Steganography in PHP (!)

What? Am I insane? Officially, yes, but that’s not important. This is a PHP script that can hide files in images. It takes a JPG and converts to PNG. It requires GDlib and is almost totally pointless.

demoDownload PHP Source

This script has almost no purpose; it is insecure in a number of ways (explained below), it is slow, and there are much better programs available. Lastly, I can see no reason that anyone would ever actually *need* PHP to perform steganography. But it was great fun to write, and perhaps you’ll enjoy playing with the source code!

insecurity explained
Firstly, the script requires that you upload your secret file to my webserver, not only do you have no reason to trust me, but the file transfer could be sniffed, thus rendering the steganography pointless.
Assuming you could get around this (eg by using SSL on a trusted server, or running the script locally), the actual implementation of steganography itself is actually very weak; notice that there’s no built in encryption – anyone with access to your encoded image can simply pass it through the decode script and reveal the file. Additionally, the bitstream is encoded in a very boring ‘left-right-top-bottom’ way, so even if the attacker didn’t know the details of the decoding, I suspect it would be fairly trivial to guess.

Anyway, like most of the code here, this is a ‘concept’ piece and not actually designed for a specific use. I wondered if it could be done, noticed that no-one else had done it, and decided to give it a shot.

Incidentally, if any steganography experts are reading this, some tips on steganographising jpegs would be appreciated :-)

If you’re interested in ‘real’ (read: useful) steganography, the following resources offer a wealth of information.
an authoritative resource providing detailed stego theory as well as downloads.
what can only be termed a steganography portal
the leading commercial steganography company
links to some of the many, many tools out there.

widely acclaimed windows steganography software suite. (free)

Related Posts:

, , , , ,

  1. #1 by pacorro on September 4, 2009 - 12:45 am

    is this possible with jpg output file too?

    • #2 by user24 on September 6, 2009 - 8:16 am

      Steganography is possible with JPG, but this script won’t do it, sorry.

  2. #3 by user newbie on February 9, 2011 - 6:23 pm

    how to decode, .png files for break it???

    • #4 by Mikael on April 18, 2011 - 1:32 pm

      I was actually wondering the same things as “user newbie”. Is it possible?


  3. #5 by Poul on September 13, 2011 - 12:55 am

    Any news on this one? Is it possible with jpg as well?

Comments are closed.