Reference Gangster blog: https://blog.csdn.net/a_small_rabbit/article/details/79644078
Deep feeling, thought that it was relatively full, so this article will be recorded in the future with this easy to get.
0x01 image steganography steganography data is divided into the following categories:
- 1. Right-click on the picture to view the properties, hidden in the details of the data
- 2. The data type is rewritten (or RAR zip format data to jpg)
- The various types of fixed format image, hidden data
- Modify the image started in the compiler flags, to change its original image format
- After the end of the image data added to signs
- Added data in the image data, the pixel data of the modification does not affect the visual effects, the added information
- 4. The use of steganographic data hidden algorithm will be written without affecting the picture image (jpg image only) steganography commonly used algorithms F5, guess jsteg jphide.
0x02 crack steganography methods and procedures
- 1. Check whether there are hidden image Property Detail content
- 2. Use winhex or nodepad ++ open the search ctf, CTF, flag, key information such as the existence of keywords
- 3. beginning and end flags inspection image is correct, if not properly modified image flag restored image, open or ctf flag to see if there is information (the movable part of FIG. Gif often requires framing data of the resulting image to see if it is a combination of frame ctf direct or flag information need to be considered to be decoded)
- jpg image begins to flag: FF D8 end mark: FF D9
- gif image start flag: 47 49 46 38 39 61 (GIF89) end flag: 01 01 00 3B
- bmp picture start flag: 42 4D // 92 5B 54 00 00 00 00 00 end mark: 00
- png picture start flag: 8950 marks the end: 6082
- 4. placing images kail system, perform binwalk xxx.jpg see whether the image is an image or a combination of a plurality of additional files (if present in combination a plurality of images, will then perform automatic separation foremost xxx.jpg; if other detected it can modify its file name suffix, such as zip)
- 5. Use StegSolve the image sub-channel scan to see if the LSB written as hidden
- 6. In kail switching to F5-steganography, run java Extract
- Command: Absolute address -p java Extract 123456.jpg pictures 123456
- F5 algorithm to determine whether the write hidden
- 7. outguess-master tool system kali (installation) detects whether implicit algorithm written as guess
0x03 steganography algorithms specific operation
1.F5 algorithms steganography
Specifically: Switch at kail to F5-steganography, run java Extract
Command: Absolute address -p java Extract 123456.jpg pictures 123456
2.LSB algorithms steganography
Do: red blue green data Extract Analysis in Stegsolve.jar
3.guess algorithms steganography
Specifically: Switch to the next at kail outguess directory, the command can be directly
Command: outguess -r /root/angrybird.jpg (absolute path) 123.txt (information stored in text)
0x04 tools
1.MP3stego
-E -P Pass svega.wavsvega_stego hidden_text.txt encode. MP3 the Decode .exe -X -P Pass (password) svega_stego.mp3 (to be copied to the directory) // decode
2.stedgetect
Stegdetect can be detected by these tools steganographic JSteg, JPHide, OutGuess, Invisible Secrets , F5, appendX hidden information and the like Camouflage
s - Sensitivity modification detection algorithm, the default value is 1. The sensitivity is proportional to the degree of matching with the detection result of the detection algorithm, the larger the value of the sensitivity of the algorithm, the detected suspicious files containing sensitive information, the greater the possibility.
Print debugging information with line numbers - d.
t - set which steganography tools to detect (default detection jopi), options can be set as follows:
j - information detecting whether the image is embedded jsteg.
o - detecting whether the image information is embedded outguess.
p - detecting whether the image information is embedded jphide.
i - information detecting whether the image is invisible secrets embedded.
Command: stegdetect.exe -tjopi -s10.0 xxx.jpg