I recently stumbled upon this post about what you can all do with Python. It contained a couple of programs, with one of them hiding a zip file inside an image. Actually pretty basic, but it seemed interesting.
So I played around with it for a while. I didn't know this was, at all, possible. But it is. And it works well.
In computer science, hiding a file inside another file is called steganography. And that is exactly what we are going to do. So, let's see how we can create our steganographic file.
Creating the Image Containing a Zip File
To create the new image, which hides a zip file, we first need two files:
- an image file (image.jpg)
2. a zip file (archive.zip)
The file we are creating will contain the binaries of a jpeg and a zip file. For this to work as expected, the jpeg file should be first, followed by the zip file.
Stick to the order. First the image, then the zip file. You will see why later on. Just keep this in mind.
Now, let's go about creating it. There are two ways: using a) Python or b) the command line.
Creating the Steganographic Image via Python
In Python, the program is quite simple. It opens both files, jpeg and zip file, reads from them, and copies the content, one after the other, into a new image file. This is the code:
#!/usr/bin/python3 # Source: https://www.devdungeon.com/content/working-binary-data-python import argparse parser = argparse.ArgumentParser(description='Create a new image containing the image and the zip file.') parser.add_argument('zipfile', help='The zip file to hide.') parser.add_argument('jpgfile', help='The jpeg file to use.') args = parser.parse_args() jpg_file = open(args.jpgfile, 'rb') jpg_data = jpg_file.read() jpg_file.close() zip_file = open(args.zipfile, 'rb') zip_data = zip_file.read() zip_file.close() new_file = open('new-image.jpg', 'wb') new_file.write(jpg_data) new_file.write(zip_data) new_file.close()
new-image.jpg file will then contain the merged contents of the image and the zip file, as seen in the image above.
Creating the Steganographic Image via the Command Line
On the command line, it's even easier:
cat image.jpg > new-image.jpg # create the new-image.jpg file with the contents of image.jpg cat new.zip >> new-image.jpg # append new.zip to new-image.jpg
And that's it. You now have a new file that contain an image as well as a zip file.
The Properties of the New File
Let's examine what's makes up the unique properties of the new file. There are multiple things to examine, but let's first look at the
file program detects file types based on the files given. So let's run it on our new file.
$ file new-image.jpg new-image.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1143x748, frames 3
The program recognizes it as a jpeg file, which is exactly what we want.
In order to guarantee that it not only works with
file, I tried out opening the
new-image.jpg in Photoshop and Preview. Both programs open the file as a normal image without displaying any error. You can even edit and save it anew, though, the new file will not contain the hidden part (just the image).
But it also works as a zip.
unzip shows it's a zip file containing one document.
$ unzip -v new-image.jpg Archive: new-image.jpg warning [new-image.jpg]: 140213 extra bytes at beginning or within zipfile (attempting to process anyway) Length Method Size Cmpr Date Time CRC-32 Name -------- ------ ------- ---- ---------- ----- -------- ---- 29 Defl:N 27 7% 02-21-2019 23:43 10ecfe14 pass.txt -------- ------- --- ------- 29 27 7% 1 file
To verify that you can correctly extract the file contents, simply unpack it.
$ unzip new-image.jpg Archive: new-image.jpg inflating: pass.txt
It, too, works. Thus, the file works as both a normal image as well as a zip file.
Is it possible to pick up that the file contains hidden information?
Yes, absolutely. It's as easy as scanning the binary for other file signatures.
This link also contains a Python program that detects jpeg files by reading the first four bytes of the binary. Modify it to read the whole file, instead of only the first four bytes, and you could easily detect this sort of behavior.
To ensure a better degree of security, you could encrypt the zip file with a password. But be aware that the encryption mechanism of zip files is judged, by cryptographic standards, to not be secure.