Steganography in Kali Linux – Hiding data in image
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Generally, the hidden messages appear to be (or be part of) something else: images, articles, shopping lists, or some other cover text. This post would cover Steganography in Kali Linux – Hiding data in the image. You can pretty much use the same method to hide data in Audio or Video files.
The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages—no matter how unbreakable—arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Steganography in Kali Linux
There’s two primary tools available in Kali Linux for Steganographic use.
a. Steghide
Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files. The color- respectivly sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.
Features:
compression of embedded data
encryption of embedded data
embedding of a checksum to verify the integrity of the extraced data
support for JPEG, BMP, WAV and AU files
b. StegoSuite
Stegosuite is a free steganography tool written in Java. With Stegosuite you can hide information in image files.
Features
BMP, GIF and JPG supported
AES encryption of embedded data
Automatic avoidance of homogenous areas (only embed data in noisy areas)
Embed text messages and multiple files of any type
Easy to use
Hiding data in image using steghide
Install Steghide
Installation is simple in Kali Linux as steghide is already available in Kali Linux repository. Run the following command and you’re done.
root@kali:~# apt-get install steghide
Steganography in Kali Linux - Hiding data in image - Install Steghide - blackMORE Ops - 1
Hide text file in Image
I created a folder steghide in root home folder and placed picture.jpg and secret.txt file in there. picture.jpg is the file where I am going to hide secret.txt file. I am going to show the commands here.
To hide text file in Image in Kali Linux using steghide, use the following command:
root@kali:~/steghide# steghide embed -cf picture.jpg -ef secret.txt
Enter passphrase:
Re-Enter passphrase:
embedding "secret.txt" in "picture.jpg"... done
root@kali:~/steghide#
This command will embed the file secret.txt in the cover file picture.jpg.
Hide Embed text file in Picture using steghide in Kali Linux - blackMORE Ops - 2
Now you can email, share or do anything with this new picture.jpg file without having to worry about exposing your data.
Extracting text file from Image
After you have embedded your secret data as shown above you can send the file picture.jpg to the person who should receive the secret message. The receiver has to use steghide in the following way:
root@kali:~/steghide# steghide extract -sf picture.jpg
Enter passphrase:
the file "secret.txt" does already exist. overwrite ? (y/n) y
wrote extracted data to "secret.txt".
If the supplied passphrase is correct, the contents of the original file secret.txt will be extracted from the stego file picture.jpg and saved in the current directory.
Just to be on safe side, I am checking the content of the secret.txt I extracted. Seems ok.
root@kali:~/steghide# head -3 secret.txt
Linux. It’s been around since the mid ‘90s, and has since reached a user-base that spans industries and continents. For those in the know, you understand that Linux is actually everywhere. It’s in your phones, in your cars, in your refrigerators, your Roku devices. It runs most of the Internet, the supercomputers making scientific breakthroughs, and the world's stock exchanges. But before Linux became the platform to run desktops, servers, and embedded systems across the globe, it was (and still is) one of the most reliable, secure, and worry-free operating systems available.
root@kali:~/steghide#
Viewing Info of embedded data
If you have received a file that contains embedded data and you want to get some information about it before extracting it, use the info command:
root@kali:~/steghide# steghide info picture.jpg
"picture.jpg":
format: jpeg
capacity: 3.1 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file "secret.txt":
size: 6.5 KB
encrypted: rijndael-128, cbc
compressed: yes
root@kali:~/steghide#
After printing some general information about the stego file (format, capacity) you will be asked if steghide should try to get information about the embedded data. If you answer with yes you have to supply a passphrase.
Viewing Info of embedded data using steghide in Kali Linux - blackMORE Ops - 3
Steghide will then try to extract the embedded data with that passphrase and – if it succeeds – print some information about it.
If you want more detailed information please read the man(ual) page.
Hiding data in image using Stegosuite
Stegosuite is pretty much a GUI for similar steghide-type functionality.
Install stegosuite
Installation is simple in Kali Linux as stegosuite is already available in Kali Linux repository. Run the following command and you’re done.
root@kali:~# apt-get install stegosuite
Hide Embed text file in Picture using Stegosuite in Kali Linux - Install StegoSuite - blackMORE Ops - 1
Embed text file in Image using Stegosuite
You need to run it from Application menu (or you can just search it). Go to File > Open and open the image you want to use. Right-click on the file section and select add files and select your secret.txt file. Type in a passphrase and click on embed. Few seconds and it will create a new file picture_embed.jpg.
Hide Embed text file in Picture using Stegosuite in Kali Linux - Embed File - blackMORE Ops - 2
Extracting text file from Image using Stegosuite
If you want to extract text file or data from the image, simply Open the image, type in the passphrase and click on Extract.
Steganalysis and detection
In computing, steganographically encoded package detection is called steganalysis. The simplest method to detect modified files, however, is to compare them to known originals. For example, to detect information being moved through the graphics on a website, an analyst can maintain known clean-copies of these materials and compare them against the current contents of the site. The differences, assuming the carrier is the same, comprise the payload. In general, using extremely high compression rates makes steganography difficult, but not impossible. Compression errors provide a hiding place for data, but high compression reduces the amount of data available to hold the payload, raising the encoding density, which facilitates easier detection (in extreme cases, even by casual observation).