Before I really started my InfoSec career, I always thought this sort of thing was super drawn out and complicated. Now that I have experience, it’s sort of eye opening to see how easily it can be done.
@@mehregankbi yeah this is why another way this is done is change some pixel values to store data as a sort of pattern, can't be normally seen by humans if the image is high res enough
Actually real steganography is done in another way, but similar results. Change the least significant bit (LSB) of rgb element in each pixel so that its odd or even. The pattern of odds and even ( 0 and 1 ) will give you a hidden message when you extract. This way you’re basically altering the real image im a way its not distorted instead of adding to the image.
hmmm interesting thought otd. Given recent advances in ai code suggestions, it makes me wonder if gpt3 could be trained to decompile object code to some reasonable facsimile of the original code. The art of code decompiling is even more mysterious than coding since you have to devine meanings of the symbol table just through sometimes very obscure usage. This might be one more opportunity for ai to really shine. Awesome as always. The most interesting materials are never found on the most beaten path. The best stuff is found in the unknown.
This is great! This was my first time trying steganography and using python and this was super interesting! You did a great job of walking through which each step's purpose was!
This is cool because it means we can have a way to hide data on open networks, and when sending things to people, or just simply to hide things on your own device, like your you know what photos
@@ApiolJoe not necessarily when people who know what they’re doing involved, but when you have a network full of people who don’t know their way around a computer properly, this is great
@@ApiolJoe Security by obscurity is a legitimate thing. It's only insecure if someone is looking at what you're doing very closely, and looking _specifically_ for this technique -- in which case, you probably wouldn't get past them anyway.
you can hide zip archive in jpg images using the copy comand in cmd. opening it in 7zip will open the archive, but otherwise it will open as a normal image
Works because a ZIP archive has the metadata at the end (if you add more files to an archive, its metadata is going to grow, so if it's at the end you don't have to move as much data to make space). Learnt about that because back in the 90s, I had some installer that was a shell script with appended zip archive.
@@Ph34rNoB33r It's even simpler than that, it even works with e.g. RAR (which doesn't concentrate metadata on members at all, just adds a list of offsets at the end when you add a "quick open header" to RAR5 archives) or 7-Zip (which has the table of contents at the beginning). Archivers just scan the file until they find an archive file signature to support self-extracting archives, which are just an archive appended to an unpacker executable.
Thank you so much, I always wanted to know how it works, I know I say this every time you see my messages or comments, but you are the holy grail. You learned me so much thing since that last 2 years ! big love on you bro
I downloaded a random image off the internet so I could do this on. I couldn't figure out why I couldn't get it to read, I was able to write to the jpg. Turns out it already has another hidden message inside it that's more complicated to extract lol.
THANK YOU. I have been looking for this tutorial for ages. You can't imageine how much time I spent trying to find a way to do this, thank you so much. btw I'm downloading this video so I won't lose it again
I really appreciate these kind of videos. You explaining Stuff which I didnt know existed. Really Cool, now I'm never gonna click a jpeg lol.Hope you get a 100k in a couple of weeks.
A problem I found with the hello world part is the FF D9 is always at the end of jpg file, BUT it does not mean FF D9 cannot appear elsewhere in the file. In my case, I found a jpg file that had FF D9 in 2 other separate spots than at the end.
I bought a reference 5700 (non-xt) when they were being discontinued for $270. I spent another $70 to get the Artic Freezer aftermarket cooler. Then flashed it with the XT bios. Since then, AMD has only improved the drivers and performance. The only times I've had any issues were pushing unstable overclocks or with game titles that are notoriously bad to begin with.
Quick question - Is it possible to execute a standalone .exe file (which is injected into the .jpg file) when a user opens the .jpg image? Great video btw!
No, the executable file has to have a special byte sequence at the beginning - in x86 times this was "MZ…" if I remember correctly - look it up with a hexcode editor. Maybe for x64 architecture, a variant is used, maybe it is different. But the file has to start with that.
No, its not possible. As i said in another comment: Thats not how it works at all. You can hide a virus / malicious code in a JPEG or any other file really, the thing is that it doenst get executed because its not an executable. When photoshop for example reads the data from the JPEG file it only reads it (to the FFD9) but it doenst execute the rest of the binary lol. The only way to get a virus from opening a jpeg file is with a third party image reader than executes the bytes after the image.
I think many social websites just get rid of everything you hidden in the image. They process the image and compress it (and maybe inject their own metadata)
Was a bit disappointed you just appended data to the image file, lots of image upload services just strip data past the end. You can have more success with adding application-specific JPEG segments (APP2..APP15 - APP0 is already used for JFIF and APP1 for Exif) or even encoding hidden messages into the actual quantization matrices.
There is nothing wrong with this approach :p. The target of this video is beginner CS students that are interested in cybersec, I think, so they are less comfy with cmd or sh D:
The thing that is not clear to me is : when you search for the index in the file, how are you sure that the bytes FFD9 do not appear also before the end of the file image?
No need for python here. For bash/zsh, this will do: `cat heart.png >> photo.jpeg`. It will work with any other file :D Windows shell uses `type` instead of `cat`.
Very informative. But I've a question. Let's say I download some jpeg by mistake, which has hidden exe. How can someone make this exe extract itself and run on my device? What are the steps I can do to prevent that from happening? Because tbh there is no way to know which image is infected and which isn't, and it's not possible to stay away from downloading images at all. Should I write a python code to check the images by myself? And will that exe stay inside the image safely till I'm able to verify the image using python?
Thanks for the content 👍. I've got a question please. Is there a way to automatically extract and launch the executable file in the background after reaching the EOF flag of the image
So this is usable but wouldn't hide anything from a bytewise search or anyone who knows anything about programming. There's a much better way to hide stuff in images, you write your info into the least significant color bits of the image. If you do it correctly you can even do it with a jpg but a non-compressed file is easier. You can literally just print text that wont be visible in the image and it won't look like a addended file. But if you're going to do this compress your data and at least terminate it with FFD9 so a casual look still looks like a JPG.
But why? It is good for nothing. Moreover, exe files have inital sequences, too, and if antiviral software detects these inside an image file, they will got to defcon 1. You actually increase the probailty of being detected dramatically.
Mind if you do come across something in the wilds of the net I wouldn't run it unless you really know what you're doing. (Sandbox VM, profilers, decompilers, etc)
I once took a peek of what's inside the APK of a mobile game I have and I see only one image file with size like 100MB. The photo is damaged or nothing to display so I suspect the files and resources are in that image file. After watching this, everything becomes clear now.
Thats not how it works at all. You can hide a virus / malicious code in a JPEG or any other file really, the thing is that it doenst get executed because its not an executable. When photoshop for example reads the data from the JPEG file it only reads it (to the FFD9) but it doenst execute the rest of the binary lol. The only way to get a virus from opening a jpeg file is with a third party image reader than executes the bytes after the image.
Something is not working for me, my code is the same as yours but when i try to get the string it prints me all the code and not just the "Hello world"
@@maxliberman3015 probably means your image has more than 1 image, so main image plus thumbnail. the append will append it to the end, but the seem will find the first occurrence of the FFD9 and set that as the offset. Your search will have to look for the last occurrence of FFD9
Does this work as the old DOS copy /b command? If so, if I remember correctly, you can skip the extraction part and just change the extension to which part you want to see (e.g. photo.jpg opens in photo editor, photo.txt opens in notepad and shows just the text Hello world)...
Copy yes true, but when change extension then the program start to read every time from first byte, not from the second file hidden inside, so you will have simply a notepad full of ascii characters before the final correct text
this is cool, by obvious for people searching for a payload. Why modify the pixels like the png steganography tutorial don't work with jpeg? Thank you btw for this video
imagine people storing credit card info in photos, this is like 'safe behind a painting' but virtual
People do it but if the police knew about it, you have a Problem 😂
Yeah, imagine…
@@xu83r why would u hash credit card info
It has already happened, a cyber gang famous for credit frauds has hid it in cat pictures so that isp wouldnt notice
We went a full circle
Before I really started my InfoSec career, I always thought this sort of thing was super drawn out and complicated. Now that I have experience, it’s sort of eye opening to see how easily it can be done.
until someone blocks the input stream on the FFD9
@@manfredpseudowengorz as almost any filetype has identifieres this doesnt matter at all
don't you think such files should be flagged by windows defender or imageviewer apps?
@@mehregankbi yeah this is why another way this is done is change some pixel values to store data as a sort of pattern, can't be normally seen by humans if the image is high res enough
Actually real steganography is done in another way, but similar results. Change the least significant bit (LSB) of rgb element in each pixel so that its odd or even. The pattern of odds and even ( 0 and 1 ) will give you a hidden message when you extract. This way you’re basically altering the real image im a way its not distorted instead of adding to the image.
Quite interesting. We usually know so little about file formats, cool to learn something like that.
Machine learning pid iron station test
Awesome! The way you explain things is amazing - I always learn alot. Thanks again!
I did this when I was doing my masters 17 years ago, but in bmp
why
@@asiamies9153 didn't have anything better to do... Had learnt c and had gone through file format... So I was changing specific bits in RGB
hmmm interesting thought otd. Given recent advances in ai code suggestions, it makes me wonder if gpt3 could be trained to decompile object code to some reasonable facsimile of the original code.
The art of code decompiling is even more mysterious than coding since you have to devine meanings of the symbol table just through sometimes very obscure usage.
This might be one more opportunity for ai to really shine.
Awesome as always. The most interesting materials are never found on the most beaten path. The best stuff is found in the unknown.
This is great! This was my first time trying steganography and using python and this was super interesting! You did a great job of walking through which each step's purpose was!
6:46 There is literally a checkbox there that says "Do not ask this question again"
This is cool because it means we can have a way to hide data on open networks, and when sending things to people, or just simply to hide things on your own device, like your you know what photos
You don't want to send data this way on open networks, it's just not secure.
@@ApiolJoe not necessarily when people who know what they’re doing involved, but when you have a network full of people who don’t know their way around a computer properly, this is great
@@robinferizi9073 if they don't know their way around a computer, you don't need this.
@@ApiolJoe true
@@ApiolJoe Security by obscurity is a legitimate thing. It's only insecure if someone is looking at what you're doing very closely, and looking _specifically_ for this technique -- in which case, you probably wouldn't get past them anyway.
you can hide zip archive in jpg images using the copy comand in cmd. opening it in 7zip will open the archive, but otherwise it will open as a normal image
how exactly if u can wake me through this i would be grateful
@@ioim_0 this is the comand
copy /b image.jpg + archive.zip output.jpg
@@claudiu7909 tysm man
Works because a ZIP archive has the metadata at the end (if you add more files to an archive, its metadata is going to grow, so if it's at the end you don't have to move as much data to make space).
Learnt about that because back in the 90s, I had some installer that was a shell script with appended zip archive.
@@Ph34rNoB33r It's even simpler than that, it even works with e.g. RAR (which doesn't concentrate metadata on members at all, just adds a list of offsets at the end when you add a "quick open header" to RAR5 archives) or 7-Zip (which has the table of contents at the beginning).
Archivers just scan the file until they find an archive file signature to support self-extracting archives, which are just an archive appended to an unpacker executable.
Steganography is a magnificent technique to hide stuff from intruders👌
Man, this is awesome. I hope I’ll learn more cool stuff from you.
Your channel is one of the top 5 , I have learned so much from you , very concise , with necessary information. I thank a lot for all this effort
Imagine a person doing this with a silent miner into others people computer to mine crypto. 😂
Thank you so much, I always wanted to know how it works, I know I say this every time you see my messages or comments, but you are the holy grail.
You learned me so much thing since that last 2 years ! big love on you bro
thanks for your kind comment brother :)
Wow
This is insanely clever for me. Never imagined something like this was even possible. Thank you very much for teaching this to me.
That's Insane my man. I really appreciate u. Thanks
Thanks NeuralNine. Cool video!
I was just curious about that... Thanks NeuralNine!
^^
subbed and liked, this gave me an idea for storing programs in files and extracting then running them
Have been waiting trying to find out how to do these things for months. Thank you so much!!!!!
I downloaded a random image off the internet so I could do this on. I couldn't figure out why I couldn't get it to read, I was able to write to the jpg. Turns out it already has another hidden message inside it that's more complicated to extract lol.
Why did it take me until now to realize the python logo can be seen as either 2 pythons or a fat dude sitting in a chair.
THANK YOU. I have been looking for this tutorial for ages. You can't imageine how much time I spent trying to find a way to do this, thank you so much.
btw I'm downloading this video so I won't lose it again
I really appreciate these kind of videos. You explaining Stuff which I didnt know existed. Really Cool, now I'm never gonna click a jpeg lol.Hope you get a 100k in a couple of weeks.
Excellent Content !!Thank You!!!
Awesome this was really interesthing and useful, thanks NeuralNine
A problem I found with the hello world part is the FF D9 is always at the end of jpg file, BUT it does not mean FF D9 cannot appear elsewhere in the file. In my case, I found a jpg file that had FF D9 in 2 other separate spots than at the end.
Thanks a lot for your vids! Great job!
Lol, this is a funny topic but can be useful (for rick rolls)!
Thanks bro, well done👍
4:02 what happens if we omit b in b"Hello World" ? Cant string be added to the file ?
Files and sockets work with bytes. To get it out as a raw string you have to write a few lines of code
Thank you for this very useful video!
Scary stuff man!!! Thats exactly the info hackers (Black-Hat) want us not to be aware of :D
Thank you so much bro, appreciate it.
ayyy xkcd!
I bought a reference 5700 (non-xt) when they were being discontinued for $270. I spent another $70 to get the Artic Freezer aftermarket cooler. Then flashed it with the XT bios. Since then, AMD has only improved the drivers and performance. The only times I've had any issues were pushing unstable overclocks or with game titles that are notoriously bad to begin with.
But how would you execute that .exe file embedded in the image file?
Extract the byte data to another file, then run it
@@akshitsingh6429 yeah
@@akshitsingh6429 Thank you! But I was wondering if there's a way to run the .exe when the image is clicked or pressed if on a phone.
@@rajeshroshan2877 That would be a huge security risk, think about it. It's definitely not possible, at least without exploiting bugs
Thought you'd show how to open an image and have an executable run somehow also.
Anyway, liked these image tricks!
Rare jpeg market stocks goes down after this video.
I like your content 💪🔥
I cant get enough of that intro
Awesome ….. Incredible ….. this is Amazing 🤩
Thank you for this video
thanks for watching!
@@NeuralNine what Hex Editor software are you using currently? I am trying to find those that are for free.
at minues 13:49 what have you write behind webcam
Nice video! Do you have any practical application of this ?
Hiding copyright information inside of the image. Not sure if it will disappear if the image is edited or renamed, though. Still learning that.
Quick question - Is it possible to execute a standalone .exe file (which is injected into the .jpg file) when a user opens the .jpg image?
Great video btw!
a very mean way of hacking 🌚
works on PC but not on mobile
@@ahmedyasser8416 حصل يسطا
No, the executable file has to have a special byte sequence at the beginning - in x86 times this was "MZ…" if I remember correctly - look it up with a hexcode editor. Maybe for x64 architecture, a variant is used, maybe it is different. But the file has to start with that.
No, its not possible.
As i said in another comment:
Thats not how it works at all. You can hide a virus / malicious code in a JPEG or any other file really, the thing is that it doenst get executed because its not an executable.
When photoshop for example reads the data from the JPEG file it only reads it (to the FFD9) but it doenst execute the rest of the binary lol. The only way to get a virus from opening a jpeg file is with a third party image reader than executes the bytes after the image.
is it possible to execute the exe file while opening the jpg file in which we hide exe?
Thanks a lot. What' s about PNG, TIFF and PDF ? Did you make additional experiments ?
What would happen if the image is being sent through a platform that has image compression, for example whatsapp
Will the added data be unharmed?
Gotta try it for yourself but i suspect that the data will be stripped off
@@KimionTM messengers and social networks almost always reprocess the image in order to compress it, so yeah, it will definitely be stripped off
I think many social websites just get rid of everything you hidden in the image. They process the image and compress it (and maybe inject their own metadata)
Thats why we modify the Hex
Wow, you've just invented an archiver
Was a bit disappointed you just appended data to the image file, lots of image upload services just strip data past the end.
You can have more success with adding application-specific JPEG segments (APP2..APP15 - APP0 is already used for JFIF and APP1 for Exif) or even encoding hidden messages into the actual quantization matrices.
New here very much appreciate your content..
Happy programmers day! Have a good day
If the JPEG ends at that 2 Bytes, why not just append the binary? Like “cat binary.exe >> image.jpg”
@Dee_lan Of course. You just need to find the 4 bytes and then write out the rest. But when creating the files, you can simply append and be finished.
There is nothing wrong with this approach :p. The target of this video is beginner CS students that are interested in cybersec, I think, so they are less comfy with cmd or sh D:
This is absolutely amazing! Could you do the same with video files?
Video files are too big and would raise suspicion (if one has common sense)
You could also send to phone and use an image reader possible
The thing that is not clear to me is : when you search for the index in the file, how are you sure that the bytes FFD9 do not appear also before the end of the file image?
because thats how jpg files are structured
JPEG hex may look random but it's fully documented, so it is designed that there will never ever ever EVER be any FFD9 other than at the end :D
boooo i was looking for this, you the real OG
No need for python here. For bash/zsh, this will do: `cat heart.png >> photo.jpeg`.
It will work with any other file :D Windows shell uses `type` instead of `cat`.
Good thinking but how you'd suggest extracting the heart.png from the jpeg in bash?
thanks ur share.I have a question,how to insert codes to a jpg file, whilch can execute the code inside once the jpg file is opened
Where are stored the Metadata?? Before the FFD8 at the begining?? At the end??
So that's why TF2 only works with the coconut.jpg
Thank you 😊
The question now is how to execute the injected exe file or extract the injected image file automatically only by opening the jpeg file
Is it possible to execute the .exe file from the image?
I mean, when I open the image, the exe will execute
It's possible. Probably, at least. Is it realistic? No
Thanks bro for good contents
:)
Very informative. But I've a question. Let's say I download some jpeg by mistake, which has hidden exe. How can someone make this exe extract itself and run on my device? What are the steps I can do to prevent that from happening? Because tbh there is no way to know which image is infected and which isn't, and it's not possible to stay away from downloading images at all. Should I write a python code to check the images by myself? And will that exe stay inside the image safely till I'm able to verify the image using python?
That's interesting.
Great video, really opened my eyes to what is capable these days.
Thanks for the content 👍. I've got a question please. Is there a way to automatically extract and launch the executable file in the background after reaching the EOF flag of the image
The code in 6:30 is reading the entire file. What's wrong?
So this is usable but wouldn't hide anything from a bytewise search or anyone who knows anything about programming. There's a much better way to hide stuff in images, you write your info into the least significant color bits of the image. If you do it correctly you can even do it with a jpg but a non-compressed file is easier. You can literally just print text that wont be visible in the image and it won't look like a addended file. But if you're going to do this compress your data and at least terminate it with FFD9 so a casual look still looks like a JPG.
what if you send the jpg file via WhatsApp or Facebook, their compression mechanism is going to remove the appended bites?
Sorry really fucking late reply but yes the bastards remove the appeneded bytes
But why? It is good for nothing. Moreover, exe files have inital sequences, too, and if antiviral software detects these inside an image file, they will got to defcon 1. You actually increase the probailty of being detected dramatically.
Good explanation bro
now to hide a rickroll in an image :>
oH you copied my idea hahahah
@@vdofficialchannel9841 or I just decided to do something of my own will with no knowledge of other people's ideas and their supposed claims on them
Mind if you do come across something in the wilds of the net I wouldn't run it unless you really know what you're doing. (Sandbox VM, profilers, decompilers, etc)
I once took a peek of what's inside the APK of a mobile game I have and I see only one image file with size like 100MB. The photo is damaged or nothing to display so I suspect the files and resources are in that image file. After watching this, everything becomes clear now.
Any suggestions to how would be to run an inside program each time you open the image?
Thank you!
but how can the exe file run automaticlly if the jpg file was opened
it just prints out the entire file instead of the message :/
Thx! Very cool!
Hey I've got problem at the very beggining. For some reasons my write function doesn't work and I can't append "Hello World" to my jpg
Thanks for warning me to never click JPEGs anymore, knowing now that they can contain viruses lol
It's not that simple. Just clicking on the JPEG won't do anything. You need a script to extract it as well ^^
Thats not how it works at all. You can hide a virus / malicious code in a JPEG or any other file really, the thing is that it doenst get executed because its not an executable.
When photoshop for example reads the data from the JPEG file it only reads it (to the FFD9) but it doenst execute the rest of the binary lol. The only way to get a virus from opening a jpeg file is with a third party image reader than executes the bytes after the image.
what if make an image that shutdowns your pc
good English .easy to understand
This guy deletes the original file with full confidence 🤣
Is this also called Steganography?
All files in image. DL fir security check onto usb from email... use code editor to scan? Or will it exicute upon opening?
Thanks verry much !!!
Something is not working for me, my code is the same as yours but when i try to get the string it prints me all the code and not just the "Hello world"
Its like the offset function does not work, help plsss
@@maxliberman3015 probably means your image has more than 1 image, so main image plus thumbnail. the append will append it to the end, but the seem will find the first occurrence of the FFD9 and set that as the offset. Your search will have to look for the last occurrence of FFD9
can i get the intro music please , its stuck in my head
how i can write my python code in jpg like when i open photo app will opened too?
Which program is he using?
I know I'm late but is there a way to run the executable embedded in the image in the python script without writing it to disk?
But can the executable file be opened automatically without any program while I open the jpeg file
Is it possible to hide short videos too inside an image ?
Yes!
So, how to run program when click the photo
Does this work as the old DOS copy /b command? If so, if I remember correctly, you can skip the extraction part and just change the extension to which part you want to see (e.g. photo.jpg opens in photo editor, photo.txt opens in notepad and shows just the text Hello world)...
Copy yes true, but when change extension then the program start to read every time from first byte, not from the second file hidden inside, so you will have simply a notepad full of ascii characters before the final correct text
How can i make the executable hidden in the picture to autorun
this is cool, by obvious for people searching for a payload. Why modify the pixels like the png steganography tutorial don't work with jpeg? Thank you btw for this video