Dig up some data!

Scan for various forms of steganography

Deep Scan:

Select an image to analyze

Scan an image with StegDetect @ varying sensitivity levels
Check for Outguess, PixelKnot and known steganography strings & artifacts

StegDetect:

Select an image to scan with StegDetect

StegDetect can check for JSteg, Outguess, JPHide, Invisible Secrets, F5 Stego, and Appended data
Adjust the Sensitivity Level for better results.
Baseline: 1, Outguess: 4.3, JPHide: 6.2

Sensitivity Level (0.1 - 10):

OutGuess:

Select an image to check

Version: Outguess-0.13 and Outguess-0.2

Image to scan:

Unlock Key:

Stegano:

Select an image to check for embedded data

LSB Steganography on RGB PNG/Bitmap images

JSteg:

Select an image to check

LSB Steganography in JPEG images with non-progressive decoding


Burry some Stegosaurus Secrets!

Steganographically embed data into an image

Stegano:

hide some dino data!

Select an image and enter some data to hide inside

Message To Hide:

JSteg:

Bury some brontosaurus bones!

Select a cover image

Cover Image:

File To Hide:

OutGuess:

Tuck-away some T-Rex Text!

Select a cover image

Cover Image:

File To Hide:

Unlock Key:

About

Steg0saurus Chex

I created Steg0saurus Chex after doing some ARG Puzzle Solving. Things like the Cicada 3301 puzzles and others lead me down the path of steganography and the tools associated. To make it easier for others to try their hand at these things (and possibly stumble onto some sort of covert communication taking place over public social media sites), I created a simple interface that allows anyone from anywhere in the world to access a variety of Linux command line tools that I (and others) use to perform steganographic functions. This enables people with little to no "tech knowledge" to check images for potential messages or embed messages themselves. If you're able to upload a profile picture to a social media site, you can use this tool!


What is STEGANOGRAPHY?

No, it's not a dinosaur type..

Steganography is an ancient word that translate to something along the lines of "hidden writing". It is simply the act of hiding something in plain sight. The technique is as old as time and the processes are numerous. In the digital age, steganography is generally referred to in regards to image or audio steganography--the act of embedding or hiding a secret message inside the data of an image or soundfile. In the grand scheme of things, data is just data--whether that data represents a song or a picture, it's still (at its absolute core) a bunch of 1s and 0s.


How Is Steganography Detected?

There are new methods of steganography being developed and theorized all the time, so detecting it is quite literally like looking for a needle in a haystack. And worst of all, even if you find a needle... there's no guarantee it's THE ONLY needle in there!
Many different methods and programs exist to try and suss out whether an image is steg'ed or not, but here's a couple links to research papers on the reliability of certain tools:

  • https://www.garykessler.net/library/fsc_stego.html
    Steganography For The Computer Forensics Examiner
    A good primer on steganography in relation to 'the real world'
  • https://researchportal.port.ac.uk/portal/files/187568/Microsoft_Word_-_Stegdetect_article_-_Final.pdf
    Analysis of False-Positives w/ StegDetect
    StegDetect is a well known tool for detecting a variety of steganographic algorithms. Nothing is perfect, and this is some research that was done on the reliability of StegDetect.
    One great thing about StegDetect is that it supports the ability to train the program on new, unknown algorithms as long as you have a clean set of images and a steg'ed set of images to 'train it' on. For a savvy user, this sort of feature can help reduce the rate of False-Positives by improving the detection ability.
  • https://peerj.com/preprints/27339.pdf
    Analysis of False-Negatives w/ StegDetect
    This was a VERY interesting study to me. It seems to show (compared to the study on False Positives) that a False-Negative is more likely than a False-Positive.
    This was also an interesting and informative read because it helped me determine better sensitivity settings for various stego algorithms to minimize False-Positives while at the same time reducing False-Negatives.

Examples

Here are some embedded files to check out

Recently, I found this awesome little gem: https://data.csafe.iastate.edu/StegoDatabase
This is a database of clean & steg'ed images for use in testing and training.

Copyright © Steg0saurusChex 2019