Reverse Engineering-based Steganalys is of Crypto123 Tool for Automatic Detection and Extraction on Concealed Messages


  • Hanseong Lee
  • Hyung-Woo Lee


Background/Objectives: Recently, steganography tools for concealing messages in images have been widely used, and internal mechanisms for hiding messages using steganography tools are mostly unknown to public.

Methods/Statistical analysis: Therefore, we performed the reverse engineering analysis and analyzed the information hiding algorithm and operation mechanism applied to Crypto123 steganography tool. The key features of the Crypto123 software, which is rapidly increasing in use among the steganography tools, were analyzed. The IDA tool was used to reverse the Crypto123 tool. Performing complicated reverse analysis, we can find out in reverse the cryptosystem, encoding and steganographic algorithm used in Crypto123 software.

Findings: By reversing the steganography tool executable, we disclosed the internal steganographic mechanism that was wrapped in the veil. In detail, we found that the hidden messages are transformed using Twofish encryption algorithm after Xxencoding process for concealing message. Then, if any of the 128 bytes at the end of the cover image file has a value of '0x1A', then the subsequent bytes on cover image is replaced with the encrypted messages. Therefore, based on the software reverse engineering of the steganography mechanism applied to the Crypto123 tool, we propose a method to efficiently detect and automatically extract messages hidden in stego data using the mechanisms found correctly.

Improvements/Applications: Reverse engineering of Crypto123 software enables automatic detection of messages concealed on Internet. Therefore, it is possible to discriminate steganography tools used for covert communication.

 Keywords: Steganalysis, Reverse Engineering, Crypto123 Software, Hidden Message Detection, Information Hiding, Anti-Forensic Tools.