Stegmeister!
How much information can the best steganography program stuff into a 1135 x 757 pixel photo, without making it ridiculously obvious it's been tampered
with? The image below, for example: it looks pretty normal, right? How much would you guess it has embedded in it?
Would you believe an entire novel? Would you even believe, not some puny, wimpy, skimpy novel, but Tolstoy's massive epic, War and Peace, as sourced
from Project Gutenberg, weighing in at nearly 1300 pages?? Stegmeister accomplishes the task with ease, and the still-innocent-looking forest scene
now contains the complete work, waiting to be extracted with the right password. Because compression is one of the steps during embed, the extracted
text is several hundred thousand bytes larger than the image it's embedded in!
2,579,910 forest.bmp 2023 Oct 4 06:44:10 <=== 1135 x 757 pixels
3,359,630 WarAndPeace.txt 2023 Oct 4 06:56:09
forest.bmp . To extract 3.3 MB of text from this 2.6 MB image, use password "abc" (3 letters, no quotes).
forestOrig.bmp . Here's the original, before stuffing.
WarAndPeace.txt . Here's what Stegmeister stuffed. If you asked your steg program to embed it, could it?
I chose a particularly high embed ratio, 90% of the maximum the program can perform, for this demonstration, to show off what Stegmeister can do.
More typical, and more appropriate for photos that have areas of sky or other relatively uniform colors that can look a bit grainy with very high
ratios, would be a 50% embed ratio (the difference is huge, because we're giving up embedding in higher-order bits, the loss of each one of which
results in a cutting in half of the possible extent of change to a given pixel-color value). If I'd asked for 50%, I'd have gotten a 1456 x 970
pixel output image, still small enough to view full size on a 1920 x 1080 desktop background.
The pic below has the entire King James Bible, and again, thanks to compression on embed, the extracted text is larger than the image file:
3,001,806 highLake.bmp 2025 Feb 12 07:35:08 <=== 1425 x 702 pixels
4,455,996 KingJamesBible.txt 2025 Feb 7 07:26:17
highLake.bmp . To extract 4.4 MB of text from this 3.0 MB image, use password "abc" (3 letters, no quotes).
highLakeOrig.bmp . Here's the original, before stuffing.
KingJamesBible.txt . Here's what Stegmeister stuffed. If you asked your steg program to embed it, could it?
Stegmeister can stuff as many files in one wrapper as you like, with any mix of file types, as long as the wrapper is large enough to hold them. The
wrapper image might hold one or more other images, for example. Videos? They tend to be large and not very compressible, but if they fit, you're good.
Pretty neat, no? For anyone who thinks, as I do, that steganography is useful, you can run Stegmeister yourself, if you've got 64-bit Windows (see
below for Linux). The program is wrapped ("boxed") with Enigma Virtual Box, which should make it portable: just drop the .exe anywhere and run it.
Then download forest.bmp, extract from it, and you'll have War and Peace! You know you've always wanted to read it.
Stegmeister version 1.06
If Windows says the download is a threat (my four Windows 10 computers sometimes say it is, and sometimes not), and you trust that I'm not pushing a virus, go to Start, Windows Security, Virus & threat protection, Virus & threat protection settings (Manage settings), Real-time protection: turn off. Download the file, then, before you turn that switch back on, go to Exclusions (near bottom of page), Add or remove exclusions, Add an exclusion, File, navigate to the .exe name, add it. Then you can turn the Real-time protection switch back on. Or, you can download the source and build it yourself, using Visual Studio 2022 (be sure to install the C++ compiler).Stegmeister version 1.06 source for Windows
Please let me know if you experience any problems or have suggestions for making it more intuitive. And ... here's a command-line (CLI) version of Stegmeister for Linux:Stegmeister version 1.06 source for Linux
Stegmeister version 1.06 executable for Linux (64-bit PC hardware, Ubuntu compatible)
How is Stegmeister better?
First, instead of embedding the same amount (1 bit?) in every image byte, dark pixels are left mostly undisturbed and bright pixels get more bits embedded into them. Stegmeister also does not embed into pixels in washed-out areas, since doing so is a sure "tell" that the image has been modified. Second, Stegmeister provides a huge range of embed degrees, up to several bits per image byte and down to small fractions of a bit per byte (realized of course with an occasional one-bit embed), all under user control. Detecting that an image has been lightly stuffed would be virtually impossible. Third, Stegmeister solves a vexing problem that comes about when for example a grey cloud has RGB (red-green-blue) values 127, 128, 128. In binary, 127 is 01111111 and 128 is 10000000. They're almost the same intensity at the start, but any bits we embed in the former will replace 1's and so will make that color darker (unless the embedded bits are also all 1's), while any bits we embed in the latter will replace 0's and so make that color brighter. Even with fairly low embed ratios this becomes noticeable as phantom colors, and as we try to stuff more information in, it gets worse and worse. Stegmeister finesses this problem by invoking a mathematical sleight of hand that makes the brightness of any given pixel color equally likely to go up or down, no matter what the starting value or the number of bits embedded. When each color brightness is held the same on average, hue and saturation also stay the same on average. Of course one may need to blur output pixels together to experience the original color, but that's already what the eye does automatically when viewing an image from a normal distance. This technique allows for the highest possible embed ratios resulting in undistorted-looking output images. (If an image is going to be subject to careful scrutiny, one would of course employ lower embed ratios than when seeking only a pleasing look from a distance. How paranoid are you? No problem, Stegmeister can accommodate.) Fourth, Stegmeister makes it phenomenally difficult to pull out any embedded information, even if an attacker is certain the image is stuffed with something. The exact number of bits embedded in a particular pixel-color is pseudo-random, so even assembling a still-encrypted correct sequence of bytes, without having the program and the correct password, would be a Herculean task. Bonus: Stegmeister is FAST. Interpreted languages such as Python are nicely portable, but they're slow when processing millions of pixels. Stegmeister is compiled from C++, and takes just seconds to complete a large embed or extract.
Who needs steganography?
Steganography is fun, and that's enough reason to use it. But does anybody actually NEED steganography? Not you, if you live in a nation which respects the rights of its citizens to communicate with each other privately, openly using encryption. Unfortunately, such countries are becoming as rare as hen's teeth: even so-called "enlightened" western democracies are becoming infested with rulers who are deeply suspicious of private communications, and increasingly are moving toward outlawing encryption, absent a government-held backdoor key. Openly employing PGP or other strong encryption program is a sure way to get on a government's List of Suspects, and the way things are going, could soon get you locked up. The usual excuse for outlawing private communication is, "CRIMINALS use encryption!" And it's true: criminals use encryption. Criminals also use grocery stores and restaurants to purchase food: shall we outlaw those so that criminals won't be able to eat? Every tool which separates humankind from animals foraging for their next meal can be misused by criminals, and if that becomes the criterion for outlawing a given tool, humans will have nothing, not even rocks to defend themselves with. Furthermore, throughout history, the most dangerous and murderous criminals on the face of the earth have been people with their hands on the levers of government power, and the briefest glance around the globe confirms that this remains true today. For such people to attempt to dictate to the normal, honest populace that they must submit to having Big Brother looking over their shoulders at all times is a travesty that no spirited individual will or should accept. Combining steganography with pgp (I'm using gpg4win) adds another layer of security. Here's my public key: -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEZb+2RxYJKwYBBAHaRw8BAQdAaMJHnjlI8nw07vDhHFLQ/c+tg6H66dQdVRQk kpWKfkm0H2FkYXB0dW5lIDxhZGFwdHVuZUBjb21jYXN0Lm5ldD6IkwQTFgoAOxYh BPn3kt9+8DhW816UZTvuOihrVJB+BQJlv7ZHAhsDBQsJCAcCAiICBhUKCQgLAgQW AgMBAh4HAheAAAoJEDvuOihrVJB+AecBALiJ+z5pZJzTcWUguUDTNQ3yyOhR1Icc CuQOjjIClXJsAP9igyu1BptKAVcZGP37qEPF6YtMXQKhgc+VibxlA1bMCLg4BGW/ tkcSCisGAQQBl1UBBQEBB0B/8HccEMNjzCg/3T6z4jCa7OqWYxKmD/BGeNIIldGh LwMBCAeIeAQYFgoAIBYhBPn3kt9+8DhW816UZTvuOihrVJB+BQJlv7ZHAhsMAAoJ EDvuOihrVJB+T9EBAM25ikbZ44JeLk3WQrA1bnHn47LlcdGZu37UYMGMrWnYAQDQ /cyUX8j1xYyzuprERnbZ7KAT/J0KSy3uCMLbPE8mCg== =rsAD -----END PGP PUBLIC KEY BLOCK----- adaptune_0x6B54907E_public.asc
Comments? Email 1 2
Return to home page