stegseek v0.6 releases: lightning fast steghide cracker

by do son · Published · Updated

stegseek

Stegseek

Stegseek is a lightning-fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt* in under 2 seconds.

stegseek

Stegseek can also be used to extract steghide metadata without a password, which can be used to test whether a file contains steghide data.

* rockyou.txt is a well-known password list with over 14 million passwords.

Performance

This is where Stegseek really shines. As promised, let’s start with the “rockyou.txt in just 2 seconds” claim.
All of these numbers are measured on a laptop with an Intel i7-7700HQ CPU @ 2.80GHz and 8 GB of RAM.

RockYou.txt

I picked the last password in rockyou.txt without control characters: “␣␣␣␣␣␣␣1” (7 spaces followed by ‘1’).
This password is on line 14344383 out of 14344391

time stegseek 7spaces1.jpg rockyou.txt 

Stegseek version 0.4

[i] Read the entire wordlist (14344391 words), starting cracker

[ 14231679 / 14344391 ]  (99,21%)                 

[i] --> Found passphrase: "       1"



[i] Original filename: "secret.txt"

[i] Extracting to "7spaces1.jpg.out"



real	0m1,912s

user	0m10,355s

sys	0m0,144s

 

 

 

 

And there it is, over 14 million passwords in less than 2 seconds 😍.

How does this compare to other tools?

To test the performance of other tools, I created several stego files with different passwords, taken from rockyou.txt. I ran each of the tools with their default settings, except Stegbrute where I increased threading for a fair comparison.

password Line Stegseek v0.4 Stegcracker 2.0.9 Stegbrute v0.1.1 (-t 8)
“cassandra” 1 000 0.9s 3.1s 0.7s
“kupal” 10 000 0.9s 14.4s 7.1s
“sagar” 100 000 0.9s 2m23.0s 1m21.9s
“budakid1” 1 000 000 0.9s [p] 23m50.0s 13m45.7s
“␣␣␣␣␣␣␣1” 14 344 383 1.9s [p] 5h41m52.5s [p] 3h17m38.0s

[p] = projected time based on previous results.

To compare the speed of each tool, let’s look at the last row of the table (otherwise Stegseek finishes before all threads have started).

At this scale, Stegseek is over 10 000 times faster than Stegcracker and over 6000 times faster than Stegbrute.

Changelog v0.6

  • Fixed BMP cracking for files with a large palette ( #5 ).
  • Added a --continue flag to search for multiple hidden files ( #3 ).
  • Added an --accessible flag to make the CLI more screen reader friendly
  • Made the CLI more consistent, added colors.
  • --crack and --seed now throw proper exit codes for easier scripting.
  • Lower performance overhead for metrics.
  • fixed compiler flags for default build.

Download & Use

Copyright (C) 2020 RickdeJager

Tags: stegseek