Skip to main content

Steganography

Steganography is the practice of hiding secret information within an ordinary, non-secret file or message to avoid detection. Unlike cryptography, which obscures the content of a message, steganography conceals the very existence of the message. Common carriers include images, audio files, videos, and even text.

🌟 Key Concepts

  • Carrier (Cover File): The file used to hide the secret data (e.g., image, audio, video).
  • Payload: The secret information to be hidden.
  • Embedding: The process of hiding the payload within the carrier.
  • Extraction: Retrieving the hidden payload from the carrier.
  • Steganalysis: The practice of detecting steganography.

🛠️ Common Tools

  • Steghide: Popular tool for embedding/extracting data in images and audio files.
  • zsteg: PNG/BMP analysis tool.
  • stegsolve: Java-based image analysis tool.
  • OpenStego: GUI tool for hiding data in images.
  • OutGuess: Universal steganographic tool.

🛠️ Useful Commands for Steghide

# install steghide
apt-get install steghide
# displays info about a file whether it has embedded data or not.
steghide info <file>
# embed file secret_text.txt into the file image.jpeg
steghide embed -cf image.jpeg -ef secret_text.txt
# extract embeded data from file image.jpeg
steghide extract -sf image.jpeg
# embed with a passphrase
steghide embed -cf image.jpg -ef secret.txt -p "yourpassword"
# extract with a passphrase
steghide extract -sf image.jpg -p "yourpassword"
# specify output file when extracting
steghide extract -sf image.jpg -xf output.txt
# embed multiple files (first archive them)
tar czf secrets.tar.gz secret1.txt secret2.txt
steghide embed -cf image.jpg -ef secrets.tar.gz
# change the passphrase of embedded data
steghide --passphrase oldpass --newpass newpass --change-passphrase -sf image.jpg

📚 Useful Links & Resources

📝 Notes

  • Steganography is often used in CTF (Capture The Flag) challenges and digital forensics.
  • Combining steganography with encryption increases security.
  • Detection (steganalysis) is an active area of research in information security.