Hide Information in JPEG Files

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] what is going on guys welcome back in today's video we're going to learn how to hide information inside of jpeg files and this goes beyond basic stuff like strings numbers or any other primitive data types we're going to be able to hide fully executable programs inside of jpeg files without changing the image without changing anything about the image functionality it's still a normal photo it's still a normal jpeg file but it has some information in it that we can then also extract again and in order to show you how you can do that we're going to use this image here so this is a basic jpeg file an image of a woman taking a picture with a camera and all that uh you can see the extension here is jpeg literally every jpeg file that is a normal jpeg file will work for this so you don't have to pick a special one um and we're going to look at the bytes of the jpeg file in order to see why we can do that and how we can do that now in order to look at the bytes we're not going to use python we're going to use a hex editor this is hxd this is the editor that i'm going to use you can use basically any hex editor in order to see that you actually don't even need to use a hex editor this is just for showing you how it works or why it works and with this hex editor we're now going to open the image the jpeg file and you know you're not going to see necessarily anything special here but one thing that you will notice if you pay attention and if you open up multiple jpeg files is that they all start with the sequence ffd8ff and they all end with the sequence ffd9 and this is the important part here because any program that processes jpeg files be it for editing be it for showing them be it for just displaying them whatever they do with it they stop processing once they reach ffd9 because this basically means the jpeg file is now coming to an end doesn't matter what comes after that here so when you reach that you know let's call it flag when you reach that we're done stop doing anything this is the end of the jpeg file so if you put it somewhere in here you will never find any ffd9 inside of the jpeg file here unless it's already been manipulated um so the only time you will find ffd9 is when the jpeg file is done when it's coming to an end and this is what we're going to use because whatever we put here at the end of the file will stay there will stay in the file but the file will continue to work exactly the same way as before and that's what we're going to use in order to inject some basic information first we're going to start with the basic hello world message or any other string then we're going to look at how we can put an image inside of an image so we're going to use for example png file we're going to put that png file into the jpeg file at the end and then we're going to do the same thing with the executable and we're going to see that i can inject an executable into a jpeg file then take it out of there run it and it's going to be the same as before this is what we're going to do today and we're going to start with the basic uh information first and for this we're not going to even need a library we're just going to need core python we're not going to even import a core python module we can just go ahead and say with open and what we want to do is we want to write some information into the jpeg file so we're going to open up the jpeg file it's a little bit laggy right now going to open up the jpeg file and the mode that we're going to use is going to be appending bytes because we're dealing with bytes here we're not writing strings and we're going to use bytes but we're going to append because we don't want to overwrite the file we just want to append at the end of the file so a b is the code that we want to use we're going to open that as f as file and then we're going to just say f dot write and whatever we want to append to that file now in this case i'm going to go with hello world but the important thing is that you need to add a b before you start the string because that is a byte stream this is not just a string that we write into the jpeg file we're writing the byte stream hello world so the difference uh is basically that it's converting it into actual bytes that we can write now once this is done we can run that this is a very simple thing this is actual actually the whole injection but now we're going to get that information out of the jpeg with python as well so now if i open this you can see here ffd9 is the end but here we also have now additional bytes and here you can see what they represent hello world this is the photo.jpg file right now and if i open it you can see the picture is the exact same picture you don't see any pixels changed i mean maybe you wouldn't even see them if pixels change but there's nothing changed about the photo itself but we have the information hello world inside of it and it doesn't matter how long the string or the byte stream that you inject is you can do that and it's not gonna affect the image at all it's just going to affect the size obviously so now let's go ahead and get this information out of the image again so how can i get this jpeg file and get the information from that image now what we need to do here is we need to open the image again so with open and then photo.jpg but this time we're not going to open it in append bytes we're going to open it in read bytes sf and we're going to comment that out because we don't want to constantly append hello world every time we start the script um and what we're going to do now is we're first of all going to look for the end tag so what we're going to do is we're going to say the content of the jpeg file is f.read those are the bytes of the jpeg file now what we're going to do is we're going to look for the position where ffd9 occurs and we're going to calculate the offset based on that so i'm going to say offset equals content dot index and we're looking the index for the index where the sequence ffd9 appears but ffd9 is hex so we need to convert that and we're going to say bytes dot from hex and then the string ffd9 this is going to give me the offset and now we can go ahead and put the reader the file to that position so to offset plus two y plus two because the index of that is the starting position of that thing and ff and d9 are two bytes so we go two bytes further and from then on we can start reading the message and this is going to be whatever is left after this ffd9 so we can go ahead and run this now and you can see that i got hello world as a result now i'm not sure if i can inject some information here manually do you want to proceed yes so i can also do the same thing with the hex editor but it asks me with every press if i want to do that so let's just add a couple of letters here there you go now i can save this with a hex editor and now i can run the same thing in python and you're going to see that it's going to read the additional characters as well now let's go ahead and do the same thing with images so we're going to now take a png image this is going to be the heart.png it's a transparent background and basically just a red diamond heart we're going to take that image and put it inside of the jpeg image but not in a photoshop way so we're not going to have the image actually inside of the image we're going to have the image data inside of the image data of the jpeg file nothing is going to change about the pixels and then we're going to be able to get it out from there again and display it properly even though it was inside of the jpeg file and it wasn't displayed at all so we're going to do that and for this we're going to use a pillow so we're going to say import pill dot image and we're going to say uh import io so if you don't have pillow you need to go to the terminal and say pip install pillow that's it now actually you could also just go ahead open the bytes of the png file and write them into the bytes of the jpeg file this would work but i want to show you the pillow and io way because sometimes maybe you want to inject a file that is created in python not just loaded and then written maybe you want to take a pillow image and you want to put it into a jpeg file so we're going to do it like that as well and for this we're going to say image equals pill dot image dot open we're going to open the heart dot png file and we're going to say the byte array of that image is i o bytes i o which is empty at the moment and then we're going to say image dot save and we're going to save to that byte array with the format png there you go so now we have this byte array with all the data and all we need to do now is we need to say with open photo dot jpg in appending bytes mode now of course what we need to do before we do anything else is we need to get rid of all the data that is already there because then it will not work if it's not there if it is there so we're going to say that s f and then f dot write bytearray.getvalue like that so we can do that and when we run this let's go ahead you're going to see nothing changes when we open up the image it's the exact same image now if i open it open it up in the hex editor x hxd we can open the image up again where is it there you go and we can look for we can look for ffd9 not ffd bracket but f59 come on can't find f59 okay i think i need to look for hex values uh there you go f59 hex values you can see that here is the first ffd9 and after that you can already see png and some data off an image file so it's quite a lot of data it's actually more data than in the original jpeg file and we can now go ahead and extract that image again from that jpeg file so we're going to delete heart.png we don't have it any longer i'm going to delete it and then we're going to load it from the jpeg file as a new image so we're going to delete all this here and we're going to say with open test.jpg reading bytes sf we're going to say again content equals f dot read and then offset equals content index bytes dot from hex ffd9 there you go f seek to that position plus two bytes and then the new image is pill image open [Music] and we're going to use i o bytes i o f dot read like that and then we're going to just say new image dot safe new image dot png like that so we basically navigate again to the position where the new content starts the additional content starts and then we take from that byte stream uh the image and save it into a new image file let's go ahead and do that file not found test.jpg oh it's not called test.jpg sorry photo.jpg there you go and here we have a new image.png when i double click it you can see it's the exact image and you can see that the jpeg file is still the same so nothing has changed and we have the full image from the jpeg file all right so last but not least let's go ahead and do the same thing with an executable program let's take a simple exit file put it inside of the jpeg file display the jpeg file to see that nothing has changed then take the executable out of the jpeg file again run it and see that it runs in the exact same way as the original and for this i'm going to use the process explorer because that's a standalone executable file of course this does not work if the file depends on additional files this is one extra file without any other files surrounding it so this works and if i open the process explorer you're going to see that it's a basic tool like an advanced task manager basically and we're going to close that now we're going to take that and drag and drop it into the same directory as the script and then we're going to write that executable file into the photo.jpg file now first of all of course don't forget to always clean up so we need to go to the top click here search for the first ffd9 occurrence then we're going to mark all the other files so basically like that delete them there you go so now we have the fresh jpeg file again save it we can open it up to make sure it worked there you go still functioning and now we're going to take the executable file inject it into the jpeg file and then try to extract it from there again so going to say with open photo.jpg in appending bytes mode sf and then open the pros x 64.x as reading bytes as e for executable for example then we're going to say f dot write e dot read that's basically it nothing too fancy this is how we do that so if i now run this we're going to have this done we have the whole executable file at the end of the jpeg file as you can see and now all we need to do in order to get that executable back we're going to delete it here so we don't have it any longer we're going to delete all the code and we're now going to say again with open photo.jpg reading bytes s f and then content equals f dot read then content or actually offset equals content index bytes from hex ffd9 f dot seek offset plus two and then basically just with open new file dot exa write bytes s e e dot write f dot read there you go so we can now run this and you can see we have a new exa file here let's open up let's open it up in the explorer to see how it looks and you can see it has the logo of the process explorer it also has the description and if i open it you can see that the process explorer will appear any second there you go it's the same executable file and it's part of the jpeg file which means that if i send this jpeg file to someone and they extract this from the jpeg file i have transported an executable program inside of a jpeg file and of course i can open this and you can see that it's still just a normal jpeg file there you go so that's it for today's video if you learned something if so let me know by hitting a like button leaving a comment in the comment section down below and of course don't forget to subscribe to this channel and hit the notification bell to not miss a single future video for free other than that thank you much for watching see you next video and bye [Music] you
Info
Channel: NeuralNine
Views: 98,308
Rating: 4.9330096 out of 5
Keywords: steganography, hide files in jpeg, hide information in jpeg, jpg, jpeg, python, hex editor, python jpeg hide files, hide messages in jpeg, hide files in jpg, jpg file hide, tutorial
Id: r-7d3w5xerY
Channel Id: undefined
Length: 16min 19sec (979 seconds)
Published: Mon Sep 13 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.