Steganography is data hidden within data.
Steganography is an encryption technique that can be used along with cryptography as an extra-secure method in which to protect data.
Rather than being incomprehensible to an unauthorized third party, as is the case with cryptography, steganography is designed to be hidden from a third party. Not only must the hidden data be discovered—considered a formidable task in and of itself— it must be encrypted, which can be nearly impossible.
These can be leveraged to transfer additional/hidden content. Other techniques involve a subtle altering of the data in the file such that on the surface the new file appears identical to the original. In all cases, access to the original file will indicate it has been modified.
Decoding of the hidden content in such cases is a function of the encryption algorithm used (if any) to embed the concealed content in the cover file.
With computers and networks, there are many other ways of hiding information, such as:
- Covert channels (e.g., Loki and some distributed denial-of-service tools use the Internet Control Message Protocol, or ICMP, as the communications channel between the “bad guy” and a compromised system)
- Hidden text within Web pages
- Hiding files in “plain sight” (e.g., what better place to “hide” a file than with an important sounding name in the c:\winnt\system32 directory?)
- Null ciphers (e.g., using the first letter of each word to form a hidden message in an otherwise innocuous text)
Steganography today, however, is significantly more sophisticated, allowing a user to hide large amounts of information or data within image and audio files.
These forms of steganography often are used in unification with cryptography so that the information is doubly protected; first it is encrypted and then hidden so that an adversary has to first find the information (an often difficult task in and of itself) and then decrypt it.
There are a number of uses for steganography besides the mere novelty. One of the most widely used applications is for so-called digital watermarking. A watermark, historically, is the replication of an image, logo, or text on paper stock so that the source of the document can be at least partially authenticated.
A digital watermark can accomplish the same function; a graphic artist, for example, might post sample images on her Web site complete with an embedded signature so that she can later prove her ownership in case others attempt to portray her work as their own.
Steganography can also be used to allow communication within an underground community. There are several reports, for example, of persecuted religious minorities using steganography to embed messages for the group within images that are posted to known Web sites.
This article will also pay attention on simple methods of how we can see the hiding data in the file.
Firstly we will check the extensions of picture.
Then we will see whether the picture is opening normally or not.
We will use strings command to extract text of the picture.
The main purpose of using the “strings” command is to work out what type of file it is you are looking at but you can also use it to extract text.
For instance, if you have a file from a proprietary program which saves files in a strange binary format you can use “strings” to extract the text you put into the file.The Strings command is an extremely useful tool if you are into digging binaries/executables for useful information.
We will now check if the data in the picture is showing any informative or hidden data.
We observe that a hidden data is stored in the picture file.
Using the nano command even if we want to hide the data in the image.
This is very helpful while playing the CTF as most of the time when webpage is opened it shows a picture and the picture might contain some useful information.
NOTE: Make sure you don’t use a single image again and again to hide your data because if you use a single image is used again and again it will distort the pixels of image.
Also, we can detects the hidden messages through Steganalysis process software’s.