Hiding data on 3.5" using "40 track mode"

Dave Howe DaveHowe at gmx.co.uk
Fri Feb 10 15:04:44 EST 2006


Peter Gutmann wrote:
> I recently had to check out the low-level capabilities of a range of CD/DVD
> writers for reasons too tedious to mention, CD+G read support is at best about
> 50:50.  I used cdrinfo.com to get the data, they use Nero's InfoTool to ask
> the drive for capabilities rather than relying on manufacturer specs, since
> they can change between printing the data sheets and shipping the drive, and
> across different firmware versions.  CD+G read support is treated as a drive
> firmware/hardware characteristic since the drives that don't support it simply
> won't send the streams to the host system even if they can read them.  Beyond
> that, your software driver also has to support it.
  The InfoTool reading from this is also unreliable - I have several DVD drives
that report CD+G compatability, but on actual test don't return CD+G (they DO
return CD-TEXT properly though, so that might be an assumption InfoTool makes,
or simply are capable of ripping that data in "raw" dumps, but not as part of a
streaming read)

  The canonical playback tool for CD+G under windows is WinCDG (really
imaginative name there) although several other tools, KaraFun for example, also
offer support.
WinCDG's website offers a compatability list as follows:
http://www.tricerasoft.com/faq-pb.html

> You can get assorted software to write CD+G, but it's mostly targeted at the
> DIY Karaoke market and not for use as subliminal channels (I believe Nero can
> write CD+G, but haven't tried it yet - if it's like the other CD+G progs,
> it'll only allow insertion of song text and graphics).

  TBH I wasn't envisioning using it for anything else - you could of course use
text colour-matched to the background (note for people not familiar with the
format - its colour palette is user-definable, and there is no restriction on
having two "colours" with the same displayed RGB; in fact, one common method
given the low bitrate of the channel is to write an image in the background
colour, then swap the palette to make it suddenly appear; this is considered
pretty advanced tweaking though given COTS packages like Dart or Karaoke Builder
don't have this as an option) but really I was thinking that, if (say) track 12
on a cd had a cd+g video track on it, anyone using that cd on a conventional
audio player or pc drive would see only standard audio, but use on a cheap and
unsuspicious DVD player would show a text message onto the TV screen; obviously,
for further security this could be encrypted with a method suitable for plain
text or a stream of numbers.

  Any security would be though obscurity to a certain extent - but how many
people here were familiar with even the *existence* of CD+G before I brought it
up - never mind that  many low-end DVD players (including most portable ones)
were capable of displaying the format?  I can imagine many otherwise imaginative
investigators carefully ripping and comparing the audio to known sources /
statistical analysis to try and detect a steganographically hidden volume,
totally oblivious to the data hidden in timing bits on the disk - which could be
trivially displayed using $30 worth of DVD player.

  If it could be relied on that your recipient had one of the capable drives,
you could of course further conceal this data - on a commercial CD+G, a large
fraction of the bandwidth often goes unused - given the whole point is to
highlight words in sync with the music. you could make use of this space by
encoding to some of the unused bits of the stream, then use freely available
software to extract the graphics stream to a .CDG file; extracting the "hidden"
additional data from the file would then be a trivial task for any halfway
competent programmer.  However, this is probably technological overkill, and
reduces the simple elegance of this channel.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list