Hiding in plain sight is sometimes the best tactic.
For instance, this lovely young lady
Rather unassuming, right? Well, read on and you’ll learn how to extract a hidden message from that picture!
Steganography is “the practice of concealing a file, message, image, or video within another file, message, image, or video.” (Source: Wikipedia) In Linux, the ever-so-handy Steghide allows us to do just that. I know that you and your imagination will come up with all sorts of creative ways to utilize this awesome little program.
Now, if you’re using ParrotSec, you’ll already have steghide installed. Otherwise, it won’t take you much effort at all to snag a copy of your very own.
Scenario A: You have a text file and don’t want anybody to know about it. Embed it into a picture!
Let’s dissect our command:
steghidecalls the program
embedstates that we are going to insert a file into our image, as opposed to “extract”
-cfspecifies that this is our
-efspecifies that this is our
Enter and re-enter a password of your choosing, and that’s it. You have now successfully embedded a file into an image. How does it look? Any different? You could take this picture, bury it with thousands of others and know that your data is safe and sound. Just don’t forget where you put the picture. Or the password.
Scenario B: You have a picture, you know there’s something in it, and you want it back!
Now here we have two commands. The first is quite simple:
steghidecalls our program
extractstates that we want our stuff back
-sfspecifies that this is the
You will be prompted for the password you created when you embedded the file. Enter that, and your hidden file will be extracted and created in the same directory as the source file.
The second command is
cat, which is a useful Linux command to display the contents of a file.
Now that this information is fresh in your mind, let’s find out what’s inside the image of the girl at the top of the page. Download (right-click, “Save As”) the image and use steghide to extract the hidden file within. The password is
To further your knowledge in steghide, let’s go ahead and do the following:
This is going to show you the man (manual) page. In fact, most CLI (command line interface) programs have a man page. This is written by the author of the program as the first resource for more information, and a great help in deciding what to Google when you can’t find the answer to your question. Press
qto leave the man page when you’re done.
- With the man page up, open another terminal to execute commands. Change the encryption algorithm to
rijndael-256, since the default is
rijndael-128. What’s the difference between the two?
--infoon images you’ve embedded files in.
- What kind of file types can you embed into your images?
- What kind of file types can you use as container files?