Steganography is the practice of concealing a file within another. In this tutorial we are going to use a tool that not only buries a file within an image, but it also encrypts it just in case somebody knows that the transmitted image contains a payload. We are going to embed a textfile to pass a message, but one should be able to hide any kind of file.
Whilst this tutorial focuses on Linux (Ubuntu specifically), the software being utilized does have a windows package that can be downloaded from the developer's website, and all the commands are the same (there is no GUI).
Steps
Install the steghide application
sudo apt-get install steghide
Download a large image. For the purposes of this tutorial, I am going to use the one below (click it to see the full-size image).
You could download it with the following command:
wget -O /tmp/large-image.jpg https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOR6YfkxTt7Tr0TnDaf0TxVNBFFYbcYVVTBNE4KGrH5nvwnG4qGlZ7njkKAcHvg8zPCGMcy3IaacsHU0pRiokNpGKSLrrmXr2q_Ib9H6UCUvdxD1smepJR1DUaQkwwwwe0_Yh0uPnN2GGI/s1600/large-image.jpg
Check how much of data we can embed into the picture.
steghide info /tmp/large-image.jpg
Create a text file that contains the secret message that you wish to pass along. I am going to do this using the following command:
echo "my secret message" > /tmp/secret-message.txt
Check how large the secret message is to see if it exceeds the capacity of the image:
du -b /tmp/secret-message.txt
The -b means that we output the files actual size in bytes instead of the size on disk. This is because the minimum file size on disk is likely to be 4 kilobytes which could lead you to believe the file was too large when it is not.
Now lets embed an encrypted form of the file into the image.
steghide embed -cf /tmp/large-image.jpg -ef /tmp/secret-message.txt -sf encrypted-message-image.jpg
If you just want to replace the image, rather than generate a new one with the message, then simply remove the following part:
-sf encrypted-message-image.jpg
I don't recommend naming the image "encrypted-message-image.jpg" in real life.
Resulting File
As you can see, the image looks identical to the first
The key I used on this file is:
demo
Extracting the data
Once you have sent the image to the recipient, they will need to perform the following steps to retrieve the embedded file.
steghide extract -sf /tmp/encrypted-message-image.jpg # enter the passphrase cat secret-message.txt
It will extract the file with the same name as the name of the file that was put in.
No comments:
Post a Comment