Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.
Network steganography describes all the methods used for transmitting data over a network without it being detected. Several methods for hiding data in a network have been proposed, but the main drawback of most of them is that they do not offer a secondary layer of protection. If steganography to transfer sensitive information out of the target system undetected.
- Use Steganography in Windows and Linux.
- Using Snow steganography to hide files and data.
- Hiding files using spaces and tabs.
- Hide secret text messages in images using OpenStego.
Snow website: http://darkside.com.au/snow/index.html
Snow is used to conceal messages in ASCII test by appending whitespace to the end of the lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. Anf if the built-in encryption is used, the message cannot be read even if it is detected.
Snow exploits the steganographic nature of whitespace. Locating trailing whitespace in text is like finding a polar bear in a snow storm, it uses the ICE encryption algorithm, so the name is thematically consistent.
ICE encryption: This encryption algorithm is a 64-bit block cipher. It runs in 1-bit cipher-feedback (CFB) mode, which although inefficient (requiring a full 64-bit encryption for each bit of output).
-
Launch the command prompt and navigate to the Snow folder.
-
Create a readme.txt inside the SNOW folder with a random message like:
hello world! -
Now go back to the command prompt and create a secret information
snow -C -m "My sketchy wallet: 3FkenCiXpSLqD8L79intRNXUgjRoH9sjXy" -p "pa55" readme.txt readme2.txt
-m "message": the secret string
pa55: is the password, you can type any password you like.
readme2.txt: is the name of another file which will be created automatically in the same location.
Now the data ("My sketchy wallet: 3FkenCiXpSLqD8L79intRNXUgjRoH9sjXy") is hidden inside the readme2.txt file with the contents of the readme.txt.
readme2.txt = readme.txt + "My sketchy wallet: 3FkenCiXpSLqD8L79intRNXUgjRoH9sjXy"
You can open both readme.txt and readme2.txt to check if there's any divergences, besides the whitespaces as shown below:
- To reveal the hidden contents, type:
snow -C -p "pa55" readme2.txt
OpenStego is a steganography tool that hides data inside images. OpenStego is a Java-based application and supports password-based encryption of data for additional layer of security. It uses DES algorithm for data encryption, in conjunction with MDS hashing to derive the DES key from the password provided.
OpenStego website: https://www.openstego.com/
-
Install the OpenStego and Open the application
-
Click on ellipsis button on Message File input and select the text file that contains on the OpenStego folder (This text file contains 'dummy' sensitive information such as VISA and pin numbers).
-
Next, click on the second ellipsis button (Cover File) and select Island.jpg that also inside the OpenStego folder.
-
Click on the third ellipsis button (Output Stego File), select the Desktop and provide the file name stego.
-
Now, click Hide Data on the right lower corner.
Open the image file on your desktop, you will see only the image but not the contents of the message(text file) embedded in it, as shown below:
-
Go back to the OpenStego window and click the Extract Data button on the left corner.
-
Click on the first ellipsis button (Input Stego File), select the image that you generated from Desktop and your Output Folder on the next ellipsis button.
-
Click Extract Data on the right lower corner. This will extract the message file from the image.
-
The file displays all the information contained in the document, as show below:
Quick Stego hides text in pictures so that only other users of Quick Stego can retrieve and read the hidden secret messages.
QuickStego website: http://quickcrypto.com/free-steganography-software.html
-
Install the Quick Stego.
-
Launch the Application.
-
Click on Open Image, under Picture, Image, Photo File.
-
Select the image inside the QuickStego folder.
02_nissan_gt-r_specv_opt.jpg -
Next, click on Open Text under Text File, as shown below:
-
Select the text file.txt inside the QuickStego folder.
-
The selected text will be added in the text box right next to the image, as show below
-
Click on Hide Text under Steganography
-
To save the image file (in which the text is hidden), Click on Save Image, under Picture, Image, Photo File.
The file is now saved as "stego". Though it seems to be a normal image file, it has the text hidden in it, which can be visible by viewing it in Quick Stego.
Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files. The color- respectivly sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.
Official repository: https://github.com/StefanoDeVuono/steghide
Installing Steghide is very simple in Kali Linux, because is already available in Kali Linux repository.
Run the following command:
sudo apt-get update
sudo apt-get install steghide
-
Create a folder on your Desktop with an image file and a secret text file.
-
To hide the text in image, navigate to the /Desktop/steg/ folder and type:
steghide embed -cf black-cat.jpg -ef secret-text.txt
-cf: Cover file < filename >
-ef: Embedded File < filename >
This command will embed the file secret-text.txt in the cover file black-cat.jpg protected with a passphrase.
After you have embedded your secret data, the receiver has to use steghide in the following way:
- Extract the Data
steghide extract -sf black-cat.jpg
-sf: Stego file - Enter the correct passphrase.
The contents of the original file secret-text.txt will be extracted from the stego file black-cat.jpg and saved in the current directory.
If some file contains embedded data and you want to get some information about it before extracting it, type the command:
steghide info black-cat.jpg
Steghide will then try to extract the embedded data with that passphrase and – if it succeeds – print some information about it.
StegoSuite for Linux and Windows is a free and open source steganography tool written in Java.