Steganography with Steghide [Linux]


There are several forms of security communication within the hacking, one is steganography. It allows us to send hidden messages to another person in order to maintain a secure communication. In computer use, would you hide a message within an attachment (either a picture, music, video) to send to a recipient which will use the Steghide tool that enables the use of this feature.

History of steganography

The steganography is not of today’s times, comes the time of the Egyptians where they communicated by developed writing called hieroglyphics. Another case was that some kings sent shave the heads of slaves to tattoo messages on them, and then the hair grow, the king sent the slave personally with the message. With the passage of history has evolved to the present day, which is widely used in computer media.

Means that apply and those who use it

It is applied much these days even though little spoken, is mainly used among the hackers who use this technique to send a message to others, in order to avoid trapping any individual (such as government or other entity) ensuring that only the recipient who knows how to open the hidden message. Other means that applies is the criminal environment in which judges or law authorities use digital signatures for her use, and we also have the simplest examples like using invisible ink pens (read with ultra violet).

Understanding the change process

One way that the algorithm is used, is that it takes the least significant bit of the file (either a picture, music, video, etc.) and changes it by indexing a new value in the content of his message. Allowing the indexed message is compressed in these bits, so there is a limitation of some types of extensions in the use of it.

As we see in the chart below:


X steganography Encryption

There is confusion when talking about the subject of steganography, many confuse the use of it with encryption. Recalling that the encryption has the concept of encrypting the message, transforming its contents (without understand the meaning of the figure) which is apparent so her existence. In the case of steganography, it is intended to hide the message content, without anyone noticing that there is something hidden in the file or whether there is a message.

Implementing steganography with Steghide

The Steghide is a tool that allows the implementation of estegonografia, through which we can get an attachment and index our message within it, without anyone noticing that it exists. This tool also offers extra features that give us greater security in the post as:

  • data compression.
  • encryption of corporate data.
  • automatic integrity checking using checksum.

It uses AES 128-bit encryption (being the safest these days) by default but you can increase other encryption in this process, supporting extensions for JPEG, BMP, WAV and AU in the Annex to be used, but the content of Annex I can be anything.

To give a practical example of the implementation of the tool we will use the following example: We have an image (pinguim.jpg) and have a text file to send to a friend (secreto.txt) then use the following command:

# Steghide embed ef secreto.txt -cf pinguim.jpg -sf novo_pinguim.jpg

Soon afterwards he will ask for inserting a password, then you will confirm it twice in a row. Note that it will generate another image identical to pinguim.jpg image without defacing nothing in it, with the naked eye can not identify any hidden message or amendment of this content.


Now to make the reverse process, namely to decrypt the message follow the following example:

# Steghide embed ef secreto.txt -cf pinguim.jpg -sf novo_pinguim.jpg

And enter the password which was previously entered to decrypt the message, ready now have our message. Note that the safety of this process binds the recipient as well as knowing the password, you must know the filename (message) to be extracted, ensuring greater confidentiality.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s