Home 0P3N Blog Hiding in Plain Sight - The Art of Steganography
Ready to Start Your Career?
Create Free Account
By: RoninSmurf
September 22, 2016

Hiding in Plain Sight - The Art of Steganography

By: RoninSmurf
September 22, 2016
By: RoninSmurf
September 22, 2016
rsz_filesIn this article we are going to look at steganography, or how we can hide common notes and files into images and audio files. Steganography is a fascinating topic and tool that can be used and studied for various reasons. Using these tools are incredibly easy, and this guide is intended to help introduce people to steganography.Why would I want to hide a file or note into a picture or audio file?We all have important files and notes that we want to help ensure that no one else can read should the wrong person get them. Password protected files can be great, but if a person can readily identify the file in question as password protected, then they can use any number of tools to break that password. The great thing about steganography is we can not only password protect our file, but also hide it in common files, sort of like having a wall safe hidden behind a painting. Imagine, you lose your USB drive that contains your various tools, pictures, work files, passwords, etc on it. There is no telling who may pick it up or what they may try to do with that information. Even if we use software tools to password protect the drive, it's really only a matter of time before someone cracks that encryption. Now imagine that whoever finds your drive brute forces your drive or laptop and begins to look for your important information. As they browse through it looking for useful information, clicking through files, opening the pictures, playing your audio files on your drive, but nothing seemingly important is there. Just some songs and random photos and comic strips….What they didn't know was in those comics and songs were some of your critical work files, your password list, etc.  That's the power of steganography: obfuscation.Steganography can be used in images, audio, and video files. For this article we are going to be using Images and audio. While there are a ton of tools out there for various OS' and online, we will be looking at a few for Windows and Online.

Hiding in images-

Our Secret:

http://download.cnet.com/Our-Secret/3000-2144_4-75553911.html

rsz_filesOur Secret is a free tool that can be used to hide a number of files and programs in a image. It also allows us to add in a password, which I personally find very important. Like the program says, "Make your secrets invisible in just 3 easy steps!". Let's give it a tryrsz_filesNext to step one we are going to click on the blue folder and select our "carrier file" or the file we want to hide our important files into.rsz_filesOnce we have added our carrier it's time to add out important files. Simply click add and select if it is either a file or a message and click "Next". From here, navigate to the file you want to add, select it and click "Open". Repeat this process until we have added  everything we want to hide in here. The files we can add can be anything, text, docs, xls, videos, other images, audio, even programs.rsz_filesFinally we type our password (Even though we are hiding the file in a image, we are still using strong password techniques right?). Once we have typed our password twice we click "Hide" and select where we want to save our new hidden file.rsz_filesSo here's our file, looks like a picture, in fact I can do a properties on it and it even says it's a PNG file.rsz_filesIf I click the file it even opens up the picture, just like any other PNG file would.rsz_filesOnly when we open up Our Secret again and on the "Unhide" side of the program, clicking the blue folder once again, selecting our carrier and clicking "Open".rsz_filesEntering our password that we set.rsz_filesAre we able to see and access the file(s) that we hid in our picture. To save these files or open them, we just need to double click them.DeepSound:http://www.jpinsoft.net/DeepSound/Next up is DeepSound 2.0, with DeepSoud takes a different approach to steganography. Instead of embedding a image file with our files it embeds it into a audio (WAV) file, flac, or ape.rsz_filesAs with the other program we are going to select our carrier file (or the audio file that we want to hide our files in) by clicking "Open carrier files".rsz_filesOnce we select a carrier file it will be displayed under "Carrier audio files" along with the directory that it was found in and size. In the box below we can change the audio quality. Doing so will change how much free space that we will have for our files along with how large the audio file is . In our case this 9 minute and 11 second audio file on "Normal" output will allow us 11.6 MB of storage space.rsz_filesFor us, that will be plenty of space to hide our "Super Secret text file" by clicking "Add secret files". We an add in as many files of any type so long as it does not go over our "Free space for secret files".rsz_filesWhen we are ready to encode our file we simply click "Encode secret files". The next dialogue box allow us to change the output format to wav, flac, or ape, default output will be your "Documents" folder, and the program also allows for a AES 256 bit encryption. Once you have all your settings click "Encode secret files".rsz_filesThe output file will look and sound just like the original file. The image above is first the original audio file in Audacity, and below that our encoded audio file. Should a person view, or listen to the file it will look pretty much like an ordinary audio file. Be sure that you do not try to modify the audio file tags! Doing so may prevent you from retrieving your hidden files.rsz_filesTo extract our file click "Open carrier files" select our encoded file and enter your password if you set one. The file will be displayed in the lower box. Click "Extract secret files" to download it.Mobilefish:http://www.mobilefish.com/services/steganography/steganography.phpThe last one that we are going to look at is Mobilefish a online steganography tool, that like the others is very simple to use and free.rsz_filesMobileFish runs like the other 2 programs that we have looked at, Click "Choose File" to add in our "cover image" or carrier file (be sure the file is no larger than 300 KB). Next add in your secret file (no larger than 100 KB). We also have the option to enter a secret message into our image and a password.rsz_filesOnce we have our files and password set, scroll down. You will enter the captcha and click "Encrypt". As with Our Secret the file will appear like the original image.rsz_filesDecryption is as simple as clicking "Decrypt: Unhide secret…" option, Select our file that we encrypted, and enter the password.Final Notes:All in all steganography is a fascinating way to add a extra layer of security to our important files and also something to keep in mind for those of us who are performing forensics.For those of us who are hiding files, try to keep the file sizes around the same size as the original if possible. Having a 30 MB comic strip PNG file is not exactly subtle if you are trying to hide something. On the same token if you are performing a forensic analysis that can also be something to look for.
Request Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry