I'm trying to find out what is a good way to detect whether an image file has other files hidden inside it?
related link:
- Hide files inside of JPEG images at lifehacker
Add a comment
|
1 Answer
Simple methods
Method via ImageMagick/convert tool
Use ImageMagick command tool convert to find the differences between the original file and converted one. E.g.
$ convert original.jpg converted.jpg # this is an ImageMagick command
$ ls -l original.jpg converted.jpg
667228 original.jpg
648515 converted.jpg
Then you can compare the binary file, see: How do I compare binary files in Linux?
Method via strings
Look for any suspicious content via strings. It will print any printable strings in a file which could indicate some hidden files, messages or content. E.g.:
$ strings -10 image.jpg
Example image: The original image with hidden message which started the Cicada 3301
Advanced methods
Method via hexdump
Every JPEG file starts by SOI (Start of image) with binary value of 0xFFD8 and it is terminated by EOI Marker (End of image) which has the binary value of 0xFFD9.
Therefore you may try to check for any extra content after EOI marker. In example:
hexdump -C image.jpg | less +/"ff d9"
hexdump -C image.jpg | more +/"ff d9"
Method via xdd
Use xdd command-line based tool with tr and sed to print the content after EOI Marker.
In example:
xxd -c1 -p image.jpg | tr "\n" " " | sed -n -e 's/.*\( ff d9 \)\(.*\).*/\2/p' | xxd -r -p
Read more: How to dump part of binary file at SE
Related:
- How to find hidden files inside image files (Jpg/Gif/Png) [closed] at StackOverflow
- Finding hidden files (video files) within an image [closed] at StackOverflow
- JPEG format and Marker
- Steganography at Wikipedia
