category: reverse engineering

Breaking QuickStego

18 Jan, 2013 - 4 minutes

Target: QuickCrypto's QuickStego Version 1.2.0.1

QuickStego is a tool that can hide unencrypted text data in BMP image files.

The first look with PEiD reveals a Visual Basic executable, the crypto analyzer tells us something about CRC32. This may be used as some kind of verification of the data.

Trying the program on some small Bitmap files shows an unchanged file size, but many changed image data bytes, even for a message as short as one char (I used ‚A‘ for the test). The text is thus hidden directly in the pixel data, presumably by LSB method, with some overhead for management.