Steganography is a cool thing to be aware of, it’s not life-changing but it’s fun and interesting. Steganography broadly means hiding a message inside another object so nobody else even realizes that there is a hidden message, let alone one that they can’t decipher. Particularly, for the purpose of this article, I am talking about hiding messages inside other digital objects (files) such as images or sound files.
For example, you could slightly reduce the quality of an image and use those freed up bits to contain your message. The same goes for audio files, messages can be hidden amongst the “noise” in the background.
There are a ton of programs out there, so I’d recommend just following some links off of the Wikipedia article linked above. But I’ll finish this article with two examples of using some steganography programs to hide messages.
Hiding a message in look-alike spam
Using a website called Spam Mimic, you can hide a short message in a much longer message that looks like spam.
So, if I go to the Spam Mimic website and click on “Encode”, I’ll get the option to hide my message. I’ll enter a short message:
404 Tech Support
What I then get back is this:
Dear Colleague ; You made the right decision when you
signed up for our club ! We will comply with all removal
requests ! This mail is being sent in compliance with
Senate bill 1622 , Title 7 ; Section 303 . This is
NOT unsolicited bulk mail . Why work for somebody else
when you can become rich as few as 33 DAYS ! Have you
ever noticed most everyone has a cellphone & how long
the line-ups are at bank machines . Well, now is your
chance to capitalize on this . WE will help YOU SELL
MORE and deliver goods right to the customer's doorstep
. The best thing about our system is that it is absolutely
risk free for you . But don't believe us . Prof Ames
of Missouri tried us and says "My only problem now
is where to park all my cars" . We are licensed to
operate in all states ! We implore you - act now .
Sign up a friend and your friend will be rich too !
Thank-you for your serious consideration of our offer
! Dear Friend ; This letter was specially selected
to be sent to you . If you are not interested in our
publications and wish to be removed from our lists,
simply do NOT respond and ignore this mail . This mail
is being sent in compliance with Senate bill 1626 ;
Title 8 ; Section 304 . This is not a get rich scheme
. Why work for somebody else when you can become rich
inside 57 days ! Have you ever noticed people love
convenience and more people than ever are surfing the
web . Well, now is your chance to capitalize on this
. WE will help YOU turn your business into an E-BUSINESS
and deliver goods right to the customer's doorstep
! You can begin at absolutely no cost to you . But
don't believe us ! Prof Anderson of Idaho tried us
and says "Now I'm rich, Rich, RICH" ! We are a BBB
member in good standing ! For the sake of your family
order now ! Sign up a friend and you'll get a discount
of 60% . Cheers !
Now, if I send you that message as an e-mail you would have to know to take that message to the Spam Mimic website and Decode it. Anybody else that accidentally stumbled upon it would think none the wiser whether they were digging through your inbox or casually glancing over your shoulder.
Hiding a file inside an image or audio file
StegHide is an open-source program that’s been around for a while and allows you to hide data inside jpeg, bmp, wav, and au files. You could hide a text file in a jpeg file and send it off to a friend and nobody would know that there was a secret message even to be found.
All of these steganography methods require prior contact and arrangement. Due to the nature of steganography, if you don’t know about a secret message, you wouldn’t be able to see it or notice the possibility of it. You need some way to indicate that a file has a message encoded in it and what the passphrase is. So, if we met up before and I said “If I ever send you a file as an attachment to your e-mail where only the second character in the filename is capitalized, you need to use StegHide to extract a message.” You would know what to look for. “Also, the passphrase is ‘404’.”
So, one day you get a message in your inbox from me with this file: sTegosaurus.jpg
and it looks like a normal picture of a dinosaur.
You know that there is a message encoded in that file, even if it looks like a normal picture.
You would get to that message by:
Downloading and extracting the steghide application for your OS.
Go to Start, Run… and enter ‘cmd’ and then hit Ok.
This should launch a command prompt window. Use cd [folder name] and cd .. to navigate to the folder that contains steghide.
For example, after extracting the steghide folder to my desktop and entering the Command Prompt, you could:
cd desktopdir
cd steghide
Now we’re in the steghide folder with steghide.exe. To extract the message from that picture, we download the picture to the steghide folder and then back in the Command Prompt window run the following command:
steghide.exe --extract --stegofile sTegosaurus.jpg --passphrase 404 --extractfile mymessage.txt
This extracts the hidden message from the dinosaur image to a text file, mymessage.txt. You can then open up the file in Notepad and see what the hidden message says.
To hide a file in an image, it would be a similar process to the last code:
steghide.exe --embed --embedfile [yourhiddenmessagename] --coverfile [yournormalfile] --passphrase [your pass code]
Example:
steghide.exe --embed --embedfile message.txt --coverfile sTenographer.jpg --passphrase 404
Let me know in the comments if you successfully figured out the hidden message in the above stegosaurus image.