TRex steganography - User documentation



About steganography

Steganography is greek for "hidden writing". Some thousand years ago, there were a couple of "steganography algorithms": endorsed plates were embedded in wax, making them look unsuspicious; slaves' shaved heads were tatooed and sent to the recpient after their hair had grown, only to be shaved there again.

Although steganography is a kind of encryption, there is a big difference to common encryption algorithms. Normal encryption in the sense of PGP/GnuPG scrambles data rendering it unreadable for an attacker without the correct key, but it is obvious from the look of the data that secret and thus sensitive data is sent. Steganography aims to hide the fact that sensitive data is sent at all.

Where "attacking encryption" means that sensitive data is read and possibly modified (or at least modified without knowledge of the data itself), "attacking steganography" usually "only" means that it is detected that the envelope data contains hidden data in the first place.

I want to know more about steganography!

Here is a (by far incomplete) list of web resources about steganography:

About TRex

TRex is a framework for steganography algorithms. It lets the user load pictures and hide (textual) data in it. The picture containing the hidden data can then be compared to the original pictures: A differential picture is shown, visualizing the pixel differences between the original and the "encrypted picture". Secondly, the histograms of the two pictures are displayed simultaniously.

Encrypted pictures and decrypted data can be saved to files from within TRex, so it is even possible to use TRex as a "real world" steganography program, although that this is not it's primary intention.

Demonstrating the effects of steganography on the picture itself, TRex does not rely on certain file formats. It is able to load GIF, PNG and JPG files; encrypted pictures can be saved as PNG or JPG. Please note that saving to JPG is not a wise thing in most cases: JPG is a lossy file format. Hidden data will be lost on the way with the default algorithms. You should always save to PNG files.

Where can I get TRex?

TRex can be downloaded from TRex' home page. A binary package (the Java ARchive) is available as well as TRex' source code (as a tar.gz file).

What do I need to run TRex?

TRex is implemented in Java 1.4 due to it's advanced imaging functionality. You will not be able to run TRex with earlier Java versions.

You can get Java 1.4 from Sun for free.

To use and test the FFT algorithm, you need Sun's "Java Advanced Imaging" (JAI) library that you can get from Sun's JAI website. The package you download (e.g. jai-1_1_1-lib-linux.tar.gz for linux, jai-1_1_1-lib-win.exe for windows; that is the "CLASSPATH install) contains the files jai_codec.jar, jai_core.jar and mlibwrapper_jai.jar (among others). Put these files into your JVM's extension directory (e.g. $JAVAHOME/jre/lib/ext) or (if you don't know what I'm talking about) into the same directory as TRex.

How do I run TRex?

To run TRex, simply type "java -jar trex-<version>.jar" (e.g. "java -jar trex-0.9.5.jar"). The jar file "knows" about the main class.

Under MicroSoft Windows®, you can double click the jar file to execute it.

What algorithms are implemented in TRex?

Currently, TRex only implements the "LSB" algorithm. The LSB ("Least Significant Bit") algorithm hides one bit of data in the least significant bit of each color channel (i.e. three bits per pixel). In a picture of 640x480 pixels, 115200 bytes of data can be hidden.

The "LSB with pass phrase" algorithm provides minimal security by XORing each data byte with the pass phrase. But remember: this is _not_ really encryption; data is crackable easily. If your data contains a series of spaces, and your pass phrase is all lower case, you will find the pass phrase _in the data_, as space XOR lower-case-char is UPPER-CASE-CHAR.

The advantages of the LSB algorithm are it's ease of implementation and it's only slight modification of the picture.

Still, LSB has a couple of drawbacks. First, it changes statistics in the picture, making it relatively easy to detect that it envelopes hidden data. Secondly, it is sensitive to attacks that simply put noise over the picture (changing the LSB randomly) and thus loosing it's stability. Third, it does not "survive" lossy saving, such as well known JPG format.

In contrast to many other steganography programs, TRex only works on the pixel data itself. Advanced algorithms such as F5 work on JPG files themselves, opening new possibilitys. If you write your own TRex algorithms, you have to take this into account.

You can currently select to use the "FFT" algorithm; it does in fact convert the picture to the frequency domain and back, but does not yet embed any data.

If you write your own (advanced?) algorithm as a plugin for TRex, feel free to submit them to me! Please note that TRex' license makes it necessary to release any plugins under the GPL.

What is TRex' license?

TRex is licensed under the GPL. This means that you are granted non-exclusive right to use and modify the software for arbitrary purposes, as long as the copyright remarks stay intact; any derived work (including plugins you write) has to stay under the GPL.


TRex has an intuitive interface. Hopefully you will be able to use it without any trouble. A short introduction to it's GUI elements is given here anyway.

The menu
File menu

The file menu contains the menu items to load and save uncrypted and crypted images.

After loading an uncrypted picture via the "Load Uncrypted..." option, and if data is set to hide, the encryption will start instantly. You will find the differential picture and the histogram in their respective panels.

When a crypted image is loaded ("Load Crypted..."), the decryption starts automatically. As steganography always leads to loss of data of the original picture, you will not see an uncrypted image afterwards.

If a wrong algorithm was selected to decrypt or the image is not decryptable for any reason (e.g., when you load an image as crypted that does not contain any data at all), you will be told that no decryption is possible. In many cases, a decryption will be done, but the data is unreadable, though.

With the "Save Crypted..." option, the current encrypted image can be saved. Please note that steganography algorithms in TRex rely on unmodified saving; lossy file formats (like JPG) thus should not be used - i.e. saving should be done to PNG file format only.

Algorithm menu

TRex has a plugin interface for steganography algorithms. The first menu entry is "Load custom algorithm..." which lets you load a custom class. The class files have to be in the class path and contain a valid StegoAlgo class.

See the developer's introduction for further information on how to write your own algorithms.

All available algorithms are shown in the algorithm list below. After changing to a new algorithm, encryption/decryption will automatically restart.

Extra menu

TRex has quite a big memory consumption. You may start the Java virtual machine's garbage collection manually with "Start Garbage Collection" to regain unreferenced memory.

Help menu

TRex currently does not have a built-in help. You may invoke the "About" dialog from the help menu, though.


The toolbar provides shortcuts to some menu items:

  • is the same as "File" - "Open Uncrypted..."
  • is the same as "File" - "Open Crypted..."
  • is the same as "File" - "Save Crypted..."
  • is the same as "Help" - "About"
The panels

The different steps of steganography are displayed in different panels in TRex. The panels are reached by their respective tabs that are found below the toolbar. Altough the panel's meanings should be obvious, a short introduction is given to each of them.

Uncrypted picture panel

When an uncrypted image is loaded, it is displayed here. Please note that no uncrypted image will be displayed after decrypting a crypted image, as the former envelope image can not be restored.

Data panel

The hidden data is displayed in this panel. The buttons in this panel's own toolbar let the user load, edit and save data.

Please note that encryption and decryption of binary data is not expected to work from within TRex. If this is wanted, you might want to use tools such as uuencode/uudecode (or pgp/gpg for additional encryption) to convert binary to ASCII data beforehand and converting back after the work is done.

Configuration and pass phrase panel

Some algorithms may have a configuration dialog or depend on a pass phrase to do their work. You may or may not find a pass phrase or configuration dialog here.

Please note that in each case newly entered data (change of configuration or pass phrase has to be commited by the appropriate buttons before any updates to the data are done.

Crypted picture panel

The encrypted image (either after loading a crypted image or after encryption) is displayed here.

Differential picture panel

To visualize the changes in the pixel data from the uncrypted to the crypted image, a differential picture is displayed in this panel together with the original and the encrypted image.

As the differences commonly only affect the pixel's LSB (particularly in the LSB algorithm), the differential picture's brightness is increased with the "Amplification" slider. It ranges from 1 (original) to 255 (maximum amplification).

The "Zoom" slider lets the user zoom in to the factor 10 at the maximum. Please note that java's built-in image zoom is quite memory consuming and often leads to memory overflows. A zoom factor of more than 4 is not recommended.

Histogram panel

Many steganography algorithms change the histogram of a picture, that is the distribution of color shares in the picture. The histogram panel visualizes these changes by displaying the histogram of the uncrypted and/or crypted image.

The buttons in the panel's toolbar change the channel in the picture to calculate the histogram of. "Value" is the brightness ((red+green+blue)/3) of the pixel; "Red", "Green" and "Blue" display the histogram of the respective color channel.

The changes in the histogram are one of the measures for the quality of the steganography algorithm: Good algorithms (i.e. not LSB :) do not change the histogram notably.

When using the LSB algorithm, you will find that the histogram changes increase as the amout of data embedded into the picutre rises.

See the label at the bottom of the panel for explanation of the colors in the histogram.