Hiding in Plain Sight – The Art of Steganography

September 22, 2016 | Views: 8351

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

In this article we are going to look at steganography, or how we can hide common notes and files into images and audio files. Steganography is a fascinating topic and tool that can be used and studied for various reasons. Using these tools are incredibly easy, and this guide is intended to help introduce people to steganography.

Why would I want to hide a file or note into a picture or audio file?

We all have important files and notes that we want to help ensure that no one else can read should the wrong person get them. Password protected files can be great, but if a person can readily identify the file in question as password protected, then they can use any number of tools to break that password. The great thing about steganography is we can not only password protect our file, but also hide it in common files, sort of like having a wall safe hidden behind a painting. Imagine, you lose your USB drive that contains your various tools, pictures, work files, passwords, etc on it. There is no telling who may pick it up or what they may try to do with that information. Even if we use software tools to password protect the drive, it’s really only a matter of time before someone cracks that encryption. Now imagine that whoever finds your drive brute forces your drive or laptop and begins to look for your important information. As they browse through it looking for useful information, clicking through files, opening the pictures, playing your audio files on your drive, but nothing seemingly important is there. Just some songs and random photos and comic strips….

What they didn’t know was in those comics and songs were some of your critical work files, your password list, etc.  That’s the power of steganography: obfuscation.

Steganography can be used in images, audio, and video files. For this article we are going to be using Images and audio. While there are a ton of tools out there for various OS’ and online, we will be looking at a few for Windows and Online.

Hiding in images-

Our Secret:

http://download.cnet.com/Our-Secret/3000-2144_4-75553911.html

rsz_files

Our Secret is a free tool that can be used to hide a number of files and programs in a image. It also allows us to add in a password, which I personally find very important. Like the program says, “Make your secrets invisible in just 3 easy steps!”. Let’s give it a try

rsz_files

Next to step one we are going to click on the blue folder and select our “carrier file” or the file we want to hide our important files into.

rsz_files

Once we have added our carrier it’s time to add out important files. Simply click add and select if it is either a file or a message and click “Next”. From here, navigate to the file you want to add, select it and click “Open”. Repeat this process until we have added  everything we want to hide in here. The files we can add can be anything, text, docs, xls, videos, other images, audio, even programs.

rsz_files

Finally we type our password (Even though we are hiding the file in a image, we are still using strong password techniques right?). Once we have typed our password twice we click “Hide” and select where we want to save our new hidden file.

rsz_files

So here’s our file, looks like a picture, in fact I can do a properties on it and it even says it’s a PNG file.

rsz_files

If I click the file it even opens up the picture, just like any other PNG file would.

rsz_files

Only when we open up Our Secret again and on the “Unhide” side of the program, clicking the blue folder once again, selecting our carrier and clicking “Open”.

rsz_files

Entering our password that we set.

rsz_files

Are we able to see and access the file(s) that we hid in our picture. To save these files or open them, we just need to double click them.

DeepSound:

http://www.jpinsoft.net/DeepSound/

Next up is DeepSound 2.0, with DeepSoud takes a different approach to steganography. Instead of embedding a image file with our files it embeds it into a audio (WAV) file, flac, or ape.

rsz_files
As with the other program we are going to select our carrier file (or the audio file that we want to hide our files in) by clicking “Open carrier files”.

rsz_files

Once we select a carrier file it will be displayed under “Carrier audio files” along with the directory that it was found in and size. In the box below we can change the audio quality. Doing so will change how much free space that we will have for our files along with how large the audio file is . In our case this 9 minute and 11 second audio file on “Normal” output will allow us 11.6 MB of storage space.
rsz_files

For us, that will be plenty of space to hide our “Super Secret text file” by clicking “Add secret files”. We an add in as many files of any type so long as it does not go over our “Free space for secret files”.

rsz_files

When we are ready to encode our file we simply click “Encode secret files”. The next dialogue box allow us to change the output format to wav, flac, or ape, default output will be your “Documents” folder, and the program also allows for a AES 256 bit encryption. Once you have all your settings click “Encode secret files”.
rsz_files

The output file will look and sound just like the original file. The image above is first the original audio file in Audacity, and below that our encoded audio file. Should a person view, or listen to the file it will look pretty much like an ordinary audio file. Be sure that you do not try to modify the audio file tags! Doing so may prevent you from retrieving your hidden files.
rsz_files

To extract our file click “Open carrier files” select our encoded file and enter your password if you set one. The file will be displayed in the lower box. Click “Extract secret files” to download it.

Mobilefish:

http://www.mobilefish.com/services/steganography/steganography.php

The last one that we are going to look at is Mobilefish a online steganography tool, that like the others is very simple to use and free.
rsz_files

MobileFish runs like the other 2 programs that we have looked at, Click “Choose File” to add in our “cover image” or carrier file (be sure the file is no larger than 300 KB). Next add in your secret file (no larger than 100 KB). We also have the option to enter a secret message into our image and a password.
rsz_files

Once we have our files and password set, scroll down. You will enter the captcha and click “Encrypt”. As with Our Secret the file will appear like the original image.
rsz_files

Decryption is as simple as clicking “Decrypt: Unhide secret…” option, Select our file that we encrypted, and enter the password.

Final Notes:

All in all steganography is a fascinating way to add a extra layer of security to our important files and also something to keep in mind for those of us who are performing forensics.

For those of us who are hiding files, try to keep the file sizes around the same size as the original if possible. Having a 30 MB comic strip PNG file is not exactly subtle if you are trying to hide something. On the same token if you are performing a forensic analysis that can also be something to look for.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
14 Comments
  1. Thank you for this article!

  2. Great Article!

  3. nice work, thanks!

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel