[HACKING] steghide를 이용한 Steganography(Embed/Extract Steganography with steghide)

by hahwul 6 min read

Steganography와 steghide

Steganography Steganography (US Listeni/ˌstɛ.ɡəˈnɔː.ɡrə.fi/, UK /ˌstɛɡ.əˈnɒɡ.rə.fi/) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning “covered, concealed, or protected”, and graphein (γράφειν) meaning “writing”.

The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as a book on magic. Generally, the hidden messages appear to be (or be part of) something else: images, articles, shopping lists, or some other cover text. For example, the hidden message may be in invisible ink between the visible lines of a private letter. Some implementations of steganography that lack a shared secret are forms of security through obscurity, whereas key-dependent steganographic schemes adhere to Kerckhoffs’s principle.[1]

The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages-no matter how unbreakable-arouse interest, and may in themselves be incriminating in countries where encryption is illegal.[2] Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

steghide Steghide is an open source Steganography software that lets you hide your secret file in image or audio file. You will not notice any change in the image or audio file. However, your secret file will be inside the original image or audio file. It is command line software. Therefore, you need to learn the command to use the tool. Commands will be used to embed files in the image or audio file. In addition, to extract your file from image or audio file, you need to use other command.

See this link to learn how to use this tool: http://steghide.sourceforge.net/documentation.php

This tool was developed many years ago but still works well. It runs only on Windows 32 bit versions.

(border=undefined)

steghide 설치하기(Install steghide)

#> apt-get install steghide

apt 패키지 매니저를 이용해 쉽게 설치합니다.

steghide를 이용한 Steganography

일단 이미지에 넣은 데이터(.txt)와 이미지 파일을 준비합니다.

#> ll 합계 144 drwxrwxr-x 2 hahwul hahwul 4096 2월 19 14:36 . drwxr-xr-x 4 hahwul hahwul 4096 2월 19 14:33 .. -rw-r—– 1 hahwul hahwul 129991 8월 26 15:35 kitten-floating-on-a-bubble-artistic-hd-wallpaper-1920x1080-5156.jpg -rw-rw-r– 1 hahwul hahwul 35 2월 19 14:35 secret.txt

secret.txt 의 내용을 확인해보면 아래와 같이 간단한 문자열을 집어넣었습니다. #> cat secret.txt hahwul.steganography with steghide

이제 steghide를 통해 이미지에 secret.txt의 문자열을 넣어봅니다.

#> steghide embed -cf kitten-floating-on-a-bubble-artistic-hd-wallpaper-1920x1080-5156.jpg -ef secret.txt Enter passphrase: Re-Enter passphrase: embedding “secret.txt” in “kitten-floating-on-a-bubble-artistic-hd-wallpaper-1920x1080-5156.jpg”… done

embed 옵션을 주어 주입할 수 있고, 과정중 키가되는 값을 입력하여줍니다. 이 값은 나중에 숨겨진 문자열을 꺼내오기 위해서 사용되지요.

다시 재 조립된 사진 내 삽입한 문자열이 있나 hexdump를 통해 보았지만.. 아무것도 나타나지 않습니다. #> hexdump -C kitten-floating-on-a-bubble-artistic-hd-wallpaper-1920x1080-5156.jpg 00000000 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 |……JFIF…..H| 00000010 00 48 00 00 ff db 00 43 00 03 02 02 02 02 02 03 |.H…..C……..| 00000020 02 02 02 03 03 03 03 04 06 04 04 04 04 04 08 06 |…………….| 00000030 06 05 06 09 08 0a 0a 09 08 09 09 0a 0c 0f 0c 0a |…………….| 00000040 0b 0e 0b 09 09 0d 11 0d 0e 0f 10 10 11 10 0a 0c |…………….| 00000050 12 13 12 10 13 0f 10 10 10 ff db 00 43 01 03 03 |…………C…| 00000060 03 04 03 04 08 04 04 08 10 0b 09 0b 10 10 10 10 |…………….| 00000070 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 |…………….| * 00000090 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ff c0 |…………….| 000000a0 00 11 08 04 38 07 80 03 01 11 00 02 11 01 03 11 |….8………..| 000000b0 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 |…………….| 000000c0 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 |…………….| 000000d0 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 |…………….| 000000e0 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 |……}……..!| 000000f0 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 |1A..Qa.”q.2….#| 00000100 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 |B…R..$3br…..| 00000110 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a |…%&’()*456789:| 00000120 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a |CDEFGHIJSTUVWXYZ| 00000130 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a |cdefghijstuvwxyz| …snip…

자 이제 이 파일을 다시 풀어볼까요? 일단 output 확인을 위해서 삽입한 파일(secret.txt)를 이름을 변경해주었습니다.

#> mv secret.txt sec.txt 이제 extract 옵션을 이용하여 해당 파일을 풀어줍니다.

#> steghide extract -sf kitten-floating-on-a-bubble-artistic-hd-wallpaper-1920x1080-5156.jpg Enter passphrase: wrote extracted data to “secret.txt”.

아까 입력한 키를 넣고 해제하자 secret.txt 파일이 생성되었습니다. cat을 통해 내용을 확인하면 아까 입력한 문자열이 확인됩니다.

#> cat secret.txt hahwul.steganography with steghide

steghide options

옵션 관련 설명은 steghide 공식 사이트의 manpage에 잘 나와있으니 참고해주세요. (http://steghide.sourceforge.net/documentation/manpage.php)

steghide version 0.5.1

the first argument must be one of the following: embed, –embed embed data extract, –extract extract data info, –info display information about a cover- or stego-file info display information about encinfo, --encinfo display a list of supported encryption algorithms version, --version display version information license, --license display steghide's license help, --help display this usage information

embedding options: -ef, –embedfile select file to be embedded -ef embed the file -cf, --coverfile select cover-file -cf embed into the file -p, --passphrase specify passphrase -p use to embed data -sf, --stegofile select stego file -sf write result to instead of cover-file -e, --encryption select encryption parameters -e []|[] specify an encryption algorithm and/or mode -e none do not encrypt data before embedding -z, --compress compress data before embedding (default) -z using level (1 best speed...9 best compression) -Z, --dontcompress do not compress data before embedding -K, --nochecksum do not embed crc32 checksum of embedded data -N, --dontembedname do not embed the name of the original file -f, --force overwrite existing files -q, --quiet suppress information messages -v, --verbose display detailed information

extracting options: -sf, –stegofile select stego file -sf extract data from -p, --passphrase specify passphrase -p use to extract data -xf, --extractfile select file name for extracted data -xf write the extracted data to -f, --force overwrite existing files -q, --quiet suppress information messages -v, --verbose display detailed information

options for the info command: -p, –passphrase specify passphrase -p use to get info about embedded data

To embed emb.txt in cvr.jpg: steghide embed -cf cvr.jpg -ef emb.txt To extract embedded data from stg.jpg: steghide extract -sf stg.jpg

Reference

http://steghide.sourceforge.net/documentation/manpage.php https://en.wikipedia.org/wiki/Steganography