Steganography is defined by Dictionary.com as “The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography.”. In the computer field an example of steganography would be hiding one file inside of another file. This maybe hiding a text file inside an image, or hiding a music file inside a text file.
We are going to be explaining two ways to create a steganogaphy. One is with a free program called Steghide, which can be downloaded from Sourceforge.net, and the other is with a compression software, such as WinRAR, 7-Zip, or which ever you prefer. Both methods are very simple to do, the only difference is Steghide will give you a little extra security because you will need Steghide to “extract” the hidden file, and you will also need to know a passphrase to access the file.
For this hack we are going to be hiding a birthday invitation that we are working on for our dad’s secret surprise birthday party. First, we will need to create or find the files that we are going to be using. For this tutorial, we are going to be hiding the invitation in an image of our dad. The name of the files we going to be using are dad.jpg, and invite.txt, and they are located in C:\dad. Also, for the compression tutorial, the compression software we will be using is WinRAR, which you download a trial version at RarSoft.
Compression Software Method
With the compression method the first thing you need to do is compress the file(s) that you want to be hidden. Most of the time you can do this by right clicking on the file, then you should see an option in the right-click menu to add the file to an archive or to compress the file. With WinRAR, when you right click the file you should see the option Add to invite.rar.
After compressing the file, you will need to open a command prompt. If you are using Vista you will need to go to Start and search for Command Prompt or CMD.exe. XP users can click Start, then click Run. When the Run dialog opens type in CMD and press Enter or click on OK. Once you have the command prompt open, you will need to change the directory to the directory in which the files are located. We will need to type in “cd dad” into the prompt and press enter. If you have your file saved somewhere else then you will need to replace “dad” with the path to the file.
Once we are located in the correct directory, we will need to issue the command “copy /b dad.jpg + invite.rar dad2.jpg”. This command tells Windows to copy the binary files for dad.jpg and invite.rar into dad2.jpg.
At this point, invite.txt is now hidden in dad2.jpg. If you were wanting to extract invite.txt from the image file, you can either open the file in your compression software, or the extension of dad2.jpg to the extension you used when compressing invite.txt.
To install Steghide, first download the application from Sourceforge.net, then uncompress the zip downloaded file and run steghide.exe. Once you have Steghide installed, you will want to open a command prompt again, and going to the directory where the files are located. Now you will need to run the this command in order to hide the files, “steghide embed -cf dad.jpg -ef invite.txt”. This command tells steghide to copy the file dad.jpg and embed the file with invite.txt. (-cf flag means copy file, -ef means embeded file)
If entered correctly, you will be prompted to enter a pass phrase, and once entered you will be asked to re-enter the pass phrase. There some other switches which can be ran in the command also, such as -e which changed the encryption. Be sure to check out the Steghide manual, which is included in the download, for more information on those switches. We would also like to point out in our test only image files that ended with jpg worked. We used an image extension other than jpg, such as gif and png files, but we received an error stating that the file extension wasn’t supported. We tried to trick Steghide into thinking the image file we were using was a jpg file by renaming the file, and we still encountered the error. So if you are getting any errors like this make for sure the image file you are using is a jpg file, and isn’t a file that has had the extension renamed. If you find a way to make either file extension work, please post a comment telling us your work around.
Anyone wanting to retrieve the file that you have hidden in the dad.jpg, will need Steghide installed on their computer, and will need to know the pass phrase for the file. To actually retrieve the file, you will need to once open a command prompt and switch to the directory which has the file created by Steghide. Now that you are in the directory which the file is in, issue the command “steghide extract -sf dad.jpg”. This command is telling steghide that it should extract the stegofile (-sf). Once you have issued the command and pressed enter, you will be asked for the pass phrase to decrypt the file. After entering the pass phrase, you can check the directory and you will now see both the image and the text file.
Note: if you forget which file contains the hidden file, you can issue a steghide info -p <pass phrase> filename. You will need to replace <pass phrase> with your pass phrase and filename with the name of the file. If you don’t use -p <pass phrase> you will be prompted when getting the embed information. You can also use the -p flag when extracting a hidden file, which will remove the prompt for the pass phrase.