GG-AESY: Hide cool stuff in images

GG-AESY: Hide cool stuff in images

To start off, I very propose often use GG-AESY using verbose method or very verbose manner, if you are not making use of this in unmanaged loaders, I also endorse generally specifying an outfile.

pay back focus with very verbose manner nevertheless, especially if you are hiding significant payloads. as the incredibly verbose manner will print the byte array to the console.

possessing mentioned that, let’s dive into the manual for this baby.

WARNING: you could possibly will need to restore NuGet deals and restart visual studio in advance of compiling. If anybody knows how I can get rid of this problem, DM me.

Blogpost: https://redteamer.suggestions/introducing-gg-aesy-a-stegocryptor/

Principal web site: https://github.com/jfmaes/GG-AESY

  _______   _______                    ___       _______     _______.____    ____
 /  _____| /  _____|                  /        |   ____|   /       |     /   /
|  |  __  |  |  __      ______       /  ^      |  |__     |   (----`    /   /
|  | |_ | |  | |_ |    |______|     /  /_     |   __|              _    _/
|  |__| | |  |__| |                /  _____    |  |____.----)   |       |  |
 ______|  ______|               /__/     __ |_______|_______/        |__|


        V1.. by twitter.com/Jean_Maes_1994

        Encryptor and (optional) stegano

 Utilization:
  -h, -?, --help             Demonstrate Support


  -e, --encrypt-only         Only encrypts provided payload

  -d, --decrypt              decryption manner

      --ps, --payload-size=Value
                             only required if extracting payload from picture for
                               decryption

      --ef, --encrypted-file=Price
                             ENCRYPTION: The outfile for encrypted information

                               DECRYPTION:The inputfile wanted to decrypt the
                               payload.




  -p, --payload=Price        The route to the payload you want to encrypt

  -o, --outfile=Benefit        The path to the outfile where all critical info
                               will be penned to (important,iv and encrypted
                               payload)

  -i, --graphic=Benefit          The graphic file to hide the important and/or IV in,
                               at present only supports JPEG (JPG) format!

      --okay, --offset-key=Value
                             The offset to search for the essential in impression (in
                               decimal)

      --okh, --offset-crucial-hex=Benefit
                             The offset to research for the crucial in image (in
                               hex)

      --oIV, --offset-IV=Value
                             The offset to lookup for the IV in graphic (in
                               decimal)

      --oIVh, --offset-IV-hex=Worth
                             The offset to lookup for the IV in picture (in
                               hex)

      --op, --offset-payload=Price
                             The offset to search for the payload in graphic
                               (in decimal)

      --oph, --offset-payload-hex=Price
                             The offset to search for the payload in image
                               (in hex)

  -v, --verbose              produce all the great things to console,advised
                               you really constantly use this.

      --vv, --incredibly-verbose   prints encrypted payload array to console
  -k, --important=Benefit            in situation you want to use your individual critical value!

      --IV, --initialization-vector=Benefit
                             in circumstance you want to use your have IV

      --rk, --random-vital-manner
                             will disguise your critical in a random insertion stage
                               in the supplied picture, without having breaking explained
                               impression. will print the offset to console

      --ra, --random-all-mode
                             will hide both equally Important and IV in a random insertion
                               point of the picture.

      --ak, --append-critical-method
                             will cover the critical at the conclude of the image file

      --aa, --append-all-method
                             will disguise the essential and the IV at the conclude of the
                               impression file.

      --ap, --append-payload-method
                             will cover the payload at the stop of the image
                               file

      --rp, --random-payload-manner
                             will hide the payload at a random insertion
                               issue.

      --apu, --append-payload-unencrypted
                             appends your payload with no crypto, useful for
                               pretty quick and filthy knowledge exfil.

-e or –encrypt-only: Will only encrypt a given payload (-p) will compose essential/iv to console if utilizing verbose method, will generate important/iv/payload into an outfile if employing the outfile (-o) flag, and finally will publish the bytestream to a different file if making use of the encrypted file (-ef) flag.

-d or –decrypt: Decryption manner, you can specify the decryption parameters employing offsets (in circumstance you have a hidden vital or crucial and IV in a JPEG). Offsets are passed to the program making use of both the offset-vital (-ok) or offset-key-hex (-okh) flags, you can use “-” as separators or just paste in the hex with out any separators, both of those will get the job done good. IV’s get the job done the very same way using -oIV and -oIVh flags.

Alternatively, you can give the IV and Essential specifically (in situation they are not concealed in a JPEG), working with the vital (-k) and initialization-vectors (-IV) flags. As with the offset flags, “-” can be used as a separator, GG-AESY accepts each ASCII and byte values.

In buy to decrypt, you can also will need to specify an encrypted file (-ef).
Ought to you have hidden a payload in a JPEG and would like to decrypt it, you’ll have to specify the payload dimensions (-ps) so GG-AESY will extract all information correctly with no false positives/bogus negatives 🙂 .

-u or –unpack: Will unpack unencrypted appended payloads (=apu mode) from the JPEG.

Stego modes:

If no crucial/iv is delivered, random important/iv’s will be used to encrypt your knowledge. All stego modes will have to have you to move GG-AESY a JPEG impression (-i). If you have specified an outfile (-o) to help save your vital facts about the crypto ( this sort of as important, iv, payload), all stego modes will also include the injection spots in this file.

-rk or –random-crucial-method: This Stego mode will hide your AES-256 crucial at a random injection place.

-ra or –random-all-manner: This Stego mode will cover each your AES-256 critical and IV at a random injection position, each injection details can be the identical (it truly is a random selection process), in this case, the key and IV will be injected back to back again.

-ak or –append-essential-method: This Stego mode will append the AES-256 critical at the conclusion of the JPEG.

-aa or –append-all-mode: This Stego method will append both AES-256 essential and IV at the stop of the JPEG.

-ap or –append-payload-method: This Stego mode will append the encrypted payload bytestream to the close of the JPEG.

-rp or –random-payload-manner: This Stego manner will inject the encrypted payload bytestream at a random injection issue. Warning: This only works if your payload does not exceed 65,535 bytes, which is about 65kb, if you check out a larger sized payload, an error will be thrown in your face. Pointless to say, this method is almost ineffective 🙂

-apu or –append-payload-unencrypted: This Stego mode will append the payload bytestream as-is to the conclusion of the JPEG.

DISCLAIMER: This device is in EARLY BETA. It’s not been battle-examined nonetheless, so please submit improvements as a result of PR’s or raise challenges in situation of bugs. Nonetheless, because of to my latest workload, energetic improvement on this instrument from my conclude will not be achievable at this time.
This does not indicate I’m abandoning this undertaking although 🙂

The publish GG-AESY: Conceal cool things in visuals appeared initially on Hakin9 – IT Stability Journal.

Image and Write-up Supply hyperlink

Browse More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: