<p>steghide is a mature GPL-licensed CLI tool for hiding arbitrary data inside of of image files (and some archaic audio formats). Its official web presence is located at <ahref="https://steghide.sourceforge.net/">https://steghide.sourceforge.net/</a>, but it is ubiquitously mirrored in various repositories and package managers (<ahref="https://github.com/StegHigh/steghide"></a>. If you use APT, simply install it with</p>
<!-- <p>steghide conceals data inside a larger coverfile in a way that is indistinguishable to first-order statistical analysis. This means that without comparing to exact copy of your original coverfile, there are no anomalies to it.</p> -->
<p>steghide uses subcommands, and the three most important ones are <code>info</code>, <code>embed</code> and <code>extract</code> which will be explained in sequence. For this tutorial, we are going to use the <ahref="https://apod.nasa.gov/apod/astropix.html">Astronomy Picture of the Day</a> of 2024-09-08, a beautiful image of the Andromeda galaxy:</p>
<imgsrc="apod20240924.jpg"style="width:250px">
<p>Our example file to hide is going to be <ahref="https://bitcoin.org/bitcoin.pdf">Bitcoin: A Peer-to-Peer Electronic Cash System</a>, the original paper by Satoshi Nakamoto.</p>
<p>As mentioned above, the cover image must be larger than the file you wish to embed, <b>as a rule of thumb your coverfile should be 20 times larger</b>. We can check how many bytes steghide can embed by using <code>steghide info <i>file</i></code>. In our case, it tells us that it can embed 232 KB and asks whether an attempt should be made at reading embed data without extracting. As there is nothing embedded yet, we decline with <kbd>n</kbd>.</p>
<p>The PDF is only 180 KB, so it fits. Next, we use <code>steghide embed -cf <i>coverfile</i> -ef <i>embedfile</i> -sf <i>destination</i></code> and get asked for a passphrase (make sure to remember it or safe it in a password manager). After re-entering the passphrase (you can set it beforehand with the <code>-p</code> option) it will write the processed file to the specified destination. You can also leave out the <code>-sf</code> option, in which case it defaults to overwriting the coverfile. Look at it and try to find a visual difference to the original:</p>
<imgsrc="output1.jpg"style="width:250px">
<p>It's completely lost in the visual noise. As an experiment, let's try taking the difference of both images with a program like GIMP. This is what it looks like:</p>
<p>A difference of zero means a fully black pixel. Try zooming in and you'll see that only a few pixels are slightly lighter than black. These are the pixels that contain parts of your embedded file.</p>
<div><b>WARNING: changing the output file in anyway will make the embedded file irretrievable. This is especially important for every form of lossy compression!</b></div>
<p>Now let's try to extract the file we've just hid. For this, use <code>steghide embed -sf <i>input</i></code></p>. This will prompt you for the passphrase. Enter it, and the contents will be extracted into the working directory. In our case we will be asked whether we want to overwrite the file with the same name that already exists. (You can suppress this warning with <code>-f</code> or by specifying an alternative output destination with <code>-xf</code>. Here, I used the later so we can confirm the files to be identical with md5sum:
<p>And they are! This concludes the basic introduction to steghide. Some advanced details follow below, but in most cases, reading the well-written man page suffices.</p>
