Matroschka – Another Steganography tool written in Python

Recently we have been posting lot of new tools related to ‘steganography‘, a tool which is used to hide images or text in images.

Matroschka, a steganography tool written in pure Python. You can use this tool to hide and encrypt images or text in the least significant bits of pixels in an image.

HMAC-SHA256 encryption is used to authenticate the hidden data. MAC password is hashed with SHA-256 digest to generate the HMAC-SHA256 key. The message data and MAC is further encrypted using XTEA algorithm in CFB mode running 32 iterations, before being embedded in the image data. The SHA-256 hash for the XTEA key is created using the 128 high-order bits of the given password. A random 8 byte seed is used in the CFB 64 bit block cipher .

The random seed is added to the hidden secret and is used with the user given password to decrypt the hidden message using XTEA block cipher. The decrypted secret is authenticated by comparing the embeded HMAC hash with the HMAC-SHA256 of the extracted hidden message and the user given mac password.

To install Matroschka in your Linux system type the following command.

pip install Pillow
git clone
cd Matroschka


Recommended image formats are PNG or BMP images to hide your secret data. Hidden data must be either a text file (.txt) or image (.png) format.


Encrypt data:

python -hide -m <mac-password> -k <password> <secret> <image>


De-crypt data:

python -open -m <mac-password> -k <password> <image>



matroschka_medium.png gets hidden and encrypted inmatroschka_big.png

python -hide -m foo -k bar resources/matroschka_medium.png resources/matroschka_big.png


Decrypting the image will save the extracted image in resources/secret-image.png

python -open -m foo -k bar resources/matroschka_big


Download Now: Matroschka – Another Steganography tool written in Python

Related posts

Frontend as a Service (FaaS): Revolutionizing Web Development for Speed and Simplicity

Why is cyber security important for your company?

Ease of Use and Security: Two key aspects of API Design