Today we're going to learn some nifty tricks to keep the government and prying eyes out of our data. Though we've learned some very important fundamentals there are still holes in our security so today we're gonna knock it up a notch and like anytime you knock something up I promise you'll enjoy :)
We're going to use Steganography(hiding data within an ordinary file) to be able to ex-filtrate secrets or private data, protect us in places where encryption is illegal, and have an easier time remembering all our complex passwords.
These techniques are very powerful and are even depicted on the show Mr. Robot. It's time to learn how to hide data not only in plain sight so no one will ever know but also encrypted via mp3's and photos. These techniques work in both Windows and Linux.
Requirements(links included in instructions):
For MP3's: DeepSound for Windows OR Steghide for Linux
For Photos: OpenStego for Windows/Linux
We have 2 programs to install. To get started we'll install steghide by going to a terminal and typing(hitting Y for any prompts):
- sudo apt-get update
- sudo apt-get install steghide
Next we're going to install OpenStego. First we need to download it here
Next we need to go to the terminal, navigate to the downloaded file location(using cd command) and type:
- sudo apt-get install gdebi
- gdebi openstego_0.7.3-1_amd64.deb
We now have OpenStego installed. Let's get to the fun stuff.
Hiding Data In a Photo(Win/Linux):
To do this we simply need to open OpenStego. You can access it by clicking on start menu(or hitting Windows key) & typing OpenStego. A program should pop up.
We need to select 4 things which are illustrated in the picture below. We need to choose(by clicking on 3 dots to the right of each option):
- the Message file (aka file we want secret)
- Cover file (photo file to hide secret in)
- Output Stego file (final file with hidden data)
- Encryption (SHA-256) and a strong password
Once we have these options selected we simply hit Hide data
We will then see this window pop up. Click OK and our file is now hidden under the final file name we chose.
For best security delete the original image(it makes it harder to discover steganography) and use an image that you haven't put on the internet before
Extracting Hidden Data From Photo
Now it's time to extract hidden data from the file we just created. In OpenStego click on Extract Data tab and you will see the following:
- Input Stego File(the file we created that contains our hidden data... it was the third file name we choose previously it is NOT the original image)
- Output Folder for Message File(The folder we want to extract our hidden file to)
- Password(the password we chose earlier to protect our file)
Fill out those fields and click Extract Data
Now navigate to where we extracted the file and you should see your hidden file available.
So there you have it you hid data in a file that is both hard to discover(though not impossible) and encrypted(in case it is discovered). Pretty cool. But let's step our game up even more and learn to hide data in an MP3 which we can then burn to a CD and hide in our huge cd collection(like Elliot from Mr. Robot does with his hacks)
Hide Data In an Audio File(Windows):
Open DeepSound and do the following(shown below):
- Click "Open carrier files" (choose mp3 file you want to hide data in)
- Click "Add secret files" (choose files you want to secretly hide)
- Choose quality options and observe amount of space availible
- Click Encode secret files
- Popup appears; choose "Encrypt secret files", enter strong password, click "Encode secret files"
We have now hidden our data in an audio file. By default it is stored in our Documents folder(remember it is not the original but a new one we created ending in .wav if defaults were used). If we play the file it should play as normal.
In order to extract our secret info we do the following:
- Click "open carrier file" and choose the file with our hidden data.
- At password prompt enter the password and go to Documents folder where you will now see your secret file extracted.
Hide Data In an Audio File(Linux):
Doingg this in Linux i very quick and easy. You can only use the following formats in steghide as carriers(JPEG, BMP, WAV and AU). Any file as long as its not too big can be hidden in a file. You simply need to know a few terminal commands. Go to a terminal and type the following changing the file paths in -ef -cf -sf to whatever is appropriate.
- steghide embed -ef secretfile.txt -cf file-to-hide-data-in.wav -sf final-file-name.wav -Z -e rijndael-256
To extract your secret file type the following:
- steghide extract -sf final-file-name.wav
So there you have it we've learned how to hide sensitive info or files in ordinary looking files. This is best used to help you remember long passwords or hide very sensitive files. Our data is now both hidden and encrypted.
Even though you can use steghide in Linux for audio files I recommend using DeepSound(in Windows) as steghide hasn't been updated since 2003 but it's nice to have as a choice in Linux. It is also very important to securely delete any trace of the original photo as that makes it harder to detect a file with hidden information.
In my future posts I'll teach you how to securely delete aany file, hide yor tracks on the iinternet, and the danger of meta-data therebycompleting our PersSec series of tutorials. Then it's on to the big boy league were we'll explore tools and real-life examples of all things hacking and fraud. Until hen happy hhacking and always use your skils for good.