How to Perform Steganography Using Steghide

Introduction

In this guide, I am going to show you how to perform steganography. Steganography is the practice of concealing information within other non-secret data or a physical object to avoid detection. Unlike cryptography, which aims to make data unintelligible, steganography hides the existence of the secret information.

Think of steganography as hiding in plain sight. To avoid suspicion, you may opt to make use of steganography instead of cryptography because when encrypted data is intercepted, even though you may not be able to make sense of it, you definitely know that there’s some form of secret communication going on. With steganography, you don’t raise any suspicion.

So basically, steganography is a method where you hide secret information, like a text file with passwords, inside something ordinary, like a regular image. The image looks normal, but it secretly contains the hidden data. To uncover the hidden information, you need a special passphrase that was set when the data was hidden. Without this passphrase, the secret data remains concealed and cannot be easily accessed.

To perform this demonstration, I’ll be making use of steghide. Steghide is a tool used for steganography, which allows you to hide data within various types of files, such as images or audio files.

Installation

In this demo, I’ll be embedding a text file containing a password into an image. Please bear in mind that I’ll be using my Kali Linux VM for this demo. Let’s get started!

First things first. We need to install steghide on Kali. You can do that by running (as root):

$ apt update
$ apt install steghide

apt update: Refreshes the package list on your system to ensure you have the latest information on available software and updates.

apt install steghide: Installs the `steghide` tool on your system using the package manager, allowing you to perform steganography.

After running these commands. Please give a bit of time for the program to get installed. Make sure you have good internet connection of course.

After the program has been installed, a good practice is to run the program with the --help or -h flag. This will help you understand how to use the program. Bear in mind that this works for most (if not all) programs on Linux — not just steghide.

So in our case, we run:

$ steghide --help

The result:

We can see the various options and functionalities that steghide offers by using the help flag. Now, crafting our command will be pretty straightforward.

Performing Steganography

In my working directory, I have an image and a text file containing a password. As mentioned earlier, I am going to embed the text file into the image to share the text file secretly. Here’s a screenshot of my working directory:

Notice there’s a me.JPG and secret.txt file. I am going to embed the text file into the image using steghide. Make sure you have your files prepared.

We already saw the various available options in steghide using the help flag. So now, we can craft our command.

Command:

$ steghide embed -cf me.JPG -ef secret.txt -sf muhammad.JPG

This command uses steghide to embed the contents of the text file secret.txt into the image file me.JPG.

-steghide embed: Tells Steghide to hide (embed) data.

-cf me.JPG: Specifies the cover file, which is the image me.JPG where the data will be hidden.

-ef secret.txt: Specifies the embed file, which is the secret file secret.txt that will be hidden inside the cover file.

-sf muhammad.JPG: Specifies the output file muhammad.JPG, which will be the image containing the hidden data.

So, after running this command, muhammad.JPG will be an image that looks just like me.JPG but secretly contains the contents of secret.txt. Please remember to use your own files. Don’t copy the commands blindly.

Results from running the command:

You will be prompted to enter a passphrase. You or the recipient will need this passphrase to retrieve the embedded (hidden) file. Please use a strong passphrase.

Notice that now, in my working directory, I have a new image muhammad.JPG. This is the image containing the embedded text file. This is the image I would send to evade detection.

Notice how the two images look exactly the same.

Reversing the Process

We have seen the embedding process in steganography. Now, let’s look at the extraction process. Earlier, I was the sender. Now, I’ll be the recipient.

If you receive a file from a friend with a message embedded using steganography, extracting the hidden information with steghide is straightforward. All you have to do is run (assuming the initial parameters):

$ steghide extract -sf muhammad.JPG -xf retrieved_secret.txt

This command extracts hidden data from muhammad.JPG and saves it as retrieved_secret.txt. -sf stands for “stego file” (the file containing hidden data), and -xf stands for “extract file” (the file where the extracted data will be saved). You will be prompted to enter a passphrase. Make sure to get that from the sender.

Note: You don’t need to specify the -xf flag when extracting data with Steghide. By default, Steghide will automatically create a file using the name of the hidden file (in our case, secret.txt) and store the extracted content there. I used the -xf flag to assign a different name to the extracted file, just to avoid confusion since I’m demonstrating both the sender and receiver roles.

Result of running the command:

Notice we now have retrieved_secret.txt. Its content is the exact same as secret.txt. 

Opening the secret file:

Press enter or click to view image in full size

That’s not a real password so don’t try to get creative XD

There you have it. We have successfully embedded and extracted hidden information using the steghide.

Conclusion

In this guide, you learned how to perform steganography. This is a very handy skill to ensure secret and private communication. Other tools for steganography include SilentEye, Hide and Seek (Hideseek), Stegano, and Pixelknot. 

These tools offer various features for embedding and extracting hidden data in different types of media files. Feel free to try them out when you have time.

I hope you enjoyed this one. If you have any questions, observations or contributions, please let me know in the comment section. If you enjoyed this tutorial and want more like this, consider following me and subscribing to my mailing list so you get notified whenever I post similar content.

Till next time!