# Steganography ## Identification Before attempting anything, identifying the file format is a *must.* ``` $ file file.ext $ strings file.ext ``` ## Extract & Embed data - JPG, PNG, GIF, TIFF, BMP [**StegoVeritas**](https://github.com/bannsec/stegoVeritas) is a fantastic tool to manipulate files with. It is worth the detour. I personally like the GIF steg. It can be easily installed with **pip3** and then simply run its requirements installation script. ``` $ pip3 install stegoveritas $ stegoveritas_install_deps $ stegoveritas file.ext ``` ## Extract & Embed data - JPEG, BMP, WAV, AU [**Steghide**](https://github.com/StefanoDeVuono/steghide) is one of the most famous steganography tools.\ The **JPEG**, **BMP,** **WAV** and **AU** file formats are **supported for use as cover file**. \ There are **no restrictions** on the **format of the secret data**.\ Features include the **compression** of the embedded data, **encryption** of the embedded data and automatic **integrity** checking using a checksum. **Extract:** ``` $ steghide extract -sf image.jpeg $ steghide extract -sf image.jpeg -p PASSWORD_TO_DECRYPT ``` **Embed:** ``` $ steghide embed -cf image.jpeg -ef secret.txt ``` ***NOTE:** steghide will ask your for a passphrase but it is **optional**. Although, it is pretty rare that someone will take the time to obfuscate data just to leave it unencrypted. Especially when it is so easy to embed/encrypt.* ## Extract & Embed data - PNG, BMP **Zsteg** is a **Ruby GEM** and will do the same thing as steghide but with **PNG** and **BMP** files. **Extract:** ``` $ zsteg image.png $ zsteg image.png -v -a $ zsteg image.png -v --lsb #Least significant bit first $ zsteg image.png -v --msb #Most significant bit first $ zsteg image.png -v -c (R/G/B/A) #Specific color channel $ zsteg image.png -v -b 1,3,5 #Specific bits $ zsteg image.png -v -b 1-6 #Specific bits range ``` ***Embed:*** ``` $ zsteg image.png $ zsteg image.png -v -a $ zsteg image.png -v --lsb #Least significant bit first $ zsteg image.png -v --msb #Most significant bit first ``` ## StegSeek - Steganography passphrase cracking **Stegseek** is a neat piece of code that will crunch through any wordlist faster than any steganography cracker available (to my knowledge). Compile from source or install released binaries\ It also includes nearly all of steghide's functionality, so it can also be used to embed or extract data as normal. The only catch is that commands must use the `--command` format.\ **Crack:** ``` $ stegseek image.jpeg wordlist.lst -t 16 >> cracked ``` ## Unicode - Homoglyphs & Homographs Sometimes, the data will be encoded using a weird encoding. This can be good for phishing, bypassing filters, and of course hiding data in plain sight. Using homoglyphs for domains is a common thing and is usually better for phishing than typosquatting/subtracting/etc.\
## Exiftool - Metadata Nothing fancy here, a simple tool to read a file's metadata. ``` $ exiftool file.foo ``` ## Audio - Spectrograph analysis Some audio analysis software are available such as: * Audacity * Sonic Visualiser * **WavSteg <- can extract/embed data** * DeepSound You can always check for hidden messages in audio files using any audio analysis software or pass it through any/many kind of filters to maybe end up with an isolated output. \ I personally use Audacity but Sonic Visualiser is also good, any DAW is also perfect (FlStudio, Ableton, ProTools,etc)
![Waveform view of an audio file](https://864121778-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Mk3RnfEHBP3zuZMsnli%2F-MkIQe0T6VmrAJsgCsoe%2F-MkIR9zCSnJRiJLAyr2E%2Fimage.png?alt=media\&token=d417cf3b-e96a-46c3-88d8-3d917f9f1814) ![Spectrograph view of the same audio file](https://864121778-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Mk3RnfEHBP3zuZMsnli%2F-MkINHbyCz03P-LurWOs%2F-MkIQXeRhhee1m3PPQRB%2Fimage.png?alt=media\&token=75e43383-5e25-493e-b194-037855dea874)