.A few months ago, the governement of a big country has discovered that some people were communicating with each other using only photos, that is to say by sending an email containing an attachment (a .bmp) but the body part of the email was empty. The Government asked their best reversers and found out that the photos contained files hidden inside, this file was encrypted, and the tool used to encrypt and insert the file into the picture is a win32 exe file called "beemeal". The government then developped a method to retrieve the original file that was inserted into the picture.
In general, steganography tools permit to retrieve easily the file hidden in the photo provided you have the same tool as the one used during insertion. But with beemeal it is not that easy, it uses a keyfile whose size must be greater than 1024 bytes, and a passphrase whose size must be greater than 256. thus even if you have the beemeal exe, if you don't have the keyfile and the passphrase you will have difficulties to retrieve the original file.
Screenshot of Beemeal
2. The challenge
Having the following elements:
- a version of the beemeal exe, this version only permits extraction. Notice that the PE is neither packed, nor encrypted.
- a photo containing a file that was inserted using beemeal
(a bmp file)
Step 1:
Level: easy
Required knowledge: none
Goal:try to extract the encrypted file contained in the image using the beemeal tool.
Description: this step just consists in understanding how to use the beemeal application (the file extracted will of course not be the original file because it will appear encrypted).
Step 2:
level: Medium
Required knowledge: assembly, PE file format, BMP file format, C or C++
Goal: find out the algorithm used to perform the steganography of the file into the image.
Description: the method used to insert the file into the picture is relatively simple, find it from PE and write down the corresponding algorithm usinc C or C++ code.
Step 3:
level: Medium
Required knowledge: assembly, PE file format, C or C++
Goal: Find out the encryption algorithm
Description: the encryption/decryption algorithm is of utmost importance if we want to be able to break the code.
You must find out the encryption/decryption algorithm from exe and write down the corresponding algorithm using C or C++ code
Step 4:
level: Hard
Required knowledge: crypto-analysis, assembly, C or C++, MPI or PVM.
Goal: find the original file that was inserted into the picture.
Description: now that you have found out how the file was inserted into the pciture, and now that you have found out what was the encryption/decryption algorithms used by beemeal, you must develop a program to break the encryption and find the original file.
The official website of the beemeal project can be found at:
http://beemeal.tripod.com/index.html
(I can prove that I am the author of beemeal)
Any person interested in this challenge may send an email to : tybins99 at hotmail dot com
to receive the necessary files to start the challenge.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}