This is a tool to extract information from files that have been generated with camouflage.
Table of Contents
pip install camouflage-decryptorThis tool provides different tools for analyzing a file that has been generated with camouflage. This includes the following:
For the tool and all its subcommands, help can be retrieved by calling the tool with the --help flag:
camouflage-decryptor --helpTo retrieve all the camouflage metadata from a prepared file the following command can be used:
camouflage-decryptor get-info camouflaged-file.jpgThe output will look similar to this one:
File Name Carrier: normal_file.png
File Name Secret: secret.txt
Size secret file: 4.00 B
File size unmodified carrier: 4.00 B
Camouflage Version: v1.2.1
Password: very-secret-password
'Carrier' refers to the file that has been used to hide the secret file. 'Secret' refers to the file that has been hidden in the carrier file.
To get the password only from a stego file:
camouflage-decryptor get-key my-stego-file.jpgTo retrieve the secret file from a stego file and save it to a file (here: secret.txt):
camouflage-decryptor get-data my-stego-file.jpg > secret.txtThis solution only works on Linux and Mac OS X. On Windows, the following command can be used:
python -m camouflage-decryptor get-data my-stego-file.jpg | Out-File -Encoding utf8 secret.txtTo get the unmodified carrier file from a stego file (-> remove the part added by camouflage) and save it to a file (here: carrier.png):
camouflage-decryptor get-original camouflaged-carrier.png > carrier.pngThis solution only works on Linux and Mac OS X. On Windows, the following command can be used:
python -m camouflage-decryptor get-original camouflaged-carrier.png | Out-File -Encoding utf8 carrier.pngThe tool is able to decrypt files up to 10MB using an embedded key. For larger files up to 1GB a static key is downloaded to decrypt the file. For larger files or to avoid the download of the static key, a custom static key can be supplied.
A 1GB key can be downloaded from the releases for offline use: https://github.com/anjomro/camouflage-decryptor/releases/download/v0.3.0/STATIC_KEY_1GB
A larger key can be obtained using the following steps:
- Setup a virtual machine using Windows XP
- This can be done using this vagrant box: https://app.vagrantup.com/dvgamerr/boxes/win-xp-sp3
- Given that VirtualBox and Vagrant are installed the Box can be started using the following commands:
-
mkdir vagrant-win-xp && cd vagrant-win-xp vagrant init dvgamerr/win-xp-sp3 vagrant up
-
- Follow these instructions to setup a shared folder to exchange files: https://techblog.willshouse.com/2013/01/27/connect-to-a-shared-folder-with-virtualbox-and-windows-xp/
- Download camouflage and install it on the virtual machine
- Download camouflage from here: http://camouflage.unfiction.com/
- Transfer the downloaded file to the virtual machine via the shared folder
- Install camouflage on the virtual machine
- Create a payload with the intended size
- This can be done using the camouflage-decryptor tool:
camouflage-decryptor dev generate-test-payload 2GB > PAYLOAD_2GB.txt- This will create a file with the size of 2GB. Adapt the size to your needs.
- Transfer the payload to the virtual machine
- This can be done using the shared folder
- Create a stego file using camouflage
- Find a carrier file (a file to hide the payload in)
- Ideally this file should be small to avoid unneccecary resource consumption
- Any random file will do
- If no file is at hand, just create a small text file
- Right click on the generated payload file and select the Camouflage Option
- Click Next
- For the field Camouflage using select the previously selected carrier file
- For the field Create This File select a sensible file name, e.g
camouflaged_2GB.txtand remove the read only checkmark - You can leave the password field empty, but it also doesn't matter if you do set a password
- Find a carrier file (a file to hide the payload in)
- Extract the static key from the file treated with Camouflage
- Use the camouoflage-decryptor tool to extract the static key
camouflage-decryptor dev extract-static-key path/to/camouflaged_2GB.txt > save/path/STATIC_KEY_2GB- Adapt the paths to the location and the location you want to save the static key
If you want to use a custom static key to decrypt a file you can use it using the following syntax:
CAMOUFLAGE_DECRYPTOR_KEY=/path/to/static/key.bin camouflage-decryptor get-data my-stego-file.jpg > secret.txtIt is necessary to use an absolute path to the static key.
To avoid prefixing every command, you can also set the static key for your session:
export CAMOUFLAGE_DECRYPTOR_KEY=/path/to/static/key.binAfter setting the key location once, you can then use the tool as usual:
camouflage-decryptor get-data my-stego-file.jpg > secret.txtBoth methods work with all functionality that requires a static key.
To obtain a static key see the section above.
For all presented commands, you might need to use the following syntax to call the script, e.g. if on Windows:
python -m camouflage_decryptor get-key my-stego-image.jpgcamouflage-decryptor is distributed under the terms of the EUPL-1.2 license.