This is the first of a multi-part series on steganography techniques. Steganography, the art of hiding things in plain sight, has existed for a long time, and in many forms. When you manipulate the alphabet to have your own cipher and decipher, this is considered steganography.
The first records of steganography occurred back in 440 BC. One method would be to shave and tattoo messages into a messenger's scalp, letting the hair grow over them to conceal it, then send them off to the recipient. Another method involved writing directly on the wooden backing of a wax tablet before applying its beeswax surface. This would then be chipped off to reveal the message behind it.
Today's Null Byte is going to demonstrate how to hide text inside of the null space in picture files. We are going to be using a hex editor. This can be done on any operating system.
Step 1 Download & Install wxHexEditor
We're going to be using wxHexEditor. It's my favorite, because you can open files up to exabytes large!
- Download wxHexEditor from their sourceforge.
- Run the installer, if you are on Linux, do the usual: ./configure && make && make install.
Step 2 Pick Your Image to Inject Text Into
Now we need to find a picture to inject our text into. BMPs and GIFs are great formats to use for steganography, because they have plenty of null space to play with. For my example, I am going to be using the following image:
Let's get started with the hex editor.
- Open up wxHexEditor.
- Click File > Open > <Picture You Want Here>.
- Scroll to the bottom of the file.
At the end of the file you can inject ASCII characters, and the file will still function as normal. You must replace every bit of null space that you remove though. Watch me demonstrate in this vTutorial:
After that, you just send the picture to the recipient, and the text will be hidden, right in front of their eyes. This is helpful in a few senses. Countries where encryption is illegal, there is always steganography. Another use is that steganography doesn't draw attention like encryption does. If someone sees an encrypted archive, they can attack it. How does one attack what they can't see?
Visit the rest of the Null Byte crew in IRC. We idle 24/7!