Data hiding is a common practice among hackers and intruders. They hide their sensitive data in a secure host area (HPA), Slack space, and alternate data streams (ADS). as these areas are not included in any search parameters. In addition, they can use steganography techniques to communicate secretly, transfer software licenses, bypass leak control systems, and much more. However, in addition to cybercriminals, steganography methods may well find application in ensuring information security in both daily and professional activities.
Steganography
What is Steganography? Steganography is an age-old practice of secret or covert writing. It has been around for a long time. It was once used by spies to hide messages or secrets of their state.
How is steganography different from cryptography?
Hackers hide their messages in media files such as audio, images or video. These media files become a medium suitable for transporting a secret file containing some data, so such files can be stored openly or transmitted over insecure communication channels. The main difference between cryptography and steganography is that steganography methods allow you to hide / conspiracy information inside media such as images, audio recordings, spam, etc., and hide the fact that there is any data at all, in while cryptography methods are to encode content into an unreadable format using algorithms such as RSA, AES, DES, GOST, etc.
In a polyglot attack, hackers can hide malware in the code of an existing file (image). In a successful attack using a polyglot tool, the web browser only downloads the code as intended, which allows the malicious code to remain hidden during the attack. For example, hackers can manipulate code to make it look like it's just an image. But as soon as the web browser downloads the image, it also downloads malware, which is JavaScript code. Compared to steganography, the polyglot compiles both the image code and the malware code together, which in turn hides the inclusion of the malicious code.
For a more detailed acquaintance with the methods of steganography, we will conduct a small overview of the tools
Here are some tools for steganography:
1. SilentEye
SilentEye is an open source tool used for steganography, mainly for hiding messages in images or sounds. It provides a user-friendly interface and easy integration of the new steganography algorithm and cryptographic processes using a plugin system.
Let's say we have a pass.txt file that contains credentials for accessing information systems. And we're going to hide this file into an image using the SilentEye tool.
The tool can be downloaded from https://silenteye.v1kings.io/download.html?i2. Once downloaded, click on the downloaded exe file and follow the installation instructions to install this tool on your system. We are using a Windows system, hence the exe file. In addition to windiows, installation files for Linux and MAC are available for download.
a. Let's drag the image into the start window of the program that we want to use to hide the data.
b. After adding the image, click on the Encode option
c. Select the header position as “signature”, enter your chosen passphrase (this passphrase will be used for decoding later).
Select the file that we want to hide in the picture (we have it pass.txt), and click on "Encode"
d. The image after encoding will be saved in the destination folder specified in the previous step. We can see that the encoded image looks exactly the same and it is difficult to find any hidden file in it.
e. Now, to decode this image, click on the Decode option
f. Select the title position as “signature” and enter the passphrase we entered to encode this image, then select the “Decode” option
g. The decoded file is shown in the figure
Step 2
iSteg is an open source steganography tool used to hide files inside a jpeg image. Accessible for MAC. The program is relatively old and we will not dwell on it in detail, but for MAC lovers, we note its presence.
3. OpenStego
OpenStego is also an open source steganography tool. It can be used to hide data (it can hide data inside images) or to apply
watermark (used to detect unauthorized copying of files). Watermarking can also be useful when sending the same document to different organizations, labeling each of them, and if the document is leaked to the public, it will be possible to determine from which organization the leak occurred.
The program interface is simple and pleasant. To hide the data in the Message File field, select our password file that we want to hide, in the Cover File field, select the original image, which will be a container for the text file, in the Output Stego File field, set the name of the final image with the secret. Then we select the encryption algorithm (AES256 in this case) and set the password. After we cash in Hide Date and get the result
Immediately striking is the fact that the picture with the attached file is much larger in size than the original one:
For the reverse actions, respectively, on the Extract Data tab, you must select the file with hidden data, select the path to save the file at the output, enter the password and click Extract Data and we will get our passwords.txt file
The functionality of the program also allows you to put a watermark / check images with your signature. First you need to generate a signature file, and then you can use it to add watermarks or verify them
Generating an electronic signature in * .sig format
We watermark itsecforu using a pre-generated signature file and get the signed image file isecforu_sig.jpg
To check the watermark on the Verify Watermark tab, you must respectively select the file with the watermark and the signature file
4. Open Puff
Open Puff is free steganography software for Microsoft Windows and Linux. It is worth noting that the program does not require installation on Windows, but for linux it is launched from a bash script. In addition to pictures and audio, it works with video and pdf files. The developer offers very detailed documentation on how the product works.
Supports image formats such as BMP, JPG, PCX, PNG, TGA, audio formats such as AIFF, MP #, NEXT / SUN, WAV, video formats such as 3GP, FLV, MP4, MPG, SWF, VOB, and PDF
To hide it, it is proposed to enter 3 different passwords, however, password B and C can be disabled by unchecking the Enable (B) and Enable (C) parameters, so we will do this and enter the password in field A. Then, in the Data block, select the file with passwords passwords .txt. In the 3rd step, we will select the image file itsecforu.jpg as the medium. Next, select the output file format and persistence, click Hide Data! and select the directory to save the hidden data file.
To extract the file, you must respectively select Unhide in the start menu, enter the password in block A, select the itsecforu.jpg container and click Unhide!
As you can see, we get our password.txt file
The process of marking files is also simple and straightforward, so we will not consider it.
5. Steghide
Steghide - A program for hiding data in various types of images and audio files.
The principle of operation is the same when working in Windows
Run the utility from the command line and enter –help to view all available parameters.
To hide the password.txt file in the itsecforu.jpg image file, enter:
Then we enter the password and confirm the password and get our itsecforu.jpg file with hidden data
Accordingly, to extract hidden data, enter:
Enter the password and get our password.txt file
6. Spammimic.com
Spammimic.com is a site for converting messages to spam. Tons of spam fly on the Internet and often the user does not attach much importance to it. This site gives you access to a program that converts short messages to spam. In fact, the sentences that are ultimately inferred differ depending on the message being encoded. Real spam is written so stupidly that it is sometimes difficult to distinguish machine-written spam. One of the ways to send the password by mail. For example, here is the result of copying the message “Qwerty123”
An entertaining section on the site “Encode as Fake Russian” allows you to encode an English message into Russian characters (Cyrillic). They will be human readable enough, but any surveillance software that searches for keywords in English will not have much success. So you can safely test for attempts to bypass DLP systems.
In general, I advise you to pay attention to the specified resource.
Also noteworthy are the following steganography tools:
We have considered practical approaches to using steganography using the example of various tools. And as you can see, the algorithm is always the same:
Steganography Detection Methods
We have considered how to hide information, but a natural question arises - how to detect the fact of hiding data?
There are various tools for detecting steganography As an example, we have given a tool called StegCracker to detect steganographic content in an image file, and we will also perform a brute-force brute-force attack to extract the content. The data carrier file that we will identify is a jpg image file.
StegCracker is a free and open source tool used to analyze an image file (media) for data hiding by performing statistical tests to determine the presence or absence of steganographic content in an image file. StegCracker is capable of working with password dictionaries.
Here we are using the itsecforu.jpg file with some steganographic content. We hid the data in this image using the steghide tool.
We also prepared wordlist.txt with the password that was used to hide the passwords.txt file, which contains only one entry:
On Kali Linux, run StegCracker with the following syntax
In our case:
After brute-force, we get information about the used password:
To see what kind of data was hidden, we use the cat command in the new output file, and we see the entry and the passwords.txt file
Steganography
What is Steganography? Steganography is an age-old practice of secret or covert writing. It has been around for a long time. It was once used by spies to hide messages or secrets of their state.
How is steganography different from cryptography?
Hackers hide their messages in media files such as audio, images or video. These media files become a medium suitable for transporting a secret file containing some data, so such files can be stored openly or transmitted over insecure communication channels. The main difference between cryptography and steganography is that steganography methods allow you to hide / conspiracy information inside media such as images, audio recordings, spam, etc., and hide the fact that there is any data at all, in while cryptography methods are to encode content into an unreadable format using algorithms such as RSA, AES, DES, GOST, etc.
In a polyglot attack, hackers can hide malware in the code of an existing file (image). In a successful attack using a polyglot tool, the web browser only downloads the code as intended, which allows the malicious code to remain hidden during the attack. For example, hackers can manipulate code to make it look like it's just an image. But as soon as the web browser downloads the image, it also downloads malware, which is JavaScript code. Compared to steganography, the polyglot compiles both the image code and the malware code together, which in turn hides the inclusion of the malicious code.
For a more detailed acquaintance with the methods of steganography, we will conduct a small overview of the tools
Here are some tools for steganography:
1. SilentEye
SilentEye is an open source tool used for steganography, mainly for hiding messages in images or sounds. It provides a user-friendly interface and easy integration of the new steganography algorithm and cryptographic processes using a plugin system.
Let's say we have a pass.txt file that contains credentials for accessing information systems. And we're going to hide this file into an image using the SilentEye tool.
The tool can be downloaded from https://silenteye.v1kings.io/download.html?i2. Once downloaded, click on the downloaded exe file and follow the installation instructions to install this tool on your system. We are using a Windows system, hence the exe file. In addition to windiows, installation files for Linux and MAC are available for download.
a. Let's drag the image into the start window of the program that we want to use to hide the data.
b. After adding the image, click on the Encode option
c. Select the header position as “signature”, enter your chosen passphrase (this passphrase will be used for decoding later).
Select the file that we want to hide in the picture (we have it pass.txt), and click on "Encode"
d. The image after encoding will be saved in the destination folder specified in the previous step. We can see that the encoded image looks exactly the same and it is difficult to find any hidden file in it.
e. Now, to decode this image, click on the Decode option
f. Select the title position as “signature” and enter the passphrase we entered to encode this image, then select the “Decode” option
g. The decoded file is shown in the figure
Step 2
iSteg is an open source steganography tool used to hide files inside a jpeg image. Accessible for MAC. The program is relatively old and we will not dwell on it in detail, but for MAC lovers, we note its presence.
3. OpenStego
OpenStego is also an open source steganography tool. It can be used to hide data (it can hide data inside images) or to apply
watermark (used to detect unauthorized copying of files). Watermarking can also be useful when sending the same document to different organizations, labeling each of them, and if the document is leaked to the public, it will be possible to determine from which organization the leak occurred.
The program interface is simple and pleasant. To hide the data in the Message File field, select our password file that we want to hide, in the Cover File field, select the original image, which will be a container for the text file, in the Output Stego File field, set the name of the final image with the secret. Then we select the encryption algorithm (AES256 in this case) and set the password. After we cash in Hide Date and get the result
Immediately striking is the fact that the picture with the attached file is much larger in size than the original one:
For the reverse actions, respectively, on the Extract Data tab, you must select the file with hidden data, select the path to save the file at the output, enter the password and click Extract Data and we will get our passwords.txt file
The functionality of the program also allows you to put a watermark / check images with your signature. First you need to generate a signature file, and then you can use it to add watermarks or verify them
Generating an electronic signature in * .sig format
We watermark itsecforu using a pre-generated signature file and get the signed image file isecforu_sig.jpg
To check the watermark on the Verify Watermark tab, you must respectively select the file with the watermark and the signature file
4. Open Puff
Open Puff is free steganography software for Microsoft Windows and Linux. It is worth noting that the program does not require installation on Windows, but for linux it is launched from a bash script. In addition to pictures and audio, it works with video and pdf files. The developer offers very detailed documentation on how the product works.
Supports image formats such as BMP, JPG, PCX, PNG, TGA, audio formats such as AIFF, MP #, NEXT / SUN, WAV, video formats such as 3GP, FLV, MP4, MPG, SWF, VOB, and PDF
To hide it, it is proposed to enter 3 different passwords, however, password B and C can be disabled by unchecking the Enable (B) and Enable (C) parameters, so we will do this and enter the password in field A. Then, in the Data block, select the file with passwords passwords .txt. In the 3rd step, we will select the image file itsecforu.jpg as the medium. Next, select the output file format and persistence, click Hide Data! and select the directory to save the hidden data file.
To extract the file, you must respectively select Unhide in the start menu, enter the password in block A, select the itsecforu.jpg container and click Unhide!
As you can see, we get our password.txt file
The process of marking files is also simple and straightforward, so we will not consider it.
5. Steghide
Steghide - A program for hiding data in various types of images and audio files.
The principle of operation is the same when working in Windows
Run the utility from the command line and enter –help to view all available parameters.
To hide the password.txt file in the itsecforu.jpg image file, enter:
Code:
steghide.exe embed -cf D:\stega\itsecforu.jpg -ef D:\stega\passwords.txtThen we enter the password and confirm the password and get our itsecforu.jpg file with hidden data
Accordingly, to extract hidden data, enter:
Code:
steghide.exe extract -sf D: \ stega \ itsecforu.jpgEnter the password and get our password.txt file
6. Spammimic.com
Spammimic.com is a site for converting messages to spam. Tons of spam fly on the Internet and often the user does not attach much importance to it. This site gives you access to a program that converts short messages to spam. In fact, the sentences that are ultimately inferred differ depending on the message being encoded. Real spam is written so stupidly that it is sometimes difficult to distinguish machine-written spam. One of the ways to send the password by mail. For example, here is the result of copying the message “Qwerty123”
An entertaining section on the site “Encode as Fake Russian” allows you to encode an English message into Russian characters (Cyrillic). They will be human readable enough, but any surveillance software that searches for keywords in English will not have much success. So you can safely test for attempts to bypass DLP systems.
In general, I advise you to pay attention to the specified resource.
Also noteworthy are the following steganography tools:
We have considered practical approaches to using steganography using the example of various tools. And as you can see, the algorithm is always the same:
- Selecting the data you want to hide
- Choosing the medium where the data is hidden
- Setting a password
Steganography Detection Methods
We have considered how to hide information, but a natural question arises - how to detect the fact of hiding data?
There are various tools for detecting steganography As an example, we have given a tool called StegCracker to detect steganographic content in an image file, and we will also perform a brute-force brute-force attack to extract the content. The data carrier file that we will identify is a jpg image file.
StegCracker is a free and open source tool used to analyze an image file (media) for data hiding by performing statistical tests to determine the presence or absence of steganographic content in an image file. StegCracker is capable of working with password dictionaries.
Here we are using the itsecforu.jpg file with some steganographic content. We hid the data in this image using the steghide tool.
We also prepared wordlist.txt with the password that was used to hide the passwords.txt file, which contains only one entry:
On Kali Linux, run StegCracker with the following syntax
Code:
stegcracker <file> [<wordlist>]In our case:
Code:
stegcracker itsecforu.jpg wordlist.txtAfter brute-force, we get information about the used password:
To see what kind of data was hidden, we use the cat command in the new output file, and we see the entry and the passwords.txt file
