First, some rather important announcements: - Some think this is a program that needs 'cracking', well, sorry to disappoint you: The scrambling code we used in the program is only added as an extra, to make the embedding somewhat irregular, more personal & less obvious. We describe this program as being an NSA nightmare simply because if you use Contraband wisely, no-one can ever be sure if something is or isn't embedded. - Those who feel it necessary to reverse the code of this software, be aware that 1 email to us at <9x9@gmx.net> will suffice to get the full sourcecode, including the scrambling methods used in this program. The encoding-part in Contraband was meant to be just an extra safety plot. Please remember: This is a steganographic tool, not something else. If you want something different, go ahead and create it yourself. This is Straight-from-the-heart intensive care by Immortalware (We created it for personal use first!). - If you use Windows 9* or NT, you can already use the unbreakable Contraband Hell Edition! A fully functional beta is available via https://jthz.nl - Info on contacting us and distribution and payment at end of file \/ ============================================================================ C o n t r a b a n d is (c)1989-1999 Julius B. Thyssen & Hens Zimmerman ============================================================================ You only have to try it once to feel this tremendous depth in security! Choose a 24bit BMP (if you have no source to get one, you can create one with 'paintbrush'), then choose any file you want and embed it in the BMP, compare the generated BMP with the original, extract the file from the BMP and compare the result with the original! >>> Former versions (especially 7.2 and the 3.11-patch) caused ERRORS with very large BMP-files, and with the fontfile (immortal.fon). We were not to blame > fontname also being used by a game. Most other errors were caused by slack-space-creators called MicroSoft. To snitch one: If your BMP is sized 599 by 799 pixels, MS felt the need to blow up the lines with zeros, unnecessarily extending filesize in order to reach pixelboundaries dividable by 4 !?! WHO NEEDS THIS? ABOUT THE PROGRAM.. =================== Just pick any true-color-BMP and hide your data in it. Contraband encodes data and embeds it in a graphic-file (BMP). It also extracts the data from a BMP that contains embedded data and then decodes it back to what it was (except for the filename). Contraband doesn't change size or format of the BMP. Data is hidden IN, not ADDED TO a picture. The 4-digit code is used to play around with bits in such a way that it's very hard to notice whether or not data has been concealed in a picture. INSTALLING and STARTING to use Contraband ========================================= Copy all files to one directory by choice, the files with extensions DLL and VBX can be moved to your Windows\SYSTEM-directory for faster access time (and other programs can use them); <*> Do not overwrite newer versions - if they exist on your drive * CONTRAB.EXE can be installed as a New program or Shortcut via the usual Windows-protocol; Start and Run CONTRAB.EXE <*> Now the first thing you do is this: Enter a made-up personal (or shared) 4-DIGIT CODE in the center of the Contrab-control-screen. Be sure to remember it! You will need this code later-on when you want to extract concealed data from the BMP it was concealed in. After entering and memorizing your 4-digit code, click on the Combine-button. From that moment on the program kinda' explains itself. About IMMORTAL.INI & the 4-digit-code ===================================== Contraband creates an INI-file in your windows-directory. If you want to, you can change the Default Startup 4-digit-code in this file. This is however considered unsafe if this code is the one you normally use to combine and extract. As is writing down your credit-card's PIN-code in obvious places. In case you trust those with access to your computer/screen, you could change the line 'DefaultPIN=1234' to 'DefaultPIN=6988' or whatever. <*> Realize that entering a wrong 4-digit-code (when extracting) will result in bull. This is because we won't embed the code together with the rest; If we would, it would be like way too easy, giving away our scrambling scheme, and your privacy. <*> Your 4-digit-code can also be a four letter-codeWORD ! This is cAsE-sEnsItIvE; 'FunK' for example, does NOT work the same as 'funK'. 'C00L' is not compatible with 'C0OL', but either one of them can be used. The INI-file also has an entry called "PreserveTimestamp=0", if you like you can change this 0 in 1. If you do, BMP-files generated by Contraband will have the date&time-stamps the original files had. WHY ON EARTH WOULD I USE THIS SOFTWARE ? ======================================== Don't you sometimes feel like somebody is checking up on your personal computer-mail? Now they can look but never recover the actual content of what you mail. While they are convinced you are up- or down-loading graphic files, in reality you are up- or down- loading something else with them. And what's more, if you embedded encrypted files, they can never prove IF graphic files are hiding something else! This killer-concept came to us when we were having a hard time trusting anyone handling our mailed computerdata. It's also an answer to upcoming censorship on data communication channels. This Immortalware ensures absolute safety and creates invisibility for any computerfile. It is particularly created for those who need to be sure their data is not noticed or read by outsiders in any computerdata exchange communication channel. It makes it very easy to embed computerdata in a way that the data as such cannot be detected. In short: You can smuggle any file(s) over any communication-line (BBS, the net, modem, diskmail, you name it) in a format which leaves the smuggled data untraceable/unreadable! Explaining Example of you using Contraband: Visit your overseas girlfriend, go out with her and exchange a 4-digit-code as well as this software when you're in a safe place (at the movies), tell her to read this Help and leave her. Back home you create a Word-document filled with dirty talk and some incriminating stuff, hardcore material you don't like others to read. You compress the document with PK-ZIP. After that you can use HOT.BMP (for example) to hide your zip-file in. The results will be: HOT.BMP (contains the concealed data) _OT.BMP (the unaltered renamed original of the BMP) You convert the created HOT.BMP to HOT.TIF, save it with LZW-compression, zip the TIF with PKZIP, and e-mail the zip-file to your girlfriend overseas. She can unzip the file, open it, convert it back to (uncompressed) BMP and then extract the file via the same 4-digit-code you used to combine the file with. The ZIP she gets out of it is 100% equal to the one you have put in, and you will know for sure that she'll be the first to read your word-document. All the converting and compressing is of course not always necessary. WHERE IS THE NEW BMP-FILE AND WHAT HAPPENS WITH MY ORIGINAL ? ============================================================= A true-color-BMP will be generated out of a file you choose to conceal, plus a true-color-BMP by choice. The generated BMP will get the name of the chosen original and is in the directory where the BMP originated from. The original BMP will get a name starting with an underscore. In case you chose a BMP already starting with an underscore it will be renamed starting with two underscores. If you really want to be cleared from the possibility for outsiders to compare the new BMP-file to the original you should delete the underscored original BMP-file! WHAT CAN I HIDE IN A PICTURE AND HOW MANY BYTES ARE AVAILABLE ? =============================================================== You can hide any file you want. The file can be a compressed archive of more than 1 file (We highly recommend you to use RAR). The size of the file you want to hide can't be larger than 12% of the size of the picture you hide it in. So if you use a 1400000 bytes BMP-file, you can embed a 170000 bytes file in it. If you try to embed something exceeding the maximum percentage, you will be prompted to use a larger BMP. Minimum size of the BMP you need will then be calculated for you. CAN I CONVERT AND COMPRESS THE GENERATED BMP ? ============================================== It's nice to know your embedded data survives all common conversions. Schemes we have tested and approve of: BMP -> TIF(all) -> BMP (see example above) BMP -> PSD -> EPS (Adobe) -> BMP BMP -> TGA -> BMP BMP -> CPI -> BMP BMP -> IMG -> BMP BMP -> PCX -> BMP Converting to JPEG (JPG) reduces the amount of colors used, so don't convert to and from JPG! -!- You can even flip a BMP (carrying hidden data) horizontally or vertically and then flip it back when you're gonna extract. Mirroring the picture can't hurt (it's another safety plot!), inverting (negative colors) can also be done harmlessly. -!- A BMP which is used over and over again, with Contraband data- embedding, does NOT lose its quality! The same data-part of the BMP is used everytime you use it with Contrab.exe, there are no losses. External compression programs generally are non-destructive to the embedded file in a BMP from Contraband. Some file-formats know a lot of alien/obscure versions. One should take proper actions to ensure data-integrity. Using the exact same software on both sides of a communication-channel is always a good thing. Because most drawing software out there is able to display the RGB-values of pixels in numbers, we urge you NOT to use extremely simple graphics (e.g. consisting of 1 color only). The best file to use with contraband is a detailed color-scan with lots of different patterns and colors. TECH-STUFF (how eeet werkz) =========================== The embedding-invention is surprisingly simple and effective, but needs a little explaining if you want to know what's so great about it. Don't be scared off by the numbers in the text, really any fool can understand it: We use a BMP, and it has to be a high quality one, in true color (which is 24 bit). We read the 24-bit graphic BMP-file and then add data to the least significant bits of the 24 bit. In a true color graphic each pixel (dot) is represented by 3 bytes, each byte is 8 bits long (thus totaling 24 bits). One byte represents the value of an additive mix-color (Red, Green or Blue). Because one BYTE can represent 2 to the power of 8 (equaling 256) different values, one PIXEL can have 256 times 256 times 256 = 2 to the power of 24 = 16.777.216 different values ! See if you get the bit-data of one BLACK pixel: red byte green byte blue byte 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 And this is what a WHITE pixel looks like: red byte green byte blue byte 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Important to know here is that Contraband - in a worst case scenario - modifies 2 of those 17.000.000 values per pixel!!! (This is for those who thought it would be anywhere near a possibility to notice IF there is something embedded in a BMP or if there isn't.) Try checking the visible difference between the created *.BMP and the _*.BMP and see for yourself (you won't find a thing). The human retina becomes the limiting factor in viewing 24-bit pictures. The smallest difference between two pixels in the 24-bit palette isn't noticeable to humans. This is why 24-bit graphics are called 'True Color'. Indeed, they are. Well, what happens is, we 'zero' all three least significant bits of one pixel. (Luckily chances are 50/50 this bit already was a zero to begin with!) Data we wish to embed consists of bytes (text, zips, encrypted data, executables: they're all byte-files). Every byte (8 bits) of our data-file will be spread over 3 pixels (9 bytes, of which one byte will be left unused. We'll use that one for a bit of our next data-byte). Every bit of our datafile will be put onto 'the next least significant bit' in our graphic-file. Lost track? Here's an example: We'll take the next 3 pixels from our original graphic. As an example the 3 pixels are: Pixel 1 R G B 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 1 0 0 Pixel 2 R G B 0 1 0 1 0 1 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 Pixel 3 R G B 1 1 0 1 1 1 0 1 1 1 1 1 1 0 1 1 0 1 1 1 1 1 0 1 As we mentioned earlier, we 'zero' the least significant bits, like this and like that: Pixel 1 R G B 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 0 1 1 0 0 1 1 0 0 ^ ^ ^ Pixel 2 R G B 0 1 0 1 0 1 0 0 1 1 1 1 0 0 0 0 1 1 1 1 1 1 1 0 ^ ^ ^ Pixel 3 R G B 1 1 0 1 1 1 0 0 1 1 1 1 1 0 1 0 0 1 1 1 1 1 0 0 ^ ^ ^ We have a DATA-BYTE-example (one character, part of a file to embed): 0 1 0 0 1 0 0 0 and now come to the point where the 8 bits from this databyte are embedded in the 3 pixels: Pixel 1 R G B 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 1 0 0 ^ ^ ^ Pixel 2 R G B 0 1 0 1 0 1 0 0 1 1 1 1 0 0 0 1 1 1 1 1 1 1 1 0 ^ ^ ^ Pixel 3 R G B 1 1 0 1 1 1 0 0 1 1 1 1 1 0 1 0 NOT NEEDED ^ ^ The last byte (BLUE-part of pixel 3) is not used yet, simply because we don't need it yet. When we embed the next character, we start at the blue-part of pixel three, etc. <*> See that still nothing has changed for pixel 1! Statistically 50% of the least significant bits will not be changed by adding embedded data in a true color picture. These bits are used by noise, nuances and very slight differences between subsequent pixels. Nature rarely puts anything there. D I S T R I B U T I O N etc. ----------------------------- The software (Contraband) is provided "as is". In no event shall we, the authors, be liable for any consequential, special, incidental or indirect damages of any kind arising out of the delivery, performance or use of this software. This software has been written with great care but we do not warrant that the software is error-free in every possible system and/or configuration. You may freely give copies of contraband to others, as long as the software is unmodified. You may not change a single bit, you may not exclude any files or add any to the package and may not make Contraband part of another package. Do not charge any money for the copying and/or distribution of Contraband, also not for Contrab itself. Contraband has become a-straight-from-the-heart-thank-you ware. You are allowed to install it and to try it out for a short while (a week or 2) but if you want to continue using it you must "pay" by sending the authors a nice warm "thank-you-guys!" e-mail to this address: jthz@usa.net In case you have a personal homepage on the www, pages on the internet, please give us the URL so we can get some idea who and where you are. As of the moment your email has arrived, you are allowed to use Contraband for as long and as much as you want, without any other cost. You also have the right then to update your copy when new versions come out. If any, ever. Please note that this "payment" is strictly personal. Everyone who uses Contraband has to register, even if someone else installed it on your computer or if you found it on some CD-ROM you bought. (You paid for the CD, not for Contraband.) Even if you use Contrab (but you'd rather not) because your boss wants you to, you have to send that email. We think that if everyone would say "thank you" when someone else did or said something nice, this world would be a much better place. People should give each other more what they want from each other, it's really not that hard. You just make the time and do it! Good luck with the software! CONTACTING US AND ALL THAT ========================== You can contact us, the authors, by sending email to: 9x9@gmx.net And when you want info or new versions, just visit https://jthz.nl If you really want to pay money: Send it in checks or cash (no coins!) by mail, or send a so called 'international postal money order' (to dutch guilders), or make a deposit on dutch POSTbank-nr. 945945 "t.n.v. J.B.Thyssen". The SNAIL-MAIL can go to: Immortalware / JTHZ Productions Lindenstraat 52 B 1015 KZ Amsterdam The Netherlands If you are a COMMERCIAL ENTERPRISE (selling disks or whatever), you may distribute our software without our permission, as long as you at least send us part of the profits, if you made any. When we find out you made a lot on our product and never paid us, we will personally damage your software by telekinesis, or make you familiar with some of our gezellige virusses. JTHZ.com - we may be duh, but we are no dweebs, we can however be full of this, that, and brains too... * More Info in Help-file *