Episode: 169
Title: HPR0169: Steganography
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0169/hpr0169.mp3
Transcribed: 2025-10-07 12:51:44

---

.
Hello and welcome to another episode of Hacker Public Radio.
I'll be your host for today, Deep Geek.
Today on Hacker Public Radio, a brief introduction to Stagnography.
Stagnography is the art and science of hiding one file within another file.
This is actually a field in cryptography.
Cryptography is well known for encrypting files that is the messages made secret or made uncomprehensible using some algorithm.
Whereas the Stagnography is about actually hiding a file within another file.
The difference is kind of subtle but rather important because with regular cryptography or secret messages,
you would have an obviousness to which file needs to be attacked to find out what the secret is or what the hidden data is.
Whereas Stagnography is about putting that information into an otherwise innocuous file so that when and on disk file systems or disk files,
it's hard to figure out which file could have the desired information that needs to be extracted.
So what are we talking about here in practical terms because I want to keep this simple.
I'm not a mathematics guy as you probably have already guessed.
I'm more of a person who's interested in pushing the envelope as far as applications are concerned.
What's involved here to keep it simple is what tools can we use to hide files that we want to hide, whatever they may be.
And the answer is that all these tools seem to file the Linux philosophy or the Unix philosophy, I should say, that of having a tool that does a specific thing the best it can.
So if you go out there to the internet and begin looking for programs and software to do Stagnographic operations,
you will find that there is a lot of programs out there but each of them has their little specialty.
Some, for instance, hide in wave, hide will hide text files and waves, others will hide any kind of file, any kind of data file in a wave file.
Some hide in MP3, some hide one file or text file in a JPEG. There's a huge variety out there.
Now, later on, I'm going to actually talk extensively about the operations of one that I found to be particularly easy to use.
But, you know, you might be saying, well, okay, how is a file hidden and the answer is that it's broken up.
It's broken up into bits and those bits are scattered to give a simplified explanation in only one application.
I'm sure you're all familiar with the American standard code for information into change or ASCII text.
Now, if you remember from your education about these things, ASCII text has a parody bit.
Now, it would be an easy matter for a programmer to abuse that parody bit.
In other words, if you ignore the text file, the text file, the other bits, the other seven bits per eight bits, you would have one bit left over.
And so, you could actually hide one eighth of another file in that file in those bits.
Now, I just came up with that example top of my head and its feasibility is not guaranteed.
You know, don't take it as the gospel, but there are programs that hide things in text files.
The other thing that needs to be remembered when doing stuff like this is that, you know, if you use a tool,
let's say you have a large collection of images, a user tool that hides a file in, say, a bitmap file, which is a very large, non-lossy file.
Well, if all your files are JPEGs and have one bitmap, if someone does seize your desk or is looking through your desk,
they're going to have a good idea of where to look for what's going to stick out like a sore thumb.
So, you need to choose the right tool.
So, I found a website while doing research for this episode called StegoArchive.com.
Let me spell it out for you.
S-T-E-G-O-A-R-C-H-I-V-E.com, and it lists links to freeware and shareware for many computing platforms,
such as Windows, DOS, Java, Macintosh, OS2, Unix, VSD, Linux, and Amiga.
Now, the point of the archive is that he's selling a shareware desk for $22, and this may be quite worthwhile for you.
It's up to you to decide, but it's still a good resource to use.
So, let me talk about a specific one I found that was particularly good.
Back when I first discovered StegoNography was several years ago, and I really don't use it a lot.
It's more of a novelty for me.
And I used a program called StegTools, which allowed you to put one JPEG file into another.
And I can't find StegTools anymore.
Maybe it's still out there, but it doesn't matter because it was a Windows program.
And you might even have to consider, say, running an emulator of another older operating system to get something working to do a specific file format.
Now, the other matter is that since this is a low-demand software, or it's not a thing in high-demand,
because it is a little complicated to even conceptualize and explain.
Some of the software is distributed as source, and if you're not the best person at compiling, that might not be for you.
Now, me, I always like to go for the pre-compiled binary myself.
So, using StegoArchive.com, I went to the Unix Linux OpenBSD page, and began looking through.
And I found one that was really good for me, called Hide4PGP.
And it was actually a program that hides data within BMP bitmaps, waves, and some older audio file called VocFiles.
So, this is good for me, not that I use BMPs very much.
Although, when I was following around photography, I did store some of my originals as BMP format.
But I do do waves a lot.
And what was interesting for me was that it was easy to get at this program by following the link for Hide4PGP,
which was originally a program meant to make a steganography for the application pretty good privacy, PGP.
I found that the Linux download was an executable.
By using the tools GUNZIP and TAR, I got a binary, which I simply copied, over to slash user slash bin,
and voila, a new command is on my system, Hide4PGP.
Now, Hide4PGP is simple enough to use.
The first step would be going to a directory, with an extra emulator, so you'd have the command line.
And going to a directory where you have a wave file, and the file you want to hide, let's say it's an image, you know, a JPEG file you want to stick in there.
So, all right, you know, I just got a binary.
So what I do, the first thing I did was I typed in Hide4PGPspace-H for help, and a short little man page came up right away.
There's only a couple of ways of using it.
There's a switch called dash H to get the help file, a switch called dash I, to give you information about a file and it's hiding capacity.
And there's a dash X for extracting files from it, and it defaults to hiding files, you know, the apps of Extract.
So after seeing this, you know, let's make a quick example.
Let's say I have a wave called Test.Wave.
So, you know, I have this file called Test.Wave. It's 6.6 megabytes.
So I typed Hide4PGP-I Test.Wave.
And it report, give me a very simple format report, after a copyright line.
It said Microsoft RIF subtype wave format detected.
On channel 24,000 hertz, 8 bit.
You may hide up to 857,000 and 21 bytes in Test.Wave.
So after that, it was simply a matter of Hide4PGPspace-Test.Wave-Space-Test.JPG.
And it just folded that image file into the wave file.
Now, extracting is just as easy.
It would be Hide4PGP-X, you know, and the output file was Test.Wave.
So, you know, this is just hiding.
Now, some of them encrypt as they hide, but this is just about using the wave for the BMP file as a container.
For a other file that you're going to hide.
Now, what's interesting, though, is that I remembered that PGP forwarded attachments,
and would automatically encrypt, and you would encrypt with PGP, your message,
and the attachment would be encrypted and compressed.
So I said, let me see if something works.
And I converted that wave file to FLAQ, then I uncompressed the FLAQ file to get another wave file.
And then I ran hide4PGP with the extract mode.
And sure enough, the hidden file came out.
FLAQ did not care that was in there.
It just compressed it anyway.
So, you know, and that's just one file now.
We have these ratios, and we have to talk about the ratios,
because they all do things a little bit different, and have with a wave,
you have, you know, your 8-bit or your 16-bit options.
And so, there's an amount of variance you can get away with before we begin hearing a difference
when you play the file.
And that's why these programs have information commands to tell you how much you can fit in.
For instance, the programs that hide JPEG files and other JPEG files.
Well, let's take, for example, the help file from JPEG hide and seek,
which I didn't manage to successfully compile, but the help file is interesting.
Let me read this quote from their manual.
Using JPEG files of about 200 kilobits, up to 20 kilobits can be inserted
with minimal visual and statistical effect.
Up to 35 kilobits is often possible at the course of visual and or statistical effects.
The program will refuse to insert even more because it is just too obvious in the resulting JPEG file.
Now, notice that that ratio is about 10 to 1.
Again, when I talked about the wave file, it was a 6-megabyte wave file.
I had 800 kilobits of available space in that file I could put other files in.
Now, with the wave file, it's very interesting because even to know that simple, simple application,
which comes pre-compiled and works with all kinds of Linuxes, you know,
because it's not that complex.
It just takes the data and sticks it in these significant bytes and fudges those bytes.
So, I don't have to compile it for a specific machine.
I can get that just as an executable that works across several platforms.
That simple program, which by the way also has piping capabilities.
Even though I can only put one file in there, I can put in a zip file,
which means I can take a library of images or a library of small waves
or a library of eBooks or what have you.
Whatever I want to, you know, make into a hidden file.
And I can zip them, which means I can aggregate a whole directory and compress it at the same time
and put that zip file into the wave and make that wave into a flag.
And then, you know, people will see my large collection of flag files and just know I like music
and not know which one to look at.
Now, it does fall upon you to keep track of what file has content in it that you might want to have to get it later.
And it does fall upon you to make sure that you save your software in such a way that if that software is not the Internet anymore,
you can still use that to get the file back out.
So, these are the issues involved with doing this.
It's a fun thing to experiment with and to see if it fits into your computing life.
Now, I talked about that ratio, that ratio of 10 to 1.
And it's important to note that, you know, the simpler tools work with very large,
lossless files like BMP bit mapped images or waves and stuff like that.
Now, when your file format is already compressed, it makes it harder
because it's less room to hide information in that file.
So, there are programs out there, which, for instance, like JPEG hide and seek, which hide one JPEG in another.
And there are programs out there that do these things, but more commonly, with these higher compression file formats,
you might find that the software will only hide text files in those files.
It may be theoretically possible for you to convert an image into a text file,
a lot of how you use to send things over the use net, but that would be a little bit more advanced.
You'd have to use blind for that.
So, some of these programs are well known, there's one that puts text messages into MP3 files.
There is one called out guess that puts text into JPEG files.
Out guess is very good because the people who make out guess also make Stego detect or Steg detect,
which statistically analyzes JPEG files to see if they've been used as containers for JPEGs.
And that's why this quote that I gave you is interesting, because it says,
up to 20 kilobits can be inserted with minimal visual.
Okay, that's important, visual, you can see the difference.
And statistical effect, that's the important part, because Steg detect can analyze a file
and figure out statistically if enough of the bits, the least significant bits that's where you would hide the data,
have been diddled to the point where it can tell you, hey, this file is different than the other JPEG files on the disk.
This file definitely has something hidden in it.
And that would give people who were really after the files that you want to hide a way to attack a specific file.
And that would put, it would reverse the usefulness of this method of hiding files.
Now, it should be neat as to say, if you're doing something that is so heavy that you're hiding files from government agencies,
this stuff might not be strong enough to hide from them.
Government agencies, their investigators tend to be somewhat specialized, especially at the federal level.
They can probably crack this stuff.
If you're hiding things from friends and family or other people on the same computer and a university setting,
that's when you would use this to a great advantage.
You know, don't do anything so heavy that the feds are after you, it's just not worth it.
That's my caveat for the day.
So, I hope you get a chance to play on the software, see if it's going to be a part of your computer life and I hope you enjoy it.
This has been another episode of Hacker Public Radio. Have a great day.
Thank you for listening to Hacker Public Radio.
HPR is sponsored by Carol.net, so head on over to C-A-R-O dot-N-T for all of us here.
Thank you very much.