Thursday, 6 February 2014

Stegdetect automated tool for detecting steganographic content in images

Stegdetect is an automated tool for detecting steganographic content in images. It can be obtained from the Arch Linux AUR (Arch User Repository) and required GTK. The tool :
  • Analyses image files for steganographic content
  • Runs statistical tests to determine if steganographic content is present
  • Attempts to find the system that has been used to embed the hidden information
An example would be using it with the famous 3301 image :

$ stegdetect 3301.jpg
3301.jpg : appended(61)<[nonrandom][ASCII text][TIBERIVS CLAVDIV]>

This shows 61 appended bytes of ASCII text and the letters. A tail of the file shows :

$ tail --bytes=61 3301.jpg
TIBERIVS CLAVDIVS CAESAR says "lxxt>33m2mqkyv2gsq3q=w]O2ntk"

Note : the '-c' option of tail  could have been used in place of '--bytes=61"

This is a shift or ceasar cipher with ”lxxt>33″ being “http://&#8221;. This then allows the substitution of 4 characters to be deduced leading to