How To: A Guide to Steganography, Part 1: How to Hide Secret Messages in Images

A Guide to Steganography, Part 1: How to Hide Secret Messages in Images

This is the first of a multi-part series on steganography techniques. Steganography, the art of hiding things in plain sight, has existed for a long time, and in many forms. When you manipulate the alphabet to have your own cipher and decipher, this is considered steganography.

The first records of steganography occurred back in 440 BC. One method would be to shave and tattoo messages into a messenger's scalp, letting the hair grow over them to conceal it, then send them off to the recipient. Another method involved writing directly on the wooden backing of a wax tablet before applying its beeswax surface. This would then be chipped off to reveal the message behind it.

Today's Null Byte is going to demonstrate how to hide text inside of the null space in picture files. We are going to be using a hex editor. This can be done on any operating system.

Step 1 Download & Install wxHexEditor

We're going to be using wxHexEditor. It's my favorite, because you can open files up to exabytes large!

  1. Download wxHexEditor from their sourceforge.
  2. Run the installer, if you are on Linux, do the usual: ./configure && make && make install.

Step 2 Pick Your Image to Inject Text Into

Now we need to find a picture to inject our text into. BMPs and GIFs are great formats to use for steganography, because they have plenty of null space to play with. For my example, I am going to be using the following image:

A Guide to Steganography, Part 1: How to Hide Secret Messages in Images

Let's get started with the hex editor.

  1. Open up wxHexEditor.
  2. Click File > Open > <Picture You Want Here>.
  3. Scroll to the bottom of the file.

A Guide to Steganography, Part 1: How to Hide Secret Messages in Images

At the end of the file you can inject ASCII characters, and the file will still function as normal. You must replace every bit of null space that you remove though. Watch me demonstrate in this vTutorial:

After that, you just send the picture to the recipient, and the text will be hidden, right in front of their eyes. This is helpful in a few senses. Countries where encryption is illegal, there is always steganography. Another use is that steganography doesn't draw attention like encryption does. If someone sees an encrypted archive, they can attack it. How does one attack what they can't see?

Visit the rest of the Null Byte crew in IRC. We idle 24/7!

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

Photo by revraikes


K... When I hexdump that image as shown above, it does not appear the same as the one in your vid. What up with that?

Mst be cause it's hosted somewhere else, Just do it with any BMP image :D They have tons of null space :p. Come in IRC :D It's boring there, right now.

How do you tell what is null space and what is needed to preserve the integrity of the picture?

When it has no (null) value. 00.

Ahh. Well that makes sense *smacks forehead* Thanks.

Also. WxHexEditor Isn't compatible for Ubuntu users. Honestly I only use Ubuntu for the Xubuntu flavor which works well on my low end machine. Is there a different low requirement distro that you recommend?

Hehe, Bird andBear nailed it below me, check out some of our forums, and definitely join the IRC. If you're learning hacking-related stuff, then IRC is the place to be.

I currently doing my final year project on steganography I want to know how to create a software like this using c++

Share Your Thoughts

  • Hot
  • Latest