Monday, June 5, 2017

Python Steganography Tool: Stegosaurus

1:05 PM Leave a Reply
Python Steganography Tool

A steganography tool for embedding payloads within Python bytecode.

     Stegosaurus is a steganography tool that allows embedding arbitrary payloads in Python bytecode (pyc or pyo) files. The embedding process does not alter the runtime behavior or file size of the carrier file and typically results in a low encoding density. The payload is dispersed throughout the bytecode so tools like strings will not show the actual payload. Python’s dis module will return the same results for bytecode before and after Stegosaurus is used to embed a payload. At this time, no prior work or detection methods are known for this type of payload delivery.



Stegosaurus requires Python 3.6 or later.



USAGE

$ python3 -m stegosaurus -h
usage: stegosaurus.py [-h] [-p PAYLOAD] [-r] [-s] [-v] [-x] carrier

positional arguments:
  carrier               Carrier py, pyc or pyo file

optional arguments:
  -h, --help            show this help message and exit
  -p PAYLOAD, --payload PAYLOAD
                        Embed payload in carrier file
  -r, --report          Report max available payload size carrier supports
  -s, --side-by-side    Do not overwrite carrier file, install side by side
                        instead.
  -v, --verbose         Increase verbosity once per use
  -x, --extract         Extract payload from carrier file


USING STEGOSAURUS

     Payloads, delivery and reciept methods are entirely up to the user. Stegosaurus only provides the means to embed and extract paylods from a given Python bytecode file. Due to the desire to leave file size intact, a relatively few number of bytes can be used to deliver the payload. This may require spreading larger payloads across multiple bytecode files, which has some advantages such as:

Delivering a payload in pieces over time
Portions of the payload can be spread over mutliple locations and joined when needed
A single portion being compromised does not divulge the whole payload
Thwarting detection of the entire payload by spreading it across multiple seemingly unrelated files
The means to spread large payloads across multiple Python bytecode files is not supported as this moment.

download

0 comments :