Skip to content

🔍 Go tool for LSB steganography, capable of hiding any file within an image.

License

Notifications You must be signed in to change notification settings

DimitarPetrov/stegify

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

stegify

Build Status Coverage Status GoDoc Go Report Card Mentioned in Awesome Go

Overview

stegify is a simple command line tool capable of fully transparent hiding any file within an image or set of images. This technique is known as LSB (Least Significant Bit) steganography

Demonstration

Carrier Data Result
Original File Data file Encoded File

The Result file contains the Data file hidden in it. And as you can see it is fully transparent.

If multiple Carrier files are provided, the Data file will be split in pieces and every piece is encoded in the respective carrier.

Carrier1 Carrier2 Data Result1 Result2

The Result1 file contains one half of the Data file hidden in it and Result2 the other. As always fully transparent.

Installation

Installing from Source

go install github.com/DimitarPetrov/stegify@latest

Installing via Homebrew (macOS)

brew tap DimitarPetrov/stegify
brew install stegify

Or you can download a binary for your system here.

Usage

As a command line tool

Single carrier encoding/decoding

stegify encode --carrier <file-name> --data <file-name> --result <file-name>

stegify decode --carrier <file-name> --result <file-name>

When encoding, the file with name given to flag --data is hidden inside the file with name given to flag --carrier and the resulting file is saved in new file in the current working directory under the name given to flag --result.

NOTE: The result file won't have any file extension and therefore it should be specified explicitly in --result flag.

When decoding, given a file name of a carrier file with previously encoded data in it, the data is extracted and saved in new file in the current working directory under the name given to flag --result.

NOTE: The result file won't have any file extension and therefore it should be specified explicitly in --result flag.

In both cases the flag --result could be omitted and default values will be used.

Multiple carriers encoding/decoding

stegify encode --carriers "<file-names...>" --data <file-name> --results "<file-names...>"
OR
stegify encode --carrier <file-name> --carrier <file-name> ... --data <file-name> --result <file-name> --result <file-name> ...

stegify decode --carriers "<file-names...>" --result <file-name>
OR
stegify decode --carrier <file-name> --carrier <file-name> ... --result <file-name>

When encoding a data file in more than one carriers, the data file is split in N chunks, where N is number of provided carriers. Each of the chunks is then encoded in the respective carrier.

NOTE: When decoding, carriers should be provided in the exact same order for result to be properly extracted.

This kind of encoding provides one more layer of security and more flexibility regarding size limitations.

In both cases the flag --result/--results could be omitted and default values will be used.

NOTE: When encoding the number of the result files (if provided) should be equal to the number of carrier files. When decoding, exactly one result is expected.

When multiple carriers are provided with mixed kinds of flags, the names provided through carrier flag are taken first and with carriers/c flags second. Same goes for the result/results flag.

Programmatically in your code

stegify can be used programmatically too and it provides easy to use functions working with file names or raw Readers and Writers. You can visit godoc under steg package for details.

Disclaimer

If carrier file is in jpeg or jpg format, after encoding the result file image will be png encoded (therefore it may be bigger in size) despite of file extension specified in the result flag.

Showcases

🚩 Codefest’19

stegify was used for one of the Capture The Flag challenges in Codefest’19.

Participants were given a photo of a bunch of "innocent" cats. Nothing suspicious right? Think again!

You can read more here and here.