Trying and Cracking Steganography

Once I read about how some spies were saving messages in pictures. Cool. So I thought I’d try it just for fun.


It was a lot different from invisible ink we played with as kids. 🙂

First I looked at an article on StackOverflow

In the article I found:

You can concatenate a gif and a zip (the information you want to hide) into one file. Gifs are read from the start of the file, while zips are read from the end of the file.

To create such a file in linux:

cat file1.gif >> outfile.gif
cat >> outfile.gif

or in Windows:

copy /b "file1.gif"+"" "outfile.gif"

Try it:

In cygwin:
$ zip Sometext.txt
adding: Sometext.txt (stored 0%)

ls -1


cat DDR3.JPG > DDR3_zip.jpg
cat >> DDR3_zip.jpg

ls -l

35604 Jan 4 10:33 7zip_Cat.jpg
111118 Nov 1 14:51 DDR3.JPG
111295 Jan 4 10:35 DDR3_zip.jpg
21 Jan 4 10:34 Sometext.txt
177 Jan 4 10:35

Sure enough, if you use Windows Explorer, and open the file that’s been appended, you get the same image. Cool.


To extract the text, I found it with 7Zip.


Then, I did some analysis using a few commands in cygwin.

$ file *
7zip_Cat.jpg: JPEG image data, JFIF standard 1.01
DDR3.JPG: JPEG image data, JFIF standard 1.01
DDR3_zip.jpg: JPEG image data, JFIF standard 1.01
Sometext.txt: ASCII text, with CRLF line terminators Zip archive data, at least v1.0 to extract

strings DDR3_zip.jpg | tail

This is some text

So, the fact that the file has been modified is easily found after all.



More from the Stackoverflow thread:

Here is an opensouce Steganography software called steganotool This project is an open source steganography tool that can be used to hide and extract text to/ from Bitmap images.

Downloaded if from

Use the file: Steganography.exe


Use the Steganography tool to add to the file JackA.bmp:
This is some text.
And create the file: Jack_Steno.bmp

ls -l

3,728 JackA.bmp
4,814 Jack_Steno.bmp

The resulting file is 1086 bytes bigger.

file *
JackA.bmp: PC bitmap data, Windows 3.x format, 35 x 34 x 24

Jack_Steno.bmp: PC bitmap data, Windows 3.x format, 35 x 34 x 32

strings Jack_Steno.bmp
– nothing at all, very interesting.

However, the cat command shows some interesting differences:

cat JackA.bmp





cat Jack_Steno.bmp






It turns out that Steganography only works with BMP files. Not a common file format these days. If you hid some info in a BMP file, someone might be curious.

find /cygdrive/c -type f -iname "*.bmp" 2> /dev/null | wc
 610 2189 58228

find /cygdrive/c -type f -iname "*.jpg" 2> /dev/null | wc
 7855 17536 900006



I tried Clotho, downloaded from here.

Using the most basic setting












$ file *
 DDR3.JPG: JPEG image data, JFIF standard 1.01
 DDR3_cloth1.JPG: JPEG image data, JFIF standard 1.01
 SomeText.txt: ASCII text, with CRLF line terminators
 clotho_basic.jpg: JPEG image data, JFIF standard 1.01

RL@AcerP633V /cygdrive/c/temp/Steganography2/clotho
 $ strings DDR3_cloth1.JPG | tail
 RQNX-CLOTHO:256: <------
 this is some text <------

So, the Linux strings command works again.



Try the obfuscation feature.

Again, the strings command can indication something.

$ strings DDR3_cloth2.JPG | tail
 J}rNcerP633V /cygdrive/c/temp/Steganography2/clotho
 RQNX-CLOTHO:256: <------

And the strings command still works.


And, interestingly enough, I see something in Windows 7 explorer:







Every file touched by clotho, has a little padlock in the icon.  Hmm.


Try SteganoGifPaletteOrder:

Downloaded from:

Requires that you have and know java.

cd C:\Utils\SteganoGifPaletteOrder\
 java SteganoGifPaletteOrder











Only works with GIF files.

Does not have functionality to specify where to save resulting file.

In the same directory as the .class files, it just creates a file:

No possibility to give it a particular file name, which is pretty fundamental.




On this blog, I found a comment,

Dale Jackaman comments: Open source forensics tools such as Autopsy or commercial tools such as X-Ways Forensics will find all these hidden file types.

So I Download Autopsy

487 mb!

And take it for a test drive. You have to make a case first.

It finds the zip files.













Looking at a file that I modified: DDR3_2_zip.jpg, nothing seems to be flagged.

But if you use the tab, Indexed Test, it give the same results as the cygwin/linux strings command











So, you can use Autopsy to find issues. But, in my case, you would need to know what you are looking for.

Looks like a big program, that does many things.


Michael Raggo’s StegSpy 2.1:

I downloaded Michael Raggo’s StegSpy 2.1 from here.

Turns out that it says: Copyright 2003, 2004
Over 1 1/2 decades ago.

And, it’s a very simple program. Only one button!

Then, tried it on the file I modified, DDR3_2_zip.jpg, but it didn’t detect anything.












SSuite Picsel Security:

Eventually, I found SSuite Picsel Security

To encypt:

Open original image. Here, use the supplied, Athena.bmp

Make a file with the message, link it to the Message button












Encrypt Image

Save image

$ ls -l

21 Jan 4 10:34 Sometext.txt
 11238 Jan 3 15:49 athena.bmp
 85186 Jan 4 13:41 athenaAfterEncrpt.bmp

Makes the resulting file size much bigger

Images looks the same.

But cat command shows differences:


cat athena.bmp








Resulting Encrypted File

cat athenaAfterEncrpt.bmp








You can encrypt with a JPG file too.  However, the resulting file created is a BMP.

ls -l

111118 Nov 1 14:51 DDR3.JPG
 1920054 Jan 4 13:54 DDR3AfterEncrpt.bmp

ls -lh

109K Nov 1 14:51 DDR3.JPG
 1.9M Jan 4 13:54 DDR3AfterEncrpt.bmp

And the resulting BMP is much bigger than the original JPG.

To Decrypt

Open Original IMage: DDR3.jpg

Hit Decrypt button.

Open Encrypted Image file:

Decrypt image: Yes














Closing Thoughts:

That’s enough exploring for a day or two.  It was a lot different from invisible ink we played with as kids. 🙂

Steganography looks like a big field. There are lots of other software packages out there. See the links below.

Some of the software I tried is quite old. Using the linux commands, it was easy to detect a modification.

What bothers me, is how unsophisticated so many of them were.

SSuite Picsel Security was the best that I tried. I’ll be looking at more of their many free software packages.

Does anyone know of some really good Steganography software? If so, please comment, and send the links.



Useful Links:


How can you hide information inside a jpg or gif photo?

5 ways to Secretly Hide a File or Message Inside Another File

35 Best Free Steganography Software For Windows

Easily Breaking a very weak steganography software: Camouflage

Analyzing steganography softwares (for the fun of learning about it)

Michael Raggo on steganography

Michael Raggo’s StegSpy 2.1



PS:  Hopefully the formatting looks ok.  WordPress always continues to surprise, and make the simple, complex and difficult.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: