Description and Features
Steg is a software that hides informations in digital media, such as images (compressed and uncompressed). Basically, you need to prepare a file archive of the data you want to be hidden (for example a .zip, a .tar.gz etc.). Opening an image with Steg, a natural image is better than opening a synthetic one. Steg will analyze the image and evaluate the potential space available for your data to be hidden. It possible to adjust some configuration parameters to better suite space needs. Pay attention: Steg let you choose configuration parameter values that produce big artifacts. You must evaluate carefully the differences between the original media and the tainted one. Evident artifacts shoud be avoided because they reveal the presence of hidden data: if in doubt, go with the default options which are safe most of the time. When you prepare an image within hidden data is strongly recommended that you make an extraction test to be sure that no problems will occur. If asymmetric cryptography was used, the extraction test could be made using a dummy receiver's RSA Key-Pair, then the same Key Pair can be used for extraction: in this case the test cannot be exactly the same as using the real receiver's RSA Key-pair but it will give guarantee that extraction will success. Note that working with very large images, can require a large amount of memory and processor resources.
- Hardware and Software Requirements
- Open an Image file
- Steg Interface
- Steg Configuration
- Hide Noise
- Hide Data
- Change View
- Save Media
- Extract Data
- RSA key pair generation
- RSA key conversion
- Cryptography Modes
"Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message."
-- Wikipedia, Steganography page.
Check Wikipedia steganography page for an extended introduction.
All modern personal computers will run Steg without performace problems.
If you want to open very large images, a minimum of 2 Gigabyte of RAM is recommended.
Steg's graphic interface should be usable on all screen sizes including the smallest 10'' display of some Netbook.
There are no particular software requirements: visit the download page on the Steg website for supported platforms and operating systems.
The Qt Framework dynamic libraries Steg depend on are all included in the packages.
If your computer already has an installed version of the Qt Framework, just make sure to check Steg will use a compatible version. Refer to the README.txt file provided in the Steg package for your platform.
Steg shows the Qt Framework version it was built on and the actual version upon it's running in the "Help-->About Steg" dialog box.
There are some limitations to the maximum and minimum image dimensions and to the "quality" of the image for steganography purposes. Steg will refuse to open an image which is outside the above boundaries and it will inform you through an informative dialog box. Keep in mind that you should always choose natural images like the ones you can obtain from a shoot with your digital camera: avoid computer-made synthetic images with unnatural homogeneous color and perfect shapes. You can open images in two different ways: Import an image as uncompressed and Open a JPG image.
In this scenario the images formats can be one of those supported by Qt Framework. The following formats are supported:
- BMP (Windows Bitmap)
- JPG (Joint Photographic Experts Group)
- JPEG (Joint Photographic Experts Group)
- PNG (Portable Network Graphics)
- PPM (Portable Pixmap)
- TIFF (Tagged Image File Format)
When an image is imported, it will be converted and always treated as an uncompressed ARGB32 bitmap.
In this case the image is opened as a compressed JPG and it will be treated in this format.
Steg interface is simple. On the main toolbar you can see all the relevant buttons and the same commands are available through the menu. If you point the mouse pointer over a button, a short description of its function appears on the bottom left corner, as well as the relative tooltip. Opening the media, two "media viewers" are shown. The one on the left will always show the original media, the one on the right will show the preview of the modified media. For images, each "media viewer" has its own buttons. Under the media viewers there are two self-explained text area showing information on the opened media. On the right bottom you can see the media available space to hide data. When the configuration is changed the media available space will be updated
After you open a media, the button with the colored histogram will became available and let you open the configuration dialog box. The dialog box has two tabs. The first tab is for the configuration options that are common to all file types, the other tab is for options suitable for the current type of media.
- Embed a text message: this will add an optional text message to the data (maximum 256 characters). When data will be extracted, a text file, filled with the embedded text will be generated.
- Crypto Mode: all the data hidden in the media, including the optional text above, will be always encrypted. Here you can choose the encryption mode. Please see Crypto Mode Paragraph for details.
Note that you cannot press the "OK" button unless the configuration is correct.
If you have imported an image as uncompressed ARGB32 bitmap you can select what channels and the number of bits in each channels you want to taint with your data, starting from the less significant bit (LSB). Alpha channel is not selected by default because altering it's value, which is constant most of the time, is not recommended. For natural images, it's safe to modify the first and second least significant bit (1 or 2 for each channels) of the other three channels. I made selectable bigger values just for fun...
If you have opened a JPG image you can choose the following options:
- Smart distribution: if selected, data will be hidden using a smart method that tries to elude possible further statistical analysis to determine if steganography was applied or not. Normally, this option will lower the space available in the image but, to gain reasonable security, is highly recommended you leave this option enabled. In some cases it is possible that disabling this option you will obtain more space to hide data with comparable, if not less, visible image alteration. Pay attention because in this case you are safe only if you are sure that people will evaluate your image only looking at it: despite the overall good aspect, if someone (far more skilled than a common observer) will perform some statistical analysis, steganography could be easily revealed.
- Copy AppN Markers: JPEG image header can include some application-specific information called AppN Markers. For example your digital camera or scanner can use this header fields to write the name of the manufacturer, model and/or firmware version of your equipment, or if you make some image editing, your favourite image editor can write other kind of information. If you leave this option unchecked all AppN Markers will be removed from the saved image, otherwise they will be copied. Note that if you open an image and save without hiding any secret data the Markers will be saved or removed the same way. This option does not change the space available to hide data.
- Copy Comment marker: JPEG image header can include a user's arbitrary comment field. Its common, in image editors, to have an option for the user to write the comment and often a default message could be written, for example: "Image edited with <softwareName>". If you leave this option unchecked the comment will be removed from the saved image, otherwise it will be copied. Note that if you open an image and save it without hiding any data, the comment will be saved or removed in the same way. This option does not change the space available to hide data.
- Use component [1 - 4]: These options allow you to choose which components will be used to hide data and, for selected components, you can set an "utilization factor". More components selected, more space available. Higher values for "utilization factors" more space available. More space available, more visible image alteration after data hiding. The default is safe for the most cases. If your data smaller than the space available with the default configuration, unchecking components is a good practice. If data are larger than the available space, you can select all components and try to increase the value of the "utilization factors" as long as the image alteration is acceptable for you (use the "Hide Noise" feature to evaluate configuration). When a component is not present in the original images it is shown as disabled (grey) in the JPEG option dialog box.
When the "OK" button is clicked, the indication of the available space (in the bottom right corner) will be updated. If you are interested in more detailed information about AppN Markers, Comment Marker and so on, you can start from the relevant Wikipedia "JPEG" page.
This command fills all the space available in the media using random generated data according to the current configuration. This is useful to evaluate the worst alteration you can obtain for that media using different configurations. Use the View menu and zoom buttons to evaluate differences between the original media and the tainted one. To make effective visual comparison You can run consecutive tests even though it is not particularly useful. You can undo every modifications using the revert command.
This command reverts every change to the media and restore it to its original status. Note that, even if you reverted a JPEG image, if you save it, the AppN and Comment Markers will be saved accordingly to the current configuration.
This command allow you to choose the file to be hidden in the media. You need to make a single file archive. The size of the data should be less than the space available in the media with a difference of about 1Kbyte. Compress your data prior to evaluate the needed space. Use the View menu and zoom buttons to evaluate differences between the original media and the tainted one. If you are unsatisfied you can use revert to undo the change.
It is possible to optimize the visualization using the View menu options. To make effective comparisons between the original image and the modified version follow these steps:
- Start with the images versions at the same zoom and scroll position.
- Maximize the display area of the images hiding media info and toolbar using the related options under View menu.
- Make the double sided window became a single one using the Switch Left/Right View command (ALT+Right).
- Maximize Steg's window (now showing a single image viewer).
- Adjust the zoom for the current image version.
- Issue another Switch Left/Right View command (ALT+Right).
- Adjust the zoom of the current image version exactly as the previous image version: in this way the two image viewers will show the same image area.
- Issue repeatedly the Switch Left/Right View command (ALT+Right) to compare the two image versions.
You can restore the initial view by re-adding the hidden interface part (use the View menu options.
This command saves the modified media. The supported formats are:
- TIFF and PNG (both uncompressed) for ARGB32 images.
- JPG for JPEG images.
To extract data from a media you need:
- The PassPhrase if a symmetric cryptography had been used.
- The correct RSA Private Key (compatible with Steg) if a asymmetric cryptography has been used.
- The correct RSA Private Key (compatible with Steg) if a signed asymmetric cryptography has been used. In this case you can verify for the sender identity. To do it you must provide the correct sender's RSA Public Key as well.
Open the options dialog box and choose the right Crypto mode and parameters, ignoring other options. Confirm with the "OK" button and click the "Extract Data" button. Choose a destination directory. Data will be extracted. If the extraction fails, please read carefully the error dialog box and review the configuration. If extraction suceeds, you will find the following files in the destination directory:
- <filename> : the file hidden by the sender.
- <filename>.sha1 : containing the sha1 hash of <filename>.
- <filename>.txt : containing the optional text that the sender wrote in the configuration (the file will be created empy if no text was entered).
- README.txt : containing a reference to Steg website.
At the end of extraction process the configuration parameters will be updated (if possible) with the values used by the sender when data were hidden.
This tool generates an RSA Key-Pair suitable to be used with Steg. In the save dialog box you can choose a preferred format. All the suggested format are compatible with Steg.
This tool converts a key from a format to another.
This is a brief explanation on how to use cryptography with Steg. If you want to learn more details about cryptography you can start from the Wikipedia Cryptography page. Steg uses four cryptography methods:
- Auto: The data will be encrypted but no PassPhrase or keys will be required to extract data.
- Symmetric: when you hide data, data will be encrypted with the provided PassPhrase and the same PassPhrase is required to extract.
- Asymmetric unsigned: when you want to hide data (you are the sender) only the receiver's public key is required. When you want to extract data (you are the receiver) only your private key is required.
- Asymmetric signed: when you want to hide data (you are the sender) the receiver's public key and your private key are required. When you want to extract data (you are the receiver) only your private key is required but the sender's public key is requested. If you don't provide the sender's public key, at the end of the the extraction process, you will be warned that the sender identity is not verified. If you provide the sender's public key you will be informed if sign verification is succeeded.
To use asymmetric cryptography (also know as Public-key cryptography) you need to generate your RSA Key Pair. You must keep your private key hidden and safe and share the the public key with other user(s). Notice that, whether you hide or extract data, you configure the needed parameters in the same configuration dialog box.
Starting from the first execution, after the Eula is accepted, Steg will write some data into your hard disk. Nothing will be written into your system or configuration registry (for windows platform) other than a directory (Steg), and an .ini file inside this directory. If some unusual condition occur during Steg's execution such as a crash, a log file could be created in the same directory. The .ini file shall not be edited: in this file Steg will take note of user's EULA agreement, some info about itself and maybe other settings. Steg's directory location varies according to different systems and rely on Qt framework. It should be always the system standard location for user's applications data. Examples:
- GNU/Linux (Ubuntu):
- Windows XP:
C:\Documents and Settings\<UserName>\Application Data\Steg
- Windows 2008 R2:
This path is shown after the Eula is accepted, and it will be shown again if you delete the settings directory.
Have fun. Fabio