zerotoroot - My Journey to Becoming a Hacker

zerotoroot - My Journey to Becoming a Hacker


Follow the path to becoming a hacker!

Julius
Author

Share


Tags


How to Hide a Zip File in an Image

I recently stumbled upon this post about what you can all do with Python. It contained a couple of programs, with one of them hiding a zip file inside an image.…

JuliusJulius

I recently stumbled upon this post about what you can all do with Python. It contained a couple of programs, with one of them hiding a zip file inside an image. Actually pretty basic, but it seemed interesting.

So I played around with it for a while. I didn't know this was, at all, possible. But it is. And it works well.

In computer science, hiding a file inside another file is called steganography. And that is exactly what we are going to do. So, let's see how we can create our steganographic file.

Creating the Image Containing a Zip File

To create the new image, which hides a zip file, we first need two files:

  1. an image file (image.jpg)

2. a zip file (archive.zip)

The file we are creating will contain the binaries of a jpeg and a zip file. For this to work as expected, the jpeg file should be first, followed by the zip file.

Stick to the order. First the image, then the zip file. You will see why later on. Just keep this in mind.

Now, let's go about creating it. There are two ways: using a) Python or b) the command line.

Creating the Steganographic Image via Python

In Python, the program is quite simple. It opens both files, jpeg and zip file, reads from them, and copies the content, one after the other, into a new image file. This is the code:

#!/usr/bin/python3

# Source: https://www.devdungeon.com/content/working-binary-data-python

import argparse

parser = argparse.ArgumentParser(description='Create a new image containing the image and the zip file.')
parser.add_argument('zipfile', help='The zip file to hide.')
parser.add_argument('jpgfile', help='The jpeg file to use.')
args = parser.parse_args()

jpg_file = open(args.jpgfile, 'rb')
jpg_data = jpg_file.read()
jpg_file.close()

zip_file = open(args.zipfile, 'rb')
zip_data = zip_file.read()
zip_file.close()

new_file = open('new-image.jpg', 'wb')
new_file.write(jpg_data)
new_file.write(zip_data)
new_file.close()

The new-image.jpg file will then contain the merged contents of the image and the zip file, as seen in the image above.

Creating the Steganographic Image via the Command Line

On the command line, it's even easier:

cat image.jpg > new-image.jpg # create the new-image.jpg file with the contents of image.jpg
cat new.zip >> new-image.jpg  # append new.zip to new-image.jpg

And that's it. You now have a new file that contain an image as well as a zip file.

The Properties of the New File

Let's examine what's makes up the unique properties of the new file. There are multiple things to examine, but let's first look at the file command.

The file program detects file types based on the files given. So let's run it on our new file.

$ file new-image.jpg
new-image.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1143x748, frames 3

The program recognizes it as a jpeg file, which is exactly what we want.

In order to guarantee that it not only works with file, I tried out opening the new-image.jpg in Photoshop and Preview. Both programs open the file as a normal image without displaying any error. You can even edit and save it anew, though, the new file will not contain the hidden part (just the image).  

But it also works as a zip.  unzip shows it's a zip file containing one document.

$ unzip -v new-image.jpg
Archive:  new-image.jpg
warning [new-image.jpg]:  140213 extra bytes at beginning or within zipfile
  (attempting to process anyway)
 Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
--------  ------  ------- ---- ---------- ----- --------  ----
      29  Defl:N       27   7% 02-21-2019 23:43 10ecfe14  pass.txt
--------          -------  ---                            -------
      29               27   7%                            1 file

To verify that you can correctly extract the file contents, simply unpack it.

$ unzip new-image.jpg
Archive:  new-image.jpg
  inflating: pass.txt

It, too, works. Thus, the file works as both a normal image as well as a zip file.

Is it possible to pick up that the file contains hidden information?

Yes, absolutely. It's as easy as scanning the binary for other file signatures.

This link also contains a Python program that detects jpeg files by reading the first four bytes of the binary. Modify it to read the whole file, instead of only the first four bytes, and you could easily detect this sort of behavior.

To ensure a better degree of security, you could encrypt the zip file with a password. But be aware that the encryption mechanism of zip files is judged, by cryptographic standards, to not be secure.

Resources

Julius
Author

Julius

View Comments