permanently inaccessible, just obfuscated behind some token encryption. basically allowing you to pretend that its all just the same photo, or a corrupted card.

Jolly Roger

Quote from: g3gg0 on January 15, 2014, 12:24:04 AM
to make the images not only non-readable, but also deniable as it would be the best in scenario 2, it should
open some template file (e.g. a flower) instead whenever an encrypted image is tried to be displayed.

So-called steganography (http://en.wikipedia.org/wiki/Steganography), I remember software like "camouflage" ten years ago..

Maybe some opensource solution could be of any help? That's Java: http://sourceforge.net/projects/openstego/

RenatoPhoto

Quote from: g3gg0 on January 15, 2014, 08:09:22 PM
???
If you had a wifi card connected to a nearby wifi area, you can make the pictures disappear. 
http://www.pululahuahostal.com  |  EF 300 f/4, EF 100-400 L, EF 180 L, EF-S 10-22, Samyang 14mm, Sigma 28mm EX DG, Sigma 8mm 1:3.5 EX DG, EF 50mm 1:1.8 II, EF 1.4X II, Kenko C-AF 2X

Michael Zöller

neoluxx.de
EOS 5D Mark II | EOS 600D | EF 24-70mm f/2.8 | Tascam DR-40

wolf

Using Ruberhose as a group would make every card in a Canon and every user suspicious of holding some secret photos.

Se7eN

Quote from: wolf on January 15, 2014, 09:27:44 PM
Using Ruberhose as a group would make every card in a Canon and every user suspicious of holding some secret photos.
Quote from: Michael Zöller on January 15, 2014, 08:58:25 PM
https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29

hadn't heard of that before, love the idea, i just don't know that it'd be applicable here, would our camera's support such a file system? if so, talk about ideal the camera would simply appear empty until you entered the correct password/s.

for those people who actually know magic lantern is a thing and that it could be capable of implementing rubber hose, likely a somewhat small group. while i understand not everyone lives somewhere that pretends it holds people innocent until proven guilty, it'd be really hard to prove there was anything on that drive to begin with, you could simply claim you hadn't used that camera, never got around to it. I mean then the beatings could begin, but that seems to be the exact point of implementing rubberhose to begin with.

-Se7eN

Michael Zöller

Quote from: wolf on January 15, 2014, 09:27:44 PM
Using Ruberhose as a group would make every card in a Canon and every user suspicious of holding some secret photos.
I don't think so. In fact I believe that the use of crypto does not imply wrongdoing at all. That's one aspect of what plausible deniability is about. One could even hand out one or two "safe" keys and still there would be no way for someone apart from the user to know if there were any more pictures inside the encrypted area.

But I didn't post the link because I wanted to imply my support for implementing a specific form of encryption or plausible deniability scheme. I just felt that quite a few ideas were raised here that have been discussed before and that rubberhose is a good starting point to consider the pros and cons of all the options.

Also, a good thing about Magic Lantern's module system is that developers can decide if they want to implement something, just as users can decide if they want to use or even install a particular model or not :)
neoluxx.de
EOS 5D Mark II | EOS 600D | EF 24-70mm f/2.8 | Tascam DR-40

1%

What about moving the CR2 into some encrypted loop file system in the ML directories. They wouldn't be able to tell an ML font file or a canon CTG file from this and you can't tell that there are photos on the card.

If someone already knows about ML encryption then none of these techniques would really save you as they would be able to look up and/or test it themselves. Would work for those who don't tho.

g3gg0

Quote from: 1% on January 15, 2014, 10:40:26 PM
If someone already knows about ML encryption then none of these techniques would really save you as they would be able to look up and/or test it themselves. Would work for those who don't tho.

i bet a few bucks that the common [insert any country] police officer does not know anything about MLs encryption and hiding feature :)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

wolf

Quote from: Michael Zöller on January 15, 2014, 09:58:13 PM
I don't think so. In fact I believe that the use of crypto does not imply wrongdoing at all.
Same here.
So why hiding the crypted files then?

g3gg0

Quote from: wolf on January 15, 2014, 10:58:39 PM
Same here.
So why hiding the crypted files then?

this

Quote from: g3gg0 on January 15, 2014, 12:24:04 AM
scenario 2:
he is forced to show the images on his camera.
when viewing the shots, the camera ask for a password (using IME interface) or just displays "Image could not get displayed".
not a good idea. in the worst case he is getting tortured until he gives out the password or "fixes" the issue.

i bet when you get a gun pointed right onto your head, you will give out the key.
well, this is a drastic example. but there are coutries where you have to be afraid of some kind of punishment.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

wolf

Quote from: g3gg0 on January 15, 2014, 11:03:00 PM
i bet when you get a gun pointed right onto your head, you will give out the key.
well, this is a drastic example. but there are coutries where you have to be afraid of some kind of punishment.

And what if is known that ML can hide images...

Michael Zöller

I'll try to explain. I'm by no means an expert on these things though, but the basic idea is this:

A user would activate the crypto module and it creates, say, a 1GB file right away. Then the user could create an arbitrary amount of "partitions" in the file. It could be only one, or it could be many. It could even be none at all. There is no way to say how many there are except if you know the password(s). Now, even in case someone knows what the crypto module is and exactly what it does (by looking at the magic lantern source code), there is no way to *know*. Not the amount of partitions, not the amount of images, not even if there is anything at all in there.

So for most situations in most civilized states it is quite a comfortable position for a journalist. On the other hand this concept has been criticized for exactly that property because, one could find oneself in the very bad situation of not ever being able to prove that one has given all the passwords. But if one seriously has to consider those kinds of scenarios... well then there are only bad choices and trusting in a hobby project is probably not thing one should do... :)
neoluxx.de
EOS 5D Mark II | EOS 600D | EF 24-70mm f/2.8 | Tascam DR-40

g3gg0

Quote from: wolf on January 15, 2014, 11:19:39 PM
And what if is known that ML can hide images...

this ;)

Quote from: g3gg0 on January 15, 2014, 10:55:07 PM
i bet a few bucks that the common [insert any country] police officer does not know anything about MLs encryption and hiding feature :)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!