Recently I started participating in CTF (capture the flag) games.
One of the challenges that I needed to solve, was to recover a
message hidden in a JPEG file.
To solve this challenge I needed an old steganography tool called jphide.
The tool is no longer maintained, but you can still find copies of its source
code on Github, e.g. h3xx/jphs.
Let’s see how we can compile it on a “stock” Kali Linux image.
BTW The best way to start with Kali Linux is to grab
images from offensive-security.com site and load them into
VM Ware Player or VirtualBox. The default user:password is kali:kali.
TIP Since I got addicted to iTerm2, I often prefer to SSH into Kali VM from iTerm2
instead of using Kali itself. Stock Kali comes with a preinstalled SSH server,
we just need to enable it with sudo service ssh start.
OK finally its time to compile jphide:
First we need to compile jpeg-8a library:
After compilation, a new folder called .libs should be created:
Because we have not installed libjpeg.so.8 system-wide we need
to modify Makefile before we can compile the main program:
As a side note let’s notice that author of this Makefile made a cardinal sin
of linking: never, Never, NEVER put linked libraries into LDFLAGS. Always pass them
to linker using LDLIBS variable.
To patch the Makefile just save the diff as e.g. patch1 and
then execute patch < patch1 in jphs directory.
After patching Makefile we are ready to build the tools:
On some systems you may encounter a compilation problem on line
208 of jpseek.c:
You can fix it by adding a third parameter to open call:
EDIT: I forgot to mention this in the original post.
Because we did not installed jpeg-8a library system wide,
we need to set LD_LIBRARY_PATH variable:
Now the program should run without any problems:
Bonus - cracking mode
Because during CTF you often have to crack the password using
/usr/share/dict/words or rockyou.txt lists, its convenient
to have jpseek version that can quickly check which passwords
are good candidates for further analysis.
The patch assumes that you have added the third parameter to the open call.
And here is the crack-patch itself:
And finally the diff for Makefile:
Let’s hide a message in a cat picture:
You can get rid of [trying... text by commenting appropriate printf
in the jpcrack.c.