Skip to content

Stegnography

Most common tools and their usage

Steghide

Steghide is a tool to hide/extract data with a passphrase, you can use it like this

# install 
sudo apt install steghide

# embed/hide emb.txt in cvr.jpg
steghide embed -cf cvr.jpg -ef emb.txt

# extract embedded/hidden data from stg.jpg
steghide extract -sf stg.jpg

Stegseek

Stegseek is used to bruteforce a password, if you dont have the password for steghide, you can use this tool, it automatically finds the password and extract the hidden data

There are many tools which do this for eg - Stegseek, Stegbrute, Stegcrack etc... but stegseek can bruteforce all the passwords in rockyou.txt in less than a minute making it the fast tool. You can install it from here

Fixing PNGs

Pngcheck finds error's in a png, used when fixing a corrupted png. It should be already installed on linux

  • .pngs has a lot of header and chucks that can be borked, you can refer to this writeup if you need to fix a whole bunch of them

  • If you need to fix the CRC(calculated using the IHDR chuck) you can have a look at the python script in this writeup

Other

  • Other than a bunch of tools you can find on the internet, you can also use this steg tool

  • If you're looking for something that can work with pngs, stegsolve should be your goto

  • This kind of One Time Pad also exist