Return to Bill Grundmann's Games Page
Here is an example of a simple method of hiding a message in a web page. This is mostly for fun, but it's also an introduction to steganography.
The goal is to hide the message ALOHA in this web page. The first step is to transform the message into a sequence of binary digits using the ASCII code. Look up each letter in the table below. The first three digits are listed down the side and the last four digits are listed across the top.
| 0000 | 0001 | 0010 | 0011 | 0100 | 0101 | 0110 | 0111 | 1000 | 1001 | 1010 | 1011 | 1100 | 1101 | 1110 | 1111 | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000 | Tab | Return | ||||||||||||||
| 010 | ||||||||||||||||
| 010 | Space | ! | " | # | $ | % | & | ' | ( | ) | * | + | , | - | . | / |
| 011 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | : | ; | < | = | > | ? |
| 100 | @ | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O |
| 101 | P | Q | R | S | T | U | V | W | X | Y | Z | [ | \ | ] | ^ | _ |
| 110 | ` | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o |
| 111 | p | q | r | s | t | u | v | w | x | y | z | { | | | } | ~ |
The letter A is 1000001, L is 1001100, and so forth.
The message doesn't have to start right at the beginning of the web page. This can be done by using an arbitrary number of leading 0's, then a single starting 1, and then the actual message. The remaining digits are all 0's.
Here's the complete sequence of digits to be hidden:
| leading zeroes |
starting one |
A | L | O | H | A | trailing zeroes |
|---|---|---|---|---|---|---|---|
| 0 ... 0 | 1 | 100 0001 | 100 1100 | 100 1111 | 100 1000 | 100 0001 | 0 ... 0 |
The next step is to hide these digits in this web page by encoding them somehow. This is the heart of steganography.
You can see the HTML that describes this page by selecting View Source, or Page Source, or something similar, depending on what browser you are using.
The key idea is that the number of spaces in HTML are ignored by the browser. One space is treated just as two or three (or more) spaces are: they all count as simply one word break.
So, each 0 digit can be encoded as a single space, and each 1 digit can be encoded as two spaces. When someone looks at this web page, they won't notice anything funny is going on. Even if they look at the HTML, they won't notice it unless they're looking very carefully. Especially if there are a large number of normal single spaces before the beginning of the actual message.
Here's a short example. The digits hidden here are 0011000001.
This is any text you choose.
0 0 1 1 0 0
Only the spaces matter.
0 0 0 1
|
There is a subtlety to watch out for here: the first line has no spaces at the end, so it counts as a 0 digit. But the second line has one space at the end, and it counts as a 1 digit. The only way to see this is to move the cursor around there and select the text. (That's what the highlighting in this example is for.)
Here's what the HTML for the beginning of this page looks like:
<html> <head><title>On Hiding a Message in a Web Page</title></head> <body bgcolor=white text=blue> <h1>On Hiding a Message in a Web Page</h1> <p> Here is an example of a simple method of hiding a message in a web page. This is mostly for fun, but it's also an introduction to steganography. |
Here's the HTML annotated with the spaces marked with their decoded digits:
<html>
0
<head><title>On Hiding a Message in a Web Page</title></head>
0 1 1 0 0 0 0 0
<body bgcolor=white text=blue>
1 1 0
<h1>On Hiding a Message in a Web Page</h1>
0 1 1 0 0 1 0 0
<p>
1
Here is an example of a simple method of hiding a message in a web page.
1 1 1 1 0 0 1 0 0 0 1 0 0 0 0 0
This is mostly for fun, but it's also an introduction to steganography.
1 0 0 0 0 0 0 0 0 0 0 0
|
And finally, with the digits gathered together and the decoded letters indicating the message ALOHA.
<html>
0
|___________________________________________________________________________
leading zeroes
<head><title>On Hiding a Message in a Web Page</title></head>
0 1 1 0 0 0 0 0
_______________| | |_______|__|_|___|___________________|__________________
leading zeroes start 1000001 =A
<body bgcolor=white text=blue>
1 1 0
______| |__________|_________________________________________________
<h1>On Hiding a Message in a Web Page</h1>
0 1 1 0 0 1 0 0
______|_______|__|_______|__| |___|_________|____________________________________
1001100 =L
<p>
1
___|______________________________________________________________________________
1001111 =O
Here is an example of a simple method of hiding a message in a web page.
1 1 1 1 0 0 1 0 0 0 1 0 0 0 0 0
_____|___|___| |__|_|_______|______|__|______| |_______|__|_|___|_____|___
1001000 =H 1000001 =A
This is mostly for fun, but it's also an introduction to steganography.
1 0 0 0 0 0 0 0 0 0 0 0
_____| |______|___|____|___|____|____|__|____________|__|______________|_________
trailing zeroes ...
|
There are lots of possible ways to encode your message. If you're hiding messages for people to find, you probably should use something pretty simple like the common ASCII code used here. But if you want to make it difficult for the casual observer, you'll want to turn to using encryption.
After you encode your message, you need to hide it in some ordinary looking file. Again, if you want people to have a chance to find your message, you should use something that is accessible to most people without too much effort. Serious steganographers use .GIF, .JPG or .MP3 files since these files require programming ability and knowledge, or having the right stego-breaking tools.
©2003 by Bill Grundmann
References:
Viewing Source
ASCII code
steganographic nature of whitespace
Cryptology Notes
An Introduction to Steganography
Framework For Lexical Steganography
Steganography
DNA Based Steganography for Security Marking
Bin Laden: Steganography Master?
Steganography Tools
Steganography & Digital Watermarking
Analyzing a steganography software: InPlainView