Stegogram

What it does

Stegogram appears as a simple Instagram clone at first, but it has a big secret: it employs Steganography to hide files inside of the images you upload to covertly smuggle data in restrictive environments.

Stegogram is designed to appear completely benign to normal users with the ability to share photos and make comments on posts. A trained operative, however, can unlock a hidden mode with a secret code that lets them embed files within their uploaded images using Steganography! On posts with hidden data, you can retrieve the embedded files by commenting the correct password.

How it works

Stegogram's Steganography works by abusing JPEG's ability to have application-defined data within images, embedding AES-encrypted files inside of the post images. Using app-defined data in JPEG makes the hidden files invisible to image viewers, so there is little possibility of image corruption or artifacts. For posts without hidden files, junk data is put in the app field to make it seem less suspicious. The system is also designed to work entirely client-side, with Stegogram's backend having no knowledge of any additional data within the images.

Inspiration

Stegogram was inspired by the CIA's attempts at covert communication using fake websites to communicate with operatives.

Accomplishments that we're proud of

• We're very proud of the Steganography system we made. We learned a lot about how the JPEG format works, hex editing, and how to abuse file formats.
• We're proud of learning MongoDB in a weekend, coming from using SQL databases.
• We were able to get everything working pretty quickly.

What we could improve

• There's a file size limit for hidden files since JPEG only allows app segments to be 65KiB. We could upgrade this system to allow arbitrarily-sized files using multiple app segments.
• Support for PNGs, WebP, and other popular image formats could be added.

Built With

• digitalocean
• mongodb
• nestjs
• nextjs
• node.js
• typescript