I was working through my most recent class, Application Security, and one of the exercises required us to find a secret message hidden in an image. Now, I know you can do this manually with hexdump -C. That output looks something like this:
This is fine unless your image is huge or your secret message has a bunch of garbage bytes mixed into it for extra secrets. So I was trying to look up a way to get it to just kick out the ASCII output on its own so I could use other tools like grep to search through it, when I stumbled over a reference to the strings command. What is the strings command?
strings - find the printable strings in a object, or other binary, file
Well, OK then! Granted, when you read through the man page for it, it proclaims itself as a very simple string-finding algorithm, but good as a first easy pass.
Instead of the above hexdump output, you get something like this:
B*M)M1,
a&%5
%PJ)
XJ)FO
KL\I!D
Y}RJ
Which is way more searchable, awkable, etc.!
Take this image here:
Cute puppy, right? Yes, but it is also a puppy full of secrets.
Give it a try. Download it and then run:
strings secret_puppy.png
Find anything fun?
This method won’t find every hidden string in every secret image or binary file, but it’s a quick, easy command and much more useful than hexdump for some things!
Top comments (3)
Huh, I've never seen text just appended to an image or binary to hide it.
They usually just modify the least significant bit of each color channel in each pixel and use those to construct a new binary, so 2 pixels per byte/character (r, g, b, a).
Yeah, I was looking for a quick and dirty way to do an example, but you're right. There are a lot more common and better ways to hide text in images. I knew they were out there, but I appreciate you explaining it here. Thanks!
Unfortunately for future readers, cloud foundry converted it to a jpeg and destroyed your message!
I was able to download it from the original link embedded in the cloud foundry link though. Thats the kind of hacker I am, reverse engineering CDN stego clobbering.