Introduction


Due to the way different file types are read it is possible to have a single file that acts differently depending on how it is read. For example images are read from the header down whereas ZIP files are read from the footer up.

All image files should work, but some are more unpredictable that others. GIFs seem to be the most reliable so this tutorial will be using them in the examples (plus who doesn’t love looping GIFs of The Simpsons).

How to create one


Firstly get hold of an image you want to hide the data in (example image.gif), then gather all your files you want to hide and put them in a ZIP (example secret.zip).

Our chosen image:

up_8ed8c952fb9661d67dee049771538f2b.jpg


Windows 7:
Shift+right click in the folder containing the files will open command prompt in that directory
Windows:
Open command prompt (start->run cmd), then use cd to get to the folder where the files are stored.
Linux:
You know what to do, open terminal and move to directory containing files.

We now need to merge these files together, but we want to use a binary merge to keep the two files intact. With Windows copy command this uses the /B switch.

Windows

Code:

Linux

Code:


You should now have gained a new file called newfile.gif. This should look identical to the image you started with when opened with an image viewer, but with a secret payload hidden within. Here is the example image containing a ZIP:

up_f718f0449e97fa67de97cf8bd1b833d4.jpg


The two simplest ways to get your data back out of these files is to either change the extension from .gif to .zip or to open your chosen ZIP program and open newfile.gif within that. You should now be presented with your original files.

This is clearly not a secure way to store your data but as a quick and dirt solution to hide files it works well enough. If you are storing text documents in the ZIP then the contents of them will still be visible in a HEX editor looking at newfile.gif. There are much better steganography tools that use encryption keys to securely store your data within other files.

Further reading


This same technique can be adapted to upload executable code inside images such as PHP images and Graphics Interchange Format Java Archives (G
IFAR).

What Do You Think on This ? Say Here