Jpegx is a freeware application that allows users to hide messages in jpeg (.jpg, .jpeg) files. This technique is called File Camouflage. It is developed by nerdlogic.org and it can be used on 32-bit Microsoft Windows systems. The program was first released on October 30, 2001 and was available for download on nerdlogic.org, this site is now offline. Jpegx 1.0.6 JpegX has been reported prone to a trivial encryption weakness. While creating the JPEG that will store the hidden data, JpegX reportedly employs a trivial encryption algorithm. Specifically the embedded encrypted data is appended to the file in a consistent and easily identifiable manner. The data is encrypted using the sum of the ASCII characters in the password as a substitution key. The key is then added (with a carry if there is one) to the original character, the key is incremented and added to the next character and so on until the process is complete. If no password is used the byte value of the first ASCII character of the data supplied is added (with a carry if there is one) to 187. The second character added to 188 and so on incrementally until the operation is complete. An attacker who retrieves the JPEG file containing encrypted data may reverse the cipher and reveal the contents with relative ease. This may result in sensitive information disclosure. Information gathered in this way may be used to mount further attacks against the victim. Jpegx 2.0.3 Jpegx version 2.0.3 had a password bypass vulnerability in its wizard. Jpegx 2.1.1 The latest version of the program, Jpegx 2.1.1, was released without a wizard, thereby fixing this security issue.
|