December 6th, 2023
Author: Kenneth Moran
A Game Developer’s Favorite Tool
Disc 11, the broken disc, is well-known across the Minecraft community. Some say it’s connected to the Warden, others say it’s about Herobrine, but I know a secret about it. The musical artist, C418, developed disc 11, and he was a user of steganography. The way to unlock this message was to use a specialized tool called a spectrogram to visually see the audio. When the audio of disc 11 was played through the tool, it displayed the hidden data. This is steganography.
Steganography
The word steganography is made from the two Greek words, “steganos” which means hidden, and “graph,” which means to write. Together, the definition for steganography would be “hidden writing.” Steganography is the practice of hiding information within other pieces of information. It has been used for thousands of years to covertly move information across country borders, out of secured locations, and to hidden groups. More modernly, steganography can hide malware within innocuous files, waiting for certain programs to read and execute the hidden payload to damage your computer.
Example:
A classic example of steganography is hiding text inside larger pieces of text. Take this factitious used car ad, I hid a short message inside:
“Can you believe the sales we have down at K’s Used Cars? You wouldn’t be able to imagine the sales we have! Before you attempt to compare K’s Used Cars to any other dealership in the nation, we would like to tell you a few things that make us different. Engines are insured to last at least three weeks after purchase. Rearview mirrors are NOT included in every sale. Tires will NOT be included in car sales. Enticed by our offers? Check out our listing at K’s Used Cars today! Hurry, sales WONT last.” By looking at the first letter of each sentence, the word “CYBERTECH” is made.
This method of hiding data in plain sight is not the best since it requires one sentence per letter. There are other methods of concealing words inside of paragraphs, but those take time to develop and make innocuous. Although, the same logic as the text example can be used to develop more digital steganography.
Different Steganography Types:
Steganography applies to almost every type of media and information, and because of this adaptability, there is a way to hide information in everything. The most common forms of steganography take advantage of the forms of media we use every day.
Text steganography hides information inside bodies of text, I created an example earlier with the factitious car ad. The advantage of this type of steganography is that it can be very difficult to spot depending on the rules used to encode the message into the larger body of text.
Audio steganography is a special kind of steganography since it requires tools to uncover hidden information. C418 used this type of steganography to hide his signature in disc 11’s audio file, along with a few cryptic faces.
Image steganography uses the fact that different colors look similar to each other, making it so certain rules can be encoded into pixels of an image. These rules can change colors to hide data within them, making it so the image looks the same but means a different thing to the computer.
The top color has the RGB binary value of 01111101, 00011001, 10011111.
The bottom color has the RGB binary value of 01111100, 00011000, 10011110
This method works because the least significant bit of a byte doesn’t change the value of the byte all that much. To the computer, the only difference between these two colors is that the top has one more red, green, and blue than the bottom color.
To most people, the colors have the same composition, making it almost impossible to tell they’re different colors without specialized tools.
This method of steganography allows the user to obtain 3 bits for every pixel in an image. There are plenty of other more concealed ways that will yield fewer bits per pixel or less concealed ways to have more bits per pixel. It all depends on the person and how they want to hide their message.
By using these techniques I was able to develop this (scaled up) 6px by 4px image:
It may look like one solid color, but it is made of multiple similar purples that contain a message. Only tools that sample color can display the different types of purple used. The table below shows the different colors which exist to create the purple image.
| Color Hex Value | Data Hidden in Least Significant Bits |
| 7c199e | 010 |
| 7c189e | 000 |
| 7d199e | 110 |
| 7d189f | 101 |
| 7d189e | 100 |
| 7d189f | 101 |
| 7c189e | 000 |
| 7c199e | 010 |
| 7c199e | 010 |
| 7c189f | 001 |
| 7c199e | 010 |
| 7d189f | 101 |
| 7c189f | 001 |
| 7c189f | 001 |
| 7c199e | 010 |
| 7d189e | 100 |
| 7c199e | 010 |
| 7c189f | 001 |
| 7c199e | 010 |
| 7d189e | 100 |
| 7c189f | 001 |
| 7d189f | 101 |
| 7c189f | 001 |
| 7c189e | 000 |
When the data is converted to bytes, and then translated to ASCII, the following message can be found: CYBERTECH
The image below is 3,000 by 2,000 pixels:
By Von.grzanka – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=9437797
This cat image contains 6 million pixels, a lot more than my 24-pixel example, which gives attackers more than 2 million bytes to store any information and code. The code stored in this image could be malicious and attackers may take advantage of certain weaknesses to damage or gain access to computers.
So What?
Steganography is an ancient art of hiding data in other data. It has been used when encryption cannot, like when people are under an overbearing government or when they’re being monitored. Anyone can develop their own way of hiding information within other pieces of data, and by developing new and innovative techniques to hide, information can be hidden for a long time.
How do I find it?
The method to find hidden information depends on the media the information is being hidden in. For image steganography, looking at the color data for similarly colored pixels that are near each other could display patterns that could suggest hidden data. This method is often not very efficient since you’re given very limited information and if you do find an anomaly, the pattern the anomaly is part of won’t be very simple to decipher.
However certain forms of steganography are more susceptible to blind searches using hex editors due to magic number layouts. Magic numbers are certain hex values that display the beginning or end of a file.
The more common way of discovering steganography is not by looking at each file, but instead by checking if there were ever steganography tools installed onto the system. This is by checking for artifacts left behind from the steganography tool to determine if there is anything worth looking for. By discovering when it was installed and uninstalled, it gives a time frame for investigators to see if any files were modified during that time. This lowers the scope of the potential files and can give investigators an idea of what kind of steganography they’re working with.
Sources:
Dickson, Ben. “What is steganography? A complete guide to the ancient art of concealing messages” The Daily Swig, Feb. 2020, https://portswigger.net/daily-swig/what-is-steganography-a-complete-guide-to-the-ancient-art-of-concealing-messages#:~:text=The%20oldest%20documented%20case%20of,let%20the%20hair%20grow%20back
Krisnamughni. “Game Dev Steganography.” Medium, Jul. 2023, https://krisnamughni24.medium.com/game-dev-steganography-572b894cd170
Tidmarsh, David. “A Guide to Steganography: Meaning, Types, Tools, & Techniques.” eccouncil.org, Apr. 2023,
“Steganalysis : How to Detect Steganography” M4JPEG Project, Accessed Oct. 2023, https://digitnet.github.io/m4jpeg/about-steganography/how-to-detect-steganography.htm