Steganography Cheatsheet for CTF Beginners β€” Neerajlovecyber

Β· Steganography  Β· 3 min read

Steganography Cheatsheet for CTF Beginners

A complete Steganography 101 CTF Cheatsheet covering essential tools, techniques, and tips to solve image, audio, and file-based stego challenges. Perfect for beginners and CTF players looking to master hidden data analysis.

Table of Contents

Steganography is the art of concealing messages in plain sight β€” hiding data in files that appear normal. In Capture The Flag (CTF) contests, stego challenges often hide flags inside images, audio, videos, PDFs, or metadata.

πŸ“ Step-by-Step File Analysis

πŸ” Basic Commands

file target.jpg strings target.jpg | head -n 50 xxd target.jpg | head hexdump -C target.jpg | head

Check the file’s true type, readable strings, and hex patterns. You may discover plaintext flags, passwords, or data headers.

🧡 Metadata Extraction

exiftool target.jpg

Extract EXIF comments, timestamps, GPS info, and hidden metadata.

Also try:

exiv2 target.jpg

For direct metadata manipulation or cleanup.

🧩 Embedded File Discovery

πŸ” Binwalk – File Carving Tool

binwalk -Me target.jpg

Key Options:

  • -e: Extract embedded files

  • -M: Recursive extraction

  • -z: Carve data blocks without extraction

  • -R: Raw hex pattern match (e.g., \x1f\x8b for gzip)

  • -E: Entropy scanning

  • -W: Hex diff mode

Use dd if you manually need to extract embedded segments.

🎨 Image Steganography

πŸ–Ό Visual Tricks

  1. Open image and observe β€” flag may be painted in.

  2. Use GIMP: adjust brightness, contrast, curves, color levels.

  3. Use ImageMagick to compare images:

compare original.png modified.png diff.png

πŸ”§ Bit-Level Tools

ToolUsage
stegsolveBit-plane viewer (bit-level hidden info)
zstegBit analysis of PNG/BMP
stegonlineWeb-based image steg operations
SteganabaraLSB amplifier & visualizer
sigBitsSignificant bits stego decoder
pngcheckDump/analyze PNG chunks
pngtoolsDeep chunk-level PNG analysis

Use stegsolve to identify QR codes, LSB data, or color-filtered patterns.

🧰 Extraction Tools

ToolUsage
steghideHide/extract in JPG, BMP, WAV
stegseekFast brute-force for steghide
stegcrackerBrute-force JPG stego files
outguessStego in JPG/PPM files
stegextractAuto-detect hidden data
jstegLSB-based JPEG stego
stegpySimple Python LSB tool
stegosaurusEmbed data into Python bytecode
Snow/stegsnowWhitespace stego tool

Example:

steghide extract -sf secret.jpg stegseek secret.jpg rockyou.txt

πŸ–Ό Online Tools

🎧 Audio Steganography

πŸ”Š Useful Tools

ToolPurpose
DeepSoundHide/extract files in .wav audio
sonic-visualiserVisualize spectrograms, waveforms
audacityWaveform editing, reversal, decoding
Decodes dial tones from audio
Snow / stegsnowWhitespace stego in audio

Use sonic-visualiser with linear/log scale spectrogram + contrast filters.

πŸŽ₯ Video Steganography

πŸ” Frame & Audio Extraction

ffmpeg -i video.mp4 frame_%04d.png

  • Analyze individual frames using zsteg, stegsolve.

  • Open audio separately in Audacity for reverse/LSB tricks.

Tool:
hipshot β€” Convert video/photo series into long-exposure-style images to reveal stego data.

πŸ“„ PDF Stego

πŸ” Text & Metadata

pdfinfo file.pdf pdftotext file.pdf output.txt

πŸ”“ Crack Protected PDFs

pdf2john file.pdf > hash.txt john --wordlist=rockyou.txt hash.txt

πŸ”₯ Advanced Tricks & Scripts

πŸ“Š Convert Binary to Image

convert -depth 8 -size 300x300+0 gray:data.raw output.png

View strange binary blobs visually.

🧬 Invert Pixel Colors (Python)

import Image
if __name__ == '__main__':
  img = Image.open('input.png')
  in_pixels = list(img.getdata())
   out_pixels = list()


  for i in range(len(in_pixels)):
    r = in_pixels[i][0]
    g = in_pixels[i][1]
    b = in_pixels[i][2]
    out_pixels.append( (255-r, 255-g, 255-b) )


  out_img = Image.new(img.mode, img.size)
  out_img.putdata(out_pixels)
  out_img.save("output_inverted.png", "PNG")

the image looks like it’s just a random noise we should make sure of it. We can, in fact, measure its randomness. Pixels of each color can appear in each place of the image with equal chance. If it’s false for some colors, we certainly want to look at them. Here is a script for that, and the results appears below:

$ php solve.php image.png
MAX disp: 1492.41; AVG: 92.82
GAP: 351.61 Β± 200
DONE.

Flag

🌍 OSINT & Comparisons

  • TinEye: Reverse search

  • Use ImageMagick or diff-pixel tools for overlays

  • Compare layers in Adobe/GIMP if image has metadata for layer stacking

πŸ› οΈ Tool Index (Summary)

ToolCategoryFunction
AperiSolveOnlineLayer inspection
FotoForensicsOnlineELA and manipulation detection
BPSteganoCLILSB encoding (Python3)
StegsolveGUI (Java)Bit-layer viewer
ZstegCLIPNG/BMP LSB decoding
SteghideCLIStego in image/audio
StegseekCLIBrute-force steghide
OutguessCLIJPG/PPM stego
Snow / StegsnowCLIWhitespace stego
jstegCLIJPEG LSB
sigBitsCLILSB decoder
stegcrackerCLIJPG bruteforce stego
stegextractCLIAuto extract data
ImageMagickCLICompare, convert, XOR
pngcheckCLIPNG chunk inspection
pngtoolsCLIAdvanced PNG analysis
StegOnlineWebEncode/Decode images
Image SteganographyWebJS-based LSB tool
OpenStegoGUIRandom LSB
DeepSoundGUIAudio file steganography
hipshotCLIVideo β†’ long exposure frame
sonic-visualiserGUIAudio spectrum viewer
DTMF ToolsAudioDecode dial tones
pdf2johnCLICrack PDF password
StegosaurusPythonEmbed in bytecode
StegoVeritasPythonMulti-stego toolkit
StegpyPythonBasic LSB tool
BPSteganoPythonLSB encoding (Python3)
SteganabaraGUILSB amplifier & visualizer
Magic Eye SolverWebHidden info from images
SmartDeblurGUIDeblur images
Exiv2CLIImage metadata manipulation
ExifCLIShow EXIF info
StegbreakCLIBrute-force JPG stego
BinwalkCLIEmbedded file extraction
Share:
Back to Blog

Related Posts

View All Posts Β»