Once I read about how some spies were saving messages in pictures. Cool. So I thought I’d try it just for fun.
It was a lot different from invisible ink we played with as kids. 🙂
First I looked at an article on StackOverflow
In the article I found:
You can concatenate a gif and a zip (the information you want to hide) into one file. Gifs are read from the start of the file, while zips are read from the end of the file.
To create such a file in linux: cat file1.gif >> outfile.gif cat file2.zip >> outfile.gif or in Windows: copy /b "file1.gif"+"file2.zip" "outfile.gif"
$ zip Sometext.zip Sometext.txt
adding: Sometext.txt (stored 0%)
cat DDR3.JPG > DDR3_zip.jpg
cat Sometext.zip >> DDR3_zip.jpg
35604 Jan 4 10:33 7zip_Cat.jpg
111118 Nov 1 14:51 DDR3.JPG
111295 Jan 4 10:35 DDR3_zip.jpg
21 Jan 4 10:34 Sometext.txt
177 Jan 4 10:35 Sometext.zip
Sure enough, if you use Windows Explorer, and open the file that’s been appended, you get the same image. Cool.
To extract the text, I found it with 7Zip.
Then, I did some analysis using a few commands in cygwin.
$ file *
7zip_Cat.jpg: JPEG image data, JFIF standard 1.01
DDR3.JPG: JPEG image data, JFIF standard 1.01
DDR3_zip.jpg: JPEG image data, JFIF standard 1.01
Sometext.txt: ASCII text, with CRLF line terminators
Sometext.zip: Zip archive data, at least v1.0 to extract
strings DDR3_zip.jpg | tail
This is some text
So, the fact that the file has been modified is easily found after all.
More from the Stackoverflow thread:
Here is an opensouce Steganography software called steganotool This project is an open source steganography tool that can be used to hide and extract text to/ from Bitmap images.
Downloaded if from
Use the file: Steganography.exe
Use the Steganography tool to add to the file JackA.bmp:
This is some text.
And create the file: Jack_Steno.bmp
ls -l 3,728 JackA.bmp 4,814 Jack_Steno.bmp
The resulting file is 1086 bytes bigger.
JackA.bmp: PC bitmap data, Windows 3.x format, 35 x 34 x 24
Jack_Steno.bmp: PC bitmap data, Windows 3.x format, 35 x 34 x 32
– nothing at all, very interesting.
However, the cat command shows some interesting differences:
It turns out that Steganography only works with BMP files. Not a common file format these days. If you hid some info in a BMP file, someone might be curious.
find /cygdrive/c -type f -iname "*.bmp" 2> /dev/null | wc 610 2189 58228 find /cygdrive/c -type f -iname "*.jpg" 2> /dev/null | wc 7855 17536 900006
I tried Clotho, downloaded from here.
Using the most basic setting
$ file * DDR3.JPG: JPEG image data, JFIF standard 1.01 DDR3_cloth1.JPG: JPEG image data, JFIF standard 1.01 SomeText.txt: ASCII text, with CRLF line terminators clotho_basic.jpg: JPEG image data, JFIF standard 1.01 RL@AcerP633V /cygdrive/c/temp/Steganography2/clotho $ strings DDR3_cloth1.JPG | tail &`gi O|wX F4r ('Yj7 bo=2\ RQNX-CLOTHO:256: <------ ga}. H/U* ``dg this is some text <------
So, the Linux strings command works again.
Try the obfuscation feature.
Again, the strings command can indication something.
$ strings DDR3_cloth2.JPG | tail J}rNcerP633V /cygdrive/c/temp/Steganography2/clotho LOX( &`gi O|wX F4r ('Yj7 bo=2\ RQNX-CLOTHO:256: <------ ga}. :|=c
And the strings command still works.
And, interestingly enough, I see something in Windows 7 explorer:
Every file touched by clotho, has a little padlock in the icon. Hmm.
Requires that you have and know java.
cd C:\Utils\SteganoGifPaletteOrder\ java SteganoGifPaletteOrder
Only works with GIF files.
Does not have functionality to specify where to save resulting file.
In the same directory as the .class files, it just creates a file:
No possibility to give it a particular file name, which is pretty fundamental.
On this blog, I found a comment,
Dale Jackaman comments: Open source forensics tools such as Autopsy or commercial tools such as X-Ways Forensics will find all these hidden file types.
So I Download Autopsy
And take it for a test drive. You have to make a case first.
It finds the zip files.
Looking at a file that I modified: DDR3_2_zip.jpg, nothing seems to be flagged.
But if you use the tab, Indexed Test, it give the same results as the cygwin/linux strings command
So, you can use Autopsy to find issues. But, in my case, you would need to know what you are looking for.
Looks like a big program, that does many things.
Michael Raggo’s StegSpy 2.1:
I downloaded Michael Raggo’s StegSpy 2.1 from here.
Turns out that it says: Copyright 2003, 2004
Over 1 1/2 decades ago.
And, it’s a very simple program. Only one button!
Then, tried it on the file I modified, DDR3_2_zip.jpg, but it didn’t detect anything.
SSuite Picsel Security:
Eventually, I found SSuite Picsel Security
Open original image. Here, use the supplied, Athena.bmp
Make a file with the message, link it to the Message button
$ ls -l 21 Jan 4 10:34 Sometext.txt 11238 Jan 3 15:49 athena.bmp 85186 Jan 4 13:41 athenaAfterEncrpt.bmp
Makes the resulting file size much bigger
Images looks the same.
But cat command shows differences:
Resulting Encrypted File
You can encrypt with a JPG file too. However, the resulting file created is a BMP.
ls -l 111118 Nov 1 14:51 DDR3.JPG 1920054 Jan 4 13:54 DDR3AfterEncrpt.bmp ls -lh 109K Nov 1 14:51 DDR3.JPG 1.9M Jan 4 13:54 DDR3AfterEncrpt.bmp
And the resulting BMP is much bigger than the original JPG.
Open Original IMage: DDR3.jpg
Hit Decrypt button.
Open Encrypted Image file:
Decrypt image: Yes
That’s enough exploring for a day or two. It was a lot different from invisible ink we played with as kids. 🙂
Steganography looks like a big field. There are lots of other software packages out there. See the links below.
Some of the software I tried is quite old. Using the linux commands, it was easy to detect a modification.
What bothers me, is how unsophisticated so many of them were.
SSuite Picsel Security was the best that I tried. I’ll be looking at more of their many free software packages.
Does anyone know of some really good Steganography software? If so, please comment, and send the links.
HACKER LEXICON: WHAT IS STEGANOGRAPHY?
How can you hide information inside a jpg or gif photo?
5 ways to Secretly Hide a File or Message Inside Another File
35 Best Free Steganography Software For Windows
Easily Breaking a very weak steganography software: Camouflage
Analyzing steganography softwares (for the fun of learning about it)
Michael Raggo on steganography
Michael Raggo’s StegSpy 2.1
PS: Hopefully the formatting looks ok. WordPress always continues to surprise, and make the simple, complex and difficult.