Hide Text in Text Files Using stegsnow

đź“… December 14, 2016
coverSteganography is the practice (or art) of hiding secret messages in plain view.

Take an image file of a flower, for example. Opening the file shows a flower. Whoopie. However, there might be a hidden message encoded inside the bits and bytes of the image data that is not visible unless certain software is used to decode it.

The same can apply to text files. You could write an innocent readme.txt file that looks like any other text file of instructions when opened normally. With steganography, you could encode a secret message within readme.txt that includes game cheat codes, secret contact information, a cookie recipe, ASCII art, or whatever else you wish to convey to your accomplice who receives the file.

stegsnow is a fun command line program that encodes secret messages in ASCII text files. Use stegsnow to encode a text file with a hidden message, and then use stegsnow again to extract the message from the file. The file’s text contents are not altered, so the file reads the same as it did before encoding. Anyone unaware would open the text file and see the innocent text contents in a standard text editor, but “those who know” would run the file with stegsnow to see a completely different message.

Installation

stegsnow is free and located in the Ubuntu repository. Install it using Synaptic or sudo apt-get install stegsnow.

There are a number of options to customize stegsnow, so definitely have a look at its manpage (man stegsnow) for details. This article shows a few simple ideas in order to demonstrate the program.

Simple Text Concealment

First, create a text file. Lorem Ipsum is a good way to generate filler text for practice. You can name the file anything you like, but for this example, let’s use the filename source.txt.

a

A text file filled with Lorem Ipsum text in xed. We will hide a message in this.

Open a terminal where source.txt is located and enter the following at the command prompt:

stegsnow -C -m 'We attack at dawn with Legos!' source.txt readme.txt

-C is the compression option that will compress or decompress the hidden message during encoding or decoding. The file’s size will increase a little depending upon the length of the hidden message, so compression helps shave off a few bytes.

The quoted text following the -m option is the message to hide in the text file.

This command encodes the message We attack at dawn with Legos! inside source.txt and saves the resulting file that contains the message in readme.txt. stegsnow should show something like this if successful:

a

Output after a successful encoding.

Now, anyone who opens readme.txt will see normal text.

a

Looks like a normal text file to me…

However, if we run stegsnow again, we will see a completely different result:

stegsnow -C readme.txt
a

The hidden message “We attack at dawn with Legos!” appears in the terminal.

Presto! ASCII text steganography!

a

Note that stegsnow is “compression-sensitive.” If you use the -C option to encode, then you must also use -C when decoding or else you will see output like this.

The file sizes between source.txt and readme.txt will be different. For this example, source.txt is 3.5 KB, and readme.txt is 3.8 KB.

The images above were edited for clarity. In actual usage, they will appear cramped because no newlines were included in the hidden message.

Hiding Another Text File

We can hide other text files within a text file. Here is a text file named hidden_message.txt.

a

hidden_message.txt is 386 bytes in size. Let’s hide it!

stegsnow -C -f hidden_message.txt source.txt readme.txt

The -f option specifies another text file to encode.

a

stegsnow encoding statistics. This can be disabled using the -Q option.

Now, let’s decode the message.

stegsnow -C readme.txt
a

It works! Our hidden message is shown in the terminal complete with proper formatting of the ASCII are. Remember to use -C when decoding since we specified compression during encoding.

Downsides

One downside to steganography is that the source text file must be large enough to accommodate the hidden message. stegsnow works by hiding text within whitespace at the end of lines. The original message is not altered. If there are not enough lines of text, then stegsnow will add extra tabs and newlines that will appear as extra lines in a text editor. This might make readers suspicious.

a

source.txt did not have enough lines of text (whitespace) to hide the hidden message, so extra whitespace was appended to the end of the text file. These extra lines could make readers suspicious that something is not quite right with this text file. Worse yet, some users might delete the extra lines and make the hidden message unreadable or only partially readable.

a

Oops! Somebody deleted the extra lines in an attempt to clean up the text file, so the hidden message is only partially recovered.

This is why stegsnow statistics mention something like “An extra 83 lines were added.” More lines were needed in order to encode the complete hidden message, so stegsnow appended them to the end of the file. To prevent this, use a text file containing more lines of text.

A second downside is that the resulting file size will be larger than the source, but unless somebody has both files for comparison, how will he know?

Password Protection

Is hiding text not good enough? Why not password protect the hidden message too?

stegsnow supports a password system that will only show the hidden message if the correct password text is entered when decoding. Use the -p option to enable passwords. Let’s encode the same ASCII art message again, but this time using the password hello12345 — nobody would ever guess that…

stegsnow -C -p "hello12345" -f hidden_message.txt source.txt readme.txt

To decode, use the password:

stegsnow -C -p 'hello12345' readme.txt
a

The password-protected message displays fine when using the password hello12345.

a

…but if we try to decode the message without using a password, then only nonsensical text appears.

stegsnow is a fun program to play with, so if you find this fascinating, be sure to give it a try!

For a tidbit of trivia about stegsnow’s chosen name, read its description in Synaptic.

 

 

Advertisements

, ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: