Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time



Platform independent Python tool to implement LSB image steganography and a basic detection technique. Features:

  • Encrypt data before insertion.
  • Embed within LSBs.
  • Extract hidden data.
  • Basic analysis of images to detect LSB steganography.

How to use:

$ python 
LSB steganogprahy. Hide files within least significant bits of images.

Usage: hide <img_file> <payload_file> <password> extract <stego_file> <out_file> <password> analyse <stego_file>


All data is encrypted before being embedded into a picture. Encryption is not optional. Two consequences of this are that:

  • The payload will be slightly larger.
  • The encrypted payload will have a high entropy and will be similar to random data. This is why the frequency of 0s and 1s in the LSB position should be the same – 0.5. In many cases, real images don’t have this propriety and we’ll be able to distinguish unaltered images from the ones with embedded data. More below.

Encrypt and hide an archive:

$ python hide samples/orig.jpg samples/ p@$5w0rD
[*] Input image size: 640x425 pixels.
[*] Usable payload size: 99.61 KB.
[+] Payload size: 74.636 KB 
[+] Encrypted payload size: 74.676 KB 
[+] samples/ embedded successfully!

Original image:

original image

Image with 75k archive embedded:

Embedded archive


$ python extract samples/orig.jpg-stego.png out p@$5w0rD 
[+] Image size: 640x425 pixels.
[+] Written extracted data to out.

$ file out 
out: Zip archive data, at least v1.0 to extract


A simple way to detect tampering with least significant bits of images is based on the observation above – regions within tampered images will have the average of LSBs around 0.5, because the LSBs contain encrypted data, which is similar in structure with random data. So in order to analyse an image, we split it into blocks, and for each block calculate the average of LSBs. To analyse a file, we use the following syntax:

$ python analyse <stego_file>



Now let’s analyse the original:

$ python analyse castle.jpg

Original iamge analysis

… and now the one containing our payload:

$ python analyse castle.jpg-stego.png

Stego image analysis


  • It is entirely possible to have images with the mean of LSBs already very close to 0.5. In this case, this method will produce false positives.
  • More elaborate theoretical methods also exist, mostly based on statistics. However, false positives and false negatives cannot be completely eliminated.


LSB steganography and detection



No releases published


You can’t perform that action at this time.