SkillAgentSearch skills...

Imgconceal

Steganography tool for encrypting and hiding files inside JPEG, PNG and WebP images

GenerateConvertImprove

Install / Use

/learn @tbpaolini/Imgconceal
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

imgconceal: steganography on JPEG, PNG and WebP images

imgconceal is a tool for image steganography, that can hide files inside JPEG, PNG and WebP images. A password an be used for extracting the data later. The image with hidden data looks the same to the human eye as the regular image.

Downloads:

This is a command line program that is available for both Windows and Linux operating systems. imgconceal is a standalone executable, requiring no installation or shared libraries (DLL or SO).

Basic usage

This is a command line program, so you need to run imgconceal on a terminal. Currently there is no graphical user interface (GUI), though that is not off the table for a future update.

You can just put the executable on the folder where you want to run it, or add the executable's folder to the PATH environment variable of your system so you can run imgconceal from anywhere.

Hiding

To hide a file in an image using a password, run this command:

./imgconceal --input "path to the cover image" --hide "path to the file being hidden" --password "the password to be used for extraction"

If there is enough space in the cover image to hide the file, the image with hidden data will be saved to a new file (the original image and the hidden files are left untouched). The new image is named automatically (by adding a number to the original name), but if you want to specify the name you can add the command line argument --output "new image name".

The --hide "..." argument can receive multiple paths (or be provided multiple times) in order to hide more than one file in a single image. Size permitting, as many files as possible will be hidden (you get a status message which files succeeded or not). For example:

# Providing multiple files to be hidden in a single cover image
./imgconceal --input "cover image" --hide "file 1" "file 2" "file 3" --password "password for extraction"

# This also works for hiding multiple files
./imgconceal --input "cover image" --hide "file 1" --hide "file 2" --hide "file 3" --password "password for extraction"

If you do not want to use a password, you can provide the argument --no-password instead of --password "...". It is important to note that if you lose the password, there is no way of recovering it. The password is not stored, it is used instead for generating the encryption key, and without that key it's not possible to decrypt the data.

If you do not provide the --no-password or --password "..." options, then you are asked to type the password on the terminal. In this case, the typed characters are not shown, and you can just type nothing to use no password. Afterwards, you are asked to type the password again to confirm.

Extraction

To extract the files hidden in an image, run this command:

./imgconceal --extract "path to the cover image" --password "the same password used when hiding"

If you didn't use a password for hiding, you can pass the argument --no-password instead of --password "...". If the password is correct, the hidden files will be saved to the current folder.

By default, the files are extracted to the current directory. If you prefer to extract the files to somewhere else, you can use the --output option:

./imgconceal --extract "image" --output "folder" --password "your password"

Either way, if a extracted file has the same name as one that already exists, it will be renamed automatically (so no previously existing file is overwritten). You get status messages informing the names of the extracted files.

Tip: You can check our example images to test extracting data from them.

Checking an image for hidden data

It is possible to check if an image contains data hidden by imgconceal, without extracting the files. Just run this command:

./imgconceal --check "path to the cover image" --password "the same password used when hiding"

Again, --no-password can be used instead of --password "...".

If there are hidden files, they will be listed, alongside with their timestamps and names. If there is no hidden files or the password is wrong, the approximate amount of bytes that can be hidden in the image will be shown.

This program cannot differentiate between a wrong password and non-existing hidden data.

Advanced usage

It is possible to abbreviate a command line argument by just writing a - and its first letter. For example, --input can be -i, and --extract can be -e.

Examples (the arguments' order does not matter):

# Hiding a file on an image
./imgconceal -i "input image" -h "file being hidden" - o "output image" -p "password for unhiding"

# Extracting a hidden file from an image
./imgconceal -e "input image" -p "same password as before"

You can add the argument --verbose (or -v) to any operation in order to display the progress of each step performed during the hiding, extraction, or checking. Alternatively, you can add --silent (or -s) in order to print no status messages at all (errors are still shown).

When hiding a file, the default behavior is to overwrite the existing hidden files on the cover image. You can avoid that by adding the --append (or -a) argument. In order for appending to work, the password used must be the same as used for the previous files, otherwise the operation will fail (the existing files remain untouched).

You can run ./imgconceal --help in order to see all available command line arguments and their descriptions. For convenience's sake, here is the full help text:

Usage: imgconceal [OPTION...]

Steganography tool for hiding and extracting files on JPEG, PNG and WebP
images. Multiple files can be hidden in a single cover image, and the hidden
data can be (optionally) protected with a password.

Hiding a file on an image:
  imgconceal --input=IMAGE --hide=FILE [--output=NEW_IMAGE] [--append]
[--password=TEXT | --no-password]

Extracting a hidden file from an image:
  imgconceal --extract=IMAGE [--output=FOLDER] [--password=TEXT |
--no-password]

Check if an image has data hidden by this program:
  imgconceal --check=IMAGE [--password=TEXT | --no-password]

All options:

  -c, --check=IMAGE          Check if a given JPEG, PNG or WebP image contains
                             data hidden by this program, and estimate how much
                             data can still be hidden on the image. If a
                             password was used to hide the data, you should
                             also use the '--password' option. 
  -e, --extract=IMAGE        Extracts from the cover image the files that were
                             hidden on it by this program. The extracted files
                             will have the same names and timestamps as when
                             they were hidden. You can also use the '--output'
                             option to specify the folder where the files are
                             extracted into.
  -h, --hide=FILE            Path to the file being hidden in the cover image.
                             This option can be specified multiple times in
                             order to hide more than one file. You can also
                             pass more than one path to this option in order to
                             hide multiple files. If there is no enough space
                             in the cover image, some files may fail being
                             hidden (files specified first have priority when
                             trying to hide). The default behavior is to
                             overwrite the existing previously hidden files, to
                             avoid that add the '--append' option.
  -i, --input=IMAGE          Path to the cover image (the JPEG, PNG or WebP
                             file where to hide another file). You can also use
                             the '--output' option to specify the name in which
                             to save the modified image.
  -o, --output=PATH          When hiding files in an image, this is the
                             filename where to save the image with hidden data
                             (if this option is not used, the new image is
                             named automatically). When extracting files from
                             an image, this option is the directory where to
                             save the extracted files (if not used, the files
                             are extracted to the current working directory).
  -a, --append               When hiding a file with the '--hide' option,
                             append the new file instead of overwriting the
                             existing hidden files. For this option to work,
                             the password must be the same as the one used for
                             the previous files.
  -p, --password=TEXT        Password for encrypting and scrambling the hidden
                             data. This option should be used alongside
                             '--hide', '--extract', or '--check'. The password
                             may contain any character that your terminal
                             allows you to input (if it has spaces, please
                             enclose the password between quotation marks). If
                             you do not want to have a password, please use
                             '--no-password' instead of this option.
  -n, --no-password          Do not use a password for encrypting and
                             scrambling the hidd

tbpaolini

View profile

View on GitHub
GitHub Stars42
CategoryDevelopment
Updated4d ago
Forks5
tbpaolini/imgconceal

Languages

C

Security Score

95/100

Audited on Apr 3, 2026

No findings