What is steganography?¶
Steganography is an amazing art of hiding data inside images, videos etc. The advantage that steganography has over cryptography is that the hidden data does not attract serious attention. However, when someone sees a cryptographic data, they'll immediately recognize that this data is encrypted. Though the extraction of the hidden message is difficult in cryptography, steganographic data looks less malicious!!
Why is steganography used?¶
Let us consider that a person "A" is sending something secret to person "B". Let us consider that the agent who is going to transfer this secret is "C". If "A" uses some kind of cryptographic techniques, "C" will definitely notice that some sort of a secret message is getting transferred and he'll try all possible way to decrypt it. So "A" has to use some technique so that "C" won't bother into examining the hidden message. This is why steganography is used. The message which is to be transferred will definitely look less malicious.
Some known tools for steganography¶
It is a tool that is used mainly to read metadata in files.
To install exiftool
$ sudo apt install exiftool
Exiftool gives the metadata of a file as its output. This data can be used for further analysis regarding the file type and its data. On a CTF point-of-view, we might get clues and hints or information that might turn out to be crucial for finding the flag.
strings is a bash command that shows all the ASCII strings in the file that is passed into the command. In CTFs it is often seen that sometimes some clues or even the flag can be found as an ASCII string inside the given challenge file. Way to use:
1 $ strings <file-name>
Ghex is a tool which helps us to view the hex data or hex dump of an image. To install Ghex
$ sudo apt install ghex
$ ghex image.jpg
It is a tool used mainly for searching embedded files and executable code within another data file.
To install binwalk
$ sudo apt install binwalk
Here in the above image, we see that there is a 'jpg image' that has a compressed 'images' in it and we see that it is, it is embedded within the jpg image file. To extract it we can make use of a carving tool dd. It can carve out data from specific offsets that are passed as arguments to the tool along the with the file that needs to be read. Give the following command:
$ dd if=deeper.jpg of=image1.jpg bs=1 skip=202
It is used to embed and extract secret messages in images. It supports all the general formats of images like .png, .jpg etc.
To install steghide
$ sudo apt install steghide
To embed a secret message into an image
1 2 3 4 5 6 7 8 9 10
$ steghide embed -cf image.jpg -ef secret_message.txt Enter passphrase : ******** Re-Enter passphrase : ******** embedding "secret_message.txt" in "image.jpg"... done To extract the secret message from the image ```sh $ steghide extract -sf image.jpg Enter passphrase : ******** wrote extracted data to "secret_message.txt".
$ steghide --help
Some of such websites are:
It is used to analyze images in different planes by taking off bits of the image.
To install stegsolve
1 2 3 4
$ wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar $ chmod +x stegsolve.jar $ mkdir bin $ mv stegsolve.jar bin/
$ java -jar stegsolve.jar
There are over 10 different planes supported by stegsolve like Alpha, Blue, Green, Red, XOR etc.