Hacker 10 – Security Hacker

Tag: steganography software

  • Encrypt and hide messages in pictures with SecretLayer

    Encrypt and hide messages in pictures with SecretLayer

    SecretLayer is a Windows program to encrypt and hide messages inside a photograph (jpg, png, gif, bmp), this is known as steganography. The program tweaks photo pixels and embeds tiny pieces of extra information in them without changing how the pictures look to the human eye.

    The tests I performed made the carrier photos indistinguishable from the original files except for being slightly bigger in size, a few Kilobytes more, depending on the size of the secret message. You will be told by SecretLayer how much data you can hide inside each photograph, a progression bar indicates how many bytes you can hide as you type. Or if you add an attachment, you are told what the maxium size can be. This is the kind of program that computer beginners can use, it comes with a video tutorial and a wizard allowing you to learn how all works in under 5 minutes.

    With SecretLayer you can send covert messages sidestepping email by uploading images with hidden data to a personal photo album or website, the receiver will only have to visit the website and save the photo. With one small caveat, the person decrypting the message has to know what encryption algorithm and key length were used, you will have to transmit this one way or another, just once if you don’t change the arrangement.

    SecretLayer steganography program with encryption
    SecretLayer steganography program with encryption

    This is a very easy to use program with a wizard guiding novices step by step and an advanced function that lets you choose encryption algorithm of in between AES, Blowfish, IDEA, CAST, DES and RC5. Secret Layer displays information about the security level of each encryption method and keybit length, there are also security tips in the password window so that you do not enter anything that could be guessed or easily broken. A small improvement I feel the developer could make is adding a password strength meter.

    After encrypting a file you can choose where to save the image, ticking a box tells SecretLayer that you would like to shred the original picture, something I would advice you to do. Wiping the original picture will make it nearly impossible for somebody to find out if the resulting photograph contains hidden data inside or not. To discover steganography in a digital photo the original is needed to make a comparison.

    SecretLayer can also wipe the data you are hiding when you are done. The integrated file wiping utility is much appreciated, eliminating secret messages in plain text considerably increases your security. 

    Steganography software Secret Layer
    Steganography software Secret Layer

    I always liked steganography because it is very hard to detect and if you add to that encryption, mass surveillance loses capabilities, the powers that be can’t scan every single picture on the Internet looking for hidden data. Of course I would have preferred an open source tool, other than that, I liked SecretLayer and I am convinced that if PGP was as easy to use there would be many more users.

    To your attention, the free version of Secret Layer, called Light, does not encrypt data, it only hides it, if you want encryption and be able to split and hide data in between multiple photos, which allows for bigger files to be hidden, you will have to buy this program and, steganography without encryption might fool your room mate but not somebody who has the right tools to extract data. For a, not so easy to use free alternative check out OpenPuff Steganography.

    As it is usual in these programs, the person you communicate with will need to have it installed too.

    Visit SecretLayer homepage

  • Steganography, hiding text inside photos and sound files

    Steganography, hiding text inside photos and sound files

    The word steganography has Greek origins, it means concealed writing, in the digital world steganography (aka steg or stego) consists in hiding data inside data, it is mostly used to hide text inside pictures or sound files but any kind of data can be hidden and any kind of file can be used as a carrier file.

    Steganographic software takes advantage of the way binary works where the bits towards the right of a file are the ones with less significance, changing them results in little distortion for the file, an example of  this would be changing the red colour of a few pixels on a digital photography for a different tone of red that it is not noticeable to the human eye, since a photography can have millions of pixels slightly changing a thousand of them would be very hard to notice without the the original picture to compare with.

    Another use for steganography is digital watermarking, the film industry is known to embed an invisible watermark in their preview films, before release, if one of these copies is leaked and found in a file sharing site they can track down who the person responsible for that copy was. Steganographic software is commonly used in conjunction with encryption, the data is encrypted before hiding it to add an extra layer of security, if the hidden data is ever found it would still be protected by a password.

    Steganography advantages over encryption

    It does not attract attention: Encrypting a message gives away that there is something of value and this will attract unwanted attention.

    Packet sniffing barrier: Encrypted PGP email messages start with a line identifying them as an encrypted PGP message, making it easy for a packet sniffer on an ISP to flag encrypted PGP emails by just scanning for the word PGP or GnuPG, this can not be used against steganography.

    Makes Internet surveillance difficult: If someone’s Internet activities are being monitored visiting Flickr and uploading personal family photos with hidden messages will not trigger any alarm but sending encrypted messages and visiting a political discussion forum will.

    Difficult to prove it exists: In some countries like the United Kingdom you can be required by the police to provide the password to your encrypted files, refusing to do so carries a prison sentence, if the data has been hidden inside a photograph the police would first have to show beyond reasonable doubt that there is definitely something hidden inside the file.

    Methods to detect steganography

    Steganalysis is the art of discovering hidden steganographic messages, this science is not perfect, it is possible for steganalysis not to detect steganographic files if the data has been very well concealed and the original file, before data has been hidden within it, is not available for analysis.

    Image steganalysis
    Image steganalysis

    Steganographic software embeds information in front of the hidden message, this information contains details about the length of the message, compression method, and anything else the developer chooses, after all the data has to be readable at some point, if the software used to hide the information (aka payload) inserts some unique characteristic in the header then it can be proved the file has been tampered with.

    A good method to find hidden messages inside pictures is by using an hexadecimal editor and read the image header first bytes, for example a GIF image seen by an hexadecimal editor will always read “47 49 46 38”, it means “GIF” in ASCII code, if a GIF image has been used to hide a message within it when viewed with an hex editor the first identifying bytes will be different from the standard ones.

    There are automated tools to detect steganography, one such tool is Stegdetect, capable of detecting messages in jpeg images, after a hidden message has been found a brute force attack can be launched, with dictionary words attempting to guess the password and expose the data.

    Highly compressed data like .rar, .mp3 or .jpeg files make it more difficult to hide data inside because they have less “spare” bits available, if you want to make it tough for someone to find your hidden data use an uncompressed carrier file, like .bmp for images and .wav for sound.

    How to hide text in pictures and other files

    There are various steganography programs available to hide text or files inside photographs, sound files and executable files, you can even hide data inside documents and HTML code, any kind of electronic file can be used to hide data within it.

    StegHide: Open source project, it can hide data inside images (.jpeg, .bmp) and audio files (.wav, .au)

    MSU StegoVideo: It hides any kind of file inside a video and protects it with a password.

    Steganos Privacy Suite (Not free): It hides data inside pictures and sound files and encrypts is with AES256.

    Mp3Stego: It encrypts and hides data inside .mp3 files, free program with source code available to look at.