Open in app

Sign in

Write

Sign in

Black Hat Python — Hiding Data using Steganography

Ismail Akkila
2 min readJan 4, 2018

Would it not be awesome to be able to hide your private files within an image or audio file? I first saw this in one of my favourite TV shows: Mr Robot. The practice is called Steganography: The practice of hiding secret messages in otherwise non-secret mediums.

Imagine we generate a RSA private-public key pair:

>>> from Crypto.PublicKey import RSA
>>> rsa_key_pair = RSA.generate(4096, e=65537)
>>> private_key = rsa_key_pair.exportKey("PEM")
>>> public_key = rsa_key_pair.publickey().exportkey("PEM")

Public Key:

Private Key:

We can encrypt the private key using aes256:

$ openssl rsa -aes256 -in tmp_private_key.pem -out encrypted_tmp_private_key.pemwriting RSA key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

The resulting encrypted private key:

Let us hide this encrypted private key in this PNG image:

We will use the steganopy python library:

>>> import steganopy.api
>>> steganopy.api.create_stegano_image(original_image="toronto-skyline-winter.png", data_to_hide="encrypted_tmp_private_key.pem").save("stegano-toronto-skyline-winter.png")

This is the resulting PNG image:

It looks pretty much the same but it hides our encrypted private key using Steganography. Let’s verify it:

>>> import steganopy.api
>>> hidden_data = steganopy.api.extract_data_from_stegano_image(image="stegano-toronto-skyline-winter.png")
>>> print hidden_data-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,08E047C9B9E04C91954E07AC6CBEE53BeCqFNFhI+xZlj2R8GJUOOuCK/zPKa6+1+VZeGw6DghfSc1Obh5kdcRn9YqVsC2gk
fhyhpdvtqLq42LLlPIa+H1h3Vh9se0ASl+w1tstDq389u4BG2iR23NUwnNA6P1GS
XctsX/5KbaVrPoH4Dp5t0uSeKXRIEPDzK+LyYgluMSR0LeZ+mfHY536ywM0Yqcbw
gOX+KTIR01qvPoNZdMFTMMzTK8iBOdO0p1DPxNcPHqQCo6dFyvNOOrDqutY/W+X8
jL8nQUGnO8B4L+ZDB7NSbcysF3dSo2hOfCaW6opz8f+eqWAAIeKRAPHplKVZIqpB--------------------------TRUNCATED-----------------------------yRKiMRsOSr9Wi8ReHfUuiBaJi7LN7kpfuc6ayvJ1XZGTgj6DFEIPFy2bh4Ck+YXu
ZE+ylipDqLRN9pMzm8cc4AAx+8IG0+U8Rg6yDTu1TP/7QRXiYukygmdN2X+3xjpg
tCpsyblFAHoeboEaaBJlDVxTSculBruw40Cu2Ywqr/jR0eoemRdD8pd6v0G1rbhd
-----END RSA PRIVATE KEY-----

The hidden data is revealed! We can decrypt this private key with openssl:

$ openssl rsa -in encrypted_tmp_private_key.pem -out private_key.pemEnter pass phrase for encrypted_tmp_private_key.pem:
writing RSA key$ cat private_key.pem-----BEGIN RSA PRIVATE KEY-----
MIIJKwIBAAKCAgEAzZWUXMhQXQ8TiS46mM+sBu0FoDYq//W1Z/CIGHcqsLfWr9UN
9ocPELfbk4Fe1JyBmNUltpI9OGl06pqBKQ9bPj+t9Kddy81k2r1IAK9kywm9IQrK
pXypmR7xW87PxrdhS1XxvL41JucLywPCx2YWm4BGop9mdN/dz5+nj19jLLT7ZBxU
ii7wwP24sigUcAdNKhjlzpXVRwtYYg3qxt/AmHc1gGMZWHJgqXpXlTbjewfkaAy7
CJr9jnMSyaAseMPmcPY0a8AHFzjUe0fs9fZ6H9DnSl4hQP/LkytDSo234CSje/Ag--------------------------TRUNCATED-----------------------------qc9yMUewCGxYWbRl0MDwk2PCP4qkpCUFZEshRely8+0iXvdoFXKFUi2wETPKCwJV
R7ADtu3jVyibk01FxDaFxwtN1VgjCl+9D7c7r+Kaf1f0W3rGMMO+WiqoMklscgpr
6r7zYSIqJTllyL3q9i4/s/ZtPowGgSk/ZEEXf6ot8l7YhRCNOFaR9DfCMVuXSgU=
-----END RSA PRIVATE KEY-----

Thanks for reading!

Security
Python
Steganography
Cybersecurity

--

--

Ismail Akkila

Written by Ismail Akkila

236 Followers

I live and breathe technology. Curious about programming, bitcoin and cybersecurity.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams