Introduction
,
COMP 3731: Computer Forensics
Department of Computer Science
University of Denver
Page 1 of 2
ASSIGNMENT 6
The purpose of this assignment is to understand how data is hidden in images using LSB substitution.
Description
In this assignment, you will write a C/C++ program called StegoBreak that analyzes a given image for data
hidden using LSB substitution. A set of seven BMP images are provided (download the assignment files
from the assignment page). Each image uses a 24-bit RGB pixel format, i.e. 8 bits for red, 8 bits for green
and 8 bits for blue. Most of them have one or more data files hidden inside using LSB substitution. The
data could have been hidden using a single color channel (R, G, or B), two channels (e.g. BG, GR, etc.) or
using all three channels (e.g. RGB, BRG, etc.). For example, Master Yoda’s image can be reconstructed by
extracting the LSBs in the blue and green channels of every pixel in lena0.bmp.
The program will check for every possibility (single and multiple channels) to determine if a “known file”
can be extracted.
What is a “known file?”
While any data file can be hidden using LSB substitution, your program is required to only check for JPG,
BMP, DOCX, PDF and MP3 files. This can be done by first extracting the bits, then constructing the file, and
then checking for a signature (the first few bytes) in the constructed file. The signatures corresponding to
the specified file formats are as follows:
JPG: FF D8 FF
BMP: 42 4D
DOCX: 50 4B 03 04 14 00 06 00
PDF: 25 50 44 46
MP3: 49 44 33
Values are in hex notation. Any constructed file not having one of these signatures should be discarded.
Input and Output
The program should take one argument – the name of an image file to analyze. The output should be the
files extracted from it. Include information on the color channels as part of the output file name. For
example, if lena0.bmp is the input, then lena0-bg.jpg is an output file. This will be a valid JPEG
image of Master Yoda. The output file(s) should have the proper extension. If you extract an MP3 file then
it should be saved with a file name ending in .mp3. The program should automatically delete any file it
embedded using LSB substitution in
the blue and green channels
lena0.bmp
hidden.jpg
COMP 3731: Computer Forensics
Department of Computer Science
University of Denver
Page 2 of 2
constructed but did not belong to one of the specified formats. The remove() function in C/C++ lets you
do this.
Submission
Follow file naming conventions and fully comment your code. Upload the StegoBreak.cpp (or .c) file to
Canvas.
Grading
The assignment is worth 100 points, divided as:
processing one channel: 20 pts
processing two channels: 20 pts
processing three channels: 40 pts
rest of the requirements: 20 pts
A program that does not compile is a program that you did not submit at all. Remember the GTA is not
required to debug your program to give you partial points.
The late policy is available in the course syllabus. You must work alone on this assignment.