Steganography is a method of hiding information or files within another file. Steganography literally means covered writing in Latin. Steganography can be placed into images, audio files, and videos using various steganography tools on the internet.
Steganography tools were even famously used by the terrorist attackers on 9/11 in the United States. Hiding information in plain sight with steganography has always been a great tactic for nefarious hackers and blackhats on the internet for decades.
Steghide is a very popular free and open-source tool that allows users to hide various information in both audio and image files. Steghide is able to support the following files: JPEG, BMP, WAV, and AU.
Some of the popular commands when using Steghide are:
steghide info file : displays info about a file whether it has embedded data or not.
steghide extract -sf file : extracts embedded data from a file
Steghide is an excellent choice to embed simple pieces of information within both image and audio files.
Steganography can also be used by hiding information in the headers of various types of files. Exiftool is another great open-source software package for viewing the headers of all types of files for further or hidden information.
File headers often have timestamps, geodata, or even hidden secrets that are not able to be seen without specialized software such as Exiftool.
In order to read header information with Exiftool you can run the following command:
exiftool file : shows the metadata of the given file
Often precompiled tools with a GUI can make Steganography much easier. Java based tool Rsteg just does this. All that is needed to hide text information within an image is a simple pin for both encryption and decryption.
rSteg’s minimalist interface makes passing hidden information or storing secret links very easy.
You can download rSteg here.
Steganography is not limited to only images and video. You can also store hidden information within audio files. Wavsteg allows you to both hide information and extract information that is stored hidden within Wav audio files.
Wavsteg is written in Python3 and therefore easily usable on all computing platforms.
Wavsteg can hide information in files with the following command:
$ stegolsb wavsteg -h -i sound.wav -s file.txt -o sound_steg.wav -n 2 Using 2 LSBs, we can hide 6551441 bytes Files read in 0.01s 5589889 bytes hidden in 0.24s Output wav written in 0.03s
Wavsteg can find information in files with the following command:
$ stegolsb wavsteg -r -i sound_steg.wav -o output.txt -n 2 -b 5589889 Files read in 0.02s Recovered 5589889 bytes in 0.18s Written output file in 0.00s
Often you do not know how steganography is used to hide information or where that information is hidden. StegCracker is what is called a steganography brute-forcing tool. It uses many techniques to uncover information within image and audio files no matter how it is kept hidden.
StegCracker can be used by feeding into it a wordlist such as the famous Rockyou.txt list or a precompiled Docker image.
OpenStego is another great tool to utilize steganography to hide information. OpenStego allows you to hide text in nearly all types of image files including BMP, GIF, JPEG, JPG, PNG, and WBMP.
OpenStego will then output the secret file as a PNG. The same software can decrypt the file at anytime. OpenStego is updated and written in Java.
OpenStego can be found here.
Steganography Tools in Conclusion
In conclusion Steganography is an excellent way to hide information and files for a myriad of use cases. The large amount of free and open-source tools makes steganography an obvious choice when you are looking to hide information.