Matroschka – Another Steganography tool written in Python

Recently we have been posting lot of new tools related to ‘steganography‘, a tool which is used to hide images or text in images.

Matroschka, a steganography tool written in pure Python. You can use this tool to hide and encrypt images or text in the least significant bits of pixels in an image.

HMAC-SHA256 encryption is used to authenticate the hidden data. MAC password is hashed with SHA-256 digest to generate the HMAC-SHA256 key. The message data and MAC is further encrypted using XTEA algorithm in CFB mode running 32 iterations, before being embedded in the image data. The SHA-256 hash for the XTEA key is created using the 128 high-order bits of the given password. A random 8 byte seed is used in the CFB 64 bit block cipher .

The random seed is added to the hidden secret and is used with the user given password to decrypt the hidden message using XTEA block cipher. The decrypted secret is authenticated by comparing the embeded HMAC hash with the HMAC-SHA256 of the extracted hidden message and the user given mac password.

To install Matroschka in your Linux system type the following command.

pip install Pillow
git clone git@github.com:fgrimme/Matroschka.git
cd Matroschka

 

Recommended image formats are PNG or BMP images to hide your secret data. Hidden data must be either a text file (.txt) or image (.png) format.

 

Encrypt data:

python matroschka.py -hide -m <mac-password> -k <password> <secret> <image>

 

De-crypt data:

python matroschka.py -open -m <mac-password> -k <password> <image>

 

Example:

matroschka_medium.png gets hidden and encrypted inmatroschka_big.png

python matroschka.py -hide -m foo -k bar resources/matroschka_medium.png resources/matroschka_big.png

 

Decrypting the image will save the extracted image in resources/secret-image.png

python matroschka.py -open -m foo -k bar resources/matroschka_big

 

Download Now: Matroschka – Another Steganography tool written in Python

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience