Steganography in the optical disc file system

    While searching for interesting information about steganography, I came across an entertaining article on steganography in the file system , and after some time, it led me to the idea of ​​creating steganography in the file system of optical disks.

    Probably these days, there are almost no people left who would use drives in everyday life, because they were replaced by a more worthy option in the form of flash drives .

    With a little thought, I decided that the discs can still be found some use, for example, inside their file system, you can hide some secret information and then transfer it to another so that no one suspects anything.

    This is what we will do, namely: we will use the python library, which will help us encode information from a text file, and then hide it in the bowels of our disk.


    But before we start, let's first take a look at some of the little things, and also define the concept of an optical disk.

    What is an optical disk?

    Optical disk (Eng. Optical disc) - the collective name for storage media made in the form of disks, reading from which is carried out using optical (laser) radiation.


    Each drive on the computer is presented in a specific format in the form of an image , which contains all the information and structure of the disc, and it is used to work with the information without optical media and archival data on hard media
    standard format for the optical disc is the iso9660 , but there still
    should be keep in mind that the image contains less information than the original CD. The disc contains service information, which can, in particular, be used to protect against copying.We will work with ISO9660.

    Inside look

    And now let's look at the structure of iso9660 from the inside, you can find detailed information here , here and here , and for those who know English also here . From myself, I’ll just say that it mainly consists of 2 descriptors: Boot Record and Primary Volume Descriptor (PVD) , you can open any iso in 010editor and see for yourself.


    Boot Record can be used by systems that need to initialize many types of data before making a disk available, although ISO 9660 does not indicate what information in Boot Record or how to use it at all.

    PVD is the starting point in identificationiso9660, it looks like this:



    For circuit lovers:


    You will find more information here

    And we are moving on.

    Initialization in the ISO structure

    We will work with the root directory, in it we will create our own directories and add the necessary files.

    For this we will use the pycdlib library , you can familiarize yourself with it at the following link.

    Let's move on to writing the program, but who doesn’t want to go step by step, you will find the source code at the link to my repository in github:

    #делаем все необходимые операции импорта
    import base64
    import pycdlib

    Prepare files with text

    Now we need to prepare our files, which we will drop into the structure of our iso.

    The course of action is as follows:

    1. We take the source text in certain files and read it into variables - nothing prevents us from taking a lot of text, but for demonstration I took only a couple of sentences in each file - we will continue to manipulate these variables
    2. After we considered the sentences, we need to encode the contents. We will encode using base64
    3. We write the encoded content into new files called UP and DOWN . The files are so called because I decided to rearrange in such a way that 1 part of the 1st file and 1 part of the 2nd file (i.e. the upper parts) are written in UP , and in DOWN 2 part of the 1st file and 2 part of the 2nd file ( i.e. lower parts)

    with open('/home/ul/stegist1.txt','rb') as stegist1:# открываем файл
        for line1 in stegist1.readlines(2):
            print(line1)#читаем первое предложение 1 файла
        for line2 in stegist1.readlines(2):
            print(line2)#читаем второе предложение 1 файла
    enc_line1=base64.b64encode(line1)#кодируем наши предложения с помощью base64
    with open('/home/ul/stegist2.txt','rb') as stegist2:
        for line3 in stegist2.readlines(2):#читаем второе предложение 2 файла
        for line4 in stegist2.readlines(2):#читаем второе предложение 2 файла
    enc_line3=base64.b64encode(line3)#кодируем содержимое предложений
    with open('/home/ul/UP.txt','ab') as up:#В файл UP записываем закодированные предложения
    with open('/home/ul/DOWN.txt','ab') as down:#В файл DOWN записываем закодированные предложения


    It's time to move on to the very pycdlib library that I talked about at the beginning. It’s not difficult to work with it: we create an object through which we further add various files and directories inside.

    iso=pycdlib.PyCdlib() #создаем объект класса PyCdlib'1.09')#используем расширение rockridge(об используемых в стандарте iso расширениях немного позже)
    iso.add_directory(iso_path='/A1',rr_name='a1')#добавляем различные папки(если считаем нужным)
    iso.add_file('/home/ul/stegistup.txt', iso_path='/A',rr_name='a')#добавляем наш файл up
    iso.add_file('/home/ul/stegistdown.txt', iso_path='/B',rr_name='b')#добавляем наш файл down
    iso.write('papastegisto.iso')#создаем образ iso (записываем)

    As we can see, our text was successfully written.


    I want to notice that we can create in a certain path, for example / A , either a file or a folder.

    If we first specify the creation of a directory in / A , and then specify the creation of a file in / A, an error message is displayed, it is not the same as putting the file in a folder.

    Extensions for the ISO9660 file system

    There are 2 main extensions for the iso file system: RockRidge and Joilet .


    This is an ISO 9660 file system extension designed to store file attributes used in POSIX operating systems (i.e., Unix-compatible).

    Rock Ridge extensions are written over the ISO 9660 file system so that the Rock Ridge optical disc can be read by software designed to work with ISO 9660.

    More details
    Rock Ridge may store the following additional information about the contents of the disc:

    • long file names (up to 255 characters);
    • fewer restrictions on the use of characters in file names;
    • directory structure of arbitrary nesting.
    • for each file attributes are written:
    • file permissions, including uid and gid fields;
    • number of hard links to the file;
    • times of creation, modification, access, change of attributes, etc.
    • special files supported:
    • sparse files;
    • symbolic links;
    • device files
    • socket files
    • FIFO files.

    This data is recorded in special directories, whose names are usually hidden.


    This is an ISO 9660 file system extension designed to ease the file name restrictions imposed by ISO 9660. The specification was developed by Microsoft and has been supported by all versions of Microsoft Windows since Windows 95 and Windows NT 4.0.
    By default, it is used on all CD-ROM media with data released after 1995.

    More details
    Joliet introduces an additional set of file names. Names are up to 64 Unicode characters and are stored in UCS-2 encoding. For their storage, a special additional header (Supplementary Volume Descriptor, SVD) is used, which is unconditionally ignored by ISO 9660-compatible programs, thus ensuring backward compatibility.

    Most existing software platforms, including Microsoft Windows, Linux, Mac OS X, and FreeBSD, are capable of reading storage media with the Joliet file system extension, which allows you to exchange files between these operating systems even when using non-Latin alphabets (such as Arabic, Japanese, Cyrillic) which was not possible with the usual ISO 9660.

    In fact, there is also a 3 extension for the iso file system, it is called Romeo .

    This is an extension of ISO 9660 for MS Windows 95, there is not enough information on it on the Internet, and most likely this extension is not used anywhere else. You can find

    even more information on extensions and file systems for CD / DVD here , and now let's get back to our program.

    The resulting code for encoding information from a file and placing files with encoded information in iso looks like this:

    #делаем все необходимые операции импорта
    import base64
    import pycdlib
    #подготавливаем наше содержимое
    with open('/home/ul/stegist1.txt','rb') as stegist1: #открываем файл
        for line1 in stegist1.readlines(2):
            print(line1) #читаем содержимое
        for line2 in stegist1.readlines(2):
            print(line2) #читаем содержимое
    with open('/home/ul/stegist2.txt','rb') as stegist2: #открываем файл
        for line3 in stegist2.readlines(2): #читаем содержимое
        for line4 in stegist2.readlines(2): #читаем содержимое
    enc_line3=base64.b64encode(line3) #кодируем содержимое
    with open('/home/ul/UP.txt','ab') as up: #В файл UP записываем закодированные данные
    with open('/home/ul/DOWN.txt','ab') as down: #В файл DOWN записываем закодированные данные
    #заносим все в iso
    iso.add_file('/home/ul/stegistup.txt', iso_path='/A',rr_name='a')
    iso.add_file('/home/ul/stegistdown.txt', iso_path='/B',rr_name='b')

    And I remind you that the full code is also available on the link to the github.
    Now let's move on to the final part - we can write our resulting iso to a disc.
    You can record whatever you want, but I will use Nero 7.
    We will use CD-R
    CD-ROM, CD-R and CD-RW
    They differ in that the CD-ROM is a read-only disk, nothing can be written there. CD-R and CD-RW are recordable discs. CD-R allows you to write once to a disc, CD-RW - repeatedly.

    But what about the DVD?

    The main difference from CD-R / RW is the amount of data that can be written to a 4.7 GB DVD-ROM versus 650,700 MB. Some DVD formats support up to 13 and even 17 GB.
    More disc information.

    As we can see, the program was successfully written to disk.


    Now we can transfer it on disk to the people we want.


    Why would we do all this if the information cannot be decoded back, right?

    If you are interested in the method, you can write a program that will extract and decode the attached files, it will be exactly what your people will use.

    And that is all. My task was to demonstrate one of the possible ways of hiding information, using disks that, it would seem, have sunk into oblivion.


    I will be glad to see your suggestions, additions, corrections and other feedback.

    PS I want to express special thanks to @PavelMSTU for the consultations and motivational kicks.

    Also popular now: