How to encode a hidden message in an image?

One can share messages hidden in JPEG images without the prying eyes of others noticing or figuring out what the messages say.  This is possible with the Alternate Data Streams.

What are Alternate Data Streams (ADS)?

Alternate Data Streams (ADSs) are a file attribute which is unique to NTFS file systems. Every file that you create on NTFS file system will have at least one data stream ($DATA).  The ADS feature allows additional data to be added to an existing file within the NTFS, essentially adding one file to another. The extra data does not show up in directory listing, and it is not shown when displaying the contents of the file; it's visible only when you access the stream.

Because ADS are difficult to find, they are often used by hackers to hide files on machines that they have compromised. One can create any type of file (such as executables, document files, video and audio files etc.) in alternate data streams. Usually hackers create executables in alternate data streams and will execute them from command line without showing up in Windows Explorer (or the Console).

Figure1: ADS

In the above diagram, 1 executable & 1 mp3 file are hidden in the pdf. So these two are alternate data streams created for the pdf are not visible to the user.

Authored by Haritha Annangi

Rate this article: 
Average: 4.3 (6 votes)
Article category: