- Introduction to Steganography -
Scenario
- There is a spy in your midst! You have discovered that one of your colleagues is a spy but you do not know who it is... All you know is that they communicate with their handle through pictures that have a hidden message. In order to conceal their secret communication they have hidden a message in a picture. However, they are smart and cunning spies, thus they have multiple pictures that look the same, but only one picture has the message.
Mission
- Your mission is to scan all the files and find the picture that the handler is sending to the spy that is in our midst!
- Begin by extracting the files from the provided archive which can also be found here.
- You can use the following linux commands
strings <filename>
, where you can substitute one of the picture file names that were in the archive.
- Read the man page to figure out what the strings command does.
- You are looking for a string that is unusually long.
- Once you find that string you are done with the first hint of your forensics analysis.
- The found string is a hash string.
- What is a hash? A hash is an irreversible mathematical function that is commonly
used to "scramble", i.e., encrypt, passwords and store them securely. It is also
used to check the integrity of data. If a file has been tampered, its hash string will
be different than the original.
- What is a hash string? A hash string is a result of a hash, it is really a set of
characters that correspond to the specific file or password and only that file or
password, none else!
- You can generate hash strings using the linux command:
sha1sum <filename>
,
where you can substitute one of the picture file names that were in the archive.
- Every file has a different hash string because it has been tampered with, even
though all files look that the same picture!
- Only one hash corresponds to the file that has the secret that we are looking for.
- Download the picture in your desktop and open it with your favorite image processing tool
- The secret message is hidden somewhere in the picture
- Only the very observative people with strong eyes can find it