Recently we have been posting lot of new tools related to ‘steganography‘, a tool which is used to hide images or text in images.
Matroschka, a steganography tool written in pure Python. You can use this tool to hide and encrypt images or text in the least significant bits of pixels in an image.
HMAC-SHA256 encryption is used to authenticate the hidden data. MAC password is hashed with SHA-256 digest to generate the HMAC-SHA256 key. The message data and MAC is further encrypted using XTEA algorithm in CFB mode running 32 iterations, before being embedded in the image data. The SHA-256 hash for the XTEA key is created using the 128 high-order bits of the given password. A random 8 byte seed is used in the CFB 64 bit block cipher .
The random seed is added to the hidden secret and is used with the user given password to decrypt the hidden message using XTEA block cipher. The decrypted secret is authenticated by comparing the embeded HMAC hash with the HMAC-SHA256 of the extracted hidden message and the user given mac password.
To install Matroschka in your Linux system type the following command.
pip install Pillow git clone [email protected]:fgrimme/Matroschka.git cd Matroschka
Recommended image formats are PNG or BMP images to hide your secret data. Hidden data must be either a text file (.txt) or image (.png) format.
python matroschka.py -hide -m <mac-password> -k <password> <secret> <image>
python matroschka.py -open -m <mac-password> -k <password> <image>
matroschka_medium.png gets hidden and encrypted inmatroschka_big.png
python matroschka.py -hide -m foo -k bar resources/matroschka_medium.png resources/matroschka_big.png
Decrypting the image will save the extracted image in resources/secret-image.png
python matroschka.py -open -m foo -k bar resources/matroschka_big
Latest posts by TWR (see all)
- Connecting to Airport WiFi is Safe, Right?…..Wrong - December 5, 2017
- Your HP Wireless mouse can be Spoofed; Be careful - May 18, 2017
- E.U. Fines Facebook $122 Million for misleading information about WhatsApp acquisition - May 18, 2017