January 21, 2020

Steganography: Hide Data in Media Files (Mr. Robot Hack)

Z33MAX
Share

Hello Cybrarians,

If you've seen Mr.Robot TV Show about a guy who works as Cyber Security Engineer by day and a hacker by night, then you likely have seen what we're going to do in this tutorial.

In the show, Eliot the hacker hides his data into innocent looking audio files and keeps them in CDs to give the impression to anyone who looks through his stuff that these are  his music collection . This process in known as Steganography.

Steganography is concealing sensitive information  inside normal looking documents or media files.

In the show, Elliot hid his data using a program called DeepSound. This program works for Windows only. In this tutorial, we'll the learn how to do that using not only DeepSound, but Steghide.

We'll employ the (Command line ) tool from Linux, as well as covering both operating systems (Windows and Linux).

Tutorial Requirements:

  1. Windows Virtual machine
  2. Kali Linux virtual machine
  3. DeepSound:  http://jpinsoft.net/DeepSound/Download.aspx
  4. StegHide
  5. Image to use as cover for the hidden data
  6. File (doc or text or image) that you want to hide

Tutorial Guidelines:

  • Using DeepSound for  Windows machine (the original Mr.Robot Tool)
  • Using StegHide in Kali Linux  (Command line tool)
  • Setting DeepSound on Windows machine

Step 1: Download DeepSound

  • When you start downloading, Windows will flash an alarm as the program might be harm to your computer. Click on Run.
  • Click on Run anyway.

Step 2: Install the program using its wizard

Step 3: Hide data in an Audio file (MP3)

  • For this step, you need an audio file (preferably mp3 format to use with the file that you want to hide).
  • Open the program and click on Open Carrier Files. Choose your audio file. My file name is Music.mp3.
  • Choose the file you want to use in the program. For the demo, I just used a text file. You can use Word, any other file or image.
  • Click on Encode secret files.
  • Check Encrypt files using AES 256 Algorithm and create a password that you'll use later to decode the message.

Terminology AES 256 Algorithm:

(AES) Advanced Encryption Standard, is a cryptographic cipher that uses a block length of 128 bits and key lengths of 128, 192 or 256 bits to secure data.

  • Now, you have a ready file in format of (.wav) that contains your data. At this point, you can save it on a USB or send to someone. It's up to you.  The audio file will work perfectly normal - as if nothing is hidden inside it.
  • The way to discover if something is hidden inside the mp3 is to open it using the Hex Editor to see the value of the hidden file.

Step 4: Decode the file to see the message

  • Decoding the file is the almost the same as encoding it
  • Click on Extract the files
  • Enter the password and you'll see the hidden files

NOTE:

  • The program needs to be used in order to decode and extract the hidden file.

Using StegHide in Kali Linux  (Command line tool)

Steghide is another Stenography tool that's specifically for Linux. It lets you hide your secret files in a form of images or audio files. A important thing to remember in order to decode the file: you need to have a Linux Operating system as a host (or virtual - no difference). You need to install the tool before starting the decoding process.

Step 1: Install StegHide

  • Run the command below to install the tool

apt-get  install steghide

  • Type (Y) when it prompts in order to continue
  • Once the tool is installed, type (steghide) in the terminal to open the tool

Step 2: Conceal your file in an image

  • Now, we can embed the file you want to hide in an image
  • Run : steghide embed -ef (your  file path) -cf (your image path)

ef :  embed file

cf :    cover file

  • When you run the command, the tool should ask you for a pass phrase. Enter a pass phrase to finish the embedding process.
  • Once the process is done, you should get a message that your file was embedded into the image (like the picture above.)

Notes:

  • Steghide does not support PDF files
  • If the size of your file is large, choose large size image as well.

Step 3: Decode the files

For the sake of the this tutorial, I used another Kali linux box to demonstrate sending the file to someone through email.

  • After you installed the tool in the other Kali Linux box, run this command
  • Steghide extract -sf (path of the your image)

Once it's extracted, it's usually sent to root or desktop. To check :

Run : ls  (as list and see the hidden file show on the desktop or root)

That’s all for this tutorial. Thanks for reading and stay tuned for more.

@Z33MAX

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More