Steganography in NFTs
The practice of concealing messages or information within other nonsecret text or data.
Last updated
The practice of concealing messages or information within other nonsecret text or data.
Last updated
Steganography plays an interesting role in the NFT space since it usually involves hiding data inside files such as images, videos, and audio which are commonly used in NFTs. The first recorded use of the term Steganography was in 1499 by Johannes Trithemius in his book Steganographia, which was disguised as a book on magic. The first instance of Steganography however goes back to 440 BC where a servants head was shaved and a message was marked on his scalp and concealed later by his grown hair.
Today Steganography is used in many ways such as for criminal use, spying, or simply for puzzels. Some criminals and malicious hackers may use it for hiding malicious payloads in files or for simply hiding other code and messages.
Sometimes spy organizations may use it for communicating to different parties.
Sometimes communities like SectorH may use it for puzzels and games or sending messages to particular users. There have also been known attacks where a weaponized Excel document contained a PowerShell script that downloads steganographic images. The script extracts addition code from the images which was used to download a trojan. There have been other attack discussions where a hosted image was accessed from a windows command line and was used to invoke Mimikatz (A tool used to extract passwords and more).
Some common tools used to hide information in files include:
OpenStego - Attaches a secret message file inside BMP, GIF, JPEG, PNG and WBMP files.
rSteg - A java based tool that lets you hide text data inside an image.
Steghide - Opensource tool that lets you hide your file in an image or audio file.
SteganPEG - Lets you hide any image in a JPG file.
Some common tools used for analysis of Steganography files include:
StegCracker - Brute force utility to uncover hidden data inside files.
Stegextract - Detect hidden files and text in images.
Stegsolve - Applies various techniques to images.
Zsteg - PNG/BMP analysis.
References https://en.wikipedia.org/wiki/Steganography https://portswigger.net/daily-swig/what-is-steganography-a-complete-guide-to-the-ancient-art-of-concealing-messages
https://resources.infosecinstitute.com/topic/steganography-and-tools-to-perform-steganography/
https://github.com/peewpw/Invoke-PSImage https://www.yeahhub.com/top-steganography-tools-ctf-challenges/ https://www.securityweek.com/attack-combines-phishing-steganography-powershell-deliver-malware