Steganography

STEGANOGRAPHY

Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png. Stego has been used since ancient times to deliver messages that they don't want others seeing. In the modern day it's used for the same purpose, only now we have much more advanced tools. This room is designed to go over those tools and how to use them.

All needed files can be found inside the included zip file

important: download files to experiment and learn stegnographic things.

Note: Basic linux knowledge required.

STEGHIDE

Steghide is one of the most famous steganography tools, and for good reason. It's a classic method, hiding a message inside an image, and steghide does it effectively and efficiently. A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.

One of the greatest benefits of stegohide, is that it can encrypt data with a passphrase. Meaning that if they don't have the password then they can't extract any data.

steghide can be installed with the command  "sudo apt install steghide"

ZSTEG

zsteg is to png's what steghide is to jpg's. It supports various techniques to extract any and all data from png files.

Note: zsteg also supports BMP files, but it is primarily used for png's.

zsteg can be installed by using ruby with the command "gem install zsteg"

EXIFTOOL

Exiftool is a tool that allows you to view and edit image metadata. While this in itself is not a stego tool, I would be remiss not to include at least a footnote on it as one of the most popular forms of image stego is to hide messages in the metadata.

Exiftool can be installed with "sudo apt install exiftool"

STEGOVERITAS

Personally this is one of my favorite image stego tools. It supports just about every image file, and is able to extract all types of data from it. It is an incredibly useful tool if you don't know exactly what you're looking for, as it has a myriad of built in tests to extract any and all data.

Note: Stegoveritas has other features as well such as color correcting images

Stegoveritas can be installed by running these two commands:

1. pip3 install stegoveritas

2. stegoveritas_install_deps

Spectrogram stegonography is the art of hiding hidden an image inside in an audio file's spectogram. Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio. To do this task we will be using Sonic Visualizer.

Note: This introduction will be done using the included wav1 file.

When you open Sonic Visualizer you should see this screen:

From there click File->Open and then select the included wav1 file and you should see a screen similar to this:

From there click Layer->Add Spectrogram and you should see this:

And that's it!