Aug

Tip: Hiding Files Inside An Image in Linux

Rai

Linux, Tips Tags

archive, files, hidden, hide, image, jpg, Linux, secret, zip

I have a previous post on how to hide files inside an image file in Windows. If you have not read or watched the video yet, it is right here.

Anyway, a comment on that post gave a tip on how to do the same thing on Linux. Of course I tried it and it worked! According to Sebastian of mathemaniac.org, the concept here is really simple. An image file like JPG is read from the beginning of the file and terminated with an ‘End of Image’ marker. An archive file like ZIP has their metadata stored at the end of the file. Put them together and the image will be read as a valid image file and the appended ZIP file will be read as an archive.

Here is how to do it in Linux:

Get an image file and an archive of the files that you want to hide. In this example, I have cat beer_and_cig.jpg and hideme.zip file. The zip file contains an MP3 song that I have stored inside the archive. To create the archive-image file, run this command:

cat beer_and_cig.jpg hideme.zip > ucantseeme.jpg

What this does is the ‘cat‘ command reads the image file first, then reads the zip file and puts them together in the file named ucantseeme.jpg.

To test the integrity of the image file, try this:

# unzip -t ucantseeme.jpg Archive: ucantseeme.jpg warning [ucantseeme.jpg]: 4751 extra bytes at beginning or within zipfile (attempting to process anyway) testing: Feist - 09 - One Two Three Four.mp3 OK No errors detected in compressed data of ucantseeme.jpg.

Notice the warning message? The test saw that there were few bytes at the beginning, which means it saw the image file first but the archive is intact and no errors were found.

Perfect!

20 Comments to “Tip: Hiding Files Inside An Image in Linux”

Tadas August 18, 2008 at 7:08 am
That’s an interesting solution.

Tadas’s last blog post is GTK: Subclassing button
Tado stuff : Siunčiam vykdomuosius failus per GMail August 18, 2008 at 10:14 am
[...] Digg aptikau tokį visai įdomų postą. Na, gal nelabai įdomų Paskaičiau ir pagalvojau, ar nebūtų galima taip persiųsti vykdomųjų [...]
Lion October 24, 2008 at 6:57 am
Nice solution. Helped me a lot. Thanks a load.
Shakefu November 7, 2008 at 7:04 pm
Dunno if it’s a display issue, but that command should be:
cat filename.zip >> image.jpg

… so it appends the zip instead of replacing it (which the single carat, >, would do).
Rai November 10, 2008 at 9:52 pm
If you would look closely at the command

cat beer_and_cig.jpg hideme.zip > ucantseeme.jpg

It cat’s two files in a single file so you retain both files and create a new one.
Simon November 20, 2008 at 12:47 pm
Yea nice one. Pedophiles around the world thank you.
torque January 28, 2009 at 10:19 am
Can I hide my kiddie porn this way? The filz are pretty big…
Rai January 28, 2009 at 6:00 pm
The pedophiles has nothing to do with this, thank you very much. But now that you mentioned it, they will thank you for giving them an idea.
ov3rcl0ck January 30, 2009 at 11:54 am
You realize they made a program to do this in like 2007, its called steghide, its in the ubuntu/debian Repos and its opensource, also they made stegdetect which detects hidden files in images. By the way the process is called Steganography or stego for short, its the art of writing a hidden message in such a way that only someone who knows its there can find it. But your methode is nice also, but with steghide you can encrypt the file and lock the file with a password.
poopooface February 28, 2009 at 4:25 pm
great tip! now i can hide keyloggers in my porn images i randomly send to people!

seriously wat is the legitimate use for this? cating files is useful but I cant think of one non-devious use for this.
Bjord April 27, 2009 at 3:23 am
“seriously wat is the legitimate use for this? cating files is useful but I cant think of one non-devious use for this.”

In places where free speech does not exist, something like this could be used to send around information while potentially getting around some of the laws.

It works for almost every type of file (I’ve personally been testing image, video and music files). It is not secure, but it is safer than having a file in the open or hidden via normal means.
Mezclar un archivo con una Imagen | Linux Puerto Montt [DOT] CL June 15, 2009 at 9:22 pm
[...] Puedes encontrar la fuente de la explicación en inglés aquí [...]
bill October 2, 2009 at 7:44 am
With many people, it’s the images they want to hide.
Mike Lee October 3, 2009 at 12:38 pm
It is good if you have copyright data to send to a frind that you do not wish your ISPs or the gov to see and on Linux you can password zip files.
and you can send odt file and word doc in jpg to make your e-mail private.
Mike lee December 30, 2009 at 1:00 am
H!

Just let you all know you can hide 700MB or more in a JPG
Teros January 21, 2010 at 7:02 am
Ok.. that’s fine. Large files just wouldn’t be very hidden. It would be like hiding a fat man under a carpet. It’s only practical to insert relatively small amounts of data into an image (or other file). Otherwise, why not just encrypt the fat man- er.. data.
marc August 22, 2011 at 8:54 am
i dont really get why you are using > instead of >>
i tested your cat commands, and also this one:
cat archive.zip >> pic1.jpg

and really there is no difference at all. both extract the files in archive.zip
it is just that using >> seems more neat than >
jc September 22, 2011 at 11:39 am
For those asking about a legit use, consider this: Some FOSS projects make really large release files (like linux distros, with ISO sizes of 700mb). It can be hard to get mirror space for these files. However, hiding the file inside a .jpg is a way to trick many CDN’s into hosting the file. Then, a crappy server can be used for the mirror and downloads will still work.
ShowStopper October 28, 2012 at 8:26 pm
How do you get the files out of the picture though?
Jacky February 17, 2013 at 8:39 am
This should also work with other files, so if you are looking to hide larger files without it looking suspicious (i.e a 300mb .jpg image) you should hide the files withing a .jpg image which you have changed the file type to .tif (a loseless picture file format), or, if you are hiding even larger files, try to hide them within a medium to high quality .mp3 file which you have made .wav file type (a loseless audio format) because honestly most people, unless they have studio headphones or speakers, won’t notice the difference in quality.
p.s. Pedophiles everywhere absolutely adore knowing this, expecially if they are smart enough to encrypt the .zip or .7z file they hide within the image :) as I do;)