A Delphi application for embedding executable files within image files using steganography techniques.
ExeSteganography is an educational tool that demonstrates how steganography can be used to embed executable files within carrier image files. The application uses the Least Significant Bit (LSB) technique to hide binary data in the pixels of an image with minimal visual impact.
⚠️ WARNING: This application is for educational purposes only. Misuse of steganography may violate laws in certain jurisdictions. Always use responsibly and ethically.
- Embed Mode: Hide executable files within PNG or JPG/JPEG images
- Extract Mode: Recover hidden executables from stego images
- Integrity Verification: Uses MD5 hashing to ensure extracted files match the original
- Multi-threaded Operations: Background processing to keep UI responsive
- Detailed Logging: Real-time progress reporting
The application uses the Least Significant Bit (LSB) steganography technique, which works by replacing the least significant bit of each color channel (R, G, B) in the image pixels with bits from the executable file. Since modifying the LSB causes minimal visual changes, the resulting stego image appears virtually identical to the original.
The embedded data contains:
- The binary content of the executable file
- An MD5 hash of the executable for integrity verification
- An end marker to identify where the hidden data ends
- Carrier Images: PNG, JPG/JPEG
- Output Images: PNG (to avoid compression artifacts)
- Files to Hide: Any executable (*.exe) or binary file
- Open the "Embed" tab
- Browse and select a carrier image
- Browse and select the executable file to hide
- Specify an output path for the stego image
- Click "Embed"
- Wait for the operation to complete
- Open the "Extract" tab
- Browse and select the stego image containing a hidden executable
- Specify where to save the extracted executable
- Click "Extract"
- The application will verify the integrity of the extracted file using MD5
- BinaryHelper.pas: Utility class for binary operations
- ExeSteganography.pas: Core steganography implementation
- MainForm.pas: UI implementation and thread management
-
Embedding Process:
- The executable file is read into memory
- An MD5 hash is calculated for integrity verification
- The executable data, MD5 hash, and end marker are combined
- The combined data is converted to a bit stream
- Each bit replaces the LSB of a color component in the image
- The modified image is saved as PNG
-
Extraction Process:
- The LSB of each color component is extracted
- Bits are combined into bytes
- The end marker is located to determine where the data ends
- The executable and MD5 hash are separated
- The extracted executable is saved
- The MD5 hash is compared against the calculated hash of the extracted file
- The carrier image must have sufficient capacity to store the executable file
- PNG output is used to prevent data loss from lossy compression
- Large executables require proportionally large carrier images
Contributions are welcome! Please feel free to submit a Pull Request.
Made with ❤️ using Delphi RAD Studio