Hide Information in JPEG Files
Рет қаралды 174,239
Күн бұрынIn this video, we learn how to hide secret messages inside of JPEG files, without changing anything about the actual image.
◾◾◾◾◾◾◾◾◾◾◾◾◾◾◾◾◾
📚 Programming Books & Merch 📚
🐍 The Python Bible Book: www.neuralnine.com/books/
💻 The Algorithm Bible Book: www.neuralnine.com/books/
👕 Programming Merch: www.neuralnine.com/shop
🌐 Social Media & Contact 🌐
📱 Website: www.neuralnine.com/
📷 Instagram: / neuralnine
🐦 Twitter: / neuralnine
🤵 LinkedIn: / neuralnine
📁 GitHub: github.com/NeuralNine
🎙 Discord: / discord
🎵 Outro Music From: www.bensound.com/
Timestamps:
(0:00) Intro
(1:00) Structure of JPEG Files
(3:05) Hide Messages in JPEG Files
(7:05) Hide Images in JPEG Files
(12:04) Hide Executables in JPEG Files
(15:45) Outro
Thumbnail JPEG Icon Source: www.flaticon.com/de/autoren/s...
@uday-xyz1523 2 жыл бұрын
imagine people storing credit card info in photos, this is like 'safe behind a painting' but virtual
@user-sz7rp7kr4c 2 жыл бұрын
People do it but if the police knew about it, you have a Problem 😂
@kingideaofficial 2 жыл бұрын
Yeah, imagine…
@sergsergesrgergseg 2 жыл бұрын
@@Karl2Peter why would u hash credit card info
@cuddenudd7697 2 жыл бұрын
It has already happened, a cyber gang famous for credit frauds has hid it in cat pictures so that isp wouldnt notice
@wazy1852 2 жыл бұрын
We went a full circle
@numberiforgot 2 жыл бұрын
Before I really started my InfoSec career, I always thought this sort of thing was super drawn out and complicated. Now that I have experience, it’s sort of eye opening to see how easily it can be done.
@manfredpseudowengorz 2 жыл бұрын
until someone blocks the input stream on the FFD9
@cckdex 2 жыл бұрын
@@manfredpseudowengorz as almost any filetype has identifieres this doesnt matter at all
@mehregankbi 2 жыл бұрын
don't you think such files should be flagged by windows defender or imageviewer apps?
@MaxCE 2 жыл бұрын
@@mehregankbi yeah this is why another way this is done is change some pixel values to store data as a sort of pattern, can't be normally seen by humans if the image is high res enough
@WolfyTribe 2 жыл бұрын
Actually real steganography is done in another way, but similar results. Change the least significant bit (LSB) of rgb element in each pixel so that its odd or even. The pattern of odds and even ( 0 and 1 ) will give you a hidden message when you extract. This way you’re basically altering the real image im a way its not distorted instead of adding to the image.
@marco.nascimento 2 жыл бұрын
Quite interesting. We usually know so little about file formats, cool to learn something like that.
@mohammedalshrief532 2 жыл бұрын
Machine learning pid iron station test
@FridgeFucker96 2 жыл бұрын
Bro your explanations are so clear! You deserve all the subscribers you got and you should have even more!
@mohammedalshrief532 2 жыл бұрын
kzbin.info/www/bejne/gYmxg5-AhdCKf80❤💝🙈❤
@mohammedalshrief532 2 жыл бұрын
Pid machine learning iron station
@wesleyelder 2 жыл бұрын
Awesome! The way you explain things is amazing - I always learn alot. Thanks again!
@gauravverma5692 2 жыл бұрын
I did this when I was doing my masters 17 years ago, but in bmp
@asiamies9153 2 жыл бұрын
why
@gauravverma5692 2 жыл бұрын
@@asiamies9153 didn't have anything better to do... Had learnt c and had gone through file format... So I was changing specific bits in RGB
@sarahshaub3243 10 ай бұрын
This is great! This was my first time trying steganography and using python and this was super interesting! You did a great job of walking through which each step's purpose was!
@xzex2609 Жыл бұрын
Your channel is one of the top 5 , I have learned so much from you , very concise , with necessary information. I thank a lot for all this effort
@claudiu7909 2 жыл бұрын
you can hide zip archive in jpg images using the copy comand in cmd. opening it in 7zip will open the archive, but otherwise it will open as a normal image
@ibrahimosama6882 2 жыл бұрын
how exactly if u can wake me through this i would be grateful
@claudiu7909 2 жыл бұрын
@@ibrahimosama6882 this is the comand copy /b image.jpg + archive.zip output.jpg
@ibrahimosama6882 2 жыл бұрын
@@claudiu7909 tysm man
@Ph34rNoB33r 2 жыл бұрын
Works because a ZIP archive has the metadata at the end (if you add more files to an archive, its metadata is going to grow, so if it's at the end you don't have to move as much data to make space). Learnt about that because back in the 90s, I had some installer that was a shell script with appended zip archive.
@D0Samp 2 жыл бұрын
@@Ph34rNoB33r It's even simpler than that, it even works with e.g. RAR (which doesn't concentrate metadata on members at all, just adds a list of offsets at the end when you add a "quick open header" to RAR5 archives) or 7-Zip (which has the table of contents at the beginning). Archivers just scan the file until they find an archive file signature to support self-extracting archives, which are just an archive appended to an unpacker executable.
@pranaypallavtripathi2460 2 жыл бұрын
This is insanely clever for me. Never imagined something like this was even possible. Thank you very much for teaching this to me.
@JohnnyOttosson85 2 жыл бұрын
Man, this is awesome. I hope I’ll learn more cool stuff from you.
@thomasgoodwin2648 2 жыл бұрын
hmmm interesting thought otd. Given recent advances in ai code suggestions, it makes me wonder if gpt3 could be trained to decompile object code to some reasonable facsimile of the original code. The art of code decompiling is even more mysterious than coding since you have to devine meanings of the symbol table just through sometimes very obscure usage. This might be one more opportunity for ai to really shine. Awesome as always. The most interesting materials are never found on the most beaten path. The best stuff is found in the unknown.
@Rahul-ff1vx 2 жыл бұрын
Have been waiting trying to find out how to do these things for months. Thank you so much!!!!!
@wizdakid1842 2 жыл бұрын
subbed and liked, this gave me an idea for storing programs in files and extracting then running them
@eyosiyas_js 2 жыл бұрын
That's Insane my man. I really appreciate u. Thanks
@marcelino4828 Жыл бұрын
Thanks NeuralNine. Cool video!
@b391i 2 жыл бұрын
Steganography is a magnificent technique to hide stuff from intruders👌
@mA-pg4wu 2 жыл бұрын
THANK YOU. I have been looking for this tutorial for ages. You can't imageine how much time I spent trying to find a way to do this, thank you so much. btw I'm downloading this video so I won't lose it again
@evelynx06 2 жыл бұрын
6:46 There is literally a checkbox there that says "Do not ask this question again"
@excalizan7697 2 жыл бұрын
I was just curious about that... Thanks NeuralNine!
@NeuralNine 2 жыл бұрын
^^
@santiagohernandez6615 Жыл бұрын
Awesome this was really interesthing and useful, thanks NeuralNine
@mrZzz675 5 ай бұрын
Excellent Content !!Thank You!!!
@yannemalovskiy8846 2 жыл бұрын
Thanks a lot for your vids! Great job!
@ericepperson8409 2 жыл бұрын
I bought a reference 5700 (non-xt) when they were being discontinued for $270. I spent another $70 to get the Artic Freezer aftermarket cooler. Then flashed it with the XT bios. Since then, AMD has only improved the drivers and performance. The only times I've had any issues were pushing unstable overclocks or with game titles that are notoriously bad to begin with.
@salimmiloudi4472 2 жыл бұрын
Thanks for the content 👍. I've got a question please. Is there a way to automatically extract and launch the executable file in the background after reaching the EOF flag of the image
@robinferizi9073 2 жыл бұрын
This is cool because it means we can have a way to hide data on open networks, and when sending things to people, or just simply to hide things on your own device, like your you know what photos
@ApiolJoe 2 жыл бұрын
You don't want to send data this way on open networks, it's just not secure.
@robinferizi9073 2 жыл бұрын
@@ApiolJoe not necessarily when people who know what they’re doing involved, but when you have a network full of people who don’t know their way around a computer properly, this is great
@ApiolJoe 2 жыл бұрын
@@robinferizi9073 if they don't know their way around a computer, you don't need this.
@robinferizi9073 2 жыл бұрын
@@ApiolJoe true
@theclockworkcadaver7025 2 жыл бұрын
@@ApiolJoe Security by obscurity is a legitimate thing. It's only insecure if someone is looking at what you're doing very closely, and looking _specifically_ for this technique -- in which case, you probably wouldn't get past them anyway.
@tarrvey5619 2 жыл бұрын
I really appreciate these kind of videos. You explaining Stuff which I didnt know existed. Really Cool, now I'm never gonna click a jpeg lol.Hope you get a 100k in a couple of weeks.
@donnykim9822 3 ай бұрын
A problem I found with the hello world part is the FF D9 is always at the end of jpg file, BUT it does not mean FF D9 cannot appear elsewhere in the file. In my case, I found a jpg file that had FF D9 in 2 other separate spots than at the end.
@bloodyyjohnson7004 2 жыл бұрын
Thank you so much, I always wanted to know how it works, I know I say this every time you see my messages or comments, but you are the holy grail. You learned me so much thing since that last 2 years ! big love on you bro
@NeuralNine 2 жыл бұрын
thanks for your kind comment brother :)
@thecashewtrader3328 2 жыл бұрын
Wow
@dovahkiin516 2 жыл бұрын
I downloaded a random image off the internet so I could do this on. I couldn't figure out why I couldn't get it to read, I was able to write to the jpg. Turns out it already has another hidden message inside it that's more complicated to extract lol.
@fflecker 5 ай бұрын
Thanks a lot. What' s about PNG, TIFF and PDF ? Did you make additional experiments ?
@victor_sztuka 2 жыл бұрын
Thanks bro, well done👍
@higiniofuentes2551 Жыл бұрын
Thank you for this very useful video!
@color.8467 2 жыл бұрын
boooo i was looking for this, you the real OG
@thomasgoodwin2648 2 жыл бұрын
Mind if you do come across something in the wilds of the net I wouldn't run it unless you really know what you're doing. (Sandbox VM, profilers, decompilers, etc)
@damnryder Жыл бұрын
is it possible to execute the exe file while opening the jpg file in which we hide exe?
@CoentraDZ 2 жыл бұрын
I like your content 💪🔥
@user-nl2cc4vk4s 11 ай бұрын
thanks ur share.I have a question,how to insert codes to a jpg file, whilch can execute the code inside once the jpg file is opened
@higiniofuentes2551 Жыл бұрын
Any suggestions to how would be to run an inside program each time you open the image? Thank you!
@rafaelfonseca7942 2 ай бұрын
Thought you'd show how to open an image and have an executable run somehow also. Anyway, liked these image tricks!
@brpawankumariyengar4227 2 жыл бұрын
Awesome ….. Incredible ….. this is Amazing 🤩
@kapilsonyt 2 жыл бұрын
Scary stuff man!!! Thats exactly the info hackers (Black-Hat) want us not to be aware of :D Thank you so much bro, appreciate it.
@razziel4599 2 жыл бұрын
ayyy xkcd!
@mathew6041 2 жыл бұрын
What would happen if the image is being sent through a platform that has image compression, for example whatsapp Will the added data be unharmed?
@KimionTM 2 жыл бұрын
Gotta try it for yourself but i suspect that the data will be stripped off
@Kitulous 2 жыл бұрын
@@KimionTM messengers and social networks almost always reprocess the image in order to compress it, so yeah, it will definitely be stripped off
@EW-mb1ih 2 жыл бұрын
Nice video! Do you have any practical application of this ?
@MackPaddy 9 ай бұрын
Hiding copyright information inside of the image. Not sure if it will disappear if the image is edited or renamed, though. Still learning that.
@waaaaaaah5135 2 жыл бұрын
This is absolutely amazing! Could you do the same with video files?
@asra4281 2 жыл бұрын
Video files are too big and would raise suspicion (if one has common sense)
@goranbekic1911 2 жыл бұрын
Does this work as the old DOS copy /b command? If so, if I remember correctly, you can skip the extraction part and just change the extension to which part you want to see (e.g. photo.jpg opens in photo editor, photo.txt opens in notepad and shows just the text Hello world)...
@Alessandroale74 2 жыл бұрын
Copy yes true, but when change extension then the program start to read every time from first byte, not from the second file hidden inside, so you will have simply a notepad full of ascii characters before the final correct text
@noviccen388 11 ай бұрын
4:02 what happens if we omit b in b"Hello World" ? Cant string be added to the file ?
@raghuramelancheran9979 2 жыл бұрын
Very informative. But I've a question. Let's say I download some jpeg by mistake, which has hidden exe. How can someone make this exe extract itself and run on my device? What are the steps I can do to prevent that from happening? Because tbh there is no way to know which image is infected and which isn't, and it's not possible to stay away from downloading images at all. Should I write a python code to check the images by myself? And will that exe stay inside the image safely till I'm able to verify the image using python?
@boogychan 6 ай бұрын
That's interesting.
@1jobhunt Жыл бұрын
All files in image. DL fir security check onto usb from email... use code editor to scan? Or will it exicute upon opening?
@hwzzegwggs8029 2 жыл бұрын
Thank you for this video
@NeuralNine 2 жыл бұрын
thanks for watching!
@saultamez7660 2 жыл бұрын
@@NeuralNine what Hex Editor software are you using currently? I am trying to find those that are for free.
@HaseebKhan-on5zk Жыл бұрын
Great video, really opened my eyes to what is capable these days.
@phookadude 2 жыл бұрын
So this is usable but wouldn't hide anything from a bytewise search or anyone who knows anything about programming. There's a much better way to hide stuff in images, you write your info into the least significant color bits of the image. If you do it correctly you can even do it with a jpg but a non-compressed file is easier. You can literally just print text that wont be visible in the image and it won't look like a addended file. But if you're going to do this compress your data and at least terminate it with FFD9 so a casual look still looks like a JPG.
@1jobhunt Жыл бұрын
You could also send to phone and use an image reader possible
@cray-rg6qt 2 жыл бұрын
Hey I've got problem at the very beggining. For some reasons my write function doesn't work and I can't append "Hello World" to my jpg
@SirusStarTV 2 жыл бұрын
I think many social websites just get rid of everything you hidden in the image. They process the image and compress it (and maybe inject their own metadata)
@vdofficialchannel9841 2 жыл бұрын
Thats why we modify the Hex
@hedgy7378 Жыл бұрын
I know I'm late but is there a way to run the executable embedded in the image in the python script without writing it to disk?
@QuadOctane 2 жыл бұрын
Quick question - Is it possible to execute a standalone .exe file (which is injected into the .jpg file) when a user opens the .jpg image? Great video btw!
@ahmedyasser8416 2 жыл бұрын
a very mean way of hacking 🌚
@alien_X1 2 жыл бұрын
works on PC but not on mobile
@started.494 2 жыл бұрын
@@ahmedyasser8416 حصل يسطا
@unbekannter_Nutzer 2 жыл бұрын
No, the executable file has to have a special byte sequence at the beginning - in x86 times this was "MZ…" if I remember correctly - look it up with a hexcode editor. Maybe for x64 architecture, a variant is used, maybe it is different. But the file has to start with that.
@Quique-sz4uj 2 жыл бұрын
No, its not possible. As i said in another comment: Thats not how it works at all. You can hide a virus / malicious code in a JPEG or any other file really, the thing is that it doenst get executed because its not an executable. When photoshop for example reads the data from the JPEG file it only reads it (to the FFD9) but it doenst execute the rest of the binary lol. The only way to get a virus from opening a jpeg file is with a third party image reader than executes the bytes after the image.
@Zerahu 2 жыл бұрын
I cant get enough of that intro
@funwithgame4858 2 жыл бұрын
New here very much appreciate your content..
@idenkritik 2 жыл бұрын
Thx! Very cool!
@Jm7wtf 2 жыл бұрын
But can the executable file be opened automatically without any program while I open the jpeg file
@sivaskandha 2 жыл бұрын
Good explanation bro
@cs_guide_ 2 жыл бұрын
Great broo!!!
@avizaguri5823 2 жыл бұрын
Is it possible to execute the .exe file from the image? I mean, when I open the image, the exe will execute
@luphoria 2 жыл бұрын
It's possible. Probably, at least. Is it realistic? No
@haxxio 2 жыл бұрын
100k subs gj
@agent-33 2 жыл бұрын
I once took a peek of what's inside the APK of a mobile game I have and I see only one image file with size like 100MB. The photo is damaged or nothing to display so I suspect the files and resources are in that image file. After watching this, everything becomes clear now.
@lmfao1629 2 жыл бұрын
Very cool stuff.
@bropocalypseteam3390 Жыл бұрын
Is there any way that you can execute the exe file when you click on the image?
@user-kf1xn1dq9t 2 жыл бұрын
Rare jpeg market stocks goes down after this video.
@sohangchopra6478 2 жыл бұрын
Really cool trick!
@doctorrare1259 2 жыл бұрын
Where are stored the Metadata?? Before the FFD8 at the begining?? At the end??
@usprpc 2 жыл бұрын
how i can write my python code in jpg like when i open photo app will opened too?
@koffiflaimoiye5276 3 ай бұрын
Thanks verry much !!!
@nizarbelhiba Жыл бұрын
The question now is how to execute the injected exe file or extract the injected image file automatically only by opening the jpeg file
@saivarunnamburi6195 2 жыл бұрын
How can we know before that injected data is image or exe file or some other files without extracting @neuralnine
@rhanditaher1468 Ай бұрын
but how can the exe file run automaticlly if the jpg file was opened
@SangeetaYadav-wl6ef 2 жыл бұрын
Thanks bro for good contents
@NeuralNine 2 жыл бұрын
:)
@HarryBallsOnYa345 2 жыл бұрын
I wonder if it is possible to get your executables to run just by previewing the file 🤔. Still super cool method of obfuscation though
@NeuralNine 2 жыл бұрын
No thank God that's not possible
@Ph34rNoB33r 2 жыл бұрын
Bugs in system libraries make it possible. Some of that code is super old and in bad shape.
@lengors1674 2 жыл бұрын
Is there any utility to this besides hiding info from the average user?
@GooogleGoglee 2 жыл бұрын
The thing that is not clear to me is : when you search for the index in the file, how are you sure that the bytes FFD9 do not appear also before the end of the file image?
@dfgfdgdfgfdg2902 2 жыл бұрын
because thats how jpg files are structured
@luphoria 2 жыл бұрын
JPEG hex may look random but it's fully documented, so it is designed that there will never ever ever EVER be any FFD9 other than at the end :D
@vdofficialchannel9841 2 жыл бұрын
with open("Spagetti.jpg",'ab') as f, open('MinecraftLauncherV2.0©.exe','rb'): f.write(e.read()) When i execute this It says io.UnsupportedOperation: read
@RagHelen 2 жыл бұрын
But why? It is good for nothing. Moreover, exe files have inital sequences, too, and if antiviral software detects these inside an image file, they will got to defcon 1. You actually increase the probailty of being detected dramatically.
@D0Samp 2 жыл бұрын
Was a bit disappointed you just appended data to the image file, lots of image upload services just strip data past the end. You can have more success with adding application-specific JPEG segments (APP2..APP15 - APP0 is already used for JFIF and APP1 for Exif) or even encoding hidden messages into the actual quantization matrices.
@MegaHeatbreaker 2 жыл бұрын
good English .easy to understand
@IzUrBoiKK 2 жыл бұрын
Lol, this is a funny topic but can be useful (for rick rolls)!
@wittmackbrian2731 Жыл бұрын
How can i make the executable hidden in the picture to autorun
@donmbelembe1089 2 жыл бұрын
what if you send the jpg file via WhatsApp or Facebook, their compression mechanism is going to remove the appended bites?
@user-dh9cv7oo4e 3 ай бұрын
Sorry really fucking late reply but yes the bastards remove the appeneded bytes
@ebadansari6609 Жыл бұрын
😍 amazing
@nemanjakukic4519 2 жыл бұрын
No need for python here. For bash/zsh, this will do: `cat heart.png >> photo.jpeg`. It will work with any other file :D Windows shell uses `type` instead of `cat`.
@kantasisg 2 жыл бұрын
Good thinking but how you'd suggest extracting the heart.png from the jpeg in bash?
@miryam......system 2 жыл бұрын
dear can you make one clip for bind apk with image if when opening image that apk its launcher as automat
@devtadeo 2 жыл бұрын
what if make an image that shutdowns your pc
@AKASHMANDAL2386 Жыл бұрын
Inspiring Video
@foresteam4206 2 жыл бұрын
Wow, you've just invented an archiver
@thomasipad7719 2 жыл бұрын
If the JPEG ends at that 2 Bytes, why not just append the binary? Like “cat binary.exe >> image.jpg”
@thomasipad7719 2 жыл бұрын
@Dee_lan Of course. You just need to find the 4 bytes and then write out the rest. But when creating the files, you can simply append and be finished.
@luphoria 2 жыл бұрын
There is nothing wrong with this approach :p. The target of this video is beginner CS students that are interested in cybersec, I think, so they are less comfy with cmd or sh D:
@MA-748 2 жыл бұрын
But can you hide a .jpg in a .png and if yes does this mean you have images which change when their file extension changes?
@unbekannter_Nutzer 2 жыл бұрын
No, unless you write a viewer for that purpose. Images start with a significant bytecode, and if the program gets a JPG at the end of a PNG file or vice versa (I don't know, whether PNG has a similar end mark), named after the second file, the program usually does one of 2 things: Either it relies on the file extension, gets a mismatch in the prefix and bails out, or it ignores the extension, reads the first bytes and deals with that information and stops interpreting, when it hits the FFD9-mark.
@rajeshroshan2877 2 жыл бұрын
But how would you execute that .exe file embedded in the image file?
@akshitsingh6429 2 жыл бұрын
Extract the byte data to another file, then run it
@creeperizak8971 2 жыл бұрын
@@akshitsingh6429 yeah
@rajeshroshan2877 2 жыл бұрын
@@akshitsingh6429 Thank you! But I was wondering if there's a way to run the .exe when the image is clicked or pressed if on a phone.
@user-cu1wv8ui4r 2 жыл бұрын
@@rajeshroshan2877 That would be a huge security risk, think about it. It's definitely not possible, at least without exploiting bugs
@TheLazyEntrepreneur04 3 ай бұрын
Imagine a person doing this with a silent miner into others people computer to mine crypto. 😂
@oriabnu1 2 жыл бұрын
offset = content.index(bytes.fromhex('FFD9')) Traceback (most recent call last): File "", line 1, in ValueError: subsection not found can some one help me
@landxshort 6 ай бұрын
So, how to run program when click the photo
@mikewashington4188 2 жыл бұрын
I like it!!!!! Thanks
Hamster Kombat
Рет қаралды 54 МЛН
mCoding
Рет қаралды 1,3 МЛН
Loi Liang Yang
Рет қаралды 261 М.
Thebox - о технике и гаджетах
Рет қаралды 156 М.
Immersed
Рет қаралды 66 МЛН