Image Steganography
Image steganography hides information inside pictures by manipulating pixels, color channels, or metadata in ways not visible to the naked eye.
In CTF challenges, this often involves:
- Least Significant Bit (LSB) encoding in image data
- Hidden payloads or files appended after the image’s end marker
- Text or patterns revealed through bit-plane or color channel analysis
- Data disguised in metadata fields (EXIF comments, Creator fields, etc.)
The goal is to reveal these hidden messages or recover embedded files.
This page outlines the most common techniques and tools used to detect and extract data from traditional image formats (e.g. PNG, BMP, JPG).
- Reveal hidden LSB content or embedded files:
zsteg -a image.png - Extract data hidden with
steghide:steghide extract -sf image.jpg - Crack
steghidepassword:stegseek -sf image.jpg -wl rockyou.txt - Visualize bit planes manually:
java -jar Stegsolve.jar
| Tool | Purpose |
|---|---|
| Aperi’Solve | Online tool for image steganography |
| StegOnline | Online tool for image steganography |
| Steganographic Decoder | Online tool for image steganography |
| Steganography Online | Online tool for image steganography |
zsteg |
Detect hidden payloads in PNG/BMP |
steghide |
Detect hidden payloads in JPEG |
stegseek |
Steghide password cracker |
| Stegsolve | View and analyze image color planes |
| iSteg | LSB steganography tool |
zsteg detects and extracts LSB-encoded data in PNG or BMP images by testing various color-channel and bit combinations.
Installation:
gem install zsteg
Usage:
# Read common combinations
zteg image.png
# Read all combinations
zteg -a image.png
# Show a specific byte order and channel
zteg -E b8,rgb,lsb,xy image.png
steghide embeds or extracts data from JPEG and BMP images.
Extraction may require the correct password used during embedding.
Usage:
steghide extract -sf image.jpg
You’ll be prompted for a password, if none was used, just press Enter.
The extracted data (e.g. txt, zip, or binary file) will appear in the working directory.
stegseek is a modern cracking tool that can test millions of passwords per second against steghide-protected files.
Usage:
stegseek -sf image.jpg -wl rockyou.txt
iSteg is a image LSB steganography tool that exists in a CLI and a GUI version.
Stegsolve is a Java-based GUI viewer that lets you explore the bit planes, RGB channels, and XOR layers of an image.
It’s particularly effective at revealing patterns or text hidden subtly inside color data.
