Quite a while ago I showed how to hide your files with steghide, a tool used to embed information into a jpeg image file. Today I will show you how to detect a file already “stegged” without prior knowledge and possible extract the information from the image file.
Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images.
Stegdetect 0.6 supports linear discriminant analysis. Given a set of normal images and a set of images that contain hidden content by a new steganographic application, Stegdetect can automatically determine a linear detection function that can be applied to yet unclassified images.
Linear discriminant analysis computes a dividing hyperplane that separates the no-stego images from the stego images. The hyperplane is characterized as a linear function. The learned function can be saved for later use on new images.
Stegdetect supports several different feature vectors and automatically computes receiver operating characteristic which can be used to evaluate the quality of the automatically learned detection function.
First we will hide/embed a txt file inside another jpeg file using steghide: steghide embed -cf test2.jpg -ef 1.txt (important to note while embedding a file, that the cover-file (cf) needs to be larger in size than embedding-file (ef), or it won’t work. From my experience the file needs to be atleast 75% larger to work, could be less)
With steghide we can easily get info about embedded file if we have the passphrase:
However Stegdetect has it’s limitations and cannot detect non jpeg Steganography. However we gave it a shot with the GUI front end of stegdetect called xsteg to see what happens: