Steganography is the art of hiding information in sight. In this tutorial, I'll show you how to use Steghide – a very simple command-line tool to do just that. Also, I'll cover a little conceptual background to understand what's going on behind the scenes. This is a tool that is simple, configurable, and takes only a few seconds to hide information in many file types.
What is Steganography?
Unlike encryption, which apparently hides a message, steganography hides data in a view, in a file like a picture. For images that do not know they contain hidden data, it looks like a normal, innocent image.
Steganography is useful in situations where sending encrypted messages could arouse suspicion, as in countries where free speech is suppressed. It is also often used as a digital watermark to find when images or audio files are stolen. And for a less practical hint ̵
There are several techniques for hiding data in normal files. One of the most widely used and perhaps easiest to understand methods is the least significant technique, commonly known as LSB.
This technique changes the last few bits in a byte to encode a message that is particularly useful in an image, where the red, green and blue values of each pixel are represented by eight bits (one byte) range from 0 to 255 in decimal or 00000000 to 11111111 in binary format.
Changing the last two bits in a fully red pixel from 11111111 to 11111101 only changes the red value from 255 to 253, causing a barely perceptible change in color to the naked eye, but still allowing data to be encoded within the image.
The least significant bit technique works well for media files in which slightly varying byte values change only slightly unnoticeably, but not so well for ASCII text where an individual misses something in the square will change the character completely. Not to mention the fact that data hidden with LSB steganography are easy to spot when someone is looking for it.
For this reason, there is a wealth of other steganographic techniques, all of which have their own advantages and disadvantages. Another, far less detectable type is referred to as discrete cosine transform coefficient technique (I know it's a bite) that slightly changes the weights (coefficients) of the cosine waves used to reconstruct a JPEG image
Considering that certain digital steganography techniques are better than others, it is generally best to avoid the LSB technique and use something more sophisticated. In fact, developing your own steganography algorithm is not particularly difficult if you already have good programming skills and basic mathematics. But to get a sense of how steganography works, LSB using Steghide will be fine here.
Two more things to keep in mind are encryption and compression. Encrypting data before embedding provides an extra layer of security, while compressing your data allows you to integrate more into your cover file. Both encryption and compression schemes may be included as optional parameters in Steghide, and we will cover these below.
Using Steghide is very easy. To install it from the terminal under Linux, just use apt .
apt-get install steghide
After installation, type the command to embed data in a file:  steghide embed -ef secretFile -cf coverFile -sf outputFile -z compressionLevel -e schema  The arguments are broken up as follows:
- -ef specifies the path of the file You want to hide. You can embed any type of file in the cover file, including Python scripts or shell files.
- -cf is the file in which the data is embedded. This is limited to BMP, JPEG, WAV, and AU files.
- -sf is an optional argument that specifies the output file. If not specified, the original cover file will be overwritten by your new Steganographic file.
- -z specifies the compression level between 1 and 9. If you do not want to compress your file, use the argument -Z instead.
- -e indicates the type of encryption. Steghide supports a variety of encryption schemes. If this argument is omitted by default, Steghide uses 128-bit AES encryption. If you do not want to use encryption, just type -e none .
In my example I hide secret text in a picture of a cat. I do not overwrite the original image or compress it, nor am I currently interested in the encryption.
steghide embed -ef secret.txt -cf StegoCat.jpg -e none -Z
Once you have run the Steghide command, you are prompted to set a password that you can use to extract the embedded data later. Enter your passphrase and re-enter it to confirm. Once you get used to this process, it only takes seconds to hide your data in a picture or audio file with Steghide.
Step 2: Extract Hidden Data from the File
Extracting hidden data from a steganographic image is even easier. The command uses the following syntax:
$ steghide -sf -sf stegoFile -xf outputFile
When you run this command, you are prompted for the same password you created above to create the extracted file. It's that simple.
The advantage of steganography is that you can hide data in a simple view, but you can really blow it out if you do not follow some common sense rules. First, the small differences that steganography introduces are hard to spot – unless you have the original.
If you use an image from the Internet without significantly changing it, you can easily see that an image contains hidden information. To verify this, try a reverse Google Image search to make sure that the original does not fly around somewhere.
I hope you enjoyed this tutorial and discovered how easy it is to use steganography. It only takes a moment to hide secret messages in media files, and whether you're doing it for copyright protection or just cool, steganography has a variety of uses.
Thank you for reading and if you have any questions @ blackslash6