Tux Training

While talking to my friend stan I was quite surprised to see his non-tech ways of hiding porn from his girlfriend in his windows box. Which he thinks is a genius method. What he basically does is make a bunch of folders with different, confusing, not-so-interesting names and hide his stash deep deep inside the subfolders. Source

While I have to give him props for his noble ways, I think we can do a better job in hiding his “important” files in linux. We are going to use a tool called steghide, which uses Steganography, to hide some “important” pictures. While some might argue that there are better ways to hide things in linux and other might argue that it’s not really a practical way to hide 100s (even 1000s?) of pictures. Though I used porn as medium, this is more of a tutorial about hiding file in general using Steganography. And perhaps more important to my friend and other windows users, is that Steghide is also available for windows.

Basically we will have to jpg file and hide/embed one file into another. It is important to note that the file size of file that you will embed to has to be bigger than the embedding file. The file type itself is not important.

After trying this in your terminal you can see that the file size increased after the embedding/compression. Save any two random images. Name on thisisporn.jpg and notporn.jpg. Then use this command:

steghide embed -cf notporn.jpg -ef thisisporn.jpg (this will prompt you for a passphrase and ask you to confirm that passphrase)

Next we will get some information about the embedded data by using this command

steghide -info notporn.jpg (this will prompt you for your passphrase again, after wards it will display information about the file hidden within)

The next step is of course to extract the embedded/encrypted/compressed data out to open for viewing pleasure. This can achieved by using this command

steghide -extract -sf notporn.jpg

For more information about steghide check out: http://steghide.sourceforge.net/
For information about Steganography: http://en.wikipedia.org/wiki/Steganography

Stegtools (source )

Stegtools is a pair of command-line tools for reading and writing hidden information. The latest version of stegtools, 0.4b, was released in the middle of 2005. The software supports 24bpp bitmap images, and runs on Linux and FreeBSD operating systems.

Using the same example again:

cat pass.txt | /usr/local/stegotools-0.4b/stegwrite grill.jpg summer-grill.jpg 1

Here I redirect the standard input (the output of cat command) into the stegwrite tool and specify an existing and desired output picture object. I used the full path to my stegwrite tools, since they’re not in my $PATH. The number at the end of the command represents the number of last bits of the grill.jpg image that will be used to hide my data. The value may be 1, 2, or 4. More in-depth explanation can be found in the software’s README file.

Stegread reads the hidden information from a picture object and writes it to the standard output. If I want to extract the password from summer-grill.jpg image, I can use this command:

~$ /usr/local/stegotools-0.4b/stegread summer-grill.jpg 1 > pass.txt

You need to have the right number of last bits in order to successfully extract the password from the object file. If you don’t know the right number, the utility leaves you with an empty pass.txt file.

SteGUI, a Steghide GUI

SteGUI is a Linux-based graphical front end to Steghide that was released in May 2006. Before you install SteGUI you need the stegtools, FLTK toolkit, PStreams, ALSA, and Libjpeg libraries installed.

The menus in SteGUI allow you to open objects (picture or sound) and extract or embed information by selecting and clicking on the screen. Here you can see that I’ve opened my grill.jpg picture and am preparing to embed the pass.txt file. You can also see how many cryptographic algorithms are available for the job. Although it’s a nice interface, SteGUI is useful only with objects made with the Steghide program.

OutGuess

OutGuess is console-based universal steganographic tool that can hide information inside picture objects. The latest version, 0.2, was released in late 2001 and supports inserting objects into PPM, PNM, and JPEG image formats. OutGuess can be used on Linux, *BSD, Solaris, AIX, HP-UX, Mac OS X, and Windows.

Suppose I want to securely send a root password for a production server. I can start by putting the password in a pass.txt file, then encrypt it with a secret key and mix the encrypted version with an image called grill.jpg. OutGuess can do that with one command:

~$ outguess -k key -d pass.txt grill.jpg summer-grill.jpg

You don’t need to use the -k option to encrypt the sensitive data with a secret key. If you leave it off, however, anyone who knows there’s a file buried in the image can extract the output file.

Now I have an image named summer-grill.jpg that holds my production server’s root password, and I can mail it to my coworker. Anyone who sees the picture won’t notice anything strange, since the data in the image object is not visible to the human eye.

When my coworker receives the picture, he needs to extract the information from the file. As long as he knows the secret key I used for the encryption, he can run the command:

~$ outguess -k key -r summer-grill.jpg pass.txt

If you don’t specify the -k option and provide the key, OutGuess will extract the pass.txt file, but it won’t be readable.

No Posts Found

• The Arch Linux Handbook
• Put Yourself In Command – with the command line
• Change the Default Editor From Nano on Ubuntu Linux
• Installing & Using Gnome-Do
• How to install Cacti on Debian or Ubuntu
• What are cron and crontab, and how do I use them?
• Linux File Structure Cheat Sheet
• Shell Script To Rename File Name To Lowercase
• Basics of Gnu Screen
• Basics of Managing Software with Zypper in OpenSuse