Stegmeister!
How much information can the best steganography program stuff into a 1135 x 757 pixel photo, without making it ridiculously obvious it's been tampered
with? The image below, for example: it looks pretty normal, right? How much would you guess it has embedded in it?
Would you believe an entire novel? Would you even believe, not some puny, wimpy, skimpy novel, but Tolstoy's massive epic, War and Peace, as sourced
from Project Gutenberg, weighing in at nearly 1300 pages?? Stegmeister accomplishes the task with ease, and the still-innocent-looking forest scene
now contains the complete work, waiting to be extracted with the right password. Because compression is one of the steps during embed, the extracted
text is larger than the image it's embedded in!
2,579,910 forest.bmp 2023 Oct 4 06:44:10 <=== 1135 x 757 pixels
3,359,630 WarAndPeace.txt 2023 Oct 4 06:56:09
forest.bmp To extract 3.3 MB of text from this 2.6 MB image, use password "abc" (3 letters, no quotes).
forestOrig.bmp Here's the original, before stuffing.
WarAndPeace.txt Here's what Stegmeister stuffed. If you asked your steg program to embed it, could it?
I chose a particularly high embed ratio, 90% of the maximum the program can perform, to show off what Stegmeister can do. More typical, and more
appropriate for photos that have areas of sky or other relatively uniform colors that can look a bit grainy with very high ratios, would be a 50%
embed ratio (the difference is huge, because we're giving up embedding in higher-order bits, the loss of each one of which results in a cutting in
half of the possible extent of change to a given pixel-color value). If I'd asked for 50%, I'd have gotten a 1456 x 970 pixel output image, still
small enough to view full size on a 1920 x 1080 desktop background.
The image below has the entire King James Bible, and again, thanks to compression on embed, the extracted text is larger than the image file:
3,001,806 highLake.bmp 2025 Feb 12 07:35:08 <=== 1425 x 702 pixels
4,455,996 KingJamesBible.txt 2025 Feb 7 07:26:17
highLake.bmp To extract 4.4 MB of text from this 3.0 MB image, use password "abc" (3 letters, no quotes).
highLakeOrig.bmp Here's the original, before stuffing.
KingJamesBible.txt Here's what Stegmeister stuffed. If you asked your steg program to embed it, could it?
Is that as stuffed as we can get? No, by cranking the pressure up to "11", Stegmeister can embed the KJ Bible into a smaller version of the same
image, barely more than half the size of the output text, but this pushes info into higher order bits of the stored intensity values and makes for
noticeable graininess, which is much harder to spot in the slightly larger image above:
2,334,922 highLakeSmall.bmp 2025 Feb 12 14:22:25 <=== 1257 x 619 pixels
4,455,996 KingJamesBible.txt 2025 Feb 7 07:26:17
highLakeSmall.bmp To extract 4.4 MB of text from this 2.3 MB image, use password "abc" (3 letters, no quotes).
highLakeSmallOrig.bmp Here's the original, before stuffing.
KingJamesBible.txt Here's what Stegmeister stuffed. If you asked your steg program to embed it, could it?
Stegmeister can stuff as many files in one wrapper as you like, with any mix of file types, as long as the wrapper is large enough to hold them. You
might embed one or more other images, for example. Videos? They tend to be large and not very compressible, but if they fit, you're good.
Pretty neat, no? For anyone who thinks, as I do, that steganography is useful, you can run Stegmeister yourself, if you've got 64-bit Windows (see
below for Linux). The program has external dependencies bundled in the executable using Enigma Virtual Box, which should make it portable: just drop
the .exe anywhere and run it. Then download forest.bmp, extract from it, and you'll have War and Peace! You know you've always wanted to read it.
Stegmeister version 1.07
If Windows says the download is a threat (my four Windows 10 computers sometimes say it is, and sometimes not), and you trust that I'm not pushing a virus, go to Start, Windows Security, Virus & threat protection, Virus & threat protection settings (Manage settings), Real-time protection: turn off. Download the file, then, before you turn that switch back on, go to Exclusions (near bottom of page), Add or remove exclusions, Add an exclusion, File, navigate to the .exe name, add it. Then you can turn the Real-time protection switch back on. Or, you can download the source and build it yourself, using Visual Studio 2022 (be sure to install the C++ compiler). Last I checked, the Community edition is free to individuals, and it's kind of fun having a compiler on your computer.Stegmeister version 1.07 source for Windows
Please let me know if you experience any problems or have suggestions for making it more intuitive. And ... here's a command-line (CLI) version of Stegmeister for Linux:Stegmeister version 1.07 source for Linux
Stegmeister version 1.07 executable for Linux (64-bit PC hardware, Ubuntu compatible)
How is Stegmeister better?
First, Stegmeister provides a huge range of embed degrees, up to several bits per image byte and down to small fractions of a bit per byte (realized with an occasional one-bit embed), by varying the size of the output file to fit the amount of data being embedded and the embed degree desired. Detecting that an image has been lightly stuffed would be virtually impossible. Second, instead of embedding the same amount in every image byte, Stegmeister embeds bits most heavily in bright pixels, leaving darker pixels mostly undisturbed. Black pixels and washed-out white pixels don't get embeds, to avoid a sure "tell" that the image has been modified. Third, Stegmeister solves a vexing problem that comes about when for example a grey cloud has RGB (red-green-blue) values 127, 128, 128. In binary, 127 is 01111111 and 128 is 10000000. They're almost the same intensity at the start, but any bits we embed in 01111111 will replace 1's and so will make that color darker (unless the embedded bits are also all 1's), while any bits we embed in 10000000 will replace 0's and so make that color brighter. Even with fairly low embed ratios this becomes noticeable as phantom colors, and as we try to stuff more information in, it gets worse and worse. Stegmeister finesses this problem by invoking a mathematical sleight of hand that makes the brightness of any given pixel color equally likely to go up or down, no matter what the starting value or the number of bits embedded. When each color brightness is held the same on average, hue and saturation also stay the same on average. One may need to blur adjacent output pixels together to experience the original color, but that's already what the eye does automatically when viewing an image from a normal distance. This technique, internally called bScatter, allows for the highest possible embed ratio resulting in an undistorted-looking output image. How bScatter works. (If an image is going to be subject to careful scrutiny, one would probably employ lower embed ratios than when seeking only a pleasing look from a distance. How paranoid are you? No problem, Stegmeister can accommodate.) Fourth, Stegmeister makes it phenomenally difficult to pull out any embedded information, even if an attacker is certain the image is stuffed with something. The exact number of bits embedded in a particular pixel-color is pseudo-random, so even assembling a still-encrypted correct sequence of bytes, without having the program and the correct password, would be a Herculean task. Bonus: Stegmeister is FAST. Interpreted languages such as Python are nicely portable, but they make you wait when processing millions of pixels. Stegmeister is compiled from C++ source, and takes just seconds to complete a large embed or extract.
Who needs steganography?
Steganography is fun, and that's enough reason to use it. But does anybody actually NEED steganography? Not you, if you live in a nation which respects the rights of its citizens to communicate with each other privately, openly using encryption. Unfortunately, such countries are becoming as scarce as hen's teeth: even so-called "enlightened" western democracies are becoming infested with rulers who are deeply suspicious of private communication, and increasingly are moving toward outlawing encryption, absent a government-held backdoor key. Openly employing PGP or other strong encryption program is a sure way to get on a government's List of Suspects, and the way things are going, could soon get you locked up. The usual excuse for outlawing private communication is, "CRIMINALS use encryption!" And it's true: criminals use encryption. Criminals also use grocery stores and restaurants to purchase food: shall we outlaw those so that criminals won't be able to eat? Every tool which separates humankind from animals foraging for their next meal can be misused by criminals, and if that becomes the criterion for outlawing a given tool, humans will have nothing, not even rocks to defend themselves with. Furthermore, throughout history, the most dangerous and murderous criminals on the face of the earth have been people with their hands on the levers of government power, and the briefest glance around the globe confirms that this remains true today. For such people to attempt to dictate to the normal, honest populace that they must submit to having Big Brother looking over their shoulders at all times is a travesty that no spirited individual would or should accept. Combining steganography with PGP (I'm using gpg4win) adds another layer of security. Here's my public key: -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEZb+2RxYJKwYBBAHaRw8BAQdAaMJHnjlI8nw07vDhHFLQ/c+tg6H66dQdVRQk kpWKfkm0H2FkYXB0dW5lIDxhZGFwdHVuZUBjb21jYXN0Lm5ldD6IkwQTFgoAOxYh BPn3kt9+8DhW816UZTvuOihrVJB+BQJlv7ZHAhsDBQsJCAcCAiICBhUKCQgLAgQW AgMBAh4HAheAAAoJEDvuOihrVJB+AecBALiJ+z5pZJzTcWUguUDTNQ3yyOhR1Icc CuQOjjIClXJsAP9igyu1BptKAVcZGP37qEPF6YtMXQKhgc+VibxlA1bMCLg4BGW/ tkcSCisGAQQBl1UBBQEBB0B/8HccEMNjzCg/3T6z4jCa7OqWYxKmD/BGeNIIldGh LwMBCAeIeAQYFgoAIBYhBPn3kt9+8DhW816UZTvuOihrVJB+BQJlv7ZHAhsMAAoJ EDvuOihrVJB+T9EBAM25ikbZ44JeLk3WQrA1bnHn47LlcdGZu37UYMGMrWnYAQDQ /cyUX8j1xYyzuprERnbZ7KAT/J0KSy3uCMLbPE8mCg== =rsAD -----END PGP PUBLIC KEY BLOCK----- adaptune_0x6B54907E_public.asc
Comments? Email 1 2
Return to home page