image
Daniel Jesus
Esteganografia
Steganography

Steganography - Hide zip inside an image

Today, it's steganography talk day. For those who do not know steganography is a technique for hiding content within other content.

In the past, the technique was used in pictures, letters, etc. Texts were hidden in images so that the original content could not be identified by anyone.

Steganography (from the Greek "hidden writing") is the study and use of techniques to conceal the existence of one message within another, a form of security by obscurantism. Steganography is the particular branch of cryptology that consists in having one written form camouflaged in another in order to mask its true meaning. It is important to stress the difference between cryptography and steganography. While the first conceals the meaning of the message, the second conceals the existence of the message.

To test the technique we will use any image. In this example, I will use a Mickey Mouse image, named "mickeymouse.jpg", which you can see below:

Mickey Mouse
Mickey Mouse

 

This is a normal picture without any hidden content. Now, to hide a zip file inside the image, let's do the following:

1 - Create a .txt file and write anything on it. In my case, I create a file with the name hidden.txt and put it inside: "https://danieljesus.pt/2019/03/24/esteganografia-esconder-zip-numa-imagem/". Now I have 2 files in the folder: "mickeymouse.jpg" and "hidden.txt":

P340 - 1
P340 – 1

 

2 - By the command line, we will compress the file "hidden.txt" and we will call it "steganographyp340.zip":

  1. $ zip steganographyp340.zip hidden.txt
$ zip steganographyp340.zip hidden.txt
P340 - 2
P340 – 2

 

3 - Now that we have our "zipped" hidden.txt, with the name "steganographyp340.zip", we take the image "mickeymouse.jpg" and merge the files and call it "stegano_out.png". Then, from the command line, execute:

  1. $ cat ./mickeymouse.jpg ./steganographyp340.zip > stegano_out.png
$ cat ./mickeymouse.jpg ./steganographyp340.zip > stegano_out.png
P340 - 3
P340 – 3

 

At the moment, we have our file hidden in the image stegano_out.png, which as you can see in the previous print, the PC detects as normal image ...

Now, in order to see the hidden content of the image, simply do the reverse process, that is, as simple as decompressing the image.

  1. $ unzip ./stegano_out.png
$ unzip ./stegano_out.png

O resultado será algo assim:

P340 - 4
P340 – 4

 

Of course, if the site where they are going to upload re-creates the image in the upload, the zip file is lost in the process, however, several places do not make the image recreation process, thus keeping the hidden.zip inside.

Stegano Out
Stegano Out

 

To test the process, just save the image above and do the "unzip".

Full Stack Developer | Security Researcher

Leave a Comment

Full Stack Developer
SysAdmin
DevOps
Cyber Security Engineer
Pen Tester
Ethical Hacker
Security Researcher

Daniel Jesus

I've always been passionate about technology. For years I have been producing electronic music themes, developing websites and growing professionally. I evolved! I raised the bar in the area of development. I went from programmer to webmaster! I have learned new technologies, I have improved on several.
Today I am Full Stack Developer.

I had the opportunity to be present in some of the best projects in the world. I developed systems, improved online stores, contributed to a faster web and better navigation.

Over time, I run complete web systems. I built networks, systems in the cloud, and solved problems. I integrated SIEM systems. I have perfected myself in Security and I have obtained a Masters Degree in Cyber Security. I became Pen Tester, Ethical Hacker, Reverse Engineer and I have perfected myself in Security Researcher ...

Today, I develop and protect systems, but mostly, I help my clients grow.

Download My CV

Fresquinho

Arquivo

Categories

en_USEN
pt_PTPT en_USEN