0
Is steganography software, specifically OpenStego, can be run portably from USB stick with no problem?
I have managed to run OpenStego from a USB stick, but I'm not sure what is the risk?
Are there data saved in the host pc or left behind on the host pc when I'm done?
Me Wowlol
Posted 2014-08-15T20:29:37.597
Reputation: 255
1
The risk with this is that the program may modify the registry on the system it is being run on, or that it may leave a file somewhere on the system. An example of this behavior can be seen with Putty, which generally leaves around a config file of some kind with settings related to connections made with it.
From what I've been able to tell in my (BRIEF) look through some of the source code, I couldn't see anything that this would be doing to the outside system. Caveats with that:
In lieu of a thorough audit, it's quite hard to say whether or not this particular code leaves anything around. On top of that, any logging that occurs on the system you're using it on (keyloggers wouldn't be so nice, now would they?) is another chaotic factor to add into the mix.
While the particular case of an effective keylogger is hard to beat, most other leaks can be contained through using a method of containment, such as docker. The biggest issue with docker, however, is that docker itself would need to be installed on the host system as well. Unfortunately, in the Windows world, there just isn't a universal tool such as chroot to force an application only to use a specific area on a filesystem (and indeed, even the port for chroot to Windows comes with a lot of caveats due to the way various aspects of Windows work).
You would at least be wise to check out Packaging Portable Apps to look at how other applications are commonly made portable on Windows. While not foolproof, it will give you a better idea of how to go about running OpenStego in a portable manner, so that the registry is untouched and configuration files are kept on the USB stick rather than the host system. Generally, just pulling an application (especially a whole folder required to make an application run) is not the same as it being made portable, and there are quite a number of places it may be leaving files (to store things such as settings, or possibly logs), and it may also modify the registry. Given that OpenStego is Java, the registry seems less likely to be an issue, but outside of a full audit of the source code, there's not really a good way to be 100% positive. You could, of course, try contacting the original developer, but given that it's free software, he's of course under no obligation to respond.
If you're really paranoid about whether or not something is being left around, you're best advised to put together a Linux LiveUSB stick (or perhaps a Windows install with BartPE) with OpenStego installed on it, so that the host operating system doesn't even enter the equation, leaving your only potential security threats being restricted to malicious hardware (such as hardware keyloggers).
0xDAFACADE
Posted 2014-08-15T20:29:37.597
Reputation: 706
Thanks for this thorough reply. If it's just settings or configuration files, etc., (and not the file itself) which might be get outside of my USB stick, that's not a problem to me. I'm just curious how the Windows Temp folder works, there are many when I run search on windows, I dont know what is being saved temporarily, also the RAM, Im not so familiar how it works, say if I open a portable application then the system immediately crash and it's end of my work shift, what will the next user of that computer station could see? Thanks anyway – Me Wowlol – 2014-08-17T03:52:20.267
Also, if the file is hidden inside an image file, it is just hidden or also encrypted? Thanks. – Me Wowlol – 2014-08-17T03:55:21.273
"The normal procedure is to first encrypt the plaintext to generate the ciphertext, and then modify the covertext [...] to contain the ciphertext. The generated stegotext is sent over to the intended recepient. If a third party snoops the stegotext [...] they will just see some harmless looking picture (or sound, etc). Once the recepient receives the stegotext, the ciphertext is extracted from it by reversing the logic that was used to embed it in the first place. The ciphertext is decrypted using the traditional cryptography to get back the original plaintext." http://www.openstego.info/
– 0xDAFACADE – 2014-08-17T04:10:04.937As for whether things are being captured through the RAM from the host system: it's possible, if the computer's owner is particularly looking for it, or if malware is snooping. This is why I suggest using a liveUSB linux distribution if you are able to access the BIOS boot order. Any malware on the host OS won't be running, because the host OS itself won't be running. Indeed, generally, the hard drive won't even be mounted. Rolling your own modified T(A)ILS to include openstego would probably be the best bet for absolute software-based paranoia.
– 0xDAFACADE – 2014-08-17T04:13:26.087Thanks. One last question: I tried using a software before, its called safehouse explorer portable encryption. I found out that when used without admin rights, it creates a copy of the decrypted file on windows Temp folder. After knowing that, everytime Im finish using the pc, i always try to find and delete the copies there. My question is: Is it okay to just delete all the contents of Temp folder? what do i need to avoid deleting there? Also, how many are the Temporary folders in windows, where exactly are all those located? – Me Wowlol – 2014-08-17T13:00:33.030
Answering this accurately would really depend on how it is that you've made it portable. If it were in a 100% self contained environment, such as what Docker provides, I'd say you're running VERY low chance that you're leaving a trace on the host system, as it'd require the host kernel to be pretty seriously compromised (not impossible though). If you're using a less contained method, the risk increases with less containment.
– 0xDAFACADE – 2014-08-15T21:12:59.777I do not do anything. It is installed in my computer, then I just copy the whole folder from C:\ProgramFiles.. to my USB stick, then I tried opening it from there and it runs. Im just not sure what are the risks? – Me Wowlol – 2014-08-16T12:29:36.753