Submitted by Zephyr_hex:
Download a couple of known stegged images and save them to your
drive. I have put a couple of example in the "files" section of the
group (conlan6, cd2736-001_max, clipping and fig-1a.gif).
To load stegdetect, double click on xsteg.exe
In stegdetect, select your sensitivity level (1 is low), and then
do "file" and then "open". Use the bar near the top to navigate to
the directory where you saved the images. Once you are in that
directory, the file names should show up in the window
called "files". Select your image.
Conlan6 starts testing positive for jphide at sensitivity 4.
cd2736-001_max tests positive at level 1.
clipping tests positive at level 4.
fig-1a.gif is not a jpg, and so therefore, stegdetect doesn't
So this is how we test for the existance of hidden images/files.
When you have a file that tests positive on a relatively low
sensitivity, then you need to come up with a password. Experience
from last season -- the passwords are usually closely related to the
images (as you will see in the examples below. For an explanation on
the relationship of the password to the image, see Avery's Season 1
FAQ in the "bookmarks" section of the group)
(I will describe how to decode the hidden files below)
First, there are two destegging programs. one was used at the
beginning of last season, and then we were introduced to a different
program. this is important, because we've found that attempting to
use steg047 on some items from later in the season did not work --
late season items needed a program called camouflage.
so, download steg047 and camouflage, and install them on your drive
(both programs are located in the "files" section of the group).
When you install camouflage, select the option to include camo in
your right-click menu list.
We'll start with steg047 and conlan6.jpg. Open steg047 by double
clicking on jphswin.exe. Select "open jpeg" from the title bar menu,
and choose conlan6.jpg. Then select "seek" from the title bar menu.
Enter in the password (shepard), and then give your image a unique
name (such as test.jpg). Then go to the folder you saved this new
file in, and open your jpg (should be a map of colentina). NOTE: you
can change the options so that you can see the password as you type
it in, and so that you don't have to enter the password twice.
Go through the same process with cd2736-001_max (password is
DProgram). You should get the first page of a McCullough/Cyan memo.
Again, same process for clipping.jpg (password is katejones). You
should get a text file (make sure to name it filename.txt).
Ok.. now close out steg047.
With camouflage, i selected the option at install time which allows
me to access the program by right-clicking on any image.
Go to fig-1a.gif and right-click on it, and select "uncamouflage".
Password is omega17. This will bring up a box with two files.
Select briefing1a.txt and click "next". Choose a place to save it to.
So, this concludes 101 on steg.
Last update: 9/30/03