********************************
* BlindSide Cryptographic Tool *
*      For Windows Bitmap      *
*                              *
*        Version 0.9b          *
*                              *
*  (c) John Collomosse 2000    *
********************************

This is a brief README file for the BlindSide image cryptography tool.
Please make a brief pass of these instructions for use, and at the frequently
asked questions.
If you have any questions or constructive comments - please feel free to
contact me at ma7jpc@bath.ac.uk, and I will do my very best to reply.

To Test.....
There is a sample picture in this package with a hidden message inside it -
a picture of a tropical island.  Use BlindSide to decode it and discover the 
secrets held within!


What is BlindSide?
~~~~~~~~~~~~~~~~~~
BlindSide is an example of the art of steganography - the passing of secret
messages in a form such that one would not suspect the message is being
passed.  This is an area of cryptography that is attracting considerable
interest of late.  The Blindside utility can hide a file (or files) of any
variety, within a Windows Bitmap image (BMP file).  The original image and
the encoded image look absolutely identical to the human eye - but when run
back through Blindside, the concealed data can be extracted and secret data 
retrieved.  For added security you can even scramble your data with a password
so no-one but the people you authorise can via your secret data.


Why BlindSide?
~~~~~~~~~~~~~~
There are other programs in the commerical and freeware streams that can
accomplish tasks similar to this program.  Many of these will adjust every
single pixel's LSB (the least significant bit of the pixel), and store
data in these imperfections.  This can lead to obvious corruption in the
image - which defeats the secrecy (the main ideal of steganography).
Blindside analyses the colour differentials in the image, and will only
alter pixels that it knows will not be noticeable to the human eye.
The downside is that each image has its own 'capacity' dependent on colour
patterns within it - but the upside is that any data you scramble with
Blindside will most definitely be invisible to the human eye.


What could I use this for?
~~~~~~~~~~~~~~~~~~~~~~~~~~
The possibilities are endless.  The beauty of the Blindside system is that
it is a steganographic technique supplemented with a cryptographic algorithm.
This means you can pass messages around without even arousing suspicion that
you are doing so (steganography) - and you can encrypt these messages with
password based encryption such that even if anyone did examine the images,
they would need a password to reveal the secret data (cryptography).
If you were a digital image publisher for instance, you could use
Blindside to embed a license file within your images - containing a
copyright notice.  A similar procedure could be applied to images on
a company's web pages.
Blindside is made available free for everyone to use, and can
also be redistributed freely.  The only exception is that I would ask to
be contacted prior to any commerical/goverment use.


Where do I get bitmaps from?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you are running Windows, then bitmaps are everywhere - you can set them
as your wallpaper or download them from the net.  There are a few good
scenic bitmaps on the Blindside homepage at...

        http://www.blindside.co.uk

These have been analysed using Blindside and have a data capacity rating
beside them - so you can see how much data the image will store before
you spend valuable time downloading it!
If you own a scanner or digital camera, you can make your own bitmap files
or failing that try your hand at drawing one??  Blindside tends to work
better with real-life images rather than cmoputer generated ones.
Rendered fractal images however, work well.

How does the encryption process work?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In a computer image, particularly a scanned photograph or digitised picture - 
there can be many millions of colours - over 16 billion in some.
It is impossible for any human to discriminate and pick out each of these 
colours perfectly... the human eye simply is not accurate enough.
BlindSide takes advantage of this fact, and can create slight inflections
and flaws in the colours of an image - into which secret data or files can
be concealed.  To the naked eye, the original image, and the image containing
concealed data are completely identical.

What can I conceal in an image?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Anything you like.  Each image has its own capacity limit - which you can
check with BlindSide.  However, what you actually store in the image is up
to you.  The data could be a poem, a love letter, a sound file, maybe even
a Word document, program or another image altogether!  No matter what you 
store, the result image will look no different than your original.  The only
difference is that you know that when you run it through BlindSide again - 
there is a secret file contained inside.



How do I use Blindside?
~~~~~~~~~~~~~~~~~~~~~~~
BlindSide is designed to run from the command line, and so is run at the DOS 
prompt from within Windows - or from your shell prompt if you are running 
Linux/Solaris or the like.  Check the Blindside website at www.blindside.co.uk
for other platforms, e.g. AIX and HPUX coming very soon.

You can perform 4 actions within BlindSide;  Encrypt (hide) files in an image,
Decrypt (restore) files from an image, list files contained in an image, or
check to see how much data you could potentially store in an image.


Encrypting (hiding) data in an image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following example will add the file 'secret.txt' into image 'source.bmp'.
The output 'sneaky.bmp' is the result.

        BSIDE -a source.bmp secret.txt sneaky.bmp

If you wish, you can specify a password too...

        BSIDE -a source.bmp secret.txt sneaky.bmp PASSWORD

Now no-one will be able to decrypt the data from the image, unless they 
know the password.
Remember that you can add many files into one single image, to create
a Blindside archive.  You will be prompted if there is insufficient space
within the image to store any more secret data.

Decrypting (retrieving) data from an image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following example will extract ALL secret files from 'hidden.bmp'
Note that if the data were scrambled with a password, you
would be prompted to enter it before successful decoding.

        BSIDE -x hidden.bmp

If you wanted to extract a particular file (spy.txt) you could use...

        BSIDE -x hidden.bmp spy.txt

And if you wanted, you could specify the unlock password on the command line
too - to save time....

        BSIDE -x hidden.bmp spy.txt PASSWORD

Of course, this is only used if the data has been password locked.
If you wish to list files within an archive use the -L feature (see later)


Calculating data storage statistics for an image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command will check to see how much data can be stored
inside 'mypic.bmp'

        BSIDE -c mypic.bmp

If mypic.bmp is already a Blindside archive (that is, there are secret
files stored within the image), then you will see data storage statistics
detailing space used, and space free for more secret files.


Listing files stored within a Blindside hidden image
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command will check the image 'mypic.bmp' for Blindside
concealed files - and list them along with their file sizes.
If the archive is password protected you will be prompted for the
password before the files can be listed.

        BSIDE -l mypic.bmp



More help
~~~~~~~~~
If you specify incorrect command parameters, or none at all, a help screen
will be displayed to remind you of the correct parameters to use.



Frequently Asked Questions
~~~~~~~~~~~~~~~~~~~~~~~~~~

Q.  Wouldn't a graphical front end to make it all easier to use?
A.  This is being developed for the Windows environment and should be 
    available soon, drop it to the webpage at:-

                http://www.blindside.co.uk
    

Q.  How much can I store in a given image?
A.  The amount of concealed data that can be hidden within an image can vary
    drastically.  The average is about 10 to 15k per image, but I have seen 
    files hold up to 60 or 70k in secret data - all invisible to the human 
    eye.  You can use the '-C' option on BlindSide to calculate the exact
    capacity of your particular bitmap can hold.
    The actual amount of data an image can store is based on the complexity
    of the image, and the colours that are used within it.  An area of
    similar coloured shading is usually a good indication that the image
    will store a fair amount of data.  Some very simplistic images won't
    hold any data at all (e.g. monochrome images, maybe even cartoons).

Q.  Will you be adding support for other file formats, like GIF or JPEG?
A.  There is are GIF, PCX, and PICT versions in the pipeline, but I'm
    trying to fit the coding around other commitments at the moment.
    Some file formats like JPEG will never be implemented because they use
    similar ideas of fiddling with slight colour changes to compress their
    image data.  Such compression methods are called 'lossy' algorithms as
    the data always looses some precision during the compression.  Such
    file formats would be unsitable for BlindSide as concealed data would
    become corrupted in the compression process.

Q.  How strong is the password protection of secret data in BlindSide?
A.  The password protection option should be adaquate for general usage.
    If you are concerned about your data security then why not encrypt 
    your data file first, via PGP or a Triple DES encoding package - then 
    conceal that in BlindSide afterwards, for extra security.
    In this way BlindSide becomes a transportation medium and your encryption
    is handled at a 'higher' level.

Q.  What other platforms are supported?
A.  Currently Solaris, Linux, AIX, HPUX and Win32 are supported.
    You can run the Win32 version under DOS, but you'll need DPMS (DOS
    Protected Mode Services) running, which you will have to download from
    somewhere like www.delorie.com.
    This is because BlindSide needs a lot of memory (i.e. more than 640k
    that DOS provides) to manipulate images.  The DPMS allow programs to 
    access the rest of your x meg of memory in the system.
    You will also require a floating point unit, as the code was compiled
    on the presumption that one would be present (so dont try it on a 386
    or 486SX unless you have a co-processor and a lot of patience).

Q.  The binaries on all other platforms 30 to 50k, while the Win32 one
    is over 200k, why?
A.  Ahh, windows windows. Ask Microsoft's compiler code optimization team,
    I'm (reasonably) sure they will have a good explaination? well, then
    again....

Q.  I tried to encrypt a bitmap but I received a 'Cant deal with compressed
    images yet' error?
A.  Most bitmaps aren't saved uncompressed, but some are.  BlindSide can not
    deal with compressed bitmaps yet - but you can easily uncompress them
    yourself, just load them up in a graphics program (such as Windows Paint)
    or even better Paint shop Pro and save them again - uncompressed.

Q.  I've encrypted some data into an image, can I now edit the image?
A.  It is advisable not to tamper with an image too much after encrypting
    data into it - as any changes you make could disrupt data patterns within
    the bitmap.  However Blindside is more resilient that most when it comes
    to image tampering - since not every pixel is critical to the data
    storage algorithms, usually about 50% are redundant.
    If you must edit the image, edit the original and re-encrypt the data to
    be sure you dont mangle your hidden data.

Q.  I've decoded the secret text in the tropical picture - what a load of
    rubbish - the song means a totally different thing altogether.
A.  Don't blame me I just found it on a newsgroup somewhere...

Contact
~~~~~~~
I am always happy to recieve suggestions, comments or critisism - please
email me at ma7jpc@bath.ac.uk and I will do my very best to reply.

You can check the BlindSide homepage at http://www.blindside.co.uk
for the latest updates and news!

Please note that I can not be held responsible for any damage occuring
via use or misuse of this software program.  This program is freeware and
should be distributed without charge.
Reverse engineering of this product is forbidden, if you want the source
please email me and I will usually be more than happy to supply it.
Commerical and government users please contact the above address prior to use

(c) John Collomosse 2000, All Rights Reserved.
