How Smuggler Works


Smuggler hides messages inside jpegs by treating the image data as source of information.  This is a form of steganography but unlike the usual ways of hiding data in jpegs, smuggler uses a way that is impossible to detect..  In an unmodified jpeg this information is random, like a sheet of paper with gibberish written on it:
Ii<?hYws}6J?MtwEL\Mk6Zp7Tk|JJC>V
dJ7Mwu??u7W9qWlvRdEI`CAe;8;:fr7?
I6J_L{=5jJGbDKZL8]`z}SDl28KJQgiZ
u=z@ku^w<r;7YI<lTEuJu6zuldxhvh|V
^E\XRu4f?W`v|I^keXM]fTHo;D3OEaDR
6G|Vf@L:>O_8rYV<\i3gftQ3}7Tp^ZSo
Gi7;8qMiNN2gE][VH2Hdnf<AYn>M\<Yx
7}NsPR3zq]s:w9VK@M|f5es=_@<E3D4c
=@JHUJ>A4znZdJiq?{WA2bJBWo>Qk4u@
y~?B\ny:_xY}`qXk]QJdxb5Qm4CfGLyB

This data is part of the format of the jpeg, and so will be different for every jpeg (1)
Smuggler then writes the message into this page:
Hello world!MtwEL\Mk6Zp7Tk|JJC>V
dJ7Mwu??u7W9qWlvRdEI`CAe;8;:fr7?
I6J_L{=5jJGbDKZL8]`z}SDl28KJQgiZ
u=z@ku^w<r;7YI<lTEuJu6zuldxhvh|V
^E\XRu4f?W`v|I^keXM]fTHo;D3OEaDR
6G|Vf@L:>O_8rYV<\i3gftQ3}7Tp^ZSo
Gi7;8qMiNN2gE][VH2Hdnf<AYn>M\<Yx
7}NsPR3zq]s:w9VK@M|f5es=_@<E3D4c
=@JHUJ>A4znZdJiq?{WA2bJBWo>Qk4u@
y~?B\ny:_xY}`qXk]QJdxb5Qm4CfGLyB


Hah, straight away we see a problem - the message sticks out like a sore thumb.  So what smuggler does is encrypt the message for you using something called AES128. Your message 'Hello world!' is transformed into something that looks like random text but isnt:
'Hello world!' --> '[zZg~^]@4F{<OU_4u2g77IFq{lG>aa?MoFgK7OnDz?B]5|zHD6jEUc\jYdEwaNgJ'
And so our sheet of paper has different gibberish on it.
[zZg~^]@4F{<OU_4u2g77IFq{lG>aa?M
oFgK7OnDz?B]5|zHD6jEUc\jYdEwaNgJ
I6J_L{=5jJGbDKZL8]`z}SDl28KJQgiZ
u=z@ku^w<r;7YI<lTEuJu6zuldxhvh|V
^E\XRu4f?W`v|I^keXM]fTHo;D3OEaDR
6G|Vf@L:>O_8rYV<\i3gftQ3}7Tp^ZSo
Gi7;8qMiNN2gE][VH2Hdnf<AYn>M\<Yx
7}NsPR3zq]s:w9VK@M|f5es=_@<E3D4c
=@JHUJ>A4znZdJiq?{WA2bJBWo>Qk4u@
y~?B\ny:_xY}`qXk]QJdxb5Qm4CfGLyB
Note that our message got bigger.  This is a feature of the way AES is used.  AES works in 16 byte blocks, and needs a 16 byte header (2), so that our 12 byte message requires one block and one header - making 32 bytes.  While our message is below 17 bytes we only need one block, but when we add a seventeenth byte we will need two blocks and our encrypted message will jump to 48 bytes (header and two blocks).

Encryption

The message is always encrypted using a password - even if you do not supply one.  Why encrypt when no password is supplied? Well, encryptioon does two things it changes the data so we cannot read it without the password, and it makes the result look ike random gibberish.  If you do not supply a password Smuggler uses its own password - which is the same for everyone using smugler, so this is just like not encrypting your message - everyone with smuggler can read it - but somebody looking at the page of gibberish cannot tell if there is a message there. (Until they run Smuggler on the file).
If you supply your own password, then only someone with the password can decrypt your message.  In fact, if someone does not know your password they cannot even tell if there is a message there at all. But dont forget your password... if you do your message is lost.

Using offsets

Our message above was placed at the start of the page of gibberish, but it can be placed anywhere. You could strt your message at an offset of 100 bytes.  If someone wants to recover your message they will need to know your password and the offset. But dont forget your password and offset... if you do your message is lost.
You can even store two messages - one starting at offset 0 and another starting at offset 100.  You need to make sure that one message does not overwrite an earlier message, or you could damage the earlier message in a way that makes it impossible to recover.

Fragility

The data that you store in a jpeg is fragile.  If you (or someone else) edits the picture then the message will be lost.  Some mail apps offer to shrink the image - just say no (if you want to keep the message intact).  In normal use you can save , or copy or send or download a jpeg with it's smuggled message, but go near it with an editor and you are going to lose your message.  If you want to shrink your image, do it before you add a message with Smuggler, not after.

Exif

Some jpegs contain exif data.  This includes all sorts of information about the photo.  What is does not contain is your smuggled message.   Some people think it is clever to hide secret messages in the exif data.  It is not clever - that is the first place someone will look for the message.  Smuggler laughs at them.  If you want to remove the exif data it is better to do this before using smuggler to insert a message as some programs that remove exif data will monkey around with the image and could inadvertantly destroy the message.

Pixel masking

Some people hide data in images by using 'pixel masking'.  The colour of each pixel is altered slightly in a way that is mostly imperceptable to the human eye.  These alterations can encode information.  There are two problems with this - firstly everyone knows about it and there are tools for extracting the information quickly and easily, and secondly it does not work well with jpegs.  It works well with png images, but no-one uses those for holiday snaps as they are too big. Smuggler is cleverer than that.

Sharing your picture with its message

The desktop (MacOS) version of Smuggler saves and loads jpegs just as you would expect, but mobile phone versions work slightly differently.  This is because mobile phones are far more careful about security - a good idea that,  but it does make things slightly more difficult for users sometimes (or maybe just for users who remember the days without all the security). 

The mobile phone apps use the phones own methods to select the jpeg to use, which means that you pick a jpeg from smuggler just like you would from any other app on the phone.  When you want to share your jpeg with message, you need to send it to another app on the phone directly.  There are apps to send the jpeg as an attachment to an email (excellent idea) apps to store the image to a photo album (good for keeping note of your own secret stuff) or apps to edit jpegs (bad idea - see above).

Using this strategy Smuggler avoids the need for any permissions.  We dont need (and dont want) your location, or contact details, or phone book.  We dont want to use your wifi or your camera. We dont want to know what operating system or phone you are running on. Honestly, we dont.  We hate it when an app wants all that stuff. So we dont do it.

Notes:

Note 1: I have represented random content with random printable unicode characters (0x20 - 0x7f).  In reality these would be the entire range of byte values (0x00 - 0xff).
Note 2: The header is a randomly generated InitialisationVector and AES is used in CBC mode.