Building of application in Unity3d: gradle vs internal


Unity3d is a great tool for creating gaming applications. Most of the daily tasks in it are automated. If creating apps for you is a hobby, then there is no need to reinvent the wheel. Take Unity3d + 3ds Max, or Blender 3d. However, there are some pitfalls to talk about. I sincerely hope that my article will help novice enthusiasts.

Not so far ago, I needed to build my application code on another machine. I installed the latest version of Unity 2019.1 at that time. I took my previous project in Unity 5.6, which I did not dare to publish on Google Play. Opened and saw the error "Prefab is missing". I carefully checked all the folders in my project and all 3d models were in place. This fact really surprised me a lot.

I thought that the reason is that I changed the version. To test this assumption, I installed the same version (2019.1) on my machine and did not see: “Prefab is missing”. The reason is that Unity3d only supports 3d models that are created in Blender3d when it is installed. It does not have built-in support for Blender models. I installed this package, but the error did not disappear. And it surprised me even more.

The documentation says that Unity3d caches all resources and then performs the necessary operations on them. I reimported the resources (Assets-> Reimport All) and the error disappeared.

Automated building systems

There is not enough source code to build the application. It is necessary to specify directives for proper linking of all components. In Unity, all dynamic libraries are placed in the Assets / Plugins folder. The most difficult to detect errors occur during the execution of the application. Errors in a managed code are detected quickly, rather than the detection of errors in the native code requires execution on the target platform.

Missing references to required functions in native libraries will lead to errors during the execution of the application. Thus, when building the application errors you will not see. But at run time, the required function will not be found and the program will stop. This is not critical, but very annoying.

Applications are zipped “.aab” and “.apk” files. Automated build systems are responsible for generating such files. The content of these files depends on the build system settings. By default, Unity3d uses its internal (Internal) build system. This build system allows you to create only apk files and automatically includes all the files in the Assets/Plugins directory in the project.

Disadvantages of an internal automated build system

Let's imagine that you created your application project for a very long time. You follow the trends in the computer world and security in general. You are constantly updating the components of your application. This is right and it should be so.

Suppose that your project contains the library of functions “mylib-1.0.dll”, which refers to the functions of the library “”. After two years of your application, you found out that there was a new version of “mylib-2.1.dll”. For its work, the new version does not require “”, but only “”. If you exclude from your application, you will not notice anything, because in version 2.1 of your library it is not used. However, if you forget to exclude this file from the project, then an automated build system will include this item in the project.

Concerning the ".jar" and ".aar" files in the Plugins folder, similar principles apply. All class files ".class" are included in the project. It does not matter whether they are needed or not. The internal automated build system will include the entire set of classes. This is convenient, but only for beginners. For those, who do not want to delve into the intricacies of assembling software packages.

How to eliminate obsolete dependencies

One of the ways to avoid unnecessary obsolete dependencies is good project documentation. Documentation for the developed software product should include a morphological map for each version of the application.

Morphological map for two versions of the application

Each new version of the library contains a changelog.txt which contains a list of changes in versions of the application. However, if there are too many third-party dependencies in the project, then reading a huge amount of information may exhaust you.

Since over time, third-party dependencies can change their functionality, it is recommended to create unit-tests. It's easier than reading a lot of documentation. However, it is necessary to read the documentation, but not very much.

How to get a list of methods in the library?

The easiest way to use Solution Explorer is on the right side of the Microsoft Visual Studio window. To do this, click on one of the solution explorer objects, for example, “System.Net.Security.dll”, and click “View in object browser”.

Library of encryption methods

In the object browser you will see a list of all available classes, with a little help. Thus, you can see what functionality the library implements.

Property "OriginatorIdentifierOrKey" in the class containing information about the initiator of the key agreement

You can find out information about classes, fields, methods of .Net libraries during the execution of your application. The list of imported methods from the managed libraries can be obtained by applying System.Reflection. In this namespace there is a class MethodInfo. For information about the methods included in the “MyClass” class from the dynamic managed library write the next stroke into c# file:

MethodInfo[] methodInfos = typeof(MyClass).GetMethods(BindingFlags.Public |

GetMethods from the namespace System.Reflection uses Visual Studio. But what if you want to see the list of functions in native libraries. The table below contains the tools for different dynamic libraries that are written for different OS [1].

Linuxbinutilsobjdump -T
WindowsVisual Studiodumpbin /exports MyLib.dll
MacOSbinutilsobjdump -T
Androidbinutilsobjdump -T

Differences in native dynamic binaries

For each of the hardware architectures, their own cross-compilers and utilities from the binutils package are used. So the name of the cross-compiler gcc for the architecture arm-v7a will look like: armv7a-linux-androideabi-gcc. And for the architecture arm-v8a: aarch64-linux-android.

The “file” utility in Linux can show file headers. Let's see how the dynamic shared object library for Linux differs from the dynamic library for Android. Run the Linux command line:

[Cubby dev@machine src]$ file ELF 64-bit LSB shared object,
ARM aarch64, version 1 (SYSV), dynamically linked,
interpreter /system/bin/linker64,
with debug_info, not stripped

Note the location of the linker64. If instead of the /system/bin directory you see something else, for example /lib, then this library is not built for Android. In Linux, most executables are placed in the /usr/bin directory, and libraries in /usr/lib. Linux uses the standard C library libc, or uClibc for embedded systems. Android has its own standard library called Bionic. The only similarity is in the format of ELF executable files [2].

Benefits of Gradle and Proguard Optimization

Select Build system: Gradle instead of Internal. Now you can build applications in aab files. To do this, put a tick in front of the "Build App Bundle".

Setup building configuration for android

Using Gradle and Proguard will reduce the size of the executable file. However, there are some nuances to which attention should be paid. Especially if you have plugins for Android (.aar, or Jar-libraries). An application can sometimes be built and run without problems, but errors can occur at runtime. In such cases, you need to connect the device to your PC via USB and start debugging your application via adb as follows:

adb logcat -d com.your_company.your_app:I *:W

You can redirect the output to a file by adding "> warnings.txt". It helps to find the right information. However, do as you wish. Adb is included with android sdk and is available for Windows, MacOS and Linux. If, after building with Gradle, you see an error ClassNotFoundException, then you need to check for the presence of this class in aar or jar libraries. If it exists, but the error does not disappear, then check the User Proguard File box.

User proguard file

Suppose the error is: java.lang.ClassNotFoundException:> Didn’t find class> "". But in the Asset/Plugins/Android folder there is a file and in this archive there is a file “MobileAds.class”. To enable this class, open the proguard-user.txt file in any editor and add the following lines:

-keep class** {

Comparsion of apk and aab packages

To understand the differences, it is appropriate to make the following analogy. Applications stored in apk files resemble a huge burger. A small burger may not please customers who like to delight their stomach with a large burger, and a large burger will appeal to even those who likes a small burger. If you can't eat the whole burger, leave it and move on.

Files aab, like a refrigerator, contain all the ingredients for a burger. If your device has a small dpi, you will not download resources with a large dpi. You take only what you need. But you will not eat a cold piece of beef. It must be heated! The aab file is similarly arranged. After all the necessary components are downloaded, they are assembled in apk on the clients' devices [3].

Proguard and obfuscation of methods

The biggest advantage is obfuscation of fields and methods in classes. In the release you will have a compact binary file without anything extra. Boyer-Moore's algorithm for efficient search works faster with a normal distribution of letters in method names. This should lead to a quick application.

Therefore, unity and many engines do not deal with the names of resources, but with an unreadable hashcode of the form: “ab103628e47f1da0bcd”. Gradle overrides the name of the methods and thus speeds up the finding of the function. After the function is executed, it gets into the cache and when it is called again, it will be executed even faster. If you are not using proguard, think about it.


The automated build system built into Unity3d is suitable for beginners. For experienced users it is recommended to use Gradle. The main advantage of Gradle is the ability to create aab files. Together with Gradle, proguard optimization is used to override the names of functions in classes. This increases the responsiveness of your application. To include classes from aar and jar libraries, you must enter their names in the file proguard-user.txt.

Sources of information:


Improving the application: Migration between Unity3d versions


So friends, today we will talk about a very important requirement for developers from Google to applications on Google Play. It's no secret that from August 1, 2019, all applications must support 64-bit architecture. Many people, especially enthusiasts, for whom creating applications is just a hobby, forget about supporting their applications. Well, or just postpone important updates.

Who would benefit at these points?

  • Those who are interested in the migration of their projects between different versions of the Unity3d framework;
  • Those who created applications on Unity3d (for versions that do not support the architecture of ARM64-v8a <= 5.6, 2017.1, 2017.2, 2017.3);
  • Those who use native code for processor architectures ARM-v7 and ARM-v8;
  • Those who use third-party frameworks to create Android applications;
  • For .Net app developer newbies.

Who does not need to read the article further?

  • If you wrote the application in Java, or Kotlin, and did not use native code written in C/C ++;
  • If you do not use third-party libraries.

Google Inc. always warns you in advance and you still have time to bring everything into line with the requirement. Since all the 32-bit armeabi-v7a applications could run on the arm-v8a 64-bit architecture, you may create an application and forget about it. But, be careful and check if your application supports this requirement.

Processor architectures, possible difficulties and methods for solving them

There are lots of manufacturers of electronic equipment and hardware platforms: x86, SPARC, ARM, ARMv8-A, Alpha, Arc, Itanium, SMIPS, MIPS-LE, PowerPC, TILE. Now, it is almost impossible to know all the subtleties and nuances of hardware architectures. Usually, university courses include an introduction to the x86 instruction set. In addition, architectures become obsolete over time.

If all processors had the same architecture, then it would greatly simplify the life of programmers. But this does not happen and will not be due to the following reasons:

  1. Not all architectures are open, many of them are patented and protected by copyright law;
  2. Architectures are built taking into account the specifics of the tasks and data with which they will work;
  3. Instructions are changed, or added with the advent of new technologies.

Так MIPS архитектуры и PowerPC используются в роутерах, некоторых простых телефонах. Для мобильных устройств более типичной архитектурой является ARM. Для ПК основными архитектурами являются x86 и x86_64. Несмотря на то что Intel и AMD выпускают процессоры с одинаковой x86_64 архитектурой, реализация некоторых инструкций у них своя. В статье которая посвящена уязвимостям Meltdown и Spectre мы говорили об одной из таких инструкций PAUSE. Читайте также: How to improve Linux performance?

Архитектуры графических процессоров ориентированны на работу с числами с плавающей точкой. Эта их особенность особенно хороша когда вы тренируете искусственную нейронную сеть. Поскольку значения интенсивности цветов на изображениях перед их подачей на сверточную нейронную сеть нормализуют в промежутке от [-0.5;0.5], то использование графических карт ускоряет тренировку. В реальной жизни скорость тренировки нейронной сети зависит не только от количества графических ядер, но и от архитектуры СНС и выбора активационных функций.

What is a native code?

As you guessed, the number of machine instructions is very large and it is impossible to keep them all in mind. In order not to get lost in a huge variety of knowledge, Sun engineers have created a Java virtual machine. After a while, Oracle acquired Oracle Microsystems.

The Java Virtual Machine executes the intermediate code by compiling it into machine code. There are a lot of machine instructions and less intermediate instructions. This is all like an architecture built on top of an existing architecture and simplifies the programmer’s life. You just need to be a Java programmer to run your programs on a variety of hardware architectures. You do not need to delve into the essence of hardware architectures, just use Java.

The machine code is called the native code, because it will run on only one type hardware architecture. Native code is recommended to be avoided, but there are cases when it cannot be dispensed with. For example, when you need to use the specific hardware capabilities of an architecture. In all other cases, it is recommended to use an intermediate code.

What programming languages ​​support intermediate coding technology?

In addition to the Java Virtual Machine technology, similar things apply Microsoft. Microsoft has created its own implementation of a virtual machine that executes the intermediate code and called the dot net technology. With such actions, they wanted to gain an advantage in the mobile OS segment. The mobile application market is huge and they did not want to concede the source of their enrichment to other competitors.

Unity3d uses interim coding technology from Microsoft. If you open an application created using the Net technology, then in the hex editor you will see the MSIL label first. MSIL is an abbreviation of the words Microsoft Intermediate Language (Microsoft intermediate language). If the application is native, then you will see the label MZ, or another label.

All languages ​​included in the Microsoft Visual Studio IDE allow you to create MSIL binary executable file. Thus, applications can run on MacOS and Linux. Linux has its own implementation of the Net technology. The Mono library allows you to run intermediate code from Microsoft on Linux and MacOS.

Python in interpretation mode

The Python programming language also has a Python virtual machine and uses its intermediate encoding technology. Since the Python virtual machine is open and accessible to most architectures, it is used in Cisco routers. To use Python you do not need to be a programmer, you just need to be able to use help () and dir () help. Enter the name of the object as an argument to get help and a list of available functions.

Debunking of myths: How terrible is the transition to the new rules?

In most news resources, everything was so dramatized that horror stories about the removal of applications will went. This especially applies to local news resources. Let's find the answers to all the questions together with you and eliminate all the speculations.

Google Play roadmap
Roadmap for Google Play
(Source: Google)

Whom the August coup does not touch? The older your project, the more difficult it will be to migrate. Therefore, this does not affect applications created with Unity = 5.6. As you can see, for Unity developers everything will stay the same until 2021, nothing terrible will happen. This period is enough to rewrite the entire code of your application and rebuild all third-party dependencies.

These changes will not affect applications explicitly intended for Wear OS and Android TV. This market segment is not as saturated with a variety of architectures as the smartphone and tablet market. In addition, it will not affect applications that are not distributed to devices running Android Pie and the following versions (API level 28+).

Google Play will stop serving apps without 64-bit versions on 64-bit capable devices, meaning they will no longer be available in the Play Store on those devices.

What will happen in reality? Your application will not be visible on Google Play on devices with 64-bit ARM-v8a architecture. This will affect the position in search results on Google Play. On all other devices, it will be available. Actually, the new operating systems from Google are mainly oriented towards 64-bit architectures. Application developers, in any case, will add support for 64-bit architectures. Reaching a larger audience in their interest. Cocos2d, Unity3d and Unreal all support 64-bit mode. Who is this news for?

By such actions, Google provokes consumers to buy new devices. Headlines in the media gave rise to a huge amount of speculation among ordinary people. The saddest thing is that after reading such headers people mistakenly think that all applications for 32-bit devices will disappear on Google Play. No, they will not disappear, you can not rush to buy new devices. For an ordinary user, nothing will change.

All the difficulties of migrating Unity3d projects

It seems that everything is simple when there is source code and a crosscompiler. However, third-party dependencies can slow down your migration. The more third-party code and features it offers, the more unexpected problems may arise. From version to version, some obsolete features are discarded and new features are created. New features are not always promptly supported by other software products.

For example, Cocos2d has been supporting the ARM64-v8 architecture since 2015. Unity3d at the time did not support this feature. As a result, in the top three for the creation of mobile games, it was the last to introduce this technology after Unreal and Cocos2d. Each of these engines has its advantages and disadvantages. If you are not familiar with them and plan to write your application, then I recommend to get acquainted with the user forums.

How to simplify the migration process?

In all large companies and projects create a plan (Roadmap). People responsible for the development of projects set out their vision for the development of software products. If you are going to integrate one of the existing solutions that implement the required functionality, then carefully read it. But first, answer your own important questions.

  1. Will your application be multiuser or singleuser?
  2. What group of people does your application targeted?
  3. What hardware platforms will it function on?
  4. What opportunities will you realize in the future?
  5. How will the quality control and application implementation to the target market be carried out?

The fourth question is one of the most important for people responsible for the integration of solutions. Imagine that you have written a code that implements a certain opportunity, and then you exclude this possibility. This is very sad, right? You will have to rewrite the code. Therefore, do not rush to create applications and think about all the possible nuances well before implementing anything.

Difficulties of migration of the Cube Mixer project

Experimental support for the ARM64-v8 architecture was implemented in Unity 2018.1. But along with the introduction of new features, they removed the good old mechanism for creating multiplayer games. Previously, a combination of high-level HLAPI and low-level LLAPI was used to create a multiplayer game. At the request and complaints of workers in the company decided to abandon this API. Below is a roadmap of the Unity3d development map.

Unity3d unet deprecation
Transition from old Unet to CGS

Old Unet was good for me, like for other developers. About it, I can not say anything bad. It was a good thing. Starting with version 2018.2, the Network class has been removed, so Network.time will no longer work. Some used it to synchronize time.

In Unity3d 2018.2, HLAPI was removed, and LLAPI was marked as obsolete. After some time, it was also removed. Now developers are forced to rewrite the code for a new solution. As you can see in the image above, not everything is ready in CGS. The interface is still quite raw and you have to wait for the end of 2019. In addition, there is no adequate documentation for new features. Without documentation, it is very difficult to develop an application. I am closely following the blogs of the Unity3d developers and will try to please you as quickly as possible.

3rd party libraries: Firebase

Different third-party libraries are built on different versions of the Net Framework. So in the version of the platform Net 4.0, dynamic typing appeared. If you try to compile code containing variables of type “dynamic” for the platform Net 2.0, or Net 3.5, you will get an error. In the old versions there was no such support and to assemble a modern library, without making changes to the source code, they will not work.

So Firebase conflicted with the old version of Unity3d 2017.1. After a while it was fixed. Third-party dependencies should not be too old, but the transition to completely new untested solutions is quite problematic. For a developer, it's important to choose a middle ground.

In any case, there are tools for testing applications, such as, Firebase Test Lab. Since I am not yet a happy owner of a device based on the ARM64-v8a architecture, I cannot quickly fix the application for this architecture. Now, thanks to cloud testing, I can test my application on the most modern hardware. It is a pity that there is a quota of 5 tests per day, but this is enough for me.

Unity3d and API compatibility level

Unity3d has started supporting the Net 4.x platform since 2017. Although this platform existed long before 2017. People who like dynamic typing in Python really liked the changes in Net 4.0. I mean the new variable type “dynamic”.

Unity3d .Net API compatibility
Support of .Net 4.x in Unity3d

Why did they not rush to move to this platform version? First, the code applying the capabilities of the new platform does not compile for the old platform. All their actions are designed for the convenience of developers. Rebuilding libraries under the new platform takes time.

Libraries compiled into intermediate MSIL code are called Managed. They can run on any processors (AnyCPU). There is a very important nuance to which I want to draw your attention, this is an additional subtype “Any CPU 32-bit preffered” introduced in the Net platform starting with version 4.5 [1].

Target Architecture
Unity3d does not provide a choice of "Any CPU 32-bit preffered", but just only of "Any CPU"

To see which flags use dll files in your project, use CorFlags.exe, which lies somewhere in the subfolders of the Program Files directory. This utility allows you to change flags for Managed libraries. Without options, it will simply show the current state of the flags.

Version   : v4.0.30319 
CLR Header: 2.5 
PE        : PE32 
CorFlags  : 131075 
ILONLY    : 1 
32BITREQ  : 0 
Signed    : 0

As I said before, it’s not always possible to do without native code. It happens that the native code for the 64-bit platform is not compiled. You can leave 32-bit code for a while. If 32BITPREF for managed code is set to 1, then your library will search for a native 32-bit dll even on a machine with a 64-bit architecture. To do this, enter:

CorFlags.exe /32BITPREF+ name_of_your_lib.dll


Everything is changing and in the modern world it is hard enough to keep up with the technologies. But for developers there are tools that can simplify application development. One such solution is Firebase TestLab. This solution helps to optimize the application for a huge number of devices.

Sources of information:

  1. What AnyCPU Really Means As Of .NET 4.5 and Visual Studio, Microsoft blogs.

Cube Mixer 1.14 version for 64-bit architectures

Since I did not have a device based on the ARM64 architecture (instruction set AArch64), I did not see the error. Today I opened the Firebase TestLab cloud testing tool and found an error. There is a free limit on the number of tests 5 times per day. And now I can test my application on the most modern hardware. I really want to fix the application and working on it. Sorry for the inconvenience, I'm working on troubleshooting. Thank you for your patience!

Video Tutorial: Hiding information in mp3 files


In the previous article, we discussed ways to hide information in images, audio, and video files. All of these methods are easy to understand, but I would like to demonstrate it visually. See also: Steganography in audiovisual images.

We will try to encode the message into a musical fragment from the Norwegian classic composer Edward Grieg’s - Wedding-day at Troldhaugen. For this purpose LSB method suits well. Actually, the message can be transmitted everywhere and to everyone, even in poetry by alternating poetic styles. From the point of view of information theory, different styles are different states. The more possible states, the more useful information can be expressed.

Encoding of information

First, you need to download a midi-file with a classic piece. Nobody listens to ancient music, therefore it is the best choice. Moreover, a slow rhythm of 110-120 beats per minute is perfect for step-by-step analysis. We will choose the rhythm of 120 beats per minute. Thus, each 4/4 portion will last exactly for 2 seconds. This is a good decision for our demonstration, and classical music will be very useful.

Below is a table of rhythms and time intervals for the most common measures: 4/4, 2/2, 2/4, 3/4, 6/8. The numerator determines the number of beats in a measure. The denominator determines the relative duration of the note (not in seconds, do not confuse). The duration is described by the formula: 60 / bps * 4 * number_of_fractions / relative_length. The duration of one measure of 6/8 and rhythm which is equal to 90 beats will be equal to: 60/90 * 4 * 6/8 = 2 s.


The duration of the sound measures 4/4 and 2/2 equal. 3/4 and 6/8 also have equal sound length in seconds. The difference in the arrangement of musical accents. Accent - is the allocation of strong fractions by increasing their volume. This should be taken into account when analyzing sound files on steganographic sequences. Even if the sound of each instrument is set at 100%. It will jitter.

In addition to the classics, you can choose a military march. Soldiers in the parade comfortably walk to the rhythm from 110 to 130 beats per minute. A rhythm of 120 beats is used for synchronized troop of soldiers. The funeral march is written in the slow step mode (90-105 beats per minute) and also fits. But it looks unaesthetic, unromantic and too misanthropic. For good words, we will choose a more fun tune.

Creation of steganographic scheme

The first thing you need to choose is the carrier. Information carriers can be: change of note tone, change of rhythm, change of volume, change of sound source direction by balancing (on the left, or on the right). A sound gradient will be used as the information carrier.

The LMMS application was used to create a steganographic message in the audio file. No matter how many audio tracks we created in it, but after saving to the mp3 format, they will all be merged into one stereo track. In mp3 processing apps, these tracks can be divided into two mono tracks and analyze sound jittering.

Audacity - separation of stereo into two mono tracks

The top of the stereo track is sounded on the left speaker, and the bottom on the right speaker. What does this mean? This means that several coding schemes can be applied.

  1. If the original file is known to the recipient, then you can compare the sound level at a given test interval for the original file and the hidden information file using two tracks at once (2 tracks of the original file and 2 tracks of the message carrier in the steganographic file).
  2. If the original file is unknown to the recipient of the message, then one of the tracks of the steganographic file can be used as a standard to measure the difference in volume, and the second to hide information.
  3. If the original file is unknown to the recipient of the message, then you can use two tracks as in step 2, but in turn changing the role of each track. For example, in the first bar track 1 shows the true sound level, in the second bar it will be the information carrier. In the first measure, track 2 will be the information carrier, and in the second, the true sound level.

I chose the first scheme, but it is not practical in terms of information security. And if there are several versions of the file and the recipient will choose the wrong one? Then our hidden message will be misinterpreted. Therefore, the second and third schemes are preferred.

Creation of sound gradient alphabet

Just as the human eye cannot distinguish all shades, the ear cannot distinguish small sound jittering. But not programs for sound processing. If each letter is represented by dropping the volume of the sound, then this may be noticeable. Especially if the text contains many letters "a" and "z".

A 26% drop is very noticeable. Based on this, it is possible to read bars in pairs of 6 different states for each, or use parallel one bar on two tracks simultaneously. I applied the first coding scheme, so we will use two-track 4/4 measures as a carrier. The table below shows the gradient alphabet.

LetterTrack 1, %Track 2, %

For two tracks and six states, the total number of states will be 6 ^ 2 = 36. The alphabet has 26 letters and this means that the table can be continued and another 10 characters can be encoded. For less visibility, common letters can be encoded with a smaller difference. However, this does not save from mathematical analysis and quick decryption.

Configuration of Linux Multimedia Studio

The number of BPM beats per minute should be the same. Otherwise, you will have to analyze different time intervals. This will complicate the task. Right-click on the number of strokes (140). Select "change global automation of composition". A window will appear as shown below. We need a constant pace of 120 beats per minute and no automation (straight line on the graph).

Linux Multimedia Studio
Automation of LMMS tracks

In order for the graph to be a straight line, reset the automation settings. A rhythm of 120 beats and a 4/4 period will give 2 seconds for each beat. You can set another interval, but this one will simplify the decoding of the hidden message.

Inserting the hidden message

There can be a lot of tracks, but you should take into account the fact that there will be only one stereo track, or two mono tracks in the mp3 file. If there are many tracks with different balancing in your LMMS project, then they will be superimposed on the final stereo track and it will become difficult to decode the message.

Balance distributes the sound between the speakers in a certain proportion. The 1/1 ratio means that the sound is equally distributed between the left and right speakers. The proportion 1/2 will mean that the sound volume on the right speaker will be 2 times larger than on the left one. To avoid confusion, we will use opposite balancing for two tracks.

In addition to the balance, it is required to normalize the volume. Both tracks should have the same relative sound level. After setting the correct balance and relative volume of the track, you must double-click on each track to select all notes with the Ctrl + A key combination and also set the sound of each note to 100%. After that, for each coding measure, decrease the sound volume level with the corresponding number.

An export of mp3 file and the difference between mono, joint stereo, stereo

Select file> export, or press Ctrl + E. Set the format of the mp3 file and click save. In the window that appears, select the stereo mode to "Stereo". In our case, you can select the Joint Stereo mode, but for better quality, it is better to choose Stereo. Set the bitrate at 160 kbps. Interpolation may not be changed.

Mono tracks can be played on two speakers at once, but this will not make a stereo audio. In real life, sound of audio is surrounding us, so use stereo, or joint stereo to improve the quality of perception. Stereo mp3 will be larger than mono mp3.

Since the difference between the stereo channels is not so great, only the difference is stored to reduce the size of the final file. This mode of creating mp3 is called Joint Stereo. It will not distort the hidden information much and the track can still be divided into two mono tracks.

Time interval analysis

Time intervals can be analyzed in Audacity. We chose the first single-ended two-band coding scheme. Therefore, open the original file and import the file with the steganographic message. Next, divide the 2 stereo tracks and get 4 mono tracks.

So as not to confuse the tracks, we assign the green color for the first track. Then compare the tracks of the two files in pairs. The more accurate the selected interval, the more accurate the difference we will get. In LMMS we indicated relative volume in percent. There is no information in the original file and the sound level on all stereo channels is 100%. In Audacity, the difference is in decibels. It will be within the limits indicated below. This is because of mp3 format and interpolation settings.

State, %Difference, db

The encoded message: “I LOVE YOU” after decoding will look like in the table below. The space bar has the same volume on two tracks, but since I captured a slightly longer interval, it affected the difference. Look at the interval in which the difference is located.

Разность 10.450.000.400.380.260.540.050.150.380.28
Разность 20.340.000.080.370.270.540.010.480.370.35

Video tutorial


No need to download special steganography apps. You can use existing software packages. Such as: Libre Office Calc, Linux Multimedia Studio, Audacity. You can use other applications, but the only necessary requirement is knowledge of the format and modes of mp3. In this article you are introduced to the modes: mono, stereo and joint stereo.

The stereo tracks contain two audio channels. This can and should be used to increase the efficiency of data hiding. In addition, they can be divided into two mono tracks. The Audacity application allows you to assign a different color to each track. This feature will help you not to confuse the track and simplify audio analysis.

Despite the large variety of methods, you can come up with and implement your own information hiding scheme. However, steganography does not protect information, but only hides. Simply changing the order of the letters also does not increase security. In any text there is a constant component. Mathematical statistics allows you to reveal hidden information even if you use a different order of letters.

Steganography in audiovisual images


As it was said in previous articles, the protection of information by hiding it, is possible everywhere where there are n different distinguishable states exist. Audiovisual images contain a picture or video and audio tracks. And as you may guess it, it can store much more useful information.

For example, image files store a block of meta-information and a block of information. Meta-information is supporting information about the information. Whether or not to insert meta information is up to you. By default, all applications insert it into the final file. Information - in visual images is a description of graphic representations.

The meta-information may contain the following fields: camera model, focal length, the name of the application by which it was processed, information on authorship, digital signatures, checksums and other things. If you have ever edited YouTube videos and used the royalty free audio library, you may have noticed that the “Software:” meta-information field contains the value “Google”.

Creating and playing of audiovisual images

Image and video

Information in simple uncompressed images is the position of the pixel and its color. The color of a pixel can be described by three bytes for the red, green, and blue components (RGB), or by four bytes to indicate transparency (RGBA). The position of the pixels is described by an array of integers.

Some illustrations contain repetitive colors, which leads to redundancy of information. It makes no sense to allocate three bytes, if the image has very few different colors and shades. In order not to spend 3 bytes per pixel in most modern formats are used color palettes and color shades. Then the color of the pixel can be described as one byte. This byte will indicate the color index in the palette.

For even greater savings, use compression. You can describe the state of each pixel, but it does not make sense. It is easier to just say: "red circle with radius R and center [x1; y1]". Similarly, data compression algorithms work. Uncompressed data are analyzed for repetitive functional patterns. Fourier series are great for compressing images. As a result, you save storage space.

For storage of video containers are used: webm, avi, mpeg-2, vob, matroska, or mp4. There are H.264, H.265, VP8, VP9 and so on codecs are used for encoding and decoding information.

H.264 video codec: operation and tuning

For storage and processing of video in modern formats used additive coding. When changing the level of illumination and camera angle, all colors in the next frame change, but most of the relatively static objects do not change. To eliminate the redundancy of information in the video came up with codecs.

One of the most popular codecs now is H.264. For these purposes, the H.264 codec uses several types of frames:

  1. Keyframe (I-FRM) - shrinks independently;
  2. Predictive delta frame (P-FRM) - stores only the difference between the current and key frame;
  3. Bidirectional predictive delta frame (B-FRM) - also stores the difference between frames but in two directions.

Skype uses the H.264 codec to encode the video. This codec has a tuning option. It determines the coding complexity. The more complicated the coding process, the more it requires hardware resources. The fastest parameter is "fastdecode". When the transfer rate of video streams drops, then they are reconfigured and dropped frames. Most popular applications and video hosting sites use artificial intelligence to optimize video encoding.

Editing video in Avidemux

During the preparation and creation of video I used MP4 video multiplexer. I wanted to remove part of the video and received a warning in the image above. The point is that the starting frame A and the ending frame B of the gap AB are bidirectional predictive frames (B-FRM). If I delete the AB interval and save such a file, then the video can be viewed, but it will not be correctly interpreted by the decoder. You will see the distortion. If A and B are keyframes (I-FRM) and I delete frames between them, then there will be no distortion.

Visual image encoding and steganography problems

The more information redundancy of visual images, the more possible hidden data sequences you can put into them. Compression partially eliminates information redundancy and complicates the steganographic process. It is possible to record the hidden message in the image and video, but you should take into account the features of the formats.

However, even considering the listed features, you may encounter difficulties. After downloading a video with hidden content to YouTube, it will be recoded using the H.264 codec. Google recommendations regarding the format of the uploaded video

Recommendations are desirable to perform. A steganographic message can be uploaded to YouTube, but be careful, they periodically change the algorithms on their servers. Sometimes this leads to a shift in color and gamma change. After some time, your hidden message may be lost. The last case I know happened in November 2018. They updated their algorithms and colors moved out.

What codecs does YouTube use?

To date, they use adaptive algorithms. What does it mean? This means that the choice of codec depends on the popularity and size of your video, the number of your subscribers.

After you uploaded the video to YouTube, the algorithms check it for compliance with the recommendations in the previous paragraph. If you uploaded the video in a format and encoding that is not included in the list of recommendations, then YouTube transforms the video by applying the H.264 encoding. As for the container, for devices with a resolution below 720p, YouTube will broadcast video in the container flv, and for 720p and higher in the container mp4.

The above difficulties complicate the steganographic process, but do not make it impossible. Below will be presented methods independent of codecs. See general steganographic methods.

How to transcode video from one format to another in Windows, MacOS and Linux?

There is a cross-platform utility ffmpeg. It allows you to convert video from one encoding format to another. You can experiment with the parameters and see the result.

If the video (input.mkv) uses the Matroska container and the H.264 encoder, then to transcode to the VP8 codec, go to the directory with the application, open a command prompt and enter the following: ffmpeg -i input.mkv -c: v vp8 output.mp4. The output.mp4 file is recoded by the vp8 codec [1].

Audio tracks

From a mathematical point of view, sound is a continuous (analog) function. But in digital technology it is stored only in a discrete form. That is, the values ​​of the continuous function are calculated at integer time intervals and we receive a discrete function. The frequency of the function calculation by the recording equipment is called the sampling frequency. The lower the sampling rate, the greater the loss. The minimum acceptable sampling rate is 8 kilohertz. Below this threshold, the human voice will not be able to make out.

An analog-to-digital converter (ADC) is used to convert an analog signal to a discrete one. To whom this topic is very interesting, I recommend reading books about the basics of information theory and coding [2].

In one video there can be several tracks. Tracks can be mono and stereo. Each track has its own sound level and balance. The balance of sound reproduction is the proportional separation of sound between the left and right speakers. A balance of 100% means that the sound is equaly distributed (1/1 ratio).

Debunking of myths about sound quality

Some people mistakenly believe that by purchasing a sound amplifier, they will get high-quality sound. The amplifier will only amplify the sound and add new errors in the sound tract. If you want to choose a quality amplifier, then look at its operating frequency range. The wider it is, the better. Each amplifier has its own error which distorting the sound. For each of the frequencies, this error is different.

In fact, sound quality depends on many factors. If the recording equipment has an ADC with a sampling frequency of 20 kilohertz, then you can easily reduce the quality of sampling for the recorded sound using programs. But if you want to increase the quality to 44 kilohertz, then you will have to buy new recording equipment. But even this does not protect against all interference. Temperature also slightly affects the sampling rate.

The sound quality depends on the selected transmission medium. In the sound path it plays a huge role. Electromagnetic waves interfere. The lowest noise immunity at wireless transmission. Optical transmission medium is protected from interference of this kind better than others.

искажение формы синусоиды
Sampling (quantization) signal

Quantization of the signal also introduces additional distortion. The figure above shows how the sinusoidal waveform is distorted after sampling on the ADC. Such distortions are called quantization noise.

Steganographic methods for highlighting information

Music equipment manufacturers Yamaha have created a Vocaloid application that simulates a human voice. In terms of steganography, a wide variety of voices can be used in the highlighting method. However, changing accents can spoil the aesthetic pleasure of listening to music.

Although, if you use a chorus of vocaloids in an mp3 file with many tracks, then the change of accent can be hidden. The secret information can thus be extracted after processing the audio tracks in the editor: 1) silence the tracks without steganographic content; 2) increase the sound of the steganographic track and extract the words [3].

The result of the use of vocaloids for steganographic concealment of secret information sometimes exceeds all expectations. Energetic music in the background can also divert the listener's attention to a change in the emphasis of the words. The tone of pronunciation and speed can also carry an additional meaning.

Metronome's method

The metronome method is perfect for highlighting words in clear text. If you have a very good ear for music and a sense of rhythm and time, then you will like this method. The essence of the method consists in applying pauses of different lengths.

So, a pause which equal to one quarter indicates that there is no hidden word, and a pause equal to two quarters that the next word is included in a secret message. This is very noticeable, especially if you choose a rhythm equal to 100 beats per minute. The rhythm values ​​should be selected from the interval of 120-135 beats per minute.

General methods

One of the common methods of steganography is the LSB. LSB is an English abbreviation of which means the “least significant bit” (Less Significant Bit). The essence of LSB methods is to change the last significant bits in each byte of information.

The step gradient method is part of the LSB methods applied to visual images. The gradient pitch is chosen small. Thus, it will be difficult to distinguish the color change of the object.

step gradient method
Fruit Alphabet

Applications that reduce the file size can remove indistinguishable shades of the color palette. All color indexes will shift and the hidden value will be lost. If you select "save image for web" in Adobe Photoshop, then you will lose the hidden message.

For videos, I recommend using lossless options for codecs. If you decide to upload a video with hidden content to video hosting, then it is better to use Vimeo. This video hosting provides several tariff plans. Starting with a Pro subscription ($ 20 per month) you get the opportunity to set the necessary colors. They will not shift.

Steganography and YouTube

YouTube will transcode your video and colors will shift. To avoid this, use the following algorithm:

  1. Increase the gradient pitch and check the colors for consistency;
  2. If the colors are shifted and do not match the original repeat paragraph 1.

If the letter "A" is represented by a color RGB vector [255,102,0], then the letter "B" will be represented not as in the figure above, but by the vector [255,100,0]. In this case, the step of the green component of the vector is two.

It is necessary to take into account the fact that different people have different perceptions of colors and different monitors. The better the matrix of your screen, the more shades you can distinguish visually. A big step will increase the difference between shades.

Similar advice you can apply for audio files. In audio, you can use an audio gradient to distinguish a hidden meaning. You can also use a change in the balance of the audio output on the tracks. Music instrument change and so on.

Alternative ways

The most effective way for short messages is the use of dynamic objects, or dynamic replacement of objects. This method allows you to hide short words or text matrices using short visually distinguishable states. The bottom line is that objects are sequentially lined up in an associative relationship and can be interpreted.

Steganographic messages can convey many forms of art, including ballet and theatrical productions. The biggest difficulty is the certainty that the person correctly interprets the message. The correct interpretation of such messages depends on the general erudition, interests, social circles of a person, social status, and so on.


Information hiding in audio and video files is more effective than in text data. However, it is an order of magnitude more complicated and requires skills in working with sound and video. When post-processing audio and video materials by different applications, some of the hidden information may be lost. To avoid this, it is proposed to use gradients with a large step.

As an alternative, it is proposed to use the methods of dynamic substitution of objects. The main advantage of this method is that not everyone understands it. An association can be built by a person with a certain set of knowledge, hobbies, and so on. The main disadvantage is a possible misinterpretation.

Sources of information:

  1. RFC 6386.
  2. И.В. Кузьмин, В.А. Кедрус. «Основы теории информации и кодирования»

Steganographic tables and the creation of charades


Did you know that the Unicode character table contains a large number of letters that look like Cyrillic, Greek, Latin? Moreover, some Latin letters are involved into the extended Cyrillic alphabet. All these letters have different numeric codes. This allows you to hide steganographic messages in the text.

Hereinafter, auxiliary tables and some other data will be given to effectively implementing of steganographic information hiding.

Major European Languages

The alphabets of most European countries are consisted of Latin, Greek, and Cyrillic symbols. Below is a table of symbols for the Latin, Cyrillic, International Phonetic Alphabet (IPA) and Greek.

M,Ⅿ,m,ⅿМ,мʍ,ɱ Μ,ϺM,m
ƃБ,б ɓ
  • IPA - international phonetic alphabet
  • Lisu - Fraser's alphabet
  • HFF - half-width and full-width forms

Different fonts may differ in the form of letters. However, now there is a tendency to simplify of the form of letters in many languages all over the world. Choose simple and strict fonts without ridiculous curves: Serif, Times New Roman, Arial. The ideal choice would be monospace fonts: Ubuntu mono, Monospaced and others.

Example of steganography message

Below is a poem that is not randomly chosen by me. Pay attention to the third row. All lines start in the same way, and the third line is slightly longer. In addition, the second line is not a random typo, take a closer look. And the letter "o" in the word "out" is wider. If the lines did not start the same way, it would be difficult to notice. In addition, many consider poetry to be a boring and dull hobby of single people. Most of the young people would scroll to the bottom of this page and would not have noticed anything. It seems that among them, I'm just an exception.

І have been one acquainted with the night.
l have walked оut in rain — and back in rain.
I haѵе outwalked the furthest citу light.
I have lоoked down the saddest city lane.
I have passed by the watchman on his beat
And dropped my eyes, џnwilling to explain.

Robert Frost, famous American poet
стеганографическое сообщение
Any hex editor will reveal the secret

Just copy and save this poem into a text file (in utf-8 encoding). Open the hex editor and look at the character codes. Yes, that's it! Our assumption turned out to be true. The secret message here is encoded by highlighting method. The contents of the secret message: "I love you". And now, let me insert my own poem:

There is no sense of digging in some words
It is enough to say: "My heart was harm of swords"
In lonesomeness of empty space
It is much better than disgrace

All words like swords are not coming alone
It's full of a variety of some emotions
Don't try to split it on text portions
It was hidden by the life, so often

It's impossible to guess such words
By just continuing to read
A little part of smashed it
It is enough to say and simply go away

It is enough to miss each other in the flow
Of cold neonic icy glow
It will lose in foam of wavefull roam
In the ocean of my dream I will engrave, it seems...

There is no steganographic message and hidden interpretations in my own poem. Surely, I would be pleased that you spend some time to read it. But these are just the beautiful words of a man who missed one bus stop in public transport wanting to bring a portion of estethic joy to his readers.

Cube Mixer screenshot
Cube Mixer

The source of my inspiration was the application "Cube Mixer". It helped me find a rhyme for translating this poem into English. If you want to express yourself, if you need to find some words for your loved ones, if you have nothing to do, then use the chance given to you by destiny. Install the Cube Mixer app from Google Play..

Increasing of storage efficiency

This method is more sophisticated than the previous one. Highlighting methods for European languages ​​have little efficiency. In a recent article, we showed that this group of methods is effective only in Chinese. The main disadvantage of these methods is the need to know the language in which the message will be hidden. That is, if the text that carries the steganographic message in English, then the steganographic message should be in English.

If one letter can be written with similar characters, but with a different numeric value, then the number of these characters will determine the hidden payload. There are 14 different ways of writing the letter "K". If you use 14 different ways of writing, then the total number of states for two characters "K" will be enough to represent 14 ^ 2 = 196 characters. Do you know what this means? This means that with two positions containing all possible characters like "K" you can encode the alphabets of several languages!

If you do not need to distinguish between small and large letters, then among the possible languages ​​we can include:

  • Austrian, English, Danish, Hungarian, Spanish, Latvian, Lithuanian, Moldavian, German, Romanian, Polish, Portuguese, Finnish, French, Estonian - about 50 Latin characters;
  • Abkhazian, Azerbaijani, Belarusian, Bulgarian, Bosnian, Kazakh, Kyrgyz, Macedonian, Mongolian, Russian, Serbian, Turkmen, Uzbek, Ukrainian - about 50 Cyrillic characters;
  • Arabic, Hausa, Farsi, Uighur, Urdu - about 50 characters;
  • Yiddish, Hebrew - 22 letters.

All listed languages ​​have similar alphabets. Chinese can also be expressed in pinyin as Latin letters. The listed languages ​​include the six main UN languages: Arabic, Chinese, English, French, Russian, Spanish. In these languages ​​most of the inhabitants of the earth communicate.

Symbols of diacritics

You can say: "Not all Latin letters have analogues in Cyrillic and vice versa." Yes, of course. There are also special characters with diacritics. Thus, the Russian letter "ё" can be represented as the Latin letter "e" with double diaeresis. The Belarusian letter "ў" will be represented as the Latin "y" with the macron "ӯ". You can create your own scheme to increase the payload. There are a huge number of possible options for the representation of letters and it's can not be listed here. Everything is limited only by your imagination.

A group of European languages ​​based on Latin, Cyrillic and Greek have about 50 possible diacritic symbols. Not all of these characters are used in literary language and not all of it carry informational payload. Some carry information about how to pronounce the word.

If the diacritic characters are added to each possible character similar to the letter “K”, then the total number of possible hidden states of these two symbols will increase significantly: (14 + 50) ^ 2 = 4096. If each of these states is interpreted separately, then it is possible to represent the indices of 4096 words in the dictionary. Moreover, in this way, you can submit each instruction of Intel and AMD processors. In one poem written by Alexander Pushkin "Eugene Onegin", you can transfer the "hello world" program hidden in the form of processor instructions.

One of the first successful serial processors from Intel (8086) had about 100 documented instructions and a number of undocumented instructions. The machine instruction (opcode, operation code) can have the following dimensions: 1 byte, 2 bytes, 3 bytes. Among all the possible 8086 machine instructions in the normal program, you could find from 20 to 35 instructions of various kinds. Imagine that we can transmit each of the processor instructions in the form of two printable characters with diacritics. This will be more convenient than Base64 encoding, that binary information are often provided (see the article Information representation: Python programming language and encodings).

Half-width and full-width forms of characters

All Chinese characters take full-width sign place. If you use spaces, then the text will be shifted. The space gap characters is not the full-width symbols. Sometimes, if you want to insert a word in another language, then spaces are applied and the text is shifted. To preserve the aesthetic beauty of the Chinese language use the full-width version of the Latin characters (HFF).

Each letter and number in the HFF is centered. It stretches the sentence a little bit. So the sentence "I love you!" represented by the HFF characters will be: "I love you!". I did not write space gaps and did not change the font.

How to apply the specified feature?

Whatabig cat? Iwanna pet it!

This text contains a steganographic message. Look carefully at all the letters "a". Two HFF characters are written without spaces. In the sentence "What a big cat? I want to pet it!" the abbreviation AI (artificial intelligence) is hidden. The most interesting thing about this, is that the Libre Office word processor shows us that there are 8 words in this sentence. We did not write spaces next to the article "a". In terms of character processing, the first three words are written together. The checking of this fact is very simple, just double-click on the word and such actions will highlight selected one.

Numbers and signs

If you think that the numbers cannot be replaced by similar characters, then you are very mistaken. As for the numbers, they can be represented as follows:

00 (HFF);
߀ (NKo, manding languages);
Օ (Armenian "O", in some fonts is drawn as 0);
11,イ,l (HFF);
⌉ (various technical symbols);
22 (HFF);
Ʒ (IPA, letter «ezh»);
З,з (Ciryllic letters «Ze»);
ℨ (Gothic letter like symbols);
կ, Կ (Armenians letters «Ken»);
ⴗ (Georgian letter «Qar»);
Ƽ, ƽ, (extended latin);
ⴝ (Georgian letter «Char»);
ל (Hebrew letter «Lamed»);
Ց (Armenian letter «Tso»);
ց (Armenian letter «Sо»);

The disadvantage of this method is that not all fonts contain graphic representations of such characters. As for punctuation marks, it's also have similar characters. As an example, take the HFF symbols.

Artificial intelligence and font selection in steganography

There are a huge number of fonts. Moreover, there is a huge number of letter writing styles. It's impossible to view thousands of Unicode characters. How to choose the most convenient font for steganographic purposes? For this you can use the capabilities of neural networks.

You can create your own neural network architecture. But I warn you, training and testing of neural networks are taking an enormous amount of time. A small set of training data may not allow to get the result we want to get. It is better to use a ready-made architecture and a ready-made set of samples for learning NN such as: a MNIST handwritten sample database, or something like that.

Approximate sequence of actions after training and testing a neural network:

  1. Create a script that in turn displays all the characters of the font;
  2. Take a screenshots from the screen;
  3. Feed the normalized image to the inputs of the neural network;
  4. Get the result (the vectors of measures of similarity of samples for classification).

Charades, bullying and famous people

Do you like to solve charades? Me too. You know that India, in the state of Punjab, has its own Punjab language. This language used to use a sophisticated writing system called “Sharada” (in Russian it sounds similar to word charade). The first Sikh guru, Nanak, simplified Punjabi and created the modern Gurmukhi writing system. This writing system replaced Sharada. The word "Sharada" is still used as a synonym for the word "riddle".

Hindus created chess. Hindus have developed and invented a lot of things. They occupy key positions in many well-known global corporations and countries. For example, Google CEO Pichai Sundararajan, Canadian Defense Minister Harjit Singh Sajan. The last one had been awarded by order for military merit. Why they all are so smart? Perhaps, in childhood all famous Hindus divined charades and played chess.

There are 22 different official state languages in India. Imagine, how hard it is for local officials. Of course, in Indian schools everyone learns Hindi. But life compels to know at least a few state languages. The following is a list of the most common languages ​​of India among millions of people:

государственные языки Индии
The variety of languages ​​of the Indostan peninsula
1. Hindi — 551.4
2. English — 125.3
3. Bengali — 91.1
4. Telugu — 84.9
5. Marathi — 84.1
6. Tamil — 66.7
7. Urdu — 59.1
8. Kannada — 50.7
9. Gujarati — 50.2
10. Odia — 36.6
11. Malayalam — 33.7

According to another hypothesis, bullying in childhood forced people to become much smarter and much cleverer than others. If people do not stop and continue to live without paying attention to it, then they become better than others and get an advantage. Read the biography of Elon Mask, read the biography of Sergey Brin. I don’t know if they like charades, but there’s a cat’s nose in the Tesla logo. People who have the advantage are enjoying of their uniqueness and create the same unique things worthy of praise.


Communication languages, as well as programming languages, are tools. Clever and resourceful people can use them to gain advantage. Steganography has been just one of it. The uniqueness and diversity of people give us new symbols. Sometimes, people become symbols of the entire epoch. Our epoch has many symbols and we create them directly or indirectly.

Do not stop, find time for personal development and bring people good by encouraging others to do the same. And the world will be better, the world will be more perfect! Stay with us, read our articles, learn new things.

Information representation: Python programming language and encodings

After reading this article, you will know why letters of many languages ​​of the world are represented by two bytes of memory, and English letters are represented by only one byte of memory and much more. I hope this article will be interesting for you.


As mentioned in previous articles, any distinguishable state can be used to encode information. There are only 2 of such states in electronic devices: "on" and "off". The English alphabet has 26 letters, which means that 5 bits are enough to represent each letter. The total number of states that can be interpreted is 2 ^ 5 = 32. If we will consider capital and small letters, then for 52 characters 6 bits are required.

However, in addition to the basic printable characters, there are also control characters. Each time you press the enter key while typing text, you insert an invisible end-of-line control character. On Windows operating systems, the end of a line is indicated by two characters. Microsoft guys like to take up space on your hard drive. Of course, this is a joke, just old printers were required the presence of the carriage return character.

Большие буквы английского алфавита
Letter representation "A"-"Z" in ASCII encoding

Seven light bulbs are enough to encode an English letter and some other additional characters that do not have a graphic representation. Instead of light bulbs, anything can be used to encode information. For the presentation of information, you can use any physical process of n states. The computer is built primarily of semiconductor elements and therefore there are only two states. One bit - 2 ^ 1 states, one byte (8 bits) - 2 ^ 8 = 256 states, two bytes - 2 ^ 16 = 65536 states.

английский алфавит
Letter representation "a"-"z" in ASCII encoding

However, even if you use ASCII encoding to represent characters, storing of one character requires 8 bits. This is due to the size of the CPU registers, because it is more convenient to process information. If you like animated illustrations and you want to print a poster for a computer class, then you can download it from the openclipart website (poster1, poster2).

The eighth bit in ASCII characters is used to represent characters from other alphabets and pseudographic elements, such as: dashes, squares, circles, and so on. In Windows operating systems, such encodings are called as follows: Windows-XXXX. Instead of the characters XXXX, the number assigned to one of the national alphabets, or its variations, are used. Encoding Windows-1251 represents the characters of the Russian alphabet. On Linux operating systems, this encoding is called CP-1251. CP is the English abbreviation for "code page". Characters of the considered encodings are 1 byte in size.

Disadvantages and advantages of single-byte encodings

Encoding is a state interpretation table. Since the eighth bit is used, 7 bits are left to represent characters from other alphabets. Therefore, it is possible to represent 2 ^ 7 = 128 characters, letters and signs. Imagine that you live in Cambodia and have 74 letters in your alphabet. In addition to them, there are also other symbols and signs that also need to be presented. It is clear that one byte is not enough.

Some countries such as the Czech Republic, Slovakia, Hungary, Poland, Romania are using Window-1250 encoding for single-byte characters. If a Russian-speaking user wants to see a Romanian website that uses this encoding to represent characters, then he will see gibberish on the screen that does not contain Romanian characters. Highly likely, this text will be interpreted by the browser as encoding Windows-1251.

You can create a lot of encodings, but it is very important that those who read the written text can interpret it. To support single-byte encodings, modern browsers have the ability to manually select it. But it is very inconvenient and time consuming. Modern people are not used to spending time on such operations.

And yet, they are still used. So the IBM DB2 database management system allows you to define single-byte encodings for text fields (Windows-1251, Windows-1250, and others). Other DBMSs also allow you to do these things. The main advantage of single-byte encodings is the size of a single character. This allows you to effectively manage the place to store information, especially when there is a lot of text data. However, this does not apply to the management of public facilities. It is no secret that all countries exchange information among itself. There are special commissions at the UN which are responsible for collecting statistical information. For example, the UN trade commission (UN Comtrade).

In addition to all the above, there are Open Data projects for the implementation of transparent government management. The meaning of these projects is that every citizen can see how decisions are made by each individual official and, if he is not satisfied with management decisions, remove him from management. According to the requirements of ISO and ICAO, computer networks and systems that implement the solution of tasks of such kind should store information in Unicode.

Unicode and its benefits

In order not to switch between code pages, the Unicode standard was invented. Unicode consortium is responsible for its development. The most popular, now is the Unicode character representation method - UTF-8. For efficient data storage, it uses different sizes of characters and letters: 1 byte, 2 bytes, 3 bytes and 4 bytes. This standard is compatible with the ASCII standard. The first 128 characters are English letters, numbers, punctuation characters and control characters that we considered at the very beginning. Each letter in Russian, Belarusian, Polish and many other languages ​​has a size of two bytes. This means that for 4096 characters of the English alphabet, an englishman will spend 4 KB, and residents of other countries will spend 8 KB of memory. Do not be offended, just continue to live on.

Two bytes of memory are enough to represent 65536 different characters. The set of such symbols includes alphabets of most world languages ​​and specific signs such as: Armenian sign of eternity arevakhach, arrows, mathematical symbols, and so on. Rare and not often used characters are 3 bytes in size. The set of such symbols includes: the "№." sign, rare Chinese characters, the Slavic asterisk, the Cyrillic multi-eyed letter "o (ꙮ)", and the symbols of the ancient Slavic language. Emojy, runes and additional characters are 4 bytes in size. And this is very sad. Storing a text consisting of 4096 runes will require 16 KB, which is 4 times more than in English text!!!

How does a computer interpret Unicode characters?

How does the browser and other applications know how many bytes a character takes? Applications are processed all characters byte by byte. If the first byte has a numeric value greater than 192 (that is, if the two significant bits on the left of the first byte are 1), then the character is represented by two bytes and the two significant bits in the second byte are 10. If there are three significant bits are set, then the character consists of three bytes. A table describing the principle of interpretation of Unicode is presented below.

Count of

Instead of the letter "X" you can put 1, or 0. At the very beginning, the Unicode standard allowed the use of characters of 6 bytes in size (6 binary octets) [1].

In 2003, the situation changed and only 4 octets are allowed for user needs. This is quite enough for all world languages ​​and even for Emoji’s pictograms and symbols. Perhaps, in the distant future, the amount of Emoji will increase and each person will have his own Emoji characters, then 6 octets will be very useful [2].

Unicode disadvantages and Quick Search Algorithm

The more bytes of information, the more difficult and slower the search is. Members of the RFC standards development community have considered all possible difficulties and found an effective solution. The Boyer-Moore algorithm (heuristics of bad characters) allows you to quickly find the text information represented through Unicode characters. This algorithm applies your browser when you press Ctrl + F. The research interests of Boyer-Moore included the study and construction of finite digital automata.

Let the text length in which the search is performed is equal to N, and the length of the search pattern is equal M. The phase of initial calculations will take O (M^2 + σ) operations, where σ is the size of the used alphabet. Then, in the best case, the execution of the algorithm will take O (N / M) comparisons. In the worst case, when the text consists of the same characters, for example 100 letters "C", in which the search for 5 letters "C" is performed, then the operation of the algorithm will take O (N * M) comparisons.

In terms of security, it is very important to avoid buffer overflow errors. In 2001, there were cases of using forbidden octet sequences and incorrect parsers led to serious security problems. Therefore, when writing your Unicode character handler, pay attention to the RFC standard [RFC 3629, clause 10].

Programming language and encodings

Some people remember how problematic the interpretation of Unicode characters was in ancient programming languages. Moreover, there were a huge number of the same ancient programs that did not support this encoding. If instead of letters you see small squares, then this may mean the following:

  1. There is no Unicode support;
  2. The selected font has no graphic representation for this character.

There are practically no cases when Unicode support is missing. All programming languages ​​and modern applications support this encoding by default. But not all fonts have a graphic representation for Emoji’s pictograms and symbols. This should be considered when developing programs that working with text data.

Using Python encoders and the Encodings module

Python is a cross-platform language ported under Windows, Macos, Android. Most Linux distributions have it installed by default. On Windows OS, run Python Idle to use the interpreter. You can also install the integrated development environment Visual Studio Community, or PyCharm, to simplify development in this programming language. In terms of ease of use, the Python language ranks first. It is used by scientists, network engineers and enthusiasts. It is simple and can be applied step by step in the interpretation mode. To view the help for the Encodings module, directly from the interpretation mode, in turn, enter two lines.

  1. import encodings
  2. help(encodings)

If you decide to create your own codec, read also the codecs module help. Import the codecs module and also use the help() method. You can create your own codec and register a special method to search for information. To view a list of all available methods (functions) of a module, enter the dir(encodings) command. Be careful if you have not entered the "import module_name" directive, then the dir method will return an error:

NameError: name ‘encodings’ is not defined

In many languages ​​there is a function ord(), which allows you to find out the character code in the decimal numbering system. You can get codes for multiple characters, not only for one character, using codecs. For the hexadecimal representation, apply the codec "hex_codec", as in the figure below.

кодеки в python
Using Python encoders

This encoder received, as an argument, a string that consists of 5 initial letters of the English alphabet and 5 initial letters of the Russian alphabet. You can find out the length of this string using the len() function, but the result value needs to be divided by 2, since one binary octet is represented by two hexadecimal digits (from 0 to 'f'). As you can see, this string is 15 bytes in size: 5 bytes of English letters and 10 bytes of Russian letters. Please note, that the first byte in Russian characters "d0" and the English letter "A" differ in numerical value from the Russian letter "А". The int() method converted the hexadecimal value for the English letter "A" to decimal 65. To convert to the binary system, use the bin() function.

5 English letters (41-45) and 5 Russian letters (80-84) in CP-866 encoding

Important note! After copying text from an application that saves files in the Windows-XXXX (CP-XXXX) format to the Python interpreter, it automatically converts the text to UTF-8. If you want to find corespondent character codes in other encodings, take the hexdump utility (any other hex editor will do) and open the file saved in another encoding, for example in CP-866, as in the figure above.

The punycode encoder allows you to represent Unicode symbols via ASCII characters. You can revert the encoded string to its original state using the decode() method. To exit the interpretation mode, type the function quit().

Iterative and incremental codecs

There are two types of encoders: iterative encoders and incremental encoders. If the encoder processes characters which length is known in advance, then it is called iterative. This type of encoder includes an encoder: ASCII and other types of encoder based on it, for example ROT-13. An example of the use of the ROT-13 encoder is shown in the figure below.

итеративный кодек rot-13
Using the Rot-13 Encoder in Python

As you can see, it works only with ASCII characters and if, as an argument to write a Russian letter, it gives an error. To get rid of the error, remove all characters which numeric code exceeds 127. Thus, only ASCII characters will remain.

As mentioned earlier, Unicode characters have different lengths. Therefore, they cannot be processed by iterative encoders. To process it properly, incremental encoders are used which contain a counter variable. The purpose of the counter is to count the number of features (significant bits) that will determine the number of bytes in for each character. As such features, the significant bits of the first byte of the Unicode sequence are used (see the table above).

From the point of view of computer system security, incremental encoders that do not check the number of characters are as dangerous as arrays. Be careful, adhere to the principles of safe programming. Program development is a big responsibility and cannot be neglected. It is not enough just to be a coder, you need to have knowledge and experience in the field of computer security.

Base64, Big5 and Monkeys on YouTube

Do you know that any program can be transmitted as text? Some sites prohibit downloading executable files in * .EXE format, or binary files. Some email clients may skip emails with attached executables. To avoid this, you can convert the contents of the executable file into text which alphabet is 64 ASCII characters. This encoding is called Base64. The size of the file encoded in this way will be larger than the size of the original executable file.

Base64 сообщение
Monkeys on Youtube

There are some funny moments associated with using Base64. If you use Youtube, then you could see the error pictured above. As you can see, this is very similar to Base64 encoding, but the slash and plus symbol is missing. Base64 encoding is available in several variants. The picture above shows the "urlsafe Base64" encoding. Symbols 62 and 63 ("+" and "/") are changed to "-" and "_". After applying the Base64 codec, you can get the encrypted contents of your browser's stack. Funny monkey, in the picture above, provokes to share this screenshot with friends and add the hashtag #youtubemonkeys. Do not rush to laugh, it is not self-irony. Youtube engineers regularly search for similar screenshots. Decode its content as base64 and then decrypt the secret contents of your browser stack and find the fault. If they asked you to share the contents of the browser stack, you probably would have refused. Isn't it?

For the representation of Chinese hieroglyphs, sometimes are not enough standard hieroglyphs. In Hong Kong, are commonly applied additional hieroglyphs. For its input Big5 encoding is invented. In addition to this encoding, Python supports other exotic encodings that are included in the ISO standards [3].


We considered the standard ways of representing characters. Despite the fact that in a text editor you see a single character, it can have a different size in bytes. There are many encodings, but Unicode dominates among it. The vast majority of applications and websites use this encoding.

Some letters have the same shapes, but different numerical codes. This feature can be used for steganographic purposes. We considered how to see the code of each symbol: 1) by using the Python programming language; 2) by using hexdump utility.

Sources of information:

[1] RFC 2279, "UTF-8, a transformation format of ISO 10646", an obsolete version.
[2] RFC 3629, «UTF-8, a transformation format of ISO 10646».
[3] ISO 10646, Стандарт Unicode.

Secrets of China: Chinese electronics and steganographic methods

You do not need to know Chinese to use Chinese steganography! That would certainly be nice, but the point of this article is not to teach you Chinese.


A recent article has presented many ways to compose steganographic messages. As mentioned earlier, in European languages ​​for such purposes can serve as diacritic characters, spaces, intentional typos, etc. In Arabic, Urdu, Farsi and Uigur, you can also use takweels (see the article Steganography, Arabic and a little bit of math (part 1)).

метод инкрементальных указателей
Steganographic messages
(incremental pointers method)

You may ask me: "What about Chinese, Korean and Japanese?" The previous methods are suitable for Chinese, but it has its own specifics and some limitations. Such as spaces, which are usually do not insert in text to save free space. The incremental pointer method discussed earlier is also applicable to the Chinese language, but only special characters will not point to a letter, but to an ideogram that represented as a hieroglyph. If you want to read a regular newspaper, you need to know about 2000 characters. Hieroglyphic writing requires special input methods. In Japanese - Anthy; in Korean - Hangul; in Chinese - ZhengMa, Zhuyin, and Pinyin. Pinyin is the most common input method for Chinese characters. The usual qwerty keyboard is capable of representing the Chinese character. Pinyin replaced Zhuyin and ZhengMa. The English letters of the qwerty keyboard represent sounds of hieroglyphs, and the diacritical characters represent the tones of sounds.

Zhuyin layout
(Chinese writing method)


Wherever you look and whatever product you buy, you will always meet with Chinese characters. It’s impossible in all time span of your life to never know about China. China is an industrial country producing the most modern electronic equipment. Most electronic devices consist of Chinese semiconductor components. In the statistics of international trade Asian countries occupy a dominant role. Hong Kong Free Economic Zone is presented separately, but this is also China. Chinese manufacturers of semiconductors sold its products for 361597 million US dollars in 2015!

объем продаж полупроводников
Statistics of semiconductor exports in 2015, valued in millions of US dollars
(source: UN Comtrade, category of products 776 and 772)

There are semiconductor component manufacturers in some countries, but the main production capacity is in China, Singapore, Korea, and so on. In Russia, in the city of Zelenograd, the Mikron company produces semiconductors, according to the technological process of 65 nm. The smaller the technological process, the greater the density of elements on a single quartz crystal. For example, in the Republic of Belarus, the Integral company has produced its best semiconductor components using the technological process of 350 nm in 2012. China produced the same in 1997, and now China has implemented a technological process of less than 5 nm at its most advanced factories in the world!!!

Why Europe manufacturing of semiconductors is not so developed as in China?

In democratic countries, the authorities listen to the opinion of environmentalists. Moreover, the media constantly talk about the dangers of factories which produce electronics. The public is protesting against such an informational background and the authorities, who do not understand anything in physics and electronics, make the appropriate decisions, draw up regulatory acts and so on. As a result, if entrepreneurs want to create a factory, they will be forced to pay huge taxes to the budgets of these countries. The state will spend money that earned before on environmentalists, and environmentalists will again hinder the development of technology. It looks like a closed cycle from which all states cannot exit.

With respect to China, everything is completely different. There are also environmentalists there, but their number and role is completely different. All specialists are attracted to the state's planning there at the same time. The state, using the mass media, explains in detail to its citizens the essence of its policy. If acid rain falls from the sky, then it is like a caring mother, advises everyone to put on protective raincoats and not to park cars on the street so that the paint does not peel off. If there is a light smog on the street, then it advises breathing through a respirator, gas mask, or a damp cloth. Forgive me for sarcasm, but it's better than not breathing at all.

Silicon semiconductors in your iPhone stand no more than the sand under your feet. The main difficulty is a technological process. The profit of Chinese companies very quickly exceeds the investments in production. Now China, Korea and other Asian countries are monopolists in the supply of electronic components. Chinese parts everywhere: in airplanes from Boeing and Airbus, in teapots and microwaves, in rockets and satellites, in cheap key chains and expensive cars. The first Chinese Airbus A320 was built in 2008 [1].

Undocumented features and prohibition of Huawei in the USA

Every detail and every component has its own datasheet. The specification describes the operation of the device, the modes of interaction with other devices, operating conditions and so on. Some features of modern technology are concealed from the consumers. Knowledge of such opportunities have only some people, and above all the military.

Lev Sergeyevich Termen in 1945 invented the first listening bug device, often called as "The Thing", without batteries or any other connected power supply sources to it. To receive the information out of this device, it has been just enough to fit the automobile with specialized equipment and parked it under the building. Irons, microwaves, key chains, bracelets on your hands work in a similar way. Edward Snowden was exposed only a small part of all that is known about the great power of China.

And now guess: "Which country will win the hypothetical confrontation between China and the United States?" Of course it will be China. Barring Huawei products in 2018 is just a pitiful attempt to avoid the inevitable. Due to the stupid bans of environmentalists, the United States does not have its own production of semiconductor components that would be able to satisfy all domestic needs. The US withdrawal from the Paris Climate Agreement in 2017 is an attempt to exempt entrepreneurs from high taxes, which restricting the development of technologies within the country.

You may ask: "Why did the leaders of large corporations aren't supporting the US refusal of such an agreement?" They all depend on Chinese electronic component suppliers. They are afraid of losing incomes that they have and are forced to do so. If the supply of Chinese parts will cease, the prices for equipment will soar and a part of the population will not be able to afford to buy electronic devices.

Why should you need to know Chinese culture?

China is not just a technological hegemon, it is the future. You will not find a country capable of replacing China. There is no such country and in the near future, it will not be. Keep calm and learn Chinese. Do not worry about the possible changes, because the Chinese are very pragmatic and peace-loving people. They keep ancient wisdom in their culture and traditions.

Chinese is:

  • easy;
  • interesting;
  • fascinating.

Exposing the myths about the hieroglyph two women under the same roof

Unfortunately, there are lots of false facts about Chinese on the Internet. I found an information in one of the websites, that there is a hieroglyph that build from "two women" hieroglyphs under the same "roof" hieroglyph, which translates as "trouble" or "misfortune." This is a blatant lie and there is no such hieroglyph. Although there is a hieroglyph "three women".

иероглиф две женщины под одной крышей
Chinese writing

If you want to make sure of this, you can insert next hieroglyphs into Google Translate:

  • 女 — "woman";
  • 僉 — "unanimous";
  • 險 — "risk" and "sinister";
  • 姦 - "evil", "traitor", "debauchery".

The last hieroglyph is translated into English as "evil", "traitor", "betrayer". Google Translate translated it into Russian as the word "treacherous." Of course, the concept of the word does not fit into it, because Chinese writing is ideographic. These hieroglyphs are not properly called words, but ideograms. An ideogram conveys an idea, or a multitude of ideas. Two, three or four ideograms make up a word.

Information security and Chinese steganography

Despite the apparent diversity of characters in Chinese, there are elementary components that are the basis for Chinese writing. The components look like horizontal, vertical and oblique lines. The exception is the constituent component in the form of a number 3, as in the word child 子. From several ideograms, you can create a new composite symbol, as shown above.

The word woman in Chinese will be written: 女人, or 一個 女人, or 一个 女人. The last spelling contains two words 一个 (one individual) and 女人 (woman). We define the meaning of each ideogram in the last two words. Horizontal bar means unit and is used when we are talking about someone specific. The second hieroglyph indicates that it is a person. The third character means an ideogram of a woman. The fourth hieroglyph - means ideogram of a human. These four ideograms completely represent the meaning of the word, which can be literally interpreted as: "one woman is a human." The translator translates it as the word "woman." Nevertheless, the last two hieroglyphs are enough to understand the essence.

Words can be build of several different sequences of hieroglyphs. Of course, not all options are suitable from the point of view of linguistics and Chinese, but the Europeans and Americans after inserting this phrase in Google Translate will not find anything suspicious. Below are translation options for the phrase "one by one":

  1. 逐一
  2. 一一一
  3. 一逐一
  4. 一輛接一
  5. 一個接一個
  6. 一个接一个
  7. 一個接一个
  8. 一个接一個

In context with other words, its meaning will vary slightly. For example, option 4 literally translates as one after the other. In English, there are no such number of possible alternatives and one can only say: “one by one”, or “one after another”. Here it is, the richness of Chinese language.

Synonymic and homonymous methods of highlighting in steganography

Suppose you have a huge dictionary containing synonyms for each word. If each word (ideogram, or sequence of ideograms) W in a secret message has at least one synonym, or a homonym S, then it can be agreed that one of the synonyms means that the word is in the secret message. The only requirement is the initial processing of the text, which will be hidden information carrier, in order to avoid the appearance of random words S that may violate the meaning of the secret message.

Now, imagine that the Chinese spy will need to report the result of his actions to a coordinating center. He is being watched and he cannot write everything in clear text. To avoid suspicion, most of his correspondence is idle chatter. The secret words he transmits only using synonyms highlighting. From the point of view of those who follow him, it looks like an innocent text. Let's imagine that he needs to answer in a secret message where he was at a specified time. He was in the car and can answer the following text messages.

In Chinesesecret
於车裡is absent
(text is idle chatter)
在车裡word «In» is present
在車裡the next words are present
«In the car»

The first two hieroglyphs are called marker ideograms. For all the phrases listed, Google Translate will generate the same translation. Of course, the short phrase “in the car” may seem suspicious. These phrases can be given a more innocent look: "I forgot my keys in the car and was late for work." The text in Chinese with a secret message: "在 車上 忘記 了 鑰匙 , 上班 遲到 了。". The text in Chinese, but without a secret message: "於 车上 忘記 了 鑰匙 , 上班 遲到 了。".

As you can see, in 16 hieroglyphs 2 ideograms are hidden. The effectiveness of the cover-up will be equal to 2/16 * 100 = 12.5%. Information redundancy will be 87.5%. In fact, these figures would be better if the message were as short as in the table. For phrases in the table, the efficiency is 2/3 * 100 = 66.67%, and redundancy of information is 33.33%. In both cases, we obtained acceptable indicators. This is a very simple example.

And now, let's imagine that the spy we are talking about was on the train. He needs to say the word "train" in a secret message. This word is transmitted by two hieroglyphs: fire 火 and vehicle 车. The first hieroglyph exists only in one form, and the second can be replaced by 車 (we chose it as a marker, see the previous example). The sentence that keeps a secret message may be: "He extinguished the fire and drove his car away." The same sentence, but in Chinese: "撲滅 了 火 , 開著 他 的 车 開 走 了。". There is no secret message in this offer yet. The word fire 火 is synonymous of the word flame , which can be written as 火焰 (without marking), or 火燄 (the last hieroglyph is used as a mark of a secret message). But the flame 燄 and 車 in the message will be misinterpreted as the "flame of the machine." As you can see, this ideogram doesn't fit well.

It is necessary to insert a sign next to it that would indicate exactly to the hieroglyph "fire 火", but simultaneously did not change the meaning of the sentence. To do this, you can use the space character. Spaces are usually not written in Chinese to save space, but if we write it, it will not be a mistake. We write the secret message in our sentence as follows: "撲滅 了 火 , 開著 他 的 車 開 走 了。". See how Google Translate translated both sentences.

Translation of a message without hidden content and a message with hidden content

Look at the same transcription under Chinese text. Moreover, they sound the same and their meaning is the same, do not pay attention to the translation into Google Translate. Folks, this is amazing, we have just coded the word "train" in a sentence that does not contain it.


  1. Chinese allows you to express phrases in different ways, including: "in", "one by one" and so on;
  2. Not all people know Chinese;
  3. With usage of marker ideograms, you can encode a message that has a different meaning, different from the meaning of the carrier sentence;
  4. High efficiency (density) of information hiding.


  1. If there are few synonyms, then this will lead to a repeat of the words in the text;
  2. Not all words have suitable synonyms (basically it's simple words from one hieroglyph, for example, the word "fire");
  3. Those who reads this secret message should know the dictionary of ideograms and have a good memory.

Other highlighting methods

With usage of marker symbol, we could point to hidden content. Do you remember how to spell the word woman (actually two words 一个 and 女人) in Chinese? The first character in it is a horizontal line. Instead of this feature, you can insert a long dash that will be used as a marker pointing to a hidden word. An attentive reader may notice a slight difference in the thickness of the line.

two wordssentencethe presence of
一个女人我看到穿蓝色连衣裙的一个女人。without dash
marker is absent
—个女人我看到穿蓝色连衣裙的—个女人。with dash
marker is present
the hidden word "woman"

Translation of both sentences is the same: "I saw a woman in a blue dress." Literally: "I saw the identity of one woman in a blue dress." One person - 个 is used when we are talking about someone we know well, or a significant person. Of course, sometimes it can be regarded as sarcasm. In Chinese, it sounds correct, but not in Russian or English. That's why the translator skips such words in the example above.

The next example is the word friend 朋友. The Large Chinese-Russian Dictionary contains an example of the use of the word 一个 and 朋友: "作为 一个 朋友, 我 劝 你们。". In Russian, this translates as: "I advise you, as a friend." The word 一个 is not translated and is suitable to apply it as a marker that highlights hidden words [2].


  1. A very simple way to highlight hidden words.


  1. Chinese font is always monospaced. If you replace a lot of horizontal characters on the dashes, then the text with the dashes will shift to the left side, compared to the text containing the horizontal hieroglyph;
  2. This makes a slightly different meaning to the sentence.

Incremental pointers methods

As mentioned at the very beginning, these methods are not suitable for hiding text that is written in Chinese. Nobody said that spaces cannot be used, but the previous methods are more suitable for Chinese writing. A lot of gaps in a text file may suggest suspicions about hidden information.

Multifont methods

From the point of view of information security, Chinese is an ideal language for hiding information, especially if you draw hieroglyphs by hand. One Chinese character can consist of 13 components. These 13 components you can draw using different thickness.

Secret information in a message can only be attached if there are n different distinct states. Imagine that we have 5 symbol places, then the total number of states is n ^ 5. So, with eight bits (n = 2), you can represent 2 ^ 8 = 256 different characters. If you're manually creating a design concept for your hieroglyphs, then you can use the brush in vector editors such as Adobe Illustrator, Corel Draw, Inkscape. One of the useful properties of such applications is the ability to select the angle of the pen, the mass and the coefficient of contraction.

Vector graphics editors and steganography

First of all, set the scaling factor to 100%. To write a hieroglyph carefully, set a large mass (measure of inertia) for the pen. The pen has become more docile and draws very smoothly and neatly. Do not round off the ends and leave them sharp. Set the fixation in the range from 64 to 81. Select different angles of inclination of the pen and see how the drawn lines will look.

Lines with pen tilting angles of 90 ° and -90 °
(Inkscape application)

The figure above shows 4 pairs of vertical and horizontal lines. The angle of inclination of the edge at the ends of the line is indicated by red numbers - for the angle of inclination of the pen α = 90 ° and blue numbers - for the angle of inclination of the pen α = -90 °. Pay attention to the differences in the thickness of the lines and edges at its ends. For vertical lines, the order of top-down drawing (figure a) and bottom-up (figure b) is important. For horizontal lines (figures c, d) it does not matter and the edge at the end is the same. If the angle of the pen is α = 0 ° and you draw vertical lines, the order of drawing does not matter.

Let's draw the character for happiness for different angles of inclination of the pen. The angle of the edges at the ends of the lines can be determined in cases where the line is not in contact with other lines. Of course, you can not do this, but the font will be sloppy. Look at the picture below and you will see that the angle of inclination of the pen affects the thickness of the lines.

стеганография и китайские иероглифы
Chinese character fú - happiness and well-being

Suppose each component of a hieroglyph can be either thick or thin. In this case, we have 2 ^ 1 different states for each component. What size of the set of all possible states for 13 components? The correct answer would be 2 ^ 13 = 8192. And what if each component is drawn in a few more states such as: concave, convex or straight? Then each component will have 2 ^ 1 * 3 ^ 1 = 6 states. We listed all the states in the table below.

1thin and concave
2thin and straight
3thin and convex
4thick and concave
5thick and straight
6thick and convex

The total number of states for 13 components will be 6 ^ 13 = 13060694016. This is amazing, because thirteen billion is enough to represent word indices in English and Russian dictionaries. And if we take into account the edge angle at the ends of the lines, then one hieroglyph can theoretically hide word indices for the dictionaries of all existing languages.

Chinese and family ciphers

Every Chinese family has its own tradition of hieroglyph writing. These traditions allow a knowledgeable person to understand more than what is written in the text. If you know Chinese just a little bit, then you can create your personal secret. Choose your symbol, create your own unique style. If you do not have time, we can help you and create for you a unique logo with a hidden meaning.

In a recent article, we talked about the army of Alexander the Great and how he once allowed the soldiers to send letters to their families. In the second world war there was also an interesting case of using the family cipher. The soldier sent letters to the family and the sender field indicated different initials. In this way, he wanted to tell his parents where he was. But the letters did not arrive in the order of it sending and his parents did not understand where he is (see the article The evolution of ciphers and its reliability).


We considered China as a great industrial state capable of changing the course of history. We are dressed in Chinese technology, we have a smart phone in our pocket with Chinese details. Even if this is not the case, then the patents for the technology, according to which the electronic parts are made belong to the Chinese. There is only one country which can be called as world electronic hegemon. This is a serious reason to learn Chinese.

Chinese language is ideal for hiding information. It has its own characteristics that may complicate the process of hiding information. Nevertheless, it helped to increase the effectiveness of hiding information substantially better than it would have been possible through the use of European languages.

Sources of information:

[1] Michael Pecht, University of Maryland, "China as Hegemon of the Global Electronics Industry: How It Got That Way and Why It Won't Change", 2009.

[2] Levin O.V. "Large Chinese-Russian Dictionary", 2009.

Steganography, Arabic and a little bit of math (part 1)


Eastern civilization produced a huge number of great poets, scientists, philosophers and sages. Actually, they had enough time for that. In the previous article, we talked about one of them, the great Arab cryptanalyst Al-Kindi (read also The evolution of ciphers and its reliability)[1].

While the inhabitants of medieval Europe were looking for firewood to warm themselves, the inhabitants of the east made music, wrote beautiful poems, painted pictures, embroidered tapestries, and, of course, fought. Rulers and laws changed very often. Due to strict censorship, some things needed to be hidden. Steganography made it possible.

Steganography is the science of information hiding. A carrier of information can be anything that changes its form, internally or externally. It can be an inscription in invisible ink, hairstyle and even a beard. It sounds weird, but the beard was used to hide tattoos with secret content.

When the Persians in the fifth century BC captured Gistius, who was the ruler of Greece, they constantly spy on him so that he would not give anything to his allies. However, the cunning Greek sent a message to his cousin Aristogorus. The message was delivered to Milet in the form of a tattoo on the hairy head of his slave [2].

Arabic text as a way to hide information

Hereinafter we will talk about hiding textual information in the text. You do not need to know Arabic for this, although it would be great. The main point of its application is its delightful properties.

Seven facts about the Arabic language

Arabic is very important and is included in the list of the six main UN languages. The cultural heritage left to us by the Arabs is very huge. Knowledge of Arabic, as well as other languages, helps to better understand Eastern culture, history, and so on. The basic facts about Arabic are outlined below:

  1. Writing of the words begins on the right side and ends on the left side (this is very convenient and the hand does not get dirty, especially if you are left-handed);
  2. Not all letters in one word are written together
  3. Letters are divided into solar and lunar;
  4. The alphabet contains 28 letters;
  5. 22 letters have 4 forms of writing;
  6. 6 letters have only 2 forms of writing;
  7. There are no capital letters in Arabic.

If you are UI designer, or had dealt with the console in Linux, then you probably know that the fonts may have different widths. Fonts in which letters have the same width are called monospace fonts. To align the words in Arabic, special characters need to be added. Such symbols are called tatweel, or kashida. Words can be stretched like a an accordion by adding tatweels many times.

слитное написание
Ligature Rial - a symbol of Arab currencies

There are many ways to write letters (ligatures). One ligature can contain several letters. A rial ligature is drawn in a green circle. The word can be stretched (ريال), or too flattened as a rial (﷼).

In the CSS3 cascading style sheet, it was possible to define alignment styles with kashida before. Adding kashida signs can complicate the search for words and therefore is not usually used in the main text. Of course, if you do not pursue this goal. Its use makes sense when you create a navigation menu on the site. These symbols are present on the Cisco Networking Academy website in the navigation menu when you select Arabic as the main language.

Usage of informative and uninformative characters

Informant symbols carry basic semantic information. Uninformant symbols do not carry such information. Uninformative characters are the space symbol and the aforementioned tatvil symbol. The difference between the Arabic language and the group of European languages ​​is that it allows you to insert any number of non-informative characters in a word. In European languages, such characters are few. These are usually accented characters, punctuation marks, and other special characters.

To hide textual information in texts that are written in European languages, you have to use a case shift, intentional typos, and the addition of extra characters. But all these operations are very noticeable. Below is the poem of Robert Frost in which the next message were attached: "I love you."

i have been one acquainted with the night.
I have waLked Out in rain — and back in rain.
I haVE outwalked the furthest citY light.

I have lOoked down the saddest city lane.
I have passed by the watchman on his beat
And dropped my eyes, Unwilling to explain.

Robert Frost, famous American poet

If you look at this text, you will notice the changed case of letters. In other, more invisible concealment schemes, unnecessary gaps between words are used to indicate the index of the letter. Each extra space character indicates the order of the letter in the next word. The meaning of steganography is in stealth messaging for most people.

As you can see, 256 characters of plaintext are required for 8 characters of hidden text. The effectiveness of hiding is expressed as the ratio of the number of characters of hidden data to the number of characters of plaintext. For this poem, the efficiency is 3.125%.

The information redundancy is equal to 96.875%. This value indicates the inefficiency of information hiding. This indicator is unacceptable for information exchange. To present one article on this site in steganographic form it would require about 320,000 characters.

Urdu, Uygur, Farsi and Belarusian Arabic Alphabet

Arabic had a great impact on other languages ​​such as Urdu, Uygur and Farsi. In Iranian Farsi, in addition to the 28 letters of the Arabic alphabet, there are 4 more letters. In Urdu, Arabic letters can also be used to spell words.

Tatars used the symbols of the Arabic alphabet to transmit symbols of the Belarusian alphabet. Libraries in Vilnius, as well as libraries in Minsk, contain some books written in Belarusian with use of Arabic symbols.

Actually, the text in English can also be expressed using Arabic characters. Arabic 28 letters can be used to transfer of 26 letters of the English alphabet. If someone inserts this text into the Google Translate translator, he will not understand anything.

However, the Arabic alphabet can be used to transmit the characters of the Russian language, because each letter has several forms. It will certainly be very noticeable. For the Russian language, it is better to use Farsi, which contains 32 characters (you can simply skip the letter "ё" in the Russian alphabet).

Steganography and Arabic benefits

Possible letter placement in word al-mal

The most important advantage is 4 forms of writing letters: separate, initial, final and intermediate. In the Arabic word al-mal, 3 letters (two letters “lam” and one “mime”) have 4 forms of writing, and the remaining 2 letters “alef” only 2 forms.

Let's calculate how many possible letter placement you can get for this word. The maximum number of different states that can store this 5-letter word is 256. But this is the most ideal case and it is suitable only if each of the states can be interpreted separately. For example, if all five positions are occupied by "isolated" forms of letters, this corresponds to the number 256 and means that you need to look at the word with the index 256 in the dictionary.

Table of correspondence for hiding symbols (only for the letters "alef", "lam" and "mime")

Now let's calculate how many states we need to transfer each letter of the English alphabet. If each circle in the figure can be in two states, the number of circles that is required for one English letter is a value of logarithm with base 2, where the argument is 26 (the number of letters of the alphabet). The value of this logarithm is 4.7, that is, to hide one character you need 5 circles.

If the Arabic text is used to conceal information, then only 3 circles ought to be enough for the letters "alef", "lam" and "mim". The number of different states: 4 ^ 2 * 2 ^ 1 = 32 - possible characters. The number of extra states for three letters: 32-26 = 6. Six states are not enough to encode an English letter. We cannot find an application for it anymore. The remaining two letters leave us 8 possible states (4 ^ 1 * 2 ^ 1 = 8), but they will not be enough either.

And now, let's calculate the efficiency: 1/5 * 100 = 20%. One English character hiding in five letters gives a twenty percent efficiency !!! The redundancy is 80%, but this is better than the poem of Robert Frost.

If you think that these operations are also noticeable as hiding information by changing the case of characters, then you are mistaken. However, in order for the original word to look more organic, you can add some tatweels. This will certainly increase the amount of redundant information.

Translation of several identical Arabic words in Google Translate

At the beginning of the second and third words are imperceptibly inserted the ending form of the letter "Aleph". At the end of the third word, the ending form of the letter "lam" became an intermediate form. However, the meaning of the words has not changed and the translator still shows the same translation.

Steganographic algorithm

In general, the algorithm includes the following steps:

  1. Create a text that you will hide;
  2. Find or write some plaintext;
  3. Make a mathematical analysis of both texts;
  4. Determine the steganographic method that best suits for your messaging;
  5. If there are no suitable methods, then go to step 2;
  6. Create a stego message.

As mentioned earlier, the Arabs left a huge cultural heritage, which is expressed in songs, books, music. There are no problems with the search for fairy tales and poetry. And the content of the secret message is up to you.

Mathematical analysis

This part takes a lot of time, so take a software package for mathematical analysis Matlab, Mathcad, Excel, LibreOffice Calc, Jupiter notebook, or Python interpreter. Keep in mind that for the Python language you will need additional libraries:

  • numpy - to work with arrays;
  • scipy - to use statistical functions;
  • matplotlib - to plot graphs and compare effectiveness;
  • other libraries.

The first thing you should do is to conduct a frequency analysis of letters and punctuation characters. To do this, build a symbolic table containing the characters and the number of repetitions for open and hidden messages. In the previous article, this was done through LibreOffice Calc (see also The evolution of ciphers and its reliability).

The main recommendations for the text in which we hide another text:

  1. The number of characters having 4 forms of writing should be more;
  2. At the beginning and end of each word, it is desirable to avoid letters with two forms of spelling;
  3. Try to avoid two letters in a row that have only two forms of writing.

Steganographic methods

Highlighting methods

This method requires a special character next to the hidden symbol. For European languages, these may be diacritic characters, or intentionally admitted typos and case-shift. In Arabic, you can use a tatweel next to secret letter.

Appliance of the first and second recommendations is especially important if you decide to use the tatveel symbol as a pointer to a hidden letter. Thus, tatweel can be seamlessly docked with the letter. The diacritic symbols are very noticeable, unlike tatweel symbols. Therefore, Arabic, Urdu and Farsi, from the point of view of steganography, are very convenient to use for such purposes. The highlighting method is very simple and perfectly suited in our case.

Incremental pointers methods

In the incremental pointer methods, delimiter characters are mainly used as the basis. "excess" spaces are added to the existing text, which indicate the secret letter. The purple circle marks the indent between words where one space is already there. This space is not counted.

Метод инкрементальных указателей
Steganographic messages

In Arabic, you can use the symbol tatweel as an incremental pointer. You can also use space and tatweel as a multiplier for the position of the pointer. For example, two spaces and three tatveels indicate 6 characters in a word. The number of tatweels in a word is not included in the calculation of the index of the secret letter. This is very convenient, isn't it?

If the document that contains the hidden message is stored as e-book or doc, then you will find all the characters without much effort. What to do when you want to place a hidden message on a store sign? Use only monospaced fonts, otherwise it will be difficult to extract the message.

Actually, the extraction of information will be possible, but you will not stand next to the signboard measuring the distance between words. Of course, you can take a picture of the sign and extract the message from the photo. But the monospaced font significantly speeds up this process.

Multifont methods

This method is the simplest and has many variations. For example, the multifont methods can be used along with the highlighting method. To do this, the fonts of the secret letters in the text are changed to another very similar font. Then all the letters are combined (concatenated) and we could receive the desired message.

In addition, you can use the name of the font itself as a hidden message. But this method is even worse, because when printing you will not be able to find the name of the font you're using in e-book, or doc. And besides, portability is not peculiar to it. This method requires the same fonts on the recipient’s computer, otherwise the information will be lost.

Meta-informational methods

The prefix meta means information about the information. Many modern formats store additional information. Such information contains mention about the author, time of creation, date of modification of the document and other information. This kind of information can be used as a hint to interpret a hidden message.

For example, you can specify a famous historical person as an author. Instead of the actual date of creation, indicate the date of a significant event. And it will also be considered as a steganographic message.

Methods of multiple meaning

Words which spoken in different societies may have different meanings. So in information technology, the word "mother" means a motherboard. Be careful when cursing the components of your friend's computer. In this case, you risk to get a bruise under the eye.

If you are a very erudite person and you know a lot of historical facts, interesting cultural features, the specificity of the pronunciation of words and other things, then this method is suitable for you. Moreover, this method is useful in the preparation and solving of intricate quests, puzzles, rebuses.

Choosing a way to hide information

There is no universal method for choosing a method of hiding information. The method can be determined by answering the questions below.

  1. What will be used as a carrier of information?
  2. What characters will be hidden?
  3. Will the text with the hidden message within, then be processed by other programs?
  4. What fonts, programs, devices does the recipient use?
  5. What knowledge and experience does the recipient of the secret message have?

After answering all of these questions, pay attention to possible problems and ways to rationalize the presentation of information.

Possible problems

Word processors (Microsoft Office Word, LibreOffice Writer, and some others) can automatically correct input, so a hidden message will not always be interpreted correctly. For example, the vector graphics editor Inkscape, changes the form of Arabic letters, even if the letters themselves are inserted character by character.

In regard to smartphones and tablets, this is especially true. Disable automatic replacement for words and spell checker. Otherwise, it will seriously complicate the whole process of hiding the text.

When transferring text files in electronic format, pay attention to the application versions. This is very important because it can affect the content of a text document. Alternatively, you can choose the usual notepad and txt format.

There may also be problems with notepad in Windows. After transferring a text file from Linux to Windows, a notepad which built in Windows incorrectly interprets the end of the line. In Linux, the end of a line is expressed by the ASCII character "line feed" (0x0A). In Windows, a new line begins after the characters "carriage return" (0x0D) and "line feed".

As a result, in Windows you can see the text placed in one row. To avoid this, any notepad that supports two end-of-line formats will do. Applications that are suitable for this purpose: notepad ++, Editpad, Visual Studio Code, Brackets, Sublime Text, and so on.

The ways of rationalization of steganographic processes

There are a lot of schemes for rationalization of hidden message representation. For each language ​​it is different. The Russian language is characterized by high redundancy of states. One of the 33 letters of the Russian alphabet can be represented by at least six circles, all of which could be in two different states.

As you can see, the number of all states for these circles is: 2 ^ 6 = 64. The number of unused states is: 64-33 = 31. If the alphabet is reduced to 32 characters, then five circles are ought to be enough. In this case, the number of all states will be: 2 ^ 5 = 32. The number of unused states will be: 32-32 = 0.

According to mentioned features, we concluded that it is possible to optimize the process of concealment:

  1. By increasing the number of letter states of an clear text message (which carries secret information);
  2. By reducing the number of characters of the alphabet of the secret message.

If you decide to use European languages ​​as a carrier of secret information, then you can increase the number of states by using diacritics, case-shift, and intentional typing errors. Such manipulations will look very strange and noticeable.

The alphabet of the hidden message for hiding information in two states must have from 2 ^ 4 to 2 ^ 5 letters (2 means the number of states for each position). Wasting 6 positions (circles) for characters is impractical, so for the Russian language, it is recommended to use a reduced version of the alphabet.

The Russian letter "Ё" is replaced by a similar letter "Е". The letter that dropped out of the alphabet is used less frequently. Let n be the number of positions of symbols. If the secret message is written in other languages, the number of characters in the alphabet of which slightly exceeds 2 ^ n and is significantly less than 2 ^ (n + 1), then such an alphabet needs to be reduced to increase the transmission density.

If initially it is planned to transmit only two phrases "YES" and "NO", then the set of characters of the secret alphabet can be reduced to 5 characters: {'E', 'N', 'O', 'S', 'Y'}. This is a very simplified example, but it explains why statistical analysis should be used.


The properties of the Arabic, Latin and Russian alphabets are analyzed. Excellent Arabic alphabet properties for unobtrusive information hiding are considered. The main methods of information hiding are given. By simple examples we show how to optimize information hiding processes.

The number of ways to hide information is not limited to the examples given. The main difficulty of applying such approaches consists in a different style of texts. Each style requires its own unique approach. Texts with a huge number of repetitions are the least suitable for hiding information.

Sources of information:

[1] Al-Kindi "Treatise on decrypting cryptographic messages"

[2] Herodotus "History in 9 books"

Standards of security of protected networks

The qualitative selection of computer network components and its proper configuration is very important if we are talking about enterprise network security. But the task of ensuring complete security is not limited to the existing physical infrastructure.

The seven-level OSI model describes the interaction of networked systems. According to it, a virtual private network, or even a multiple of overlay networks (networks over a networks) can be created in an existing physical network. Overlay networks can also be used to hide sensitive data.

An analogy from real life is a policeman and law-abiding citizen. If such a citizen works as a home master, then he probably has to walk with a hammer, pliers, nippers and other equipments. If he carries his tools in his hands, this will seem suspicious to the policeman and the people around him. Really, it is very strange to see a smiling guy with a hammer, near the cashier, in the grocery store. He can smile, but it will not give him confidence, because there are generally accepted rules of behavior.

безопасность окружающих
Some casus

In computer engineering, a protocol is a generally accepted rule that governs certain activities. In real life, there is a rule that a hammer ought to be placed in a suitcase for tools. Words from the famous song by Mikhail Shafutinsky also can be considered as a protocol: "Mom told me: Do not eat from a blade of a knife - you will be evil." There are many protocols and each person can create own, but keep your hammer away from the cashier and the policeman.

In the context of network engineering, the suitcase is the TCP/IP protocols stack. All possibilities, standards, characteristics, requirements, proposals regarding the use of generally accepted technologies are described in the RFC (abbreviation Request for Comments). All of it are not listed in this review, so only some RFCs related to the selected topic will be considered.

In short about standards

Maturity level

Before the standard becomes generally accepted, it must mature. At the first level of maturity, the standard is called the "Proposed Standard." This means that it is ready for implementation, but may be revised. The reason for the revision may be identified deficiency. Some Internet protocols still have this status, despite the fact that they are used by millions.

Until 2011, the next step was the draft standard. When a standard partially matured and has the potential to become the basis for other standards, it is necessary to specify and unify it more.

Finally, the most advanced form is the “Internet standard.” After 2011, “Draft Standard” and “Internet Standard” were combined [RFC 6410]. This level is characterized by a more strict unification, when all possible implementations of the “Proposed Standard” are compared and summarized.

Non-standard maturity levels

Nonstandard levels of maturity are introduced in RFC 2026: "Experimental", "Informational" and "Historical". "Experimental" - used for experiments, the result of which may lead to the creation of a standard. "Informational" - defines the specifications that cannot always be agreed with the society creating standards. "Historical" - a document that is forgotten and does not suit for practical usage.

Historical documents are necessary to avoid repeating the mistakes of the past experience. They are educational in nature and help to comprehend and rationalize the way other standards are produced.

Levels of OSI model and security

The open model of system interconnection [OSI, RFC 1122], which was mentioned above, is an established “Internet standard”. All equipment manufacturers take its contents into account. Without all of this, nothing would have worked properly.

  1. Physical layer
  2. Link layer
  3. Network layer
  4. Transport layer
  5. Session layer
  6. Presentation layer
  7. Application layer

For each of these layers, there are special security requirements. They depend on the selected transmission medium, equipment capabilities and the specifics of its operation.

Physical layer

At the physical level, we consider transmission media and signals. Signals are passing through the transmission medium. A signal is a change of the state of an environment over time. Signals tend to fade away. In some environments, it is easy to intervene and intercept or distort information, in others, on the contrary, it is very difficult and problematic.

From the point of view of security, the choice of transmission media plays the main role, because it makes up most of the space through which the signal passes. So if you choose wireless as your transmission medium, you risk a denial of service.

Related standards and other useful information:

RFCFull name

RFC standards do not sufficiently informatively describe the first level of the OSI model. In more detail, it is described by the standards of the Institute of Electrical and Electronics Engineers IEEE 802.

Wireless communication

If you are fond of radiotech, then you probably know that it is not too difficult to create your own electric circuit for transmitting signals. Today, the Chinese industry produces massively many ready-made "silencers" of signals, or jammers.

From the point of view of the legislation of some countries, the use of such things can be regarded as interfering with the work of electronic devices (computers), systems and computer networks. This article only states the fact of insecurity of such kind networks and is not a direct or an indirect call to action.

However, among the very rich people in the west, using of jammers is a very common practice. It is explained by the desire to protect themselves from unmanned aerial vehicles (UAVs). All drones, with the exception of autonomous and semi-autonomous, work only on radio control. Sometimes UAVs are used for tracking, and sometimes as in the case of Venezuelan President Nicolas Maduro. Do you remember the sad event in August 2018?

Беспроводная связь

The president of Venezuela is alive and well. Some of the rich people were seriously worried about that incident. In some countries, after that were even banned the sale of UAVs. This is of course a very silly ban, because some people use them for beautiful bird's-eye photos.

Jammers work on certain frequencies. It can be universal, or for a specific range of radio signals: WiFi, GPS, 2G, 3G, 4G, 5G. The signal strength also varies. In order to self protect from the UAV flights, rich people buy multi-band devices, that cover by its signal only the territory of the owner. See also: Avoiding of unmanned aerial vehicles.

The main disadvantages are:

  1. The signal can be silenced;
  2. The signal can be received by everyone within its range (even if it's encrypted, but this is not pleasant);
  3. The quality of the signal depends on the weather;
  4. The position of where the signal comes from can be easily determined.

The main advantages are:

  1. It has a high mobility;
  2. Allows you to save money without buying and maintaining cables.

Twisted pair wire communication

The most common medium for transmitting information is a cable with a twisted copper conductor, commonly known as the twisted pair. If you live in a tenement house in a provincial city, then highly likely a cable of this type is connected to your home router.

Cables with copper conductors can be shielded and not shielded. The shield (foil wrapper) is protection from external electromagnetic fields. This type of communication is slightly better protected from physical intervention than the previous one. For additional protection against physical interference, cables inside the house should be laid in a corrugated plastic pipe.

The main disadvantages are:

  1. A bit more expensive than wireless;
  2. Lack of mobility.

The main advantages are:

  1. Copper cable can be bent and laid as you wish;
  2. More secure than wireless.

Fiber-optic communication

The most reliable method of communication is fiber-optic communication lines. Optical fibers are made of quartz and used as a transmission medium. The optical signal is a laser beam. Coherent monochrome radiation diverges in different sides less than ordinary light. In addition, the fibers are doped with germanium oxide GeO2 and some other additives. These additives change the refractive index of the medium. Handle this type of cable with care. Limited flexibility makes them very fragile.

Anyone can crimp twisted-pair copper wire, in contrast to optical fiber. Just strip the ends of the insulation, stick into the plug 8p8c and crimp by crimper. With optics, everything is different, installation, maintaining and repair is much more complicated and expensive.

The main disadvantages are:

  1. The most expensive way of networking;
  2. Limited cable flexibility;
  3. Lack of mobility.

The main advantages are:

  1. The safest way;
  2. The most high-speed method of communication.

This level, according to IEEE 802, is divided into two sublevels: 1) MAC - regulates access to the environment shared between interacting devices; 2) LLC - provides service to the network layer. Part of the message sent at this level is called frame. The frame header contains the MAC addresses of the sender and receiver.

MAC sublayer is responsible of collision avoiding of access to the common transmission medium. Collisions occur when multiple devices attempt to use the environment at the same time. Such tasks are solved by using the following medium access schemes: CSMA/CD, or CSMA/CA. This sublayer operates with: Quality of Services (QoS) is applied (a COS tag is attached to the frame header), VLAN technology, MAC filtering, STP and SPB routing protocols.

Protocols are multiplexed on the LLC sublayer. In other words, there can be several logical channels on one physical communication channel (hence, its name is Logical Link Control). The total bandwidth of the physical medium is divided between all logical channels, depending on the priority QoS label for a specified class of service.

ASCII codes of text message


The data link layer protocols generally support only error detection and cancellation of erroneous frames. Errors are checked by checksum by folding the numeric values ​​of the transmitted characters and the checksum field of the received frame (see ISO / IEC 3309: 1993).

FCS (checksum field) is 2 bytes in size. Frame retransmission is performed only for wireless communication protocols. For wired communication protocols, for example, Ethernet - repeated frame transmission is not due to the fact that there are significantly fewer errors during transmission by wire.

There are a big number of data link layer protocols: PPP - point-to-point protocol; MLPP - multi-channel communication protocol; CDC is a CISCO protocol for detecting hosts on a network; LLDP is a protocol for discovering hosts on a network; NDP is a Nortel protocol for discovering hosts on a network, and many others.

Related standards and other useful information:

RFCFull name
826An Ethernet Address
Resolution Protocol
1661The Point-to-Point
Protocol (PPP)
2641Cabletron's VlanHello
Protocol Specification
5517Cisco Systems'
Private VLANs:
Scalable Security
3069VLAN Aggregation
for Efficient
IP Address
Forwarding: A Method
for Subscriber Separation
on an Ethernet
Access Network
4957Link-Layer Event
Notifications for Detecting
Network Attachments
(informational status)
4719Encapsulation Methods
for Transport of
Asynchronous Transfer Mode
(ATM) over MPLS Networks

These standards are translated into many languages. Be careful, translations may not always be relevant and contain typos. That is why this article does not provide specific links. If you are very interested in any aspect, then read the original.

Security of link layer


Good practice for organizations is vlan segmentation of the network. VLAN does not change the frame header; instead, a 4-byte vlan tag is placed inside the frame (see IEEE 802.1Q standard). Even if there is a router on the network, or a switch that does not support vlan tags, it will simply pass this frame through itself.

In CISCO guidelines you can read about the automatic configuration of vlan and it is very convenient. But if you have enough time, it is better to configure all vlans manually without using the VTP and DTP protocols. DTP has several modes of operation, making it insecure. If the auto trunking mode (dynamic desirable) is set on the interfaces of your switch, then an attacker can gain access to all unavailable vlans. Of course, for this, he must control at least one machine in your network.


At this OSI level, PPTP protocol implements end-to-end encryption. L2TP works at this level, but does not implement encryption. L2TP (OSI layer 2) + IPsec (OSI network layer) is used for encryption.

PPTP is deemed unreliable and will not be considered in detail. If your VPN provider supports more secure protocols, use them. For example, the network layer protocol of the OSI model is IKEv2 (see more about VPN).

Discovery protocols

LLDP and CDP discovery protocols are very useful for automatically discovering devices and their capabilities. If you want to experience all the benefits of automatic configuration of a VOIP phone and other devices, then keep it on. If an attacker gains control of one of the devices on your network, then it can be used to scan your internal network infrastructure in details.

Network layer

This layer is the most important and is responsible for addressing on the Internet. The main functions are: determining the path of the package and its direction. At this level, IP-addressing works, which is developed by the American DARPA.

In addition to the main Internet protocols (ipv4 and ipv6), the ICMP protocol operates at this level. You encounter with it when you send ping messages using the ping command. This command sends messages to the specified IP address of the recipient. The recipient of this message (IP datagram) sends it back. The user program analyzes the similarities and reports the quality of communication and the percentage of losses.

Another important feature is the ability to encapsulate IP packets. The idea of ​​encapsulation is to pack a payload into a data packet [see RFC 4303 for payload], or other packet [see RFC 2003]. RFC 4303 is part of the IPsec security protocol group.

Network layer ip tunnel
Creating ipip tunnel in Linux

An IP packet in another IP packet creates an IP tunnel. In the figure above, in the terminal, you can see help option for the tunnel creation command that implements the proposed standard [RFC 2003] in Linux.

During the passage of such a tricky package, most routers, except routers with DPI support (deep packet inspection), look through the address field of the main packet and do not see the destination address of the internal packet. The main package reaches the addressee, it is unpacked and the contents of the internal package goes further to its own address.

Related standards and other useful information:

RFCFull name
791Internet Protocol
2003IP Encapsulation within IP
4303IP Encapsulating
Security Payload
(ESP is a part of
IPsec protocols)
7359Layer 3 Virtual
Private Network (VPN)
Tunnel Traffic Leakages
in Dual-Stack
7296Internet Key
Exchange Protocol
Version 2 (IKEv2)
6989Additional Diffie-Hellman
Tests for the Internet Key
Exchange Protocol
Version 2

Security of network layer

VPN (IKEv2, L2TP+IPsec)

VPN, or virtual private network is a network consisting of geographically separate networks combined into one network. Data which sent through it is encrypted and passes through the so-called "tunnel". This encryption is called end-to-end encryption.

The tunnel includes intermediate network devices that cannot spy on encrypted information. At the ends of the tunnel, the data is in an unencrypted form and this means that all subsequent traffic can theoretically be viewed.

Typically, VPN is used to bypass bans, or to improve privacy. But the effect may very often be the opposite. Security depends on the choice of VPN service provider and the available protocols, key sizes, endpoint security, etc.

vpn в Windows 10
Creating vpn connection in Windows 10

With the IKEv2 protocol, in fact, as with the L2TP + IPsec combination, there are no problems at all. All you need to do is the following things: select the supplier's vpn address, name your interface, select the connection type in the interface properties, click on the network icon in the lower right corner, click "Connect" and enter the user name and password for the subscriber.

подключения к VPN
Connecting via virtual vpn-interface

There is a paid subscription of about $ 15 per quarter. Of course, it’s more profitable to order it for a longer period, but if you are not sure of the proper level of service, buy a tariff plan for a month, or three. I do not advise a certain service provider, because each user has his own quality requirements. It is worth noting that some cheap VPN services have one interesting feature, a subscription for new customers is cheaper than for regular users.

Some vpn service providers realize out-of-the-box client applications that make it easier to switch between VPN servers. It is often created for Windows, MacOS and what is surprisingly good even for Linux. If all of this is not, then providers give a set of instructions on how to do it manually for your OS.

At the origins of the key exchange protocol IKEv2 [RFC 7296] are staying: Microsoft employee Charlie Kaufman, member of the VPN Consortium Paul Hoffman, Check Point Yoav Nir, independent Finnish researcher Pasi Eronen, and another one Tero Kivinen from INSIDE Secure. As you can see, they are all representatives of well-known organizations from around the world and this inspires a great confidence.

VPN pitfalls at the network level

If the VPN application does not have IPv6 support, then using multiple IPv4 and IPv6 addressing families can result in traffic leaks. Refer to [RFC7359] and [RFC7123] for more information.

ICMP protocol

ICMP protocol can be used to detect devices connected to your network using the ping command. Most routers provide the ability to disable ICMP traffic support within the network. However, it is better not to do this. By default, pings from the Internet do not pass inside the network. And inside the network, ICMP traffic is not recommended to be disabled. Turning off ICMP support may complicate administration inside large networks.

Transport layer

At the transport level, there are basic protocols: UDP and TCP. The word "transport" means its main feature is to deliver packages to the specified port. Each server program working with a network uses its own port, or ports (try not to be confused with physical ports on the case of your PC).

If multiple server applications use the same port, this causes a conflict. Client programs can work with the same network port. For example, the browser is a client program and works mainly with ports 80 and 443. You can open two or more browsers and go to the same page and this will not cause a conflict.

In most server-side applications, the port can be redefined. For example, apache and nginx web servers can coexist on the same device and use different ports, but this is not practical. Among other things, the user to access the port other than the 80th will have to write in the browser after the site name the colon character and port number. However, 65535 ports ought to be enough.

UDP is a user datagram protocol. A datagram is a block of data transmitted between network devices without a connection being established. This protocol does not guarantee the delivery of the package in the right order, but it is quite smart. On its basis, you can create your own protocol.

TCP is a transmission control protocol. In this protocol, a connection is established between the sender and the receiver. The data transmitted with it is packaged in packets, numbered and sent. Thus, the use of TCP guarantees delivery in the correct order.

The connection occurs after a three-step handshake:

  1. The client's program sends a SYN flag to the server and sets a random sequence number A
  2. The server's application responds with a SYN-ACK. The number confirming acceptance is A + 1. The packet number that the server sends to the client is set to a random value B;
  3. The client program sends an ACK with a sequence number equal to A + 1 and a packet number B + 1.

Related standards and other useful information:

RFCFull name
768User Datagram Protocol
793Transmission Control Protocol
7323TCP Extensions
for High
8085UDP Usage Guidelines

What the dropped packets stand for?

Packages can be dropped if:

  1. A network filter was used and a rule for discarding certain packets was established;
  2. A firewall has been used to prevent packets from being received through the required port;
  3. Packages are not properly shaped;
  4. The packet queue in the OS buffer is full;
  5. Packets are corrupted and the checksum does not match.

Firewalls and network filters fight against dangerous packets as like an immune system do. For the wrong packets, two solutions are possible: 1) packet dropping; 2) packet rejecting.

packet dropping vs. packet rejecting
Firewall and packet filtering

A simple drop operation is not recommended, because another machine can conclude that the packet is lost and re-send it n-times, thereby creating a load on the network. Some say that dropping packets will not let a hostile user understand that the port is open. This is true, but only for a SYN scan.

Although, more modern scanners use not only a SYN scan, but they also send their own fake packets. To be truly invisible to the enemy, the response from the host must be the same, regardless of whether the application is running or not. But then it will complicate the connection for legal users.

Quick scan mode
Screenshot of the Zenmap application (quick scan)

The second method is preferable, because it sends a response message with a rejection to accept the packet and its re-transmission is not performed. But in this way, you will very quickly make it clear to the hostile user that the port is open and in use. Of course, you can use non-standard ports for your applications and slightly improve your security.

команда ip в терминале Linux
The number of dropped packets and errors

In Windows 10, you can find out the number of packages dropped with the netstat command with the "-s" option. In the Linux terminal, in order to get statistics, enter the ip - -stats link command (there is no good old ifconfig in Ubuntu 18.04 Bionic Beaver, and Arch Linux switched to management via Systemd in 2014).

If you really want to see the contents of the packets, use the rfc documents and the wireshark application to control your security. For beginners, it may seem a bit confusing, but there is a fairly advanced filtering and labeling system packets.

Where are the blocks of received and sent data stored?

Each operating system stores part of the temporary data in buffers. The blocks of data sent and received through the network are of temporary importance. That's why temporary data buffers are located in the RAM of your device.

размеры буферов
Setting Buffer Sizes for Windows 10

In Linux, the network parameters which involved are contained in files that you can find in the next directories:

  • /proc/sys/net/core/
  • /proc/sys/net/ipv4/
  • /proc/sys/net/ipv6/
  • /proc/sys/net/netfilter/
  • /proc/sys/net/unix/

However, manually editting of its contents is a bad practice. To edit the kernel parameters contained in the /proc/sys/ folder, use the sysctl utility. To configure the receive data buffer, enter into the terminal:

sysctl -w net.ipv4.tcp_rmem=’4096 87380 8388608′ 

The first value specified in the tcp_mem variable is reported to the kernel. Below this value, the TCP stack does not care at all to exert any pressure on the memory usage of various TCP sockets.

The second value tells the kernel when to start reducing memory usage, otherwise an unlimited increase in the size of a dynamically expandable buffer would result in a denial of service.

The last value tells the kernel the maximum number of pages of memory that the OS can use. If this value is reached, TCP flows and packets begin to be dropped until the lower memory consumption is again reached.

As you can see in Linux, unlike Windows 10, the buffers are dynamic. This feature of the OS makes it flexible and gives the best performance. Tuning kernel parameters can be useful in cases of:

  • If you are fond of mining cryptocurrency;
  • If you want your web server to be high load proof;
  • If you are a administrator of data center.

Security of transport layer

Some people mistakenly assign the well-known TLS security protocol to this level of the OSI model, but this is wrong and will be discussed below.

Security at this level is governed by the rules of firewalls and packet filters. It control allowed traffic, directions (in / out), network services and its corresponding ports. The incoming data, depending on the rules, can be "allowed", "rejected", or "dropped".

What the dropped packets stand for?

Session layer

Session layer is divided into several stages. Before the session, there is an exchange of "handshakes". It looks different for each protocol, so see the corresponding RFC documents. Next, set the session, which can be normally stopped, or urgently interrupted.

Related standards and other useful information:

RFCFull name
1928SOCKS Protocol Version 5
6066Transport Layer Security
(TLS) Extensions:
Extension Definitions
8448Example Handshake
Traces for TLS 1.3
8449Record Size Limit
Extension for TLS
8446The Transport Layer
Security (TLS) Protocol
Version 1.3
5923Connection Reuse in
the Session Initiation

Security of session layer

One of the most well-known protocols is SOCKS. This protocol is actively used in onion TOR-proxy networks.

Regarding TLS, it’s impossible to say exactly about the OSI layer. According to the TLS specification [RFC 8446 see clause 1], there are two protocols: 1) handshake protocol; 2) record protocol. In the figure below, the wireshark network packet analysis application is open and the handshake protocol fields are open up. Samples of network packets are downloaded from the wireshark site as a pcap file.

протокол рукопожатий TLS

On the one hand, it is at the session level (green ellipse). On the other hand, compression is implemented at the presentation level (blue ellipse). Although, in many sources, this protocol is assigned to the session level.

Presentation layer

The presentation layer is responsible for data processing. It deals with encoding, decoding, encryption, decryption, compression, decompression, and so on.

The lower levels of OSI model define special code sequences (delimeter symbols, or separator symbols) to delimit the internal contents of packets. During the descent of the OSI model, at the presentation level, such characters are escaped, surely if it is present, to avoid misinterpretation of the packet when passing between network devices.

The presentation layer, basically translates data between the normal presentation of the upper layers and the unified network transmission format. Data can be transmitted in different formats from different sources. Thus, the presentation layer is responsible for integrating all formats into a standard format for effective and efficient communication.

Application layer

At this layer operates dns due to which you do not have to enter the ip-address in the address bar of the browser and instead of this, you can simply specify the name of the site. In case your home ip changes, you can use dynamic dns and have permanent remote access to your home PC via ssh, or any other secure protocol.

There is a WakeOnLan technology that allows you to turn on a remote computer from a distance. To do this, you need to enable wake-up on the network in your UEFI, or BIOS. And of course the network cable and the power cable must also be connected to the appropriate connectors. If you have a router, you will need to configure it to make all wake-frames go through from the network. You can surprise someone from your loved ones with a suddenly turned on PC.

SSH is an application level protocol that has many client and server implementations with similar names. Some people use ssh to create ssh tunnels, inside which you can pack another RDP protocol. Using the naked RDP protocol to broadcast screen content of the desktop is very dangerous, but the ssh tunnel makes it secure.

It is impossible to list all the protocols in this article. Suffice to say that the https secure communication protocol works on this layer [RFC 2818].

Related standards and other useful information:

RFCFull name
2818HTTP over TLS
4253The Secure Shell (SSH)
Transport Layer Protocol
4388Dynamic Host
Configuration Protocol
(DHCP) Leasequery
7235Hypertext Transfer
Protocol (HTTP/1.1):

Yet more about vpn and privacy

Some people mistakenly believe that VPN, or TOR will keep them private. But illiterate system configuration and the choice of a bad vpn provider can break your privacy level due to leaks.

The most common leakages of private information are caused by:

  1. DNS leakages;
  2. WebRTC or IP leaks;
  3. Browser extension leaks.

When you enter the site name in the address bar, you access the DNS server and it substitutes the ip-address of the site. Keep in mind that some DNS servers log your calls to Internet resources. If the settings for the network interfaces of Windows 10 are set to "get DNS automatically", then you use the dns provided by your provider.

Many online services have been invented for testing VPN services for leaks. Some of them do not show the actual security situation and are created only for the promotion of these services. For greater confidence, use Wireshark and other utilities to analyze packets of the outcome traffic.

Also, be careful about popular browser extensions. The fact that most people use them does not mean that they are safe enough.

The founders of the Internet

Standards developers are people too. They also, like all people, have a sense of humor and a craving for beauty. Some of them love poetry, as RFC 1121 contains an ode to queue written by Leonard Kleinrock in honor of the 20th anniversary of ARPANET. This author also wrote the following works: "The past is the prologue", "The Big Bang (the birth of ARPANET)".

But special attention should be paid to the father of the Internet, Vinton Gray Cerf. He wrote a verse in the style of William Shakespeare "Rosencrantz and Ethernet". The beginning of the verse is: " All the world's a net! And all the data in it merely packets...". It sound similar to Shakespeare, isn't it?


Of course, digital literacy of an ordinary user is very important, because the weakest part of any computer network is a person. But building a secure network is quite a complicated matter, requiring the proper attention of security experts and computer systems analysts.

In this article, we considered the next thesis: segmentation of networks into vlans, creating tunnels in Windows 10 and Linux, resizing system buffers, using the Wireshark for packet analysis, and much more. So stay safe with us!