Hiding Things Out In The Open
Ruby Shell


The article on the technique can be found here.


Digital Steganography For Fun And Profit


Their are two generously commented files:

  • get-payload-from-web.sh - It gets the payloads from the web, starting from youtube and ending as a 3gp file
  • piggyunpack.rb - The code to separate the image from the audio


This is a very rough implementation of lsb image steganography. The ideal goal was outlined in this reddit post:

"A nominal, simple way to piggy back on image uploaders in order to post files of modest size ... I want to explore what that workflow and interfacing would feel like."

In the thread a number of other projects were highlighted that do similar things already:

  • FireSteg: "A steganography sidebar extension, letting you hide files inside images for covert sharing."

  • steghide: ... is a steganography program that is able to hide data in various kinds of image- and audio-files. The color- respectivly sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.

  • CameraShy: ... is the only steganographic tool that automatically scans for and delivers decrypted content straight from the Web

  • File-Encryptor. Here's the description, reddit thread and citation where I found out about it.

There's some academic work too:

Related Work

A number of people have contacted me and made projects inspired from this.

  • Austin Hamman's stegano.js is a javascript version for the browser; using base64 encoders, canvas, and a few other nice tricks. I've thought hard about the problem myself and have run into the same walls that he discloses; primarily that b64encoded data, embedded in an iframe say, "iframe src=data:..." can't do some file-name hinting, like "content-disposition: attachment; filename=" in HTTP.