Stegsnow | Hide a Text In a Text File

Steganography is the practice of concealing a file, message, image, or video within another file, message, image or video.

This utility can conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.


In this article, we will try to hide data in a text file with a not so famous tool. we will try to make data as hidden as possible. with this tool, you will be able to hide your ssh keys, API keys, passwords and other stuff too. but it is required for the data to be in text (ASCII) form.


Stegsnow provides rudimentary compression, using Huffman tables optimised for English text. However, if the data is not text, or if there is a lot of data, the use of the built-in compression is not recommended, since an external compression program such as compress or gzip will do a much better job. Encryption is also provided, using the ICE encryption algorithm in 1-bit cipher-feedback (CFB) mode. Because of ICE’s arbitrary key size, passwords of any

length up to 1170 characters are supported (since only 7 bits of each character are used, keys up to 1024-bytes are supported).


⤿ Install:

apt install stegsnow

⤿ Help menu:

stegsnow --help

⤿ Let’s hide a message in a text file - for the demonstration, I have created a text file which contains some text names:

> cat original.txt
My bad, I forgot my password, sorry about that.

⤿ Now we want to hide a message in this file:

stegsnow -C -m "My password is 12345" -p "root" original.txt original2.txt

-C is to compressing data. It will also be used in extracting data;

-m is to define the message that supposed to be encrypted;

-p is for the password.


⤿ Now let’s take a look at the original2.txt with nano:


⤿ The file has something in red colour, but we can’t read it. But you can try to read it with hex:

hexdump original2.txt
0000000 794d 6220 6461 202c 2049 6f66 6772 746f
0000010 6d20 2079 6170 7373 6f77 6472 202c 6f73
0000020 7272 2079 6261 756f 2074 6874 7461 092e
0000030 2020 2009 2020 2020 0920 2020 090a 2020
0000040 2009 2020 2020 2020 0909 2020 2020 2009
0000050 2009 2020 2020 0920 2020 0920 2009 2020
0000060 2020 090a 2009 2020 0920 2020 2020 0920
0000070 2020 2020 2020 2009 0920 0920 2009 0920
0000080 2020 2020 200a 2020 2009 2020 2020 2009
0000090 2020 0920 2020 2020 2020 0920 2020 2009
00000a0 2020 2020 0920 2020 2020 0920 2020 2020
00000b0 2020 2009 2020 2020 2020 2009 2020 2020
00000c0 2020 200a 0920 2020 0920 2020 0909 0909
00000d0 000a
00000d1

⤿ To decrypt the file, you will need to use Stegsnow tool again with your given password:

stegsnow -C -p 'root' original2.txt
My password is 12345

And we have our hidden text back.


gif

16 views0 comments

Recent Posts

See All

A proof of concept (PoC) was developed for a critical vulnerability in F5's BIG-IP networking software that could expose thousands of users to remote control. The vulnerability, tracked as CVE-2022-13

Windows Subsystem For Linux (WSL) is a tool provided by Microsoft to run Linux natively on Windows. It’s designed to be a seamless experience, essentially providing a full Linux shell that can interac

Introduction to Phishing: ↪ Phishing attack is a type of attack aimed at stealing personal data of the user in general by clicking on malicious links to the users via email or running malicious files