Steganography: the art of hiding

Steganography is the art of hiding. It consists of hiding messages in such a way that at first sight they are not perceived. It is based on the idea that deciphering an encrypted message is only a matter of time, but discovering a secret message is much more difficult if you don’t even know there is a message.

Steganography is a technique that has been used for thousands of years in secret communications. During the Medical Wars (490 B.C.), the Greeks shaved the heads of their slaves, tattooed the message they wanted to communicate, waited for their hair to grow back and sent it to the recipient. That way, if they were captured along the way, the enemies would not find any message carried by the slaves.

Even during the Second World War, steganography was used, using the Null Cipher method, which consists of obfuscating the message in irrelevant text. For example in the following sentence:

Susan says Gail lies. Matt lets Susan feel jovial. Elated or angry?

A priori is a message without any kind of war relevance, however if emitter and sender have agreed to follow a pattern such as reading the first letter of the first word, the second letter of the second word, the third letter of the third word, and repeat the loop (with the first letter of the fourth word), we would get the message:

Susan sAys GaIl Lies. MAtt leTs Susan fEel joVial. Elated (or) aNgry?

We would get the message “Sail at seven”.

Today, steganography has shifted to computer science because it is necessary to navigate through an insecure channel in order to go from one computer to another. However, the techniques used to hide messages are cryptography, not steganography.

But it is interesting to take a look at the different techniques and tools of steganography that exist today in computer science. Let’s start with the simplest: strings.

Strings

The first thing I do when I face a steganography challenge is a strings to the file to analyze.

Strings is a command that simply shows the printable character strings of a file. The simplest steganography technique is to insert some message between the code of the file.

Let’s look at an example. This is a common image:

However, by stringsing it, we discover that it contains a secret message:

Another important thing that we can discover with strings is that there is a hidden file inside. If at the beginning of the file there are two strange strings, similar to the following ones, it is almost certain that there is a hidden file inside that file:

But to find out what file it contains, we’ll need other tools.

Binwalk

This tool is another one that I use more to solve challenges of steganography. It is used to discover if there are hidden files inside another file. Again we have the same image as before:

It just looks like a normal image. However, when running binwalk, we see that there is a hidden zip inside. With the -e option we indicate that we want to extract what it contains.

Steghide

With steghide you can find hidden files that have been password protected. Let’s see the following image:

If we try to extract it with binwalk, it will give us errors and we won’t be able to get the hidden file.

However, we can use steghide to get the hidden file, as long as we know the password with which it was hidden.

To find out the password, the usual thing is to pass some dictionary and try to burst it by brute force. For this we can find several tools, but I recommend the StegCrusher script,, as it allows you to perform brute force with multi thread.

Stegsolve

With this tool we can check the different layers of the images. It is a .jar that allows us to analyze if any of the layers of the image hides a hidden message.

Let’s look at the following image:

It looks like a normal image. However, when we open it with this tool we can press the arrows that appear under the image to change between the different planes:

After a few attempts… A text has appeared! 

This is the most common way to hide a text or other image in an image layer, however stegsolve offers more precise utilities to discover more convoluted hidden messages.

Sonic-visualiser

So far we have seen how to discover any kind of file hidden inside another, and how to find a message in a layer of an image. Then we enter the world of sound.

In audio it is also possible to hide secret messages (beyond psychophonies and satanic messages by playing an audio backwards).

We have the audio lethani.wav. A priori, it is a normal audio, and if we play it, a happy song will sound. Let’s try opening it with sonic-visualiser.

We can see that in principle it does not give us any relevant information. Most of the time there is something hidden in an audio file, the key is in the spectogram. With this program we can see the spectogram of the waves by clicking on Layer -> Add Spectogram:

Et… Voilà! The Lethani logo was hidden in the audio!

With this I end this brief explanation of the different steganography tools that can be found today. Now that you know all this, you can try these tools yourself, trying to solve the challenges of steganography in Hack The Box. With this information you will be able to solve around 90% of them. If you still don’t know Hack The Box, I recommend you to visit my post “Introduction to Hack The Box”.

Lethani.

This Post Has One Comment

  1. Very nice post!! Thank you!!

Leave a Reply