Steganography

A subject in which you will learn how to hide data.

Introduction

In my childhood, I used to read newspaper on Sunday cause there was always an additional paper for fun and game like finding missing objects by comparing two pictures, in the corner of that newspaper there used to be a fun fact section where you get the amazing facts.

One day I learned that if you use lemon juice as an ink to write something on paper, the things you have written would become invisible and when you lit a lighter behind the paper, the ink would become visible. I was amazed! I got a lemon, squeezed it in a bowl then dip my paint brush into the juice and write the things whatever i wanted on a white paper, whatever i wrote it become invisible then went to the kitchen, lit the gas and hover my white paper on it, the written things would become visible. Isn't that amazing? how we can hide the message in the plain paper and nobody can see the message until they lit the fire behind the paper. This was one of the most fascinating techniques i have done. But what if we could do this on computers?

Well, turns out we can, using Steganography!!

Disclaimer: This concept can be applied for both ethical and unethical purposes. The content of this article is for educational purposes only and is not to be used to play pranks, or harm people and infrastructure. Misuse of data hiding techniques for illegal or unethical activities may lead to serious legal consequences.

What is Steganography?

The term "stegano" means "hidden or covered" and "graph" means "to write". The word steganography itself means to write and hide information in object or anything. It has been in use since ancient times to communicate with spies , allies and many more. There are many reasons to hide information but the most common one is to protect it from unauthorized access and to prevent people from finding out the existence of secret information.

Lets talk about modern era , hiding things such as source code, passwords, IP addresses, and other confidential information in pictures, music or other random files tends to be the last place anyone would think of finding them.

We are going to learn how do we hide data in digital content. Steganography is also related to cryptography, it helps with encryption which provides an extra layer of security for the hidden data. We can hide any digital content virtually like text, image, video, zip file, source code, etc in another digital content.

Why Steganography?

In today's digital world communication is constantly monitored more than we realize. Network provider typically log metadata about your communication like who you contact, when, to where and for long. Now here is the thing, when you need to share sesitive information without raising suspicion, you will have to use steganography.

Unlike encryption, which makes data unreadable, where it's obvious that a message is being hidden, steganography hides the message itself within something ordinary like a photo, song or a video. The uses of steganography are as varied as the uses of communication itself. It can be useful in situations where sending encrypted messages might raise suspicion, such as in countries where free speech is suppressed. It can help avoid detection by firewalls, filters or surveillance. It can also be used for watermarking or digital right protection.

For example, imagine a journalist working under a repressive regime who needs to send confidential notes to a foreign news agency, Instead of attaching an encrypted documents (which obviously could be seen), they embed the message inside a harmless looking photo and email it. To anyone inspecting the email , it will show a regular image, but for the intended recipient , it holds the hidden text or documents which can be extracted by the recipient.

How do you use steganography?

All steganography requires a cover file, which is the medium where we hide our data, a message/file that's made up of data and a key which we will use to randomize the placement of the data and even encrypt it. A cover file can be an Image, an object, an audio, a video, it can be anything which looks harmless and normal object where people wont suspect if there is something hidden. Next, we have a message, a file, a secret, a document, a zip file, it can be anything which is sensitive, something you should not show to public. Finally there's the key which helps to hide that secret in the normal looking cover file. Without that key you can never know what was the hidden file.

Types of Steganography

There are various types of steganography, we will look at two of them in this article.

  1. Image Steganography.

  2. Audio Steganography.

Image Steganography

Image steganography is all about hiding information inside pictures, but doing it in a way a human can't see with naked eyes. There are various methods to hide data in image we will talk about LSB and Histogram shift later in the article. To give you an idea about it, we will be hiding the data in the pixels of an image. Can you believe it? we can hide text, another image, an audio or any type of file in those pixels. These methods will slightly changes the color of a pixel, here "slightly" means very tiny, a human eye can never detect the changes in the color of a pixel.

Audio Steganography

Audio steganography hides secret messages or files in sound. It works by making tiny changes to the audio that are so subtle, most people wont notice them. We can deceive human ears as we do deceive human eyes for image staganography with audio. There are various type of methods as well, but we will talk about LSB and Phase coding method. Overall we will be hiding the data in frame of Wave audio file and altering wave forms of an audio file. Obviously i doubt if a human can detect if something has been hidden in the audio file.

Current state and applications

  • Steganography is not widely used outside of academia, CTFs, cybersecurity research or niche areas like DRM or intelligence.

  • Most steganography tools are CLI-based or research prototypes. If you have ever noticed there is not a specific platform for steganography on web, that's because platforms might fear legal blacklash or being flagged as "enables" for illicit use. (e.g., terrorism, cybercrime, espionage).

  • While steganography tools exists, the bigger Industry interest is in steganalysis (detecting stego content), which is used by cybersecurity firms, intelligence agencies, etc.

  • More effort goes into defending against stego than building public tools to do it.

In the following sections, we'll dive deeper into specific techniques and learn how to implement these fascinating methods of digital information hiding.

NextAES Encryption

Last updated