Hide secret data inside an image or audio file

By0xLuk3

Hey there!

Suppose you have downloaded a .jpeg image from the World Wide Web and suspect something is hidden inside it. Or typically in a Capture The Flag (CTF) competition.

How do you get it out?

In this article, you will discover how to conceal secret messages or data by embedding data into a file. Then, we will find how to extract the hidden data from that file.

For this purpose, I‘ll use Kali Linux, my favorite OS, and a technique called Stenography.

What Is Steganography?

Steganography hides data within files like pictures, making them appear, as usual, innocent images to anyone who isn’t aware of the hidden data.

Several techniques exist for concealing data in files, but I’ll use LSB in this article. This is the least significant bit technique, one of the most widely used and perhaps most straightforward to understand.

This technique changes the last few bits in a byte to encode a message. 

This is useful in images, where each pixel is represented by eight bits (one byte) ranging from 0 to 255 in decimal or 00000000 to 11111111 in binary.

Changing the last two bits in a pixel would be impossible for the naked eye to notice.

Let’s dive into it.

Step1. Embed hidden data into a file

To do that, you must install “steghide” in Kali Linux, which needs to be updated.

You must change to root user and run the following command:

$ apt install steghide

Once installed, you need to embed data in a file, and for that we are using the following command:

$ steghide embed -ef secretFile -cf coverFile -sf outputFile

The arguments required for this case are the following:

  • -ef specify the file that will be embedded (the file that contains the secret message).
  • -cf specify the cover file that will be used to embed data.
  • -sf, specify the name of the stego file that will be created. This is used to save the output to a new file.
  • -z specifies the compression level between 1 and 9.
  • Z can be used when you don’t want to compress the file
  • -e specify encryption parameters. Or the type of encryption
  • -p use the string following this argument as the passphrase.
  • -fx creates a file named filename and writes the data embedded in the stego file to it.

For this article, I will hide the secret text (steg.txt) inside a .png image of a penguin and create a separate output file, not compressing or encrypting the file.

Let’s dive into it.

In my case, I will run the following command:

$ steghide embed -ef '/home/kali/steg.txt' -cf '/home/kali/Linux.png' -p password123

The command “steghide embed” with the argument “-ef “ specifies the file’s path we want to hide. I have a .txt file in the /home/kali/ folder. Then I added another argument, “-cf,” which specifies the embedded file. In my case, the image “Linux.png” is followed by the argument “-p” and a strong password.

Well, mine is far from a strong password. 

Screenshot by the author

Oops, the image I used needed to be longer. Let’s try using another image, “brain.jpg”. Drag and drop the image after the “-cf” argument.

Embedding confirmation message.

Awesome. Now that that’s done, we can see that the image was updated. There is no visible difference; only you know it has some information embedded.

Can you see any difference? The left image is the stenographic image.

It is important to note that changing the file image’s size and format or compressing it might temper the information added and cause the information inside to be lost.

We must jump on the second step and extract the hidden information to prove it worked.

Step 2. Extract hidden data from the file

To do so, I’ll be using the following command:

$ steghide extract -sf stegoFile -xf outputFile

The hidden information is extracted using “steghide extract” with the “-sf” argument and the stenographic image. The argument follows the “-p” argument for the password used and “-xf” to output the information to a different file. In my case, I will name it “brain.txt.”

Extracted confirmation message and the brain.txt file.

Now you can see the confirmation message that the information was extracted and the new file “brain.txt” as requested.

You can check both documents and compare the data for a last comparison. In my case, the information is the same on both documents, and the operation was successful.

Original and the encoded file with the .jpg image

The advantage of steganography is that it can conceal data in plain sight. Unless you have the original, the minor variations introduced in steganography are hard to detect.

The process that you have seen here can also be automated. 

I hope you enjoyed reading and learned more about steganography.

Thank you for reading. If you want to read similar articles, stay tuned.

Similar Posts

  • Backing up your data

    By0xLuk3

    Jepp, you are correct. A quick Google search for your data backup will give you 49 million results. You will then wonder why I would write an article on Medium. I am creating this guide to simplify technical terminology, making it accessible to everyone. Whether using Windows or MacOS, you can easily understand how to…

  • Objectives of Cyber Threat Intelligence

    By0xLuk3

    A quick Google search for an answer will return many variations. Some will make sense to you, and some will not.

    Cyber threat intelligence (CTI) is gathering information from various sources about current or potential threats to an organization. That’s a simple and short definition for now, you would think.

    I will explore this question in more detail in this article and hope to help you better understand and define it.

    What is Cyber Threat Intelligence (CTI)?
    Most of the people you meet will not know what CTI is, and that’s because, unfortunately, there is no single answer. In other words, CTI means many different things to many different people. Some would define it as a “Data Feed of Indicators of Compromise (IOC).” Some would say that CTI is a systematic analysis structure of the threat.

  • Mitigating Malware

    By0xLuk3

    Is a worm a virus? The answer is No. A worm is not a virus, although, like a virus, it can severely disrupt IT operations and cause data loss. A worm is much more severe than a virus because once it infects a vulnerable machine, it can “self-replicate” and spread automatically across multiple devices. Worms…