Steganography

March 8, 2010, by | Start Discussion

What is Steganography?

Steganography is the art of hiding information in images. In Greek, Steganography means “covered writing”.
In steganography, confidential data is hidden in images to protect it from unauthorized users. So basically it means, hiding a secret message within a cover-medium in such a way that others cannot detect the presence of the hidden message.
In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file.
 

Steganography vs. Cryptography
Steganography and cryptography are two important techniques to secure data. It has gained importance post World War II. It is now widely used by Law Enforcement Agencies, terrorists etc.

Steganography’s  goal is to hide  the presence of a message.

Cryptogtaphy’s goal is to obscure a message or communication so that it cannot be understood.

Steganography differs from cryptography   in the sense that,  cryptography focuses on keeping the contents of a message secret, whereas steganography focuses on keeping the existence of the message secret. The strength of steganography can thus be amplified by combining it with cryptography. Steganography and cryptography make a powerful combination regarding data security!

Methods of Steganography

Embedding messages in media, like

  • Plain Text
  • Audio/Video
  • Image

Plain Text
Steganography with plain text can be done in number of ways, as mentioned below:

  • Using selected characters or words from a specially-crafted cover-text. (Consider this sentence – “Since Everyone Can Read, Encoding Text In Neutral Sentences Is Doubtfully Effective”. Here, if you observe, first letter of each word is used to convey a message –  Secret Inside!!)
  • Introducing white-space characters (line spaces and tabs) that a text view won’t display.

For demonstration purpose we will illustrate SNOW (Steganographic nature of Whitespace).

SNOW

SNOW
Figure 1.1

Snow is a program for concealing and extracting messages in ASCII text files. This method conceals messages by appending tabs and spaces (known as whitespace) at the end of lines. Tabs and spaces are invisible to most text viewers, hence   depicting steganographic nature of this encoding scheme.

Figure. 1.1 shows all the available options in snow. They are described as below:

-C = use compression during concealing, uncompress during extraction
-Q = quite mode. Used to turn off verbose messages while program runs
-S = Show approximate space available in cover file
-p = password option is used for encryption/decryption
– l = snow will create lines sorter than this optional line length parameter
 -f = this is the secret file
 -m = this is the secret message string
infile = this is the input cover file
outfile = this is the output file
 

For this example, we will use following file :-
 

insnow.txt = this is the secret file to conceal
hide.txt = this is the infile (cover file)
outsnow.txt = this is the outfile (cover file + secret file)
p@ssword = this is the password used for encryption/decryption
   
Note:- All the above specified examples need appropriate substitution for practical purposes..

Now to hide the file – insnow.txt within hide.txt using encryption with the output of snow, the command is as follows:

Snow –p “p@ssword” –f insnow.txt hide.txt outsnow.txt

 

ClubHack Magazine - using snow for steganography
Fig 1.2

 

Now to extract the hidden message following command is used:

ClubHack Magazine -  Steganography with snow
FIg 1.3

And the contents of the secret file are revealed:-

“meet me at dawn”

 

Image Steganography

Data can be hidden in images also. In fact images are most widely used in steganography.

Tools:

Many tools are available to do image steganography like Camouflage, JPEG-JSTEG. For demonstration we will use Camouflage.

Camouflage:

Camouflage allows you to hide files by scrambling them and then attaching them to the file of your choice. This camouflaged file then looks and behaves like a normal file, and can be stored or emailed without attracting attention. Camouflage software is easy to install, user-friendlyand a very versatile steganography tool that is free of cost and readily available for downloading .

For example following files will be used:-

Sunflower.jpg = cover medium
Secret.jpg = file to be hidden
Kiss = passphrase

Camouflaging Files:

You can camouflage a file or several files at a time by right-clicking them and choosing “Camouflage” from the menu. Following window will appear.

ClubHAck Magazine - Camouflag
Fig 2.1

Now, in the first window, you can view/edit the files by double clickin them or by right clicking them and choosing ‘Open’. Selectin “Properties’ will give information about the file.

Anyway, click next.

 

ClubHAck Magazine - Camouflag
Fig 2.2

Here, in the second window, it will ask for the cover medium (file). Select a file with which you want to cover your secret file. This file can be of any type, but in this example we are using a .JPG file.;

ClubHAck Magazine - Camouflag
Fig 2.3

In the next window, give the location and filename for the camouflaged file. Check ‘Read-only’ to create camouflaged file with its ‘Read-only’ attribute. This is recommended because it makes the file safer, and prevents other applications from modifying it and destroying the camouflaged section.

ClubHack Magazine - Camouflag
Fig 2.4

 

In the final window you can type a password.We will use “kiss” as password for demonstration purpose. If you do not wish to add password then just click ‘Finish’. This will create the camouflaged file and then exit.

Uncamouflaging Files:

To extract the files hidden within a comuflaged file, right-click the camouflaged file and choose ‘Uncamouflage’ from the menu. 

ClubHAck Magaxine - Camouflag
Fig 2.5

A password prompt appears. Enter the password, if any. Once you entered the correct password (if applicable), click ‘Next’

 

ClubHAck Magazine - Camouflag
Fig 2.6

This window displays a list of the files hidden within the camouflaged file. The first file in the list is the file originally used as camouflage (cover medium).To extract files just click ‘Next’.

CLubHAck Magazine - Camouflag
Fig 2.7

 

Here give the location where you want the file to be extracted. Now you can view your secret file!!!

Audio Steganography

In Audio steganography,secret messages are embedded in digital sound. The secret message is embedded by slightly altering the binary sequence of a sound file. Existing audio steganography software can embed messages in WAV, AU, and even MP3 sound files.

Embedding secret messages in digital sound is usually a more difficult process than embedding messages in other media, such as digital images.

S-Tools:

For example following files will be used:- 

Cover.wav = this is the cover medium file
Secret.wav = this is the hidden data file
Out.wav = output file (cover_medium + hidden_file)
p@ssw0rd = this is the passphrase

Open S-Tools (S-Tools.exe).
Drag the cover_medium, in this case cover.wav, into the S-Tools window

ClubHack Magazine - S-tools
Fig 3.1

Now, to hide the secret file, drag secret.wav into S-tools window and drop it onto the cover medium. Immediately you will be prompted for a passphrase. The passphrase is used in generating the pseudo-random number which is used to insert the bits into the cover file. IDEA, DES, TripleDES, and MDC are the encryption algorithms provided by S-Tools.

ClubHack Magazine - S-Tools
Fig 3.2

After choosing appropriate passphrase and Encryption Algorithm, right click on the secret file and save it.

The passphrase and encryption algorithm used must be remembered in order to extract the secret file.

Now, to extract the hidden message, open the out.wav in S-Tools.

 

Steganography, the easy way… No steganography software required!!!
Yes you read it right – No steganography software.

So here is a quick how-to on doing image steganography with common tools, without any specialized software.

  1. Compress the file you want to secure( I tried both rar & zip), say secure.zip
  2. Take the image file which you want to use, say image.jpg
  3. run the following command
  4. copy /b image.jpg + secure.zip hidden.jpg
  5. Double click hidden.jpg & you'll see the original image
  6. Open the file in archiving utility ( tried winzip & winrar)
  7. It will open the content of original secure.zip

Analysis

copy command copies the content of both the files into a third file.

The third file starts with the header of an image & even the extension is of image, so the OS (tried KDE & GNOME in case of Linux) interprets it like an image & shows the image, that too without any distortion or noise in the image.

/b option indicates binary operation & takes care of any possible goof up.

PoC

Download the image from http://bit.ly/stegano-demo which looks like one below & try opening it in any archiving software.

Steganography without any tool
 Original image @ http://bit.ly/stegano-demo

Author bio not avialable

Leave a Reply