share
Unix & LinuxImage steganography!
[+1] [2] user403513
[2020-04-18 16:07:15]
[ files terminal images ]
[ https://unix.stackexchange.com/questions/580937/image-steganography ]

I was solving a steganography challenge - When I typed 

file image.jpg

into the terminal, the result was

JPEG image data, JFIF standard 1.00, aspect ratio, density 1x1, segment length 16, comment: "JPEG Encoder Copyright 1998, James R. Weeks and BioElectroMech.", baseline, precision 8, 3840x2160, frames 3`

I want to know is what is the significance of the comment

"JPEG Encoder Copyright 1998, James R. Weeks and BioElectroMech."
[+2] [2020-04-18 16:42:37] bu5hman [ACCEPTED]

I would suggest it is because of this [1] code and the copyright terms which seem to be attached landserf [2] project somehow.

Looks like image you are looking at was probably encoded with that copyrighted code (or a development of it) which which embeds the copyright comment in the metadata

public JpegInfo(Image image)
    {
        Components = new float[NumberOfComponents][][];
        compWidth = new int[NumberOfComponents];
        compHeight = new int[NumberOfComponents];
        BlockWidth = new int[NumberOfComponents];
        BlockHeight = new int[NumberOfComponents];
        imageobj = image;
        imageWidth = image.getWidth(null);
        imageHeight = image.getHeight(null);
        Comment = "JPEG Encoder Copyright 1998, James R. Weeks and BioElectroMech.  ";
        getYCCArray();
    }

A little more research

Here is a comment that may be of interest, from this [3] paper on steganography

Suspicious COM comment Open source JPEG encoders available on the internet usually add a specific comment to the JPEG file in the COM marker segment. A number of images with the same comment that are not from a common photo editor software, can be an indication of steganography. For example, the JPEG encoder used for implementing the well-known F5 steganography algorithm, always adds the following comment: "JPEG Encoder Copyright 1998, James R. Weeks and BioElectroMech"

So bottom line, those images were encoded using the F5 algorithm ...or were they spoofed!?!?!?!?

[1] https://alvinalexander.com/java/jwarehouse/mvnforum-1.0.0-rc4_04-src/myvietnam/src/net/myvietnam/mvncore/thirdparty/JpegEncoder.java.shtml
[2] http://www.staff.city.ac.uk/%7Ejwo/landserf/landserf180/thirdParties/jpegencoder/license.txt
[3] https://www.researchgate.net/publication/326415236_Content-independent_steganography_and_steganalysis_of_JPEG_images

Thanks of letting me know! - user403513
Was only a web search away!! But I learned a bit too so.... teamwork - bu5hman
1
[+1] [2020-04-18 16:39:02] Kusalananda

The JPEG file format allows for inserting a text comment. This is a specific field called COM in the JPEG file format (see the Syntax and structure" section in the Wikipedia JPEG article [1], for example).

This comment can be any text. The comment in the image file that you're investigating may have been inserted by the program that encoded the image.

[1] https://en.wikipedia.org/wiki/JPEG#Syntax_and_structure

2