StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisble scripts on webpages, texts on social media or for any other covert communication. Completely invisible!
-
Protect your invisible secret using passwords and HMAC integrity
-
Cryptographically secure by encrypting the invisible secret using AES-256-CTR.
-
Uses 7 Inivisible characters in unicode characters that works everywhere in the web.
Including the most important ones Tweets, Gmail, Whatsapp, Telegram, Instagram, Facebook etc.
-
Maximum Compression to reduce the payload (LZ, Huffman).
-
Completely invisble, uses Zero Width Characters instead of white spaces or tabs.
-
Super fast! Hides the Wikipedia page-source for steganography (800 lines and 205362 characters) within a covertext of 3 words in under one second.
-
Written in pure functional style.
-
Usage - Available as an API module, a CLI and also a Web Interface (optimized with web workers).
Using npm,
$ npm install -g stegcloak
Using npm (to use it locally in your program),
$ npm install stegcloak
$ stegcloak hide
Options:
hide [options] [secret] [cover]
-f, --file <file> Extract input from file
-n, --nocrypt If you don't need encryption (default: false)
-i, --integrity If additional security of preventing tampering is needed (default: false)
-o, --output <output> Stream the results to an output file
-h, --help display help for command
$ stegcloak reveal
Options:
reveal [data]
-f, --file <file> Extract input from file
-cp, --clip Copy Data directly from clipboard
-o, --output <output> Stream the secret to an output file
-h, --help display help for command
const StegCloak = require('stegcloak');
const stegcloak = new StegCloak(true, false); // Initializes with encryption true and hmac false for hiding
// These arguments are used only during hide
// Can be changed later by switching boolean flags for stegcloak.encrypt and stegcloak.integrity
HMAC is an additional fingerprint security step taken towards tampering of texts and to verify if the message received was actually sent by the intended sender. If the data is sent through WhatsApp, Messenger or any social media platform, this is already taken care of! However, if you are using StegCloak in your program to safely transmit and retrieve, this option can be enabled and StegCloak takes care of it.
const magic = stegcloak.hide("Voldemort is back", "mischief managed", "The WiFi's not working here!");
// Uses stegcloak.encrypt and stegcloak.integrity booleans for obfuscation
console.log(magic); // The WiFi's not working here!
const secret = stegcloak.reveal(magic, "mischief managed");
// Automatically detects if encryption or integrity checks were done during hide and acts accordingly
console.log(secret); // Voldemort is back
The following papers were referred to for insight and understanding of using Zero Width Characters in steganography.
- Milad Taleby Ahvanooey, Qianmu Li , Jun Hou, Ahmed Raza Rajput and Chen Yini
Modern Text Hiding, Text Steganalysis, and Applications: A Comparative Analysis
- Taleby Ahvanooey, Milad & Li, Qianmu & Hou, Jun & Dana Mazraeh, Hassan & Zhang, Jing.
AITSteg: An Innovative Text Steganography Technique for Hidden Transmission of Text Message via Social Media.
IEEE Access
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
MIT - Copyright (c) 2020 Jyothishmathi CV, Kandavel A, Mohanasundar M
The StegCloak logo was designed by Smashicons.