In the ancient days, they shaved heads to tattoo messages. Steganography can be implemented in a lot of physical ways. For more obscurity, the nth character for the message in each word can be dynamic and still follow a pattern to be uncovered by the message receiver. The first and second examples have the messages hidden in their 1st characters, but the third case has the messages in the penultimate characters i.e n-2th character. In real life occurrences, these messages will be more obscure, as they wouldn’t be written in large conspicuous red fonts. An example is this:ĭerived messages from the example null ciphers are GUN, DATA, gonzalez. An nth character of each word in a sentence can be used to derive a message. Null ciphers are intended to confuse cryptanalysts, as they involve scrambling data by playing with words. GIF:Similar to bitmaps, end values for gif images vary, but they usually begin with 0x47494638Īll this information we have helps us to some extent, as some ACTIVE steganography tools will leave trails by adding extra hex values after the regular endings for the mimetype. PNG:This shows that PNG images should begin with hex value 0x89504E47 and end with 0xAE426082īMP:Bitmap images have an inconsistency in their end values from my study, but their beginning hex values are 0x424D36 JPG:Both images above show that a regular JPG begins with 0xFFD8 and ends with 0xFFD9 Now we’ll study the hexadecimal values of this various image mimetypes to help us observe possible hexadecimal changes after data has been embedded in them. If you do, you can try the exiftool with it and you will get a lot more information like the camera type, date picture was taken, and more. Now I can read each of the text files with vim. In my case, I have about 6 images to run that command on, so I will run the tool recursively to output all the results for image files in a folder into. The exiftool can be used to read metadata from files like so: After this vague meta data, I went ahead to use the exiftool to grab more data from the images. If we’ll be covering our data with some of these images, we need to have an idea of what information the image already has. I tried the same on other image file types and the output was: This shows that the JPEG images are stored in JFIF format.
![outguess sentence outguess sentence](https://cdn.discordapp.com/attachments/333722435750854656/333724990967119894/phase2.png)
I’m making use of the “file” command in my Linux shell to gather information on some images here: Just like reconnaissance has to be done for everything we do as security professionals, we also need to gather information on files we will make use of. I will advise you read this previously written article before proceeding. Fill out the form below to get the downloadable tool accompanying this article.
![outguess sentence outguess sentence](https://i.pinimg.com/736x/7d/6b/f2/7d6bf2b42d7f41b275bca0828b08f842--sentences-scrabble.jpg)
That gives us hidden writing for steganography and secret writing for cryptography.