March 29, 2016
Steganography: Hide Data in Media Files (Mr. Robot Hack)
March 29, 2016
If you've seen Mr.Robot TV Show about a guy who works as Cyber Security Engineer by day and a hacker by night, then you likely have seen what we're going to do in this tutorial.
In the show, Eliot the hacker hides his data into innocent looking audio files and keeps them in CDs to give the impression to anyone who looks through his stuff that these are his music collection . This process in known as Steganography.
Steganography is concealing sensitive information inside normal looking documents or media files.
In the show, Elliot hid his data using a program called DeepSound. This program works for Windows only. In this tutorial, we'll the learn how to do that using not only DeepSound, but Steghide.
We'll employ the (Command line ) tool from Linux, as well as covering both operating systems (Windows and Linux).
- Windows Virtual machine
- Kali Linux virtual machine
- DeepSound: http://jpinsoft.net/DeepSound/Download.aspx
- Image to use as cover for the hidden data
- File (doc or text or image) that you want to hide
Using DeepSound for Windows machine (the original Mr.Robot Tool)
Using StegHide in Kali Linux (Command line tool)
- Setting DeepSound on Windows machine
Step 1: Download DeepSound
When you start downloading, Windows will flash an alarm as the program might be harm to your computer. Click on Run.
Click on Run anyway.
Step 2: Install the program using its wizard
Step 3: Hide data in an Audio file (MP3)
For this step, you need an audio file (preferably mp3 format to use with the file that you want to hide).
Open the program and click on Open Carrier Files. Choose your audio file. My file name is Music.mp3.
Choose the file you want to use in the program. For the demo, I just used a text file. You can use Word, any other file or image.
Click on Encode secret files.
Check Encrypt files using AES 256 Algorithm and create a password that you'll use later to decode the message.
Terminology AES 256 Algorithm:(AES) Advanced Encryption Standard, is a cryptographic cipher that uses a block length of 128 bits and key lengths of 128, 192 or 256 bits to secure data.
Now, you have a ready file in format of (.wav) that contains your data. At this point, you can save it on a USB or send to someone. It's up to you. The audio file will work perfectly normal - as if nothing is hidden inside it.
The way to discover if something is hidden inside the mp3 is to open it using the Hex Editor to see the value of the hidden file.
Step 4: Decode the file to see the message
Decoding the file is the almost the same as encoding it
Click on Extract the files
Enter the password and you'll see the hidden files
The program needs to be used in order to decode and extract the hidden file.
Steghide is another Stenography tool that's specifically for Linux. It lets you hide your secret files in a form of images or audio files. A important thing to remember in order to decode the file: you need to have a Linux Operating system as a host (or virtual - no difference). You need to install the tool before starting the decoding process.
Step 1: Install StegHide
Run the command below to install the tool
apt-get install steghide
Type (Y) when it prompts in order to continue
Once the tool is installed, type (steghide) in the terminal to open the tool
Step 2: Conceal your file in an image
Now, we can embed the file you want to hide in an image
Run : steghide embed -ef (your file path) -cf (your image path)
ef : embed file
cf : cover file
When you run the command, the tool should ask you for a pass phrase. Enter a pass phrase to finish the embedding process.
Once the process is done, you should get a message that your file was embedded into the image (like the picture above.)
Steghide does not support PDF files
If the size of your file is large, choose large size image as well.
Step 3: Decode the files
For the sake of the this tutorial, I used another Kali linux box to demonstrate sending the file to someone through email.
After you installed the tool in the other Kali Linux box, run this command
Steghide extract -sf (path of the your image)
Once it's extracted, it's usually sent to root or desktop. To check :
Run : ls (as list and see the hidden file show on the desktop or root)
That’s all for this tutorial. Thanks for reading and stay tuned for more.