Steganography: Hide Data in Media Files (Mr. Robot Hack)

March 29, 2016 | Views: 50975

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Cybrarians,

If you’ve seen Mr.Robot TV Show about a guy who works as Cyber Security Engineer by day and a hacker by night, then you likely have seen what we’re going to do in this tutorial.

In the show, Eliot the hacker hides his data into innocent looking audio files and keeps them in CDs to give the impression to anyone who looks through his stuff that these are  his music collection . This process in known as Steganography.

Steganography is concealing sensitive information  inside normal looking documents or media files.

In the show, Elliot hid his data using a program called DeepSound. This program works for Windows only. In this tutorial, we’ll the learn how to do that using not only DeepSound, but Steghide.

We’ll employ the (Command line ) tool from Linux, as well as covering both operating systems (Windows and Linux).


Tutorial Requirements:

  1. Windows Virtual machine
  2. Kali Linux virtual machine
  3. DeepSound:
  4. StegHide
  5. Image to use as cover for the hidden data
  6. File (doc or text or image) that you want to hide


Tutorial Guidelines:

  • Using DeepSound for  Windows machine (the original Mr.Robot Tool)

  • Using StegHide in Kali Linux  (Command line tool)


  • Setting DeepSound on Windows machine


Step 1: Download DeepSound



  • When you start downloading, Windows will flash an alarm as the program might be harm to your computer. Click on Run.



  • Click on Run anyway.




Step 2: Install the program using its wizard









Step 3: Hide data in an Audio file (MP3)

  • For this step, you need an audio file (preferably mp3 format to use with the file that you want to hide).

  • Open the program and click on Open Carrier Files. Choose your audio file. My file name is Music.mp3.





  • Choose the file you want to use in the program. For the demo, I just used a text file. You can use Word, any other file or image.


  • Click on Encode secret files.


  • Check Encrypt files using AES 256 Algorithm and create a password that you’ll use later to decode the message.


Terminology AES 256 Algorithm:

(AES) Advanced Encryption Standard, is a cryptographic cipher that uses a block length of 128 bits and key lengths of 128, 192 or 256 bits to secure data.


  • Now, you have a ready file in format of (.wav) that contains your data. At this point, you can save it on a USB or send to someone. It’s up to you.  The audio file will work perfectly normal – as if nothing is hidden inside it.

  • The way to discover if something is hidden inside the mp3 is to open it using the Hex Editor to see the value of the hidden file.


Step 4: Decode the file to see the message

  • Decoding the file is the almost the same as encoding it

  • Click on Extract the files

  • Enter the password and you’ll see the hidden files




  • The program needs to be used in order to decode and extract the hidden file.

Using StegHide in Kali Linux  (Command line tool)

Steghide is another Stenography tool that’s specifically for Linux. It lets you hide your secret files in a form of images or audio files. A important thing to remember in order to decode the file: you need to have a Linux Operating system as a host (or virtual – no difference). You need to install the tool before starting the decoding process.


Step 1: Install StegHide

  • Run the command below to install the tool

apt-get  install steghide

  • Type (Y) when it prompts in order to continue



  • Once the tool is installed, type (steghide) in the terminal to open the tool


Step 2: Conceal your file in an image

  • Now, we can embed the file you want to hide in an image

  • Run : steghide embed -ef (your  file path) -cf (your image path)

ef :  embed file

cf :    cover file


  • When you run the command, the tool should ask you for a pass phrase. Enter a pass phrase to finish the embedding process.

  • Once the process is done, you should get a message that your file was embedded into the image (like the picture above.)


  • Steghide does not support PDF files

  • If the size of your file is large, choose large size image as well.


Step 3: Decode the files

For the sake of the this tutorial, I used another Kali linux box to demonstrate sending the file to someone through email.

  • After you installed the tool in the other Kali Linux box, run this command

    Steghide extract -sf (path of the your image)

Once it’s extracted, it’s usually sent to root or desktop. To check :

Run : ls  (as list and see the hidden file show on the desktop or root)



That’s all for this tutorial. Thanks for reading and stay tuned for more.


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Pretty useful artcle. I used it for a case in Kali Linux (which can’t say it succeeded, cuz I can’t find the pass :D) and it’s good to now for this tool in Linux.

  2. If music.mp3 is opened, will the concealed file be ran too? Suppose the hidden file is a malicious vbs script, will the antivirus recognize it and delete “music.mp3” or will it be executed?

  3. Great tutorial!

Page 15 of 15« First...«1112131415
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



Is Linux Worth Learning in 2020?
Views: 744 / December 14, 2019
How do I Get MTA Certified?
Views: 1315 / December 12, 2019
How much does your PAM software really cost?
Views: 1752 / December 10, 2019
How Do I Get into Android Development?
Views: 2142 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?