The Hacks of Mr. Robot: How to Hide Data in Audio Files

How to Hide Data in Audio Files

The Hacks of Mr. Robot: How to Hide Data in Audio Files

Welcome back, my hacker apprentices!

A you know, Mr. Robot is my favorite TV show this year, and not just for the realistic hacking. Rami Malek, the actor who plays Elliot, is incomparable in his depiction of a young man with social anxiety who is alienated from a superficial, materialistic society and wants to make a better world. I believe we will see a lot more of this actor in coming years.

In addition, the writing is excellent, although some of the depictions of Evil Corp employees, especially Tyrell Wellick, are a bit two dimensional and cliché. Overall, though, this is one of the best TV shows since Breaking Bad!

As the plot unfolds, it becomes clear that Elliot hacks and doxes the people in his life (including himself), then stores the information he finds onto CDs. He then labels them with some classic band label.

Many have wondered why he'd be doing that and how safe would that be?

The answer is that Eliot is hiding the data on those CDs. He is actually copying music to those CDs, then embedding encrypted information on them that only he can recover. So anyone who finds them will see and hear only audio and will be unable to find or retrieve the hidden information. In this way, Elliot's data on his friends and acquaintances is safe from the prying eyes of law enforcement, or for that matter, anyone else.

What Elliot is doing is known as steganography, the practice of hiding information within another digital medium (audio, video, or graphic files).

For instance, if I wanted to send someone else a secret message, I could place the message within a picture, audio, or video file and send it via email or allow them to download the file from my website. With the proper key and algorithm, they—and only they—could read the secret message. Everyone else would only see the innocuous picture or hear the audio file.

Espionage and terrorist organizations have been using these techniques for many years (reportedly, Al Qaeda used these techniques to hide messages on their website to their followers in the 1990s and 2000s).

In these episodes of Mr. Robot, Elliot appears to be using a software package named "DeepSound" for hiding information within his audio files, but there are numerous software packages for steganography available, including, but not limited to:

Although, in general, hackers use Linux to hack for many good reasons, DeepSound was developed for Windows. In this case, we will be using it on a Windows 7 system, but it can be used on just about any Windows OS.

Step 1: Download & Install Deep Sound

To begin, we need to navigate to the DeepSound website and download the software.

Go ahead and download and install it to your system. Your AV software might balk, identifying it as a virus, but go ahead and allow its installation.

Step 2: Deep Sound Interface

Once you have completed the installation, you should be greeted by a screen like the one below. Notice that on the left hand side of the screen it is displaying the directory structure of my C: drive. By clicking on the down arrow next to the C: drive above my directory structure, I can browse to other drives or USB devices on my system.

The files to the left will be my "carrier" audio files. In other words, these are the files I will use to hide my data in.

Step 3: Settings

If I click on the Settings icon on the top bar, it will bring up a window like that below. I should set my default language (the only other choice besides English is Slovak), my output directory, and my output format. This software package only works with .flac or .wav files. This means that you can't use .mp3 files. This is presumably because .mp3s are compressed and the other two formats are not.

Also, make sure you click on the "Encrypt files" check box. This will make certain that your hidden files are encrypted with 256-bit AES encryption, among the strongest encryption algorithms available. Finally, add a password that will be used to lock and then unlock the encryption when you or the target of these files wants to recover them. The longer this password, the stronger the encryption.

Step 4: Select Audio Files

Next, we need to select audio files to hide the data in. As most of my music, probably like yours, is in .mp3 format, those won't work. Notice that I have some Nora Jones in .flac format that I will use here. (Generally, audiophiles prefer .flac as its quality is superior, but the size is much greater as it is uncompressed. That's why most mobile audio devices use .mp3, they are much smaller files.)

I double-click on the audio file and it prepares it for use to hide my files in.

Next, click on the "Add files" icon on the top bar. This will prompt you to add the files you want to hide within the audio file. Here, I have a file named Shayla.doc that I want to hide within the Nora Jones audio file.

Step 5: Encode

When I click on Shayla.doc, it adds it to the right window. Now, I need click on the "Encode" icon on the top icon bar.

My Shayla.doc file is now encrypted and hidden with my audio file! Not only with this file look and sound like a normal audio file, but if anyone wants the information hidden in it, they will need to decrypt it with the password known only to me.

In the case of Elliot in Mr. Robot, he now took these audio files and burned them to a CD, but that isn't necessary. Presumably, he is doing that to take another step to secure these files in the case that his computer is ever confiscated and investigated. Any investigation is unlikely to listen to his music CDs.

Step 6: Decode

Eventually, Elliot, or the person the information is intended for, will need to decode the hidden information. Simply click on the audio file and then the "Extract secret files" icon. When you do, it will prompt you for a password. Enter the password you created in Step #3, hit "OK," and the hidden file will appear in the right hand window.

Now, you can read the hidden, secret message using the appropriate software that the message was created in. In this case, it would be Microsoft Word or any other software capable of opening a .doc file.

Keep coming back, my hacker apprentices, as we continue to explore the hacks of Mr. Robot and just about every other conceivable hack on the planet!

28 Comments

did he use it with kali?

In the show it looks like he uses a Linux distro, doesn't really show the Kali logo on his computer, other ones it does!

he is using kali !
windows 7 is only installed in virtualbox

Very interesting stuff!

I agree, awesome show and an awesome actor! I hope this series goes on for a long time and keeps the hacking the same.

Thank you for another great tutorial, OTW!
Are all of these steganography tools mainly windows based, or are there alternatives for Linux and OSX?

Thanks again,
Cameron

Most are for Windows, but there are few for Linux such as SteGUI and steghide.

Great post.
Hope you have a nice day.
-------------------DAGONCHU

tnx its helpfull

i wonder what would happen to the data if you converted the wav or flac file to mp3 would you lose the data. if not you could always convert it back again and it would add another layer of protection

I am not certain, but I would suppose that the data would be lost if you convert it to mp3. MP3 is a compression algorithm that changes the data. Any change is likely to lose the hidden data.

then you could store them on your phone no one takes notice of music files on a phone

pity would of been a good idea

Some of the other stego software will work with mp3

ok, so lets look at it from the other perspective.

I've found some files, i want to analyse for steganography.
When i use steghide in kali it asks for a password.

Whats the best way to cracking this ? Or in general whats the best way to detect and forensically analyse steganografic files ?

Take a look at any other password cracking tutorials on Null Byte using john the ripper, Cain and Abel, hashcat, pyrit, etc.

but surely you need to extract the files first before you can pipe into one of those?
If i find a flac file and i run
steghide info ~/Downloads/suspicious.flac

It will then ask for a y/n

Then it will ask for a password to use to extract/decrypt.

I'm looking more from that point, how to you find the correct password to extract the data hidden by the stenography

There are two options. One is to use a tool like THC-Hydra to run through many possible passwords. The second is to extract the hash from the file and then use the hash in hachcat, john the ripper, etc.

thank you for this guide otw.
my question is about decoding.
i have encoded the files into the .wav file and burned it using itunes.

but when i put the disc back in my computer and import to itunes and bring .wav file back into deepsound it doesnt prompt for password so there are no detected files inside.

do you know what i am doing wrong?

I have also deveolped a fairly simple script that encodes files into pictures and encrypts them with 256 bit AES encryption. It is currently under construction and requires 7-Zip as a dependency. Check it out at my GitHub.

How to detect a hidden files in an image. Do I use hex Editing or stegHide??

Share Your Thoughts

  • Hot
  • Latest