Steganography & Cryptography — Keep your data and yourself safe.
Hiding secret data within an ordinary, non-secret, file or message in order to avoid detection is called Steganography.
The secret data can be anything from text files to videos. The combination of steganography with encryption as an extra step for hiding or protecting data is often used for handling sensitive contents. You can also see various examples of steganography in movies and tv-shows.
Some uses for steganography are often practiced by malware developers to obscure the transmission of malicious code.
Many forms of steganography have been used for centuries and include almost any technique for hiding a secret message in an otherwise harmless container. For example, using invisible ink to hide secret messages in otherwise inoffensive messages, often seen throughout the history by the Royal families.
How is Steganography different from Cryptography?
The core reason of using steganography and cryptography is protecting a message or information from interceptors/man in the middle.
Cryptography changes the information to ciphertext (unreadable, hence non-understandable by humans) which cannot be understood without a decryption key. So, if someone were to intercept this encrypted message, they could easily see that some form of encryption had been applied.
On the other hand, steganography does not change the format of the information, but it hides the message inside the file.
I found this great table on the internet to understand the differences of steganography and cryptography.
Depending on the nature of the cover object(actual object in which secret data is embedded), steganography can be divided into five types:
- Text Steganography — Hiding information inside the text files. It involves things like changing the format of existing text, changing words within a text. You can easily crack this, if you are able to understand the patterns. Sometimes the patter are easy to find, while sometimes they are extremely hard.
- Image Steganography — Hiding data by taking the cover object as the image, and hiding text and other types of files inside it, is known as image steganography.
- Video Steganography — Video steganography can be very vast, a person has various options where he/she can hide secret data. Often data can be hidden in metadata of the file as well as strings of the file.
- Audio Steganography — The secret message is embedded into an audio signal which alters the binary sequence of the corresponding audio file.
- Network Steganography — Embedding information within network control protocols used in data transmission such TCP, UDP, ICMP etc. I think the best way to analyze this is by using wireshark where you can filter these packets and analyze each file capture one by one.
Some of the famous tools used for steganography.
There are many tools/software available that can do steganography. Some offer normal steganography, but a few offer encryption before hiding the data. These are the steganography tools which are available for free:
- Stegosuite can easily hide confidential information in image files.
- Steghide is an open source Steganography software that lets you hide various type of files inside other files. This one is my favorite.
- Cyberchef — A simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression. It is one of the most useful tools on the internet.
- dCode is a toolkit website for decryption, ciphertexts, cheating at letter games, solve riddles, treasure hunts, etc. Opened in 2009, the site has grown steadily and improved, offering more and more tools and carried by its users, dCode has become a public site, free and open to all!
- Aperi’Solve is an online platform which performs layer analysis on image. The platform also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis.
- Xiao Steganography is a free software that can be used to hide data in BMP images or in WAV files.
- SSuite Picsel is another free portable application to hide text inside an image file but it takes a different approach when compared to other tools.
- OpenPuff is a professional steganographic tool where you can store files in image, audio, video or flash files
This main purpose of this article was to understand the basics of steganography and cryptography, and to discuss about the various opensource tools that are available online for this purpose. I would also like to wish…
❄️🔔🎄🎅Merry Christmas Everyone 🎅🎄☃️ 🎁❄️
Be safe, be secure and happy hacking :)
