Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.

SHIT - Stego Helper Identification Tool

As steganography challenges get more popular in CTFs, we have to find a way to deal with this shit. Introducing SHIT: It deals with this shit. It can either create, read or analyse steganographic images, depending on your mood.

Don't, I repeat, don't try to create challenges with this tool. I am dead serious.

Work in progress: Hopefully in an uncertain future it will analyse and solve stego challenges. Maybe.

Here is a small documentation of our features. Don't forget: --help will always give you a complete list of everything.

Steganography Features


One common way of hiding data in images is to store it in the bits of the color values. Especially overwriting the least significant bits of RGB values only slightly affects the quality of the image and is not visible to the eye. Our tool supports hiding and retrieving data with such techniques. You can choose to store your data in every bit of the color values ranging from LSB to MSB.


$ bit 7 input.png stego.png 'Stego freakin sucks'  # 7 is the LSB
$ bit 7 stego.png
Stego freakin sucks
$ bit 0 input.png stego.png 'Yep, it really does'  # 0 is the MSB
$ bit 0 stego.png
Yep, it really does


This method chooses random pixels and stores a message in pixel value differences.


$ patchwork input.png output.png 'Your totally awesome message'

Steganalysis Features


This unfinished feature is meant to help you decide which analysis method you should choose. Right now it only detects duplicate values in a color palette.


$ auto stego.png


Combining two images may yield interesting results. For example, combining a picture with steganographic messages inside with its original may uncover the hidden message. Combine lets you choose a Python expression to combine the two images (via numpy).


$ combine 'img1 - img2' 1.png 2.png out.png  # sub two images
$ combine 'img1 ^ img2' 1.png 2.png out.png  # xor two images


certainly find the hidden message. The diff method will compare two images pixel by pixel and output non-matching pixels with position and value. If the images do not have the same mode (RGB, RGBA, ...) the original will be converted to the mode of the steganographic image, although this may yield wrong results.


$ diff original.png stego.png
[INFO] Mismatched pixels at (5, 5): (0, 0, 0) vs (30, 30, 30)


Run a Xth bit steganographic analysis on the image and interpret the results as an image (if bit is 1, draw a white pixel, else draw a black one). You can specify a directory which will be filled with images of all planes and bands of the image. This especially helps in challenges which were designed to be solved with the StegSolve tool :-/


$ draw stego.png output_dir


Some pictures hide information in an intelligently chosen color palette or with extremely well chosen colors. An mask over every pixel value of the image will shuffle these colors and may unhide an hidden message. Eval allows you to execute an arbitrary python expression on each value of a pixel separately.


$ modify 'value^177' in.png out.png  # xor each value with 177
$ modify 'value-20' in.png out.png  # subtract 20 from each value


If a color palette was modified, duplicate colors can be used to hide information. In order to counter this technique, SHIT can rewrite the whole color palette to grayscale.


$ palette stego.png stego.png output.png


This analysis method relies on you to know what you want. It quickly checks all channels for LSB/MSB/xth bit stego and returns all strings containing 4 (configurable) or more printables it finds.


$ strings stego.png  # default threshold is 4
$ strings --threshold 8 stego.png  # strings >= len 8
$ strings stego.png | grep flag  # and win, hopefully


Stego Helper Identification Tool




No releases published


No packages published