Stegosaurus is a steganography tool that is used for embedding payloads within Python byte code. The process does not modify the runtime performance or file size of the carrier file and typically results in a low encoding density. The payload is isolated throughout the byte code so tools like strings will not show the real payload. Python’s dis module will return the same results for byte code before and after Stegosaurus is used to embed a payload.



Payloads, delivery and receipt methods are exclusively up to the user. Stegosaurus only provides the sources to embed and extract payloads from a given Python byte code file. Due to the need to leave file size intact, a comparatively few number of bytes can be used to deliver the payload. This may involve spreading larger payloads across multiple byte code files, which have some advantages such as:

• Delivering a payload in pieces over time.
• Portions of the payload can be spread over multiple locations and joined when needed.
• A single portion being compromised does not divulge the whole payload.
• Thwarting detection of the entire payload by spreading it across multiple seemingly unrelated files.



Previously, no prior work or detection methods were known for this type of payload delivery.
Usage:

Download Now