Steganography

In this lab we will see what Steganography consists of and we will perform an exercise about it using Steghide in Kali Linux.

Steganography

https://commons.wikimedia.org/wiki/File:Primer_libro_de_steganografia.JPG

In this mini lab we will see how we can hide information inside other files and we will see the process of extracting this hidden information. With the use of steganography, we can hide information inside another file that can then be distributed regardless of being seen by third parties. Its hidden content is visible only to those who are aware it exists and know how to extract it. Generally this hidden content is also encrypted so that a passphrase is required to extract it.

Image by Cornell University Indicates the use of Eksblowfish. steganography (from Greek στεγανος steganos, "covered" or "hidden", and γραφος graphos, "writing") deals with the study and application of techniques that allow hiding messages or objects inside others, called carriers, so that their existence is not perceived. That is, it seeks to hide messages inside other objects and thereby establish a covert channel of communication, so that the very act of communication goes unnoticed by observers who have access to that channel.

Read more in the following 👉 link.

There are various tools that allow us to see this process in action; in this particular exercise we will use Steghide.

Basic steganography with Steghide

Harris Brisbane Dick Fund, 1924

The illustration above may seem like a common image, however contains hidden inside it the complete poem To Domains [Sharing this NS] The Raven version of Edgar Allan Poe. At first glance the image shows no signs of being more than what can be perceived, and with that we can get an idea of the potential of steganography to hide information and transport it even in front of third parties' eyes without the hidden message being detectable at a glance.

Hiding information with Steghide

Let's look at the basic commands of steghide that we must use to achieve replicating that result and carry out our basic steganography exercise. The first thing we must have is the basic files:

• An Image.

• The Message we want to hide.

• Steghide.

the basic use of steghide is super simple, just use the following options:

steghide embed -cf {cover_file} -ef {embed_image}

• embed: tells steghide the mode we want to use. In this case embed inserts content into the target file.

• -cf FILE: Indicates to steghide the file that will act as the cover, in this case the image that will contain the hidden information. For our example this file is RAVEN.jpg.

• -ef FILE: Indicates the path to the file that will be hidden in the cover file. For our example this file is MESSAGE which contains the complete poem The Raven.

• passphrase: the key needed to extract the hidden content. For this example the key is POE.

As we can see the size of the file RAVEN.jpg undergoes a change in weight after the process. It is important to keep this in mind since if the message we try to hide is too large, we must resort to a larger image that has sufficient capacity to store our message. This happens because steganography uses the least significant bits of the image to replace them with the bits that make up our hidden message.

We can see this exemplified in the following image where the least significant bits of the image are altered to store the bits that make up the word cat.

esgeeks.com: This diagram shows two 4-pixel images both in color and in binary values. Each binary block represents the value of the corresponding pixel.

Viewing Embedded information with Steghide

Now let's see how we can use steghide to check if our image contains embedded hidden information. For this we use the following options:

steghide info {Cover_File}

• info FILE: the operation mode that tells steghide we want to see information about the file. Among the returned results you can obtain: Encryption algorithm used, file size, name of the embedded file and format of the cover file used.

As we can see to perform this operation we need the passphrase (key) that was used at the time of hiding the information. In this case we know the key, in many cases this information is unknown and we will have to resort to social engineering, or to brute-forcing with tools like stegcrack to obtain the key and be able to use this command. The same also applies to the process of extracting the embedded information.

Extracting embedded information with Steghide

When the time comes we will need to extract the hidden information from the image; for this we will use the following options of steghide:

steghide extract -sf {COVER_FILE}

• extract: Tells steghide that we want to perform the extraction of embedded data from a cover file.

• -sf FILE: Tells steghide the cover image from which we want to extract the embedded information.

• passphrase: The key to be able to extract the hidden content.

If we check the contents of the extracted file, we can see that it indeed contains the poem we had hidden before:

In this way we saw how we can use steganography to hide information inside other files, which on the surface appear normal to anyone who sees them.

It should be clarified that steganography is not limited to image and text files and can also, for example, embed source code inside audio and video using other tools. In the case of Steghide in particular it allows us to hide information inside files with the following formats: WAV, JPEG, AU and BMP.

Steghide has numerous options to refine as desired how the process of embedding content inside other files is carried out. It is not within the scope of this exercise to see the entire operation of steghide and it is important to be clear that there are different alternative tools with which we can achieve the same result.

These labs are subject to modifications and corrections; the most up-to-date version is available online at the following link.