************************************************************************
                         Hide In Picture (HIP)
                        version 2.0 - May, 2001
            Copyright (C) 2001  Davi Tassinari de Figueiredo
************************************************************************

                            ----------------
                              Introduction
                            ----------------

Hide In Picture is a program that allows you to "hide" any kind of file 
inside standard bitmap pictures. The pictures look like normal images, 
so people will not suspect anything when they see them. This is called 
steganography. You can use a password to hide your files, and only those 
who know the password use are able to retrieve them - without it, people 
cannot even be sure there is something hidden in an image.

I hope you enjoy HIP. If you have any doubts, comments, bug reports or 
suggestions for future versions, please e-mail me at davitf@usa.net. The 
latest version of this program is available at http://davitf.n3.net/. If 
you cannot understand any part of this documentation, I'm sorry; please 
tell me so that I can improve it.


                       --------------------------
                         License and Disclaimer
                       --------------------------

This program is free software; you can redistribute it and/or modify it 
under the terms of the GNU General Public License as published by the 
Free Software Foundation; either version 2 of the License, or (at your 
option) any later version.

This program is distributed in the hope that it will be useful, but 
WITHOUT ANY WARRANTY; without even the implied warranty of 
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU 
General Public License for more details.

You should have received a copy of the GNU General Public License along 
with this program; if not, write to the Free Software Foundation, Inc., 
59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

The full GNU General Public License is in the file COPYING.


NOTE: The Win32Lib library (used by the Windows version) has the 
following license terms:

This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.

Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictictions:
1. The origin of this software must not be misrepresented; you must not
   claim that you wrote the original software.
2. If you use this software in a product, acknowledgement in the
   product's documentation and binary are required.
3. Altered source versions, and works substantially derived from the it,
   must...
  a) be plainly be marked as such,
  b) not be misrepresented as the original software,
  c) include this notice, unaltered.

Go to http://www.sourceforge.net/projects/win32libex/ to get more
information on Win32Lib.


                           -----------------
                             Legal Warning
                           -----------------

Many countries have laws restricting the export or use of cryptography. 
The algorithms implemented in this program are rather strong, so it 
might be illegal for you to use it, or you might need to get special 
permission in order to use it. Before using this program, you should be 
sure that what you are going to do is legal in your country.

If you do not know about the regulations for your country, visit Crypto 
Law Survey at http://cwis.kub.nl/frw/people/koops/lawsurvy.htm. The 
author takes no responsibility for illegal use of the program.



                             -------------
                               HIP files
                             -------------

DOS/Windows executables distribution

winhip.exe             - Windows program file
hip.exe                - DOS program file
hip.htm; hip.txt       - Documentation (this file)
COPYING                - The GNU General Public License


Source code distribution

*.e; *.ex; *.ew; *.exw - Source files for HIP 2.0 (see code.txt)
extras\*.*             - Additional files (see extras.txt)
hip.htm; hip.txt       - Documentation (this file)
COPYING                - The GNU General Public License


                          -------------------
                            Version History
                          -------------------

Version 1.0 : first release.

Version 1.1 : hiding/retrieving is faster, but not compatible with v1.0 
              hidden files; first Windows version.

Version 2.0 beta : completely rewritten code. Faster, safer, bug fix, 
              support for other encryption algorithms, support for
              transparent colors, no longer limited to hiding one bit
              per picture byte, better user interface... not compatible
              with v1.x hidden files.

Version 2.0 : cleaner code, GUI improvements in Windows version, 
              paletted pictures not compatible with beta version (due to
              a fix to avoid possible problems when dealing with other
              graphic formats), added erase option, improved
              documentation.


                           ------------------
                             Basic concepts
                           ------------------

HIP hides data inside a picture by modifying its colors in a way that is 
almost unnoticeable by the human eye. When a file is hidden, it conceals 
each part in an area of the picture; the areas used to store each part 
of the file are chosen by doing several calculations with the password 
given. When retrieving a file, the same calculations are done to the 
password and, knowing which area contains each part of the file, it can 
be reconstructed. If the wrong password is used when retrieving a file, 
HIP will try to read the file from the wrong areas and will not find 
anything there.

Remember that, when a file is hidden in a picture that already has 
something in it, the new file may be written in areas where the previous 
data was stored (as HIP has no way to know that it was already there), 
so the old file will be erased or corrupted. Also notice that a large 
file will need more areas to be fully hidden than a small one, so it may 
be easier to see the modifications in the picture. If you hide a file 
that is too large, there will be a lot of "noise" in the picture and it 
will be easy to notice there is something hidden in the picture, even if 
other people cannot see what is actually hidden in it. For a somewhat 
more technical explanation about how hiding works, please read How HIP 
works. Before using HIP to hide important data, please read Security 
recommendations.


                              ------------
                                Features
                              ------------

Here are some HIP features you may want to know about:

Encryption - All data is encrypted before being written to a picture, to 
increase security. HIP offers several (well, currently only two) 
encryption algorithms you can choose from; all of them are considered 
very secure, so you don't have to worry about it unless you have a 
specific reason for wanting to use a specific algorithm. When retrieving 
a file, HIP tries using all the available algorithms to find the correct 
one.

Transparent color support - One color of the picture may be set as 
'transparent'; nothing will be stored in areas of this color. This can 
be useful, for example, when hiding a file in an image from a Web page, 
as its transparent areas will remain as they were before. To retrieve a 
file hidden using this option, you must set the transparent color to the 
same used when hiding it.

Erase file option - If you want to remove a file hidden in a picture, 
use this option. It will overwrite the file with random data, so the 
file will be unrecoverable. If you know the password with which the file 
was hidden, you can provide it and only the necessary areas will be 
overwritten, resulting in a very small quality loss; however, if you 
provide the wrong password, the file will not be erased properly. If you 
do not provide a password, HIP will overwrite more of the picture to 
account for all the possible passwords, causing a larger quality loss.


                      ---------------------------
                        Using HIP for DOS/Linux
                      ---------------------------

HIP for Dos/Linux is a command-line utility.

To hide a file inside a picture, use: 
    hip h source_image input_file [destination_image] [options] 
If the destination image name is not specified, the destination image is 
written on top of the source image.

To retrieve a file from a picture, use: 
    hip r source_image [output_file] [options] 
If the output file name is not specified, the name saved in the picture 
is used.

To erase a file previously hidden in a picture, use: 
    hip e source_image [destination_image] [options] 
If the destination image name is not specified, the destination image is 
written on top of the source image.

Options:

-fxxxxxx - file name to write in image 
  By default, the name of the input file is written in the image. Use 
  this option to specify a different name to write. If you use it
  without specifying a file name, no name is written.

-pxxxxxx - password to use 
  When used with the hide or retrieve operations, this option specifies 
  the password to use for hiding/retrieving the file. If you do not use 
  this option, you will be asked to enter a password (recommended). When 
  used with the erase operation, HIP assumes there is a file hidden with 
  the specified password and overwrites only the first bits of the
  hidden data.

-thh or -thhhhhh - transparent color index or RGB value 
  Use this option to set the transparent color for the image. To specify 
  the palette index for the transparent color of an 8-bit image, use two 
  hexadecimal digits (00-FF). To specify the RGB value for the
  transparent color, use six hexadecimal digits (the first two represent
  the red component, the next two represent the green one and the last
  two, the blue one). If you specify the RGB value for the transparent
  color of an 8-bit image and there is more than one palette entry with
  that color, the one with the lowest index will be used.

-ex - encryption algorithm 
  Use this option to choose the encryption algorithm: a for Blowfish 
  (default) or b for Rijndael.

-c - write the CRC-32 of the data 
  Use this option to append a checksum to the data to identify data 
  corruption. This is enabled by default.

-C - do not write the CRC-32 of the data 
  Use this option if you do not wish to append a checksum to the data; 
  see above.

-h - hide the password characters 
  If the p option is not used, the program asks the user for the 
  password. Use this option to show *'s (asterisks) instead of the 
  password characters. This is enabled by default.

-H - do not hide the password characters 
  Use this option to show the password characters while you are typing 
  them.

-v - view file information only 
  Use this option if you only want to see whether the file fits inside 
  the picture when hiding, or the name and size of the hidden file when 
  retrieving. The destination image or output file is not written.

-q -quiet mode 
  Use this option if you do not want to see unnecessary messages (such 
  as the file information and status bars). The only things that will be 
  shown are password prompts, confirmation messages and error messages.

-y -answer 'yes' to all confirmation questions 
  By default, the program asks for confirmation before overwriting a 
  file that already exists. If this option is specified, you will not be 
  asked for confirmation.


                       -------------------------
                         Using HIP for Windows
                       -------------------------

HIP for Windows is a GUI (graphical user interface) application, which 
is intended to be easy to use and understand. You can open a picture by 
selecting the 'Open picture...' item on the File menu of the main window 
or by clicking the Open button on the window, and then choosing the file 
you wish to open. You can also drag and drop a picture into the main 
window. When you open a picture, it is displayed in a new window. 
 

Hiding a file
-------------

To hide a file inside a picture, select the 'Hide file...' item in the 
Image menu or click the Hide button, and choose the file you want to 
hide. You can also drag and drop the file into the picture.

An Options window will then appear. In it, you can type the password to 
use, change the file name which will be written along with the file, 
choose the encryption algorithm for the file, and say whether you want a 
checksum to be written along with the file (recommended). Press the Ok 
button when you are done.

The file will then be hidden in the picture. A progress window will be 
shown during this process; if you wish to abort it, click the Stop 
button or close this window. When the process is complete, the window 
containing the picture will show the modified picture.

Click the Save button or select the 'Save picture' item in the Image 
menu to save the modified image on top of the original one. If you do 
not want to overwrite the original picture, click the Save As button or 
select the 'Save picture as...' item in the menu. 
 

Retrieving a file
-----------------

To retrieve a file hidden inside a picture, click the Retrieve button or 
select the 'Retrieve file...' item in the Image menu, and wait while HIP 
converts the pixels in the picture into the data which it will try to 
read. You can cancel the operation by closing the progress window or 
clicking the Stop button.

Next, an Options window will appear. Type the same password used to hide 
the picture (remember that passwords are case-sensitive). If it is 
correct, you will see a Save file dialog where you can change the 
directory and/or the name of the retrieved file if you wish. When you 
press the Ok button, the file will be retrieved. During this process, 
you will see the progress window. If you have read this far, you 
probably already know how to cancel this operation.

When the progress window disappears, the retrieving process is finished. 
If the checksum was written with the data and the hidden file has been 
corrupted, you will see a warning message. 
 

Setting the transparent color
-----------------------------

To select a transparent color for the picture, select the 'Transparent 
color...' item in the Image menu. If the picture contains a palette, you 
will be asked for the palette index of the transparent color; otherwise, 
you will be asked for its red-green-blue value. 
 

Getting information about the picture
-------------------------------------

You can see some information about the picture by selecting the 'Picture 
information...' item in the Image menu. You will see its file name, its 
dimensions and number of bits used per pixel, the currently set 
transparent color and the maximum number of bytes the picture can store. 
Please note that you cannot hide a file as large as this; some of these 
bytes will be used to store information about the file (typically, 32 
bytes will be used, plus the length of the file name). Remember that, if 
the file hidden uses too much of the available space, the quality of the 
picture will be severely reduced.



                           ------------------
                             Error messages
                           ------------------

xxxxxx is corrupted 
  The bitmap file could not be read because there are errors in it.

xxxxxx contains unsupported features 
  The bitmap file is of a type not currently supported by HIP. It may be 
  compressed, or not a 8-bit or 24-bit image.

A file name must be specified for retrieving this file 
  The file name was not saved in the picture, so a file name to save the 
  retrieved file must be specified.

Aborted by user 
  The user has aborted the execution of the program.

Color not found in palette 
  A RGB value for the transparent color of an 8-bit image was specified, 
  but the color was not found in the palette.

File is too big to be hidden in picture 
  No need to explain it. Try using a larger picture.

File was hidden with a newer version of HIP 
  Newer versions of HIP may contain features (such as compression) which 
  are not known by this version. If this happens, get a newer version of 
  the program.

Filesystem error while reading xxxxxx 
  There was a filesystem problem while the program was reading the file.

Hidden data is corrupted 
  The program found the data in the image, but there is something wrong 
  with it. Possible causes: a graphics program has corrupted the hidden 
  data, or there has been a transmission or storage error. Anyway, the 
  file is saved, but some or all of it may be unreadable.

No hidden file found 
  The program could not find the hidden file in the image. Possible 
  causes: there is no hidden file in it (or it has been erased), the 
  password is wrong, the transparent color in the picture is not set 
  correctly, or the hidden data in the picture has been corrupted.

Not enough memory 
  There is not enough memory to load the bitmap image into memory.

Transparent color must be a RGB triplet for 24-bit pictures 
  A palette entry was specified for the transparent color of a 24-bit 
  image.

Unable to open xxxxxx 
  The program could not open the file for reading or writing. Possible 
  causes: the file does not exist (reading), it is read-only (writing),
  or it is in use by other program.

Unknown error in xxxxxx: xx 
  If this ever happens, there is a bug in HIP. A routine has returned an 
  error code the main program does not know about. Please report this to 
  me.


                      ----------------------------
                        Security recommendations
                      ----------------------------

Security was a primary concern in HIP's design. However, if you want to 
be sure nobody will find out that one of your pictures contains hidden 
data or, even worse, retrieve the hidden file, you should follow these
guidelines:

- Do not use short passwords or passwords that can be easily guessed
  (such as your name, phone number, or a single word), as an attacker
  could automatically try all of these passwords. Use different
  capitalizations, combinations of words, numbers and punctuation marks,
  and anything else you can think of.

- Do not use pictures available from the Internet or other publicly-
  available sources. The best source for pictures is scanning
  photographs - preferably your own. This is because if someone finds
  the original picture, they will be able to see yours is somewhat
  different, and may suspect there is hidden data in it - even if they
  cannot read it.

- Erase the original picture after you have hidden the file. The reason
  is the same as the one above - if someone finds the original picture,
  they might suspect something. If possible, use a program that wipes 
  (overwrites) the data when deleting it; PGP (http://www.pgpi.org/) is 
  one such program.

- Do not use computer-generated images. They might have large areas of
  the same color or containing linear fades, and small changes in those
  areas can be easily noticed. It is also possible to identify changes
  in other computer-generated images such as fractals.

- Do not write files that are too big, or the noise in the picture will
  be easily noticed and someone may suspect there is hidden data in it.
  For 24-bit images, you should not write files larger than about 40% of
  the picture size. For 8-bit images, the files should be even smaller.
  After the hiding proccess, take a close look at the resulting picture;
  if you think its quality is worse than that of the original, you
  should use a larger picture.

Even if you follow all of these, remember that no program or algorithm 
is completely safe. The author does not take responsibility for any 
problems that may arise from security flaws or errors in the program.You 
should not trust this program for hiding critical data; if that is the 
case, get professional advice.



                           -----------------
                             How HIP works
                           -----------------

A bitmap picture is simply a series of numbers representing color 
intensities, one color for each pixel (point) of the picture. HIP hides 
a file inside a picture by placing its bits in the least-significant 
bits of each color in the picture. Suppose you have a picture containing 
the following bytes:

  200 53 2 195 54 69 191 56

The binary values of these numbers are:

11001000 00110101 00000010 11000011 00110110 01000101 10111111 00111000

To hide the character 109 (in binary 01101101), the least-significant 
bit of each byte would be replaced by a bit of the character. The result 
would be:

11001000 00110101 00000011 11000010 00110111 01000101 10111110 00111001

Which corresponds to:

  200 53 3 194 55 69 190 57

The difference between the new values and the old ones is very small, so 
it is difficult, if not impossible, for the human eye to identify any 
difference from the original picture. If the file is large, it may be 
necessary to modify more than a single bit from each byte of the 
picture, which can make this difference more visible.

With 256-color pictures, the process is a little more complicated, 
because the bytes in the picture do not represent color intensities, but 
entries in the palette (a table of at most 256 different colors). HIP 
chooses the nearest color in the palette whose index contains the 
appropriate least-significant bits.

The HIP header (containing information for the hidden file, such as its 
size and filename) and the file to be hidden are encrypted with an 
encryption algorithm, using the password given, before being written in 
the picture. Their bits are not written in a linear fashion; HIP uses a 
pseudo-random number generator to choose the place to write each bit. 
The values given by the pseudo-random number generator depend on your 
password, so it is not possible for someone trying to read your secret 
data to get the hidden file (not even the encrypted version) without 
knowing the password.

A document describing the HIP file format may be written if anyone wants 
it. If you need it (to analyze it, write a compliant program or for any 
other reason), please tell me.


                          -------------------
                            Translating HIP
                          -------------------

All of the text used in HIP is in a single file, messages.e . If you 
want to translate HIP into other languages, simply translate the 
messages in that file. Please send the translated file to me, so that I 
can include it in the package.

There is already a Portuguese translation. To use it, replace messages.e 
file by m_port.e .


                 --------------------------------------
                   Programs and libraries used by HIP
                 --------------------------------------
HIP has been written in Euphoria 2.2 by Rapid Deployment Software
( http://www.rapideuphoria.com/ ).

It uses many libraries by myself ( http://davitf.n3.net/ ). The assembly 
routines were converted into machine code by Pete Eberlein's ASM to 
Euphoria converter ( http://www.harborside.com/home/x/xseal/euphoria/ ).

The Windows version also uses the Win32Lib library by David Cuny, Derek 
Parnell and others ( http://www.sourceforge.net/projects/win32libex/ ).


