Images Carrying An Encrypted Data Payload


This is a tidy looking banner image. But according to [Ian] it contains 52KB of source code. You can’t just read out all of that data. Well, you can but it will be gibberish. Before hiding the bits in plain sight he encrypted them with two different keys.

He’s using AES-256 encryption to keep his data away from prying eyes. But if that wasn’t enough, he also wrote a PHP program to hide the bits in a PNG image. Not just any picture will do (otherwise your eye will be able to see something’s awry). The post linked above focuses mainly on how to choose an image that will hide your data most easily. We asked him if he would share his techniques for actually merging the encrypted file with the picture and he delivered. Head on over to his repository if you want to take a look at the generator code.

28 thoughts on “Images Carrying An Encrypted Data Payload

  1. im guessing without reading it changes color or something by one bit … maybe with some Reed–Solomon for error correction
    you cant just hide it in the header/footer it self or it will get lost in conversion …

  2. Wouldn’t think it would be difficult to hide this information in a randomly chosen image, depending on the file type. You could shift values a nearly immeasurable amount, or shift attribute values only but not DAC information. I’m no expert but this shouldn’t be hard to do to any random image.

    1. Lots of pay porn sites have scripts to embed user info in the images so if someone downloads them and posts them on, say, some *chan site they can figure out who they need to ban. Steganography is such interesting technology, and it amuses the hell out of me that it gets used to protect tits and cooters.

      1. An increasing number of photographers hide an attribution in the picture in case the EXIF “accidentally” gets overwritten, which seems to happen more that you’d think.

        BTW, I just accidentally reported your comment (dumb place for the “report” link with no “are you absolutely certain you want to do this, Mr. Picky?” dialogue). I hereby beseech the moderate Gods to let your comment stand. Sorry about that.

  3. Really? We Have been doing this cince 1993. Hack a day, Where people get credit for discovering things that have been around for decades.

    Tomorrow on HAD, SamFun47 discovers the light bulb!

    1. resizing the horizontal of a BMP file then expanding it to original width would provide the opportunity for every second pixel to contain data, simillar in value to previous.

      original picture data: 122,124,153,159
      resized (smaller horizantal): 123,156
      re-resized (original size): 123,123,156,156
      with added data: 123,124,156,155
      hidden data: 1,0

      this is for binary file data.

      but could also convey DIRECT picture data using several image filters at once;
      1) every second pixel
      2) convert to greyscale using remaining(non data-encoding) bits
      3) subtraction from original data equals new data
      4) multiply(bitshift) to increase contrast so image is visible

      just watch out for the “end of the row” may have padding that is NOT picture data and would be lost during conversion or the entire picture after that spot corrupted

      1. the program i linked a few posts up used ‘random’ pixels thruout the entire image, to prevent easy detection and extraction like that

        the seed for the random number generator is based on the same pw used to encrypt it, so without the pw, you cant even detect the changes

  4. We learned about this in class the other day, and my professor wrote up a batch file over the weekend that does steg on BMP files to both hide plain-text, and full-fledged files of any kind. It is certainly a fun thing to do!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.