GG-AESY – Hide Cool Stuff In Images
Blogpost: https://redteamer.suggestions/introducing-gg-aesy-a-stegocryptor/
WARNING: you may possibly have to have to restore NuGet packages and restart visible studio just before compiling. If any individual is familiar with how I can get rid of this issue, DM me.
Manual
To commence off, I highly suggest to often use GG-AESY employing verbose method or extremely verbose manner, if you are not using this in unmanaged loaders, I also endorse constantly specifying an outfile.
pay interest with pretty verbose method however, specifically if you are hiding massive payloads. as incredibly verbose manner will print the byte array to console.
possessing reported that, let us dive into the guide for this infant.
_______ _______ ___ _______ _______.____ ____
/ _____| / _____| / | ____| / | / /
| | __ | | __ ______ / ^ | |__ | (----` / /
| | |_ | | | |_ | |______| / /_ | __| _ _/
| |__| | | |__| | / _____ | |____.----) | | |
______| ______| /__/ __ |_______|_______/ |__|
V1.. by twitter.com/Jean_Maes_1994
Encryptor and (optional) stegano
Utilization:
-h, -?, --support Show Enable
-e, --encrypt-only Only encrypts specified payload
-d, --decrypt decryption method
--ps, --payload-dimension=Value
only desired if extracting fork out load from impression for
decryption
--ef, --encrypted-file=Worth
ENCRYPTION: The outfile for encrypted knowledge
DECRYPTION:The inputfile wanted to decrypt the
payload.
-p, --payload=Benefit The route to the payload you want to encrypt
-o, --outfile=Price The route to the outfile where by all critical information
will be written to (key,iv and encrypted
payload)
-i, --picture=Worth The picture file to conceal the key and/or IV in,
currently only supports JPEG (JPG) structure!
--alright, --offset-critical=Benefit
The offset to search for the crucial in impression (in
decimal)
--okh, --offset-essential-hex=Benefit
The offset to look for for the essential in impression (in
hex)
--oIV, --offset-IV=Value
The offset to research for the IV in graphic (in
decimal)
--oIVh, --offset-IV-hex=Value
The offset to look for for the IV in image (in
hex)
--op, --offset-payload=Worth
The offset to lookup for the payload in picture
(in decimal)
--oph, --offset-payload-hex=Benefit
The offset to research for the payload in impression
(in hex)
-v, --verbose publish all the excellent stuff to console,encouraged
you essentially often use this.
--vv, --quite-verbose prints encrypted payload array to console
-k, --vital=Value in situation you want to use your individual crucial value!
--IV, --initialization-vector=Value
in case you want to use your own IV
--rk, --random-vital-method
will disguise your important in a random insertion point
in the supplied picture, with no breaking stated
graphic. will print the offset to console
--ra, --random-all-manner
will disguise both Critical and IV in a random insertion
issue of the impression.
--ak, --append-key-mode
will cover the key at the close of the image file
--aa, --append-all-method
will disguise the key and the IV at the conclude of the
picture file.
--ap, --append-payload-method
will cover the payload at the end of the image
file
--rp, --random-payload-manner
will cover the payload at a random insertion
position.
--apu, --append-payload-unencrypted
appends your payload without crypto, helpful for
pretty quick and filthy data exfil.
-e or –encrypt-only: Will only encrypt a provided payload (-p) will compose essential/iv to console if applying verbose manner, will compose crucial/iv/payload into an outfile if working with the outfile (-o) flag, and last but not least will write the bytestream to another file if utilizing the encrypted file (-ef) flag.
-d or –decrypt: Decryption manner, you can specify the decryption parameters using offsets (in situation you have hidden essential or vital and IV in a JPEG). Offsets are handed to the application working with possibly the offset-crucial (-ok) or offset-vital-hex (-okh) flags, you can use “-” as separators or just paste in the hex without having any separators, both of those will work fine. IV’s work the very same way utilizing -oIV and -oIVh flags.
Alternatively, you can give the IV and Crucial specifically (in case they are not concealed in a JPEG), using the important (-k) and initialization-vectors (-IV) flags. As with the offset flags, “-” can be applied as a separator, GG-AESY accepts equally ASCII and byte values.
In order to decrypt, you can expect to also require to specify an encrypted file (-ef).
Need to you have hidden a payload in a JPEG and wish to decrypt it, you may have to specify the payload dimensions (-ps) so GG-AESY will extract all facts appropriately devoid of wrong positives/wrong negatives 🙂 .
-u or –unpack: Will unpack unencrypted appended payloads (=apu manner) from the JPEG.
Stego modes:
If no crucial/iv is provided, random vital/iv’s will be made use of to encrypt your info. All stego modes will demand you to move GG-AESY a JPEG picture (-i). If you have specified an outfile (-o) to preserve your essential information and facts about the crypto ( these types of as critical, iv, payload), all stego modes will also include the injection areas in this file.
-rk or –random-key-manner: This Stego manner will cover your AES-256 critical at a random injection position.
-ra or –random-all-mode: This Stego method will conceal both equally your AES-256 vital and IV at a random injection level, both injection details can be the identical (it truly is a random variety approach), in this scenario, the vital and IV will be injected back again to again.
-ak or –append-vital-method: This Stego method will append the AES-256 crucial at the conclude of the JPEG.
-aa or –append-all-mode: This Stego manner will append each AES-256 essential and IV at the conclusion of the JPEG.
-ap or –append-payload-mode: This Stego manner will append the encrypted payload bytestream to the close of the JPEG.
-rp or –random-payload-method: This Stego mode will inject the encrypted payload bytestream at a random injection level. Caution: This only operates if your payload does not exceed 65,535 bytes, which is about 65kb, if you consider a more substantial payload, an error will be thrown in your face. Unnecessary to say, this manner is nearly useless 🙂
-apu or –append-payload-unencrypted: This Stego manner will append the payload bytestream as-is to the end of the JPEG.
DISCLAIMER: This instrument is in EARLY BETA. It can be not been struggle analyzed nonetheless, so make sure you post enhancements via PR’s or elevate concerns in case of bugs. However, owing to my current workload, active improvement on this device from my end will not be feasible at this time.
This does not suggest I am abandoning this venture although 🙂