Steganography Made Easy in Linux
Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.
Mostly because it doesn't look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them. Even trained cryptographers may have an encoded message inside a picture and be unaware of it. There is a very deep science to this. Usually this is done by flipping parity bits at the binary level. While it is great to learn how this works, sometimes it can be a very tedious job. Fortunately for us there is a tool that will take away most of the grunt work.
2. Legal Disclaimer
Before we begin, I should say that I do not condone the knowledge used in this article for anything other than hiding legal information. The purpose of this is to illustrate how to keep secrets safe. I should also note to please research your country's laws on encryption and its exportation before using this tool. No matter how free you believe your country is, you may be shocked to find out how stifling some of the laws on encryption are.
SteGUI is a graphical front-end for the program know as Steghide. SteGUI is available for download as an rpm package and a tarball source. One might assume that source would compile flawlessly on Debian an Ubuntu since no deb package is provided. But while trying to compile from source with Debian Sid and Backtrack 5, I found myself in what is commonly known as "dependency hell". To save yourself some trouble and time just download the rpm package. From here you can just issue
alien -d SteGUI.rpm
to produce a Debian package that installs much easier. From there
dpkg -i SteGUI.deb
should install without problems.
Once you are up and running the GUI is very simple to comprehend. From the File tab select "Open File" to choose a jpg file to use. While any jpg will do, very large messages will require very large pictures to hide them without altering images to the eye. Now that you have a jpg, go to the Actions tab and select "Embed". From here a box will pop up with a couple of requirements and options to fill out. In this example I have entered the path on my computer for a text file named passwd.txt into "File to embed for cover file". This would be the secret text that we wish to hide as it passes along the Internet. Next is the "File to use as cover" line. This is simply the path to the picture we wish to hide the passwd.txt inside. We must also select "File to use as output stegofile". We can name this anything, as long as we include the .jpg file extension. Here I simply chose out.jpg.
We are going to leave all the check boxes as the defaults here. I would like to explain what some of these are for though. The encryption box here is rather interesting. There are several decent encryption ciphers offered here in the drop-down menu. Some you may have heard of like the Rijndael cipher, Blowfish, DES, and Triple-DES. While none of these are unbreakable, they're not exactly kid's stuff either.
Next is the check box for compression. You might think this is counter-productive. After all too much compression can affect image quality, possibly giving away that the file has been altered. While this is true, what would you think if you found a .jpg that 17MB? Hopefully you would know something is wrong. While that's extreme, it illustrates my point. Compression is used to try and pack a file size back down to the original.
The other check boxes should be self-explanatory. Let's look at the pass-phrase down at the bottom here. This is what the recipient of this message will use to open it. Needless to say, the normal rules should apply here as with regular passwords. Nothing in the dictionary, use upper and lower case along with some special characters. You can see from the asterisks in the picture here, I have quite a few characters in this password. I can't stress enough that a good pass-phrase is important. This is what unlocks your encryption and makes the text readable again. Without this, your encryption would be pointless against a brute-force attack.
Now it is time for our recipient to open this file. After they open this jpg in SteGUI they simply go to the Actions tab and select “extract”. Another pop-up box will appear to input the necessary files. The input file at the top will simply be the jpg that we have sent them. The output file will be a new file we can name anything. Here I've just made it a file called out.txt. Now that we have our information in a text file we can easily open it for display.
# cat out.txt password
5. White Noise
While studying computer forensics, steganography came up a lot in my class. My professor had a lot of experience deciphering images while employed with the American FBI and Homeland Security. One day I asked him, "How do you know for sure what you are looking at isn't a false positive?" His answer floored me, "You don't until there's a pattern." So it occurred to me that one could probably gain security by producing a lot of white noise. White noise has many definitions. Especially when it comes to security. If one suspected their home was bugged. You could spend hours blasting annoying music in hopes to confuse or bore to sleep anyone listening in. In this case sending a lot of traffic of unaltered pictures before and after our encoded text. This may give the illusion that your altered jpg is a false positive since the last 24 you sent were clean.
Stegdetect is a command-line program for detecting staganography in jpgs. It is also made by the same people who brought you Steghide and SteGUI. Stegdetech looks for algorithms used by other commercal steganography programs like Outguess, Jsteg, Jphide, Camoflage, AppendX and Invisible Secrets. It also offers a sub-program called Stegbreak that will use brute-force to find steganography made by the programs I just mentioned. About the only thing Stegdetect isn't good at doing is finding things made by Steghide! There was no option for searching it algorithms. I took a shot at searching the jpg we made with the parameters set to run all possible tests against it and came up with nothing.
# stegdetect -t jopifa out.jpg out.jpg : negative
There appears to be no ready built, open source software for finding steganography made by Steghide. At least not without thousands of dollars for proprietary forensics software. For now, cheaply deciphering messages made by Steghide or SteGUI will have to be done the old fashioned way. With a lot of ones and zeros.
This is probably as easy as steganography will ever get. This program is impressive because it has taken something that used to only be done in binary and brought it down to point and click level. Some may see this dumbing down the art that steganography is. But in an emergency you need a tool that moves fast! Probably even the best binary programmer can't move as quickly as this GUI interface. Armed with speed, stealth, and weapons grade encryption, this open source program is a formidable adversary. Please show your support for the Steghide and SteGUI teams that made this tool possible.