This is a list of tools and resources for learning and experimenting with steganography and information hiding.
-
Exiftool is a Perl library and a command line application for the manipulation of metadata of different files, including EXIF, GPS, XMP, and ID3.
-
Strings is part of the binutils and it is pre-installed in many unix OSes. On macOS is part of Xcode command line tools and can be installed with:
xcode-select --install
. Strings can be used to find printable strings (i.e., ASCII strings) in binary and other files. -
binwalk is a simple (yet powerful) tool for binary files. Among the various use, it can be used to find embedded or appended files or blocks of executable code. On Linux can be installed with
apt-get install binwalk
, while on macOS is available through Homebrew withbrew install binwalk
. -
zsteg can be used to detect data within PNG and BMP images, which can be embedded by using steganography. It can be installed via
gem install zsteg
and provides different extraction methods. With the flag-a
, it can be used to search an image for hidden content by using all the known methods, or it can be tweaked to search for specific combinations of R, G, B, A channels. -
Steghide is a tool for hiding data in different media files (i.e., audio and image). Embedded data can be compressed, encrypted and protected with a checksum to verify the integrity of the message.
-
zbarimg is part of the ZBar suite of tools for scanning and reading barcodes and QRcodes for different sources (e.g., videos and images). It also offers a Python API, which allows to easily integrate the scanning functionalities in scripts to automate the analysis process.
-
steg-in-the-wild a list of real-world attacks leveraging some form of steganography or information hiding.
-
J.-F. Lalande, S. Wendzel, "Hiding Privacy Leaks in Android Applications Using Low-Attention Raising Covert Channels", in Proc. of the First International Workshop on Emerging Cyberthreats and Countermeasures, 2013, pp. 701–710. This paper presents an overview of the Colluding Applications Threat. Videos of a prototypal attack using such technique are available here and here.
-
Network Information Hiding 101 is an online course prepared by Steffen Wendzel discussing terminology, methodology and practical aspects of Network Steganography and Network Covert Channels.
-
pcapStego: is a tool for creating network covert channels directly in a .pcap file. The modified .pcap can be then used for simulations, to populate datasets or lively replayed via tools like Tcpreplay.