Steganography in xkcd comics without the img alt tag

Inspired by a recent Hackaday post [austin] decided to try his hand at steganography. Steganography, or ‘concealed writing’ has come a long way from ancient Greek slaves/couriers shaving their head, tattooing a message on their scalp, and regrowing their hair. We recently saw a music file masquerading as a picture of a kitten, but that method of hiding data required running a Ruby script. [austin] thought steganography would be a great way to hone his JavaScript skills, so he made an image encoder and decoder purely in JS and HTML.

Like the previous incarnation, [austin]‘s work takes a regular .PNG image file and hides stuff in the pixel data. A few of the lower bits for each pixel are modified (three bits from the red and blue, two bits from the green – a good choice, the human eye is very sensitive to green) and a file is embedded inside the .PNG image.

For an example, [austin] embedded some stuff inside the xkcd comic underneath this post’s title. Even though the image is mostly white, we can’t see anything wrong with the colors. If you’d like to decode the message, [austin] put his encoder and decoder up on github. Feel free to take a shot at it.

This image contains a hidden audio track

This image contains a hidden audio track which you’re very familiar with. Well, it used to. We’d bet we messed up the careful encoding that [Chris McKenzie] used to hide data within an image when we resized the original.

He’s using a method called Steganography to hide a message in plain sight. Since digital images use millions of colors, you can mess with that color data just a bit and the eye will not really be able to pick up any difference. Each pixel has had the eight least significant bits swapped out for the data [Chris] is hiding. Since the image uses 24-bit color, the largest possible change (going from 0 to 255) in those bottom eight bits will only result in a color change of about 0.15%. And that’s only for one pixel; in most cases the change will be much less.

He shows his work, both decoding and encoding using Ruby, and even provides a one-liner which lets you playback the audio without downloading anything (just make sure you’ve got all of the dependencies installed). Never gonna give, you, up…

[via Reddit]