Home Upgrade Search Memberlist Extras Hacker Tools Award Goals Help Wiki Follow Contact

HF Rulez the UniverseHF Rulez the Universe
Raymond Reddington
Legendary Vendor
steganography kali linux cryptography steganalysis steghide

[TuT] Introduction to Steganography - Concept, Tools, and Tutorials

Posted 10-09-2022, 09:43 AM
[Image: mfuNoEa.png]

[Image: zsBn6iI.gif]

[Image: gXRamuy.gif]

Introduction to Steganography
Learn more about the practice of embedding hidden messages in images!

[Image: i88GkzM.jpg]

I.) Introduction
Steganography is the practice of concealing a message within another message or a physical object. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. It is similar to cryptography; the technique of securing information and communications through use of codes such that only intended users are able to access the protected information. The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable they are, arouse interest and may in themselves be incriminating in countries in which encryption is illegal. Steganography is as one might say "hidden in plain sight".

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program, or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet. The change is so subtle that someone who is not specifically looking for it is unlikely to notice the change. Some popular steganography tools are Steghide, ExifTool and Binwalk. Within this tutorial, we will be showing a proof-of-concept (PoC) using Steghide.

[Image: ZdLsXMI.png]

II.) Requirements & Dependencies
  • Security oriented Linux distribution such as Kali Linux, BlackArch or Parrot. (Kali preferred).
  • Steganography tool such as Steghide, ExifTool or Binwalk

You should have the following dependencies installed to use StegHide:
  • libmhash
    A library that provides various hash algorithms and cryptographic key generation algorithms. Steghide needs this library to convert a passphrase into a form that can be used as input for cryptographic and steganographic algorithms.
  • libmcrypt
    A library that provides a lot of symmetric encryption algorithms. If you compile steghide without libmcrypt you will not be able to use steghide to encrypt data before embedding nor to extract encrypted data (even if you know the correct passphrase).
  • libjpeg
    A library implementing jpeg image compression. Without this library you will not be able to embed data in jpeg files nor to extract data from jpeg files.
  • zlib
    A lossless data compression library. If you compile steghide without having this library installed you will not be able to use steghide to compress data before embedding nor to extract compressed data from a stego-file.

If you use a major Linux Distribution you probably do not have to worry about having these libraries installed as most of them will probably come pre-installed with the OS.

III.) StegHide Tutorial
Steghide is a steganography tool that is able to hide data in various kinds of image and audio-files. The color-respective sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests. Within this tutorial, we shall install StegHide, and hide & extract a secret text message from an image.

  1. Run the following command to install StegHide on Kali Linux:

    Code
    apt-get install steghide

    [Image: DDk2WYo.png]

  2. Since Kali Linux already has all of the required dependencies installed, you don't have to worry about anything else and you can proceed to utilize StegHide.

  3. We shall be aiming to hide "secret.txt" within "image.jpg" here. Use "--help" to view a list of all available commands. You can use a custom passphrase with "-p" or "--passphrase" for an added layer of security.

  4. Run the following command after you have selected your files and placed them within your current directory.

    Code
    steghide embed -cf image.jpg -ef secret.txt

    [Image: 5xbFZY0.jpg]

  5. The file should be inserted & hidden within the image now. Let's move over to file extraction.

  6. The receiver of your data should use the following command to extract the secret message:

    Code
    steghide extract -sf image.jpg

  7. You will be prompted within this step for a passphrase if you have set one up. If the supplied passphrase is correct, you should be able to see the file secret.txt now.

    [Image: vzfHv69.png]

  8. You can also use steghide in steganalysis mode to attempt to get information about an image file. You could potentially identify whether an image contains a secret message, and identify the encryption algorithm used. The standard mode of encryption is AES-128 / Rjindael-128.

    [Image: kJCgS8W.png]


IV.) StegHide Usage

Here is a full list of commands supported by StegHide:
  1. General Options
    • info, --info
      Display information about a cover or stego file.

    • encinfo, --encinfo
      Display a list of encryption algorithms and modes that can be used.

    • version, --version
      Display short version information. 

    • license, --license
      Display steghide's license.

    • help, --help
      Display a help screen.

    • -p, --passphrase
      Use the string following this argument as the passphrase. If your passphrase contains whitespace, you have to enclose it in quotes, for example: -p "a very long passphrase".

    • -v, --verbose
      Display detailed information about the status of the embedding or extracting process.

    • -q, --quiet
      Suppress information messages.


    • -f, --force
      Always overwrite existing files.


  2. Embedding Options

    The following arguments can be used with the embed command:
    • -ef, --embedfile filename
      Specify the file that will be embedded (the file that contains the secret message). Note that steghide embeds the original file name in the stego file. When extracting data (see below) the default behaviour is to save the embedded file into the current directory under its original name. If this argument is omitted or filename is -, steghide will read the secret data from standard input.

    • -cf, --coverfile filename
      Specify the cover file that will be used to embed data. The cover file must be in one of the following formats: AU, BMP, JPEG or WAV. The file-format will be detected automatically based on header information (the extension is not relevant). If this argument is omitted or filename is -, steghide will read the cover file from standard input.

    • -sf, --stegofile filename
      Specify the name for the stego file that will be created. If this argument is omitted when calling steghide with the embed command, then the modifications to embed the secret data will be made directly to the cover file without saving it.

    • -Z
      Specify the compression level. The compression level can be any number in the range of 1-9, where 1 means fastest compression (and fastest speed) while 9 means best compression.

    • -Z, --dontcompress
      Do not compress the secret data before embedding it.

    • -K, --nochecksum
      Do not embed a CRC32 checksum. You can use this if the secret data already contains some type of checksum or if you do not want to embed those extra 32 bits needed for the checksum.


    • -N, --dontembedname
      Do not embed the file name of the secret file. If this option is used, the extractor needs to specify a filename to tell steghide where to write the embedded data.


  3. Extracting Options

    The following arguments can be used with the extract command.
    • -sf, --stegofile filename
      Specify the stego file (the file that contains embedded data). If this argument is omitted or filename is -, steghide will read a stego file from standard input.


    • -xf, --extractfile filename
      Create a file with the name filename and write the data that is embedded in the stego file to it. This option overrides the filename that is embedded in the stego file. If this argument is omitted, the embedded data will be saved to the current directory under its original name.

  4. Full Name Options
    All file name arguments (-cf, -ef, -sf, -xf) also accept as a filename which makes steghide use standard input or standard output (whichever makes sense). Omitting the corresponding file name argument will have the same effect as using - with two exceptions: If -sf is omitted for the embed command, then the modifications will be done directly in the cover file. If -xf is omitted for extraction, then the embedded data will be saved under the file name that is embedded in the stego file. So when you want to be sure that standard input/output is used, use - as filename.

[Image: gXRamuy.gif]

[Image: 9EiHc74.jpg]

[Image: gXRamuy.gif]