Detecting steganography in images

  • I recently came across an odd JPEG file: Resolution 400x600 and a filesize of 2.9 MB. I got suspicious and suspected that there is some additional information hidden. I tried some straight forward things: open the file with some archive tools; tried to read its content with an editor, but I couldn't locate anything interresting.

    Now my questions: What else can I do? Are there any tools available that analyze images for hidden data? Perhaps a tool that scans for known file headers?

    I agree that is strange, but keep in mind it might have been encoded with very lax JPEG settings.

    Not an answer to the asked question, but to the actual situation you had: It might not be hidden data, but hidden binary code, e.g. GIFAR. See also http://security.stackexchange.com/q/600/33.

    @Konrad, I doubt it. Even at three bits per pixel (24-bit color), a basic bitmap would be only approx 720,000 bytes. (400*600*3). I'd bet a trip to the Chinese buffet that there's something there not related to the obvious image. @Chris: Please post your findings, or even the file if you'll part with it.

  • To detect Steganography it really comes down to statistical analysis (not a subject I know very well).
    But here are a few pages that may help you out.

    A small matter of semantics, here: Steganography on its own isn't encryption, it's obfuscation. While the hidden data may in fact be encrypted, it is not a necessary part of steganography for it to be so.

    You are right Iszi I'll correct that.

    Another vote for Stegdetect here. It works really well.

    Does Stegdetect still work or is it broken? i'm getting lots of compilation errors on ubuntu 14.04

    Stegdetect isn't continued any longer and the homepage is down.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM

Tags used