How to hide confidential files in images on Debian using steganography

Sometimes we have to hide our data in order to protect them from third-party access to the system. However, one way to achieve this is encryption. But today we’ll talk about another method, namely steganography, which allows you to hide the existence of sensitive data in order to maintain the confidentiality of messages.

In steganography, confidential data is embedded in a camouflage file so that no one except the sender and recipient can suspect the presence of confidential information in it. This is also useful if you want to send sensitive data to someone without compromising security. The cover file in which you want to hide sensitive data can be text, image, audio, or any video file.

Why steganography?

Although steganography is not as secure as encryption, it has a number of other advantages, such as the fact that no one will notice this because the embedded file looks like a regular file. On the other hand, the encrypted file also arouses curiosity among viewers.

In this article, we will explain how to hide sensitive files in a regular image file using various tools (including the command line and graphical interface).

Please note that we followed the procedure mentioned in this article on a Debian 10 system.

Method 1: using the Steghide utility (command line)

Steghide Installation

First run Terminal in your OS. Click on the “Actions” tab in the upper left corner of the desktop. Then find the Terminal application by entering the appropriate keyword in the search bar. From the results, click on the terminal icon to open.

Update the system repository index using the following command:

$ sudo apt update

Then install Steghide using the apt command as follows:

$ sudo apt install steghide

The system may request confirmation with Y / N option hit at and then To come in to confirm. After that, Steghide will be installed on your system.

Embed files with Steghide

To hide a confidential file using the Steghide embed function, you need the file that you want to hide and the image or audio file in which you want to hide the data. It supports embedding a file in the formats WAV, JPEG, AU, BMP.

The syntax for embedding a file in a JPEG format is:

$ steghide embed -ef  -cf 

In our example, a file called “testfile” is located in the ~ / Documents directory, and we want to embed it in the image file “sample.jpg”. Therefore, first go to the ~ / Documents directory, and then run the embed command. In addition, you can also specify the full path to the file instead of going to the directory.

Example:

$ steghide embed –ef ~/Documents/testfile –cf sample.jpg

Then enter rephrase twice to embed the file. This paraphrase will be used when you need to extract or decrypt a file. If you do not want to set the paraphrase for embedding, just press Enter twice. After that, your file will be embedded.

Now we can only save the image file “sample.jpg” when deleting a confidential file, that is, the “testfile” in our example.

Insert file into image with steghide

File extraction

When you need to extract a confidential file from an image file, use the following syntax:

$ steghide extract –sf image.jpg

Example:

$ Steghide extract –sf sample.jpg

The system will ask for the password that you set when embedding the file in the image file. Enter your passphrase and your confidential file will be extracted from the image file.

Extract file from image

Delete / Delete

In case you want to remove Steghide from your system, run the following command in Terminal:

$ sudo apt remove steghide

Method 2: Using Outguess Utility (command line)

Outguess is also a Steganography command-line tool that allows you to enter sensitive information into redundant bits of data sources. With Outguess, you can also hide sensitive data inside the image file.

Outguess Installation

Open Terminal and update the system repository index using the following command:

$ sudo apt update

Now install Outguess as follows:

$ sudo apt install outguess

Install outsmart

The system may request confirmation with Y / N option hit Y and then To come in to confirm. After that Outguess will be installed on your system.

Embedding files with Outguess

To embed a confidential file using Outguess, you will need the file you want to hide and the image file in which you want to hide the data.

Here are some of the flags we will use with Outguess:

d: specify the name of the file that contains the message that you want to hide.

k: specify the secret key you want to use for encryption

r: extract message from encrypted file

The syntax for embedding a file in a JPEG format is:

$ outguess -d examplefile.txt image.jpg image-output.jpg

The examplefile.txt file will be embedded in the new image-output.jpg file.

To set a password for an embedded file, the syntax should be:

$ outguess -k “secret key” -d examplefile.txt image.jpg image-output.jpg

If your file is located in some directory other than ~ / Home, you will need to go to that directory and then run the command above. In addition, you can specify the full path to the files.

In our case, both the confidential file and the image file are in the ~ / Documents directory, and we want the encrypted file to also be in the same directory. An example of this might be:

$ cd ~/Documents
$ outguess -k “123” -d testfile sample.jpg sample-out.jpg

Insert file into brute force image

After executing this command, the file “sample-out.jpg” will be created in our current directory. After encryption is complete, you can delete the original confidential file and simply save the output image file, which will be used later to extract the confidential file.

File extraction

To extract the original confidential file from the output image file into which it was embedded, use the following syntax:

$ outguess -r image-output.jpg secret.txt

If you provided a secret key during encryption, the syntax will be as follows:

$ outguess -k “secret key” -r image-output.jpg secret.txt

An example of this might be:

$ outguess -k “123” -r sample-out.jpg testfile

Extract file from image

The Outguess method also checks statistics after extraction to ensure that the source file is exactly the same as it was before embedding.

Delete / Delete

In case you want to remove Outguess from your system, just run the following command in Terminal:

$ sudo apt-get remove outguess

Method 3: Using the Stegosuite Tool (UI)

Stegosuite is a free, open-source GUI-based tool that you can use to hide a confidential file in an image file.

Install Stegosuite

To install Stegosuite, first update the system repository index. To do this, execute the following command in the terminal:

$ sudo apt update

Then run the following command to install Stegosuite:

$ sudo apt install stegosuite

Install Stegosuite

The system may request confirmation with Y / N option hit Y and then To come in to confirm. After that, Stegosuite will be installed on your system.

Launch Stegosuite

After installation, you can start Stegosuite either through the command line or through the graphical interface.

To start Stegosuite through the command line, simply enter stegosuite in your terminal as follows:

$ stegosuite

Start stegosuit

To start Stegosuite through the graphical interface, press the super key on the keyboard and enter stegosuite. When the Stegosuite icon is displayed as follows, click it to start.

Stegosite Icon

Embed files with Stegosuite

When Stegosuite is launched, you will see the following view. To hide a confidential file in the image file, first download the image file by going to file > Open.

Stegosuite GUI

Then select any image file (in MP, GIF, JPG or PNG format) in which you want to hide the confidential file. Once you have selected the file, click OK,

Upload image

Now the image file will be loaded into the Stegosuite window. Now follow these simple steps:

1. Enter any secret message.

2. Right-click the blank area in the second field and select add file, Then select the confidential file that you want to embed in the image file.

3. Enter the password that will be used when extracting the file.

Using Stegosuite

After completing the above steps, click embed Button as follows:

Paste text into file

Now your confidential file will be embedded and saved in the file name_embed format. Since the file name contains “embed”, it is better to rename this file later, so that it looks normal and invisible.

Text hidden inside image file

Now you can delete the original confidential file from your system and save only the output file of the embedded image.

File extraction

To extract a confidential file from the image file in which it was embedded, follow these simple steps:

Open the embedded image file in the file manager. Then right click and select Open with another application in the following way:

Open file to extract text

Then from Choose application dialog box, click Stegosuite,

Open with stegosuit

The file will now be uploaded to the Stegosuite application. Enter the password for the file and click extract button.

Extract text

Now the original confidential file will be extracted to. your system

Text successfully extracted

Delete / Delete

In case you want to remove Outguess from your system, just run the following command in Terminal:

$ sudo apt remove stegosuite

Conclusion

In this article, we discussed both the command line and GUI-based tools to hide sensitive files in an image file. Using any of the steganography tools discussed above, you can hide sensitive data in a seemingly ordinary image file.

How to hide confidential files in images on Debian using steganography

Sidebar