Steganography is the process of hiding an encrypted message in some otherwise innocent looking format. We've gone over some ways to do this in the past with image files, but now you can take it to a whole new level by hiding an entire TrueCrypt volume in an mp4 video file.


First you need a suitable mp4 file to hide your TrueCrypt container. I used a video from the NASA website, just click "Download video" to get your mp4 file. Really any mp4 file will do, but try to find a file that matches the proportional size of the container you are going to create.


Create the TrueCrypt Container

Once you have your video file, create a TrueCrypt container. Use the "Hidden Container" option, this generates a container-inside-a-container. Name it 'innocuous-looking-file.mp4' or something similar, and fill out the options regarding the volume size and passwords.

Merge The Video File And The Container

Now that you have your two files, the magic happens. Martin Fiedler, a software engineer from Germany, created a Python script named tcsteg.py that will now merge these two files together. Execute "python tcsteg.py Movie.mp4 NameOfTrueCryptVolume.mp4" from a command line to make the merge.


The resulting file is very secure, and hard to detect:

There are only four ways to detect the presence of the hidden volume, all of which are unlikely to be checked even by a knowledgeable person. The easiest way to tell about the manipulation would be bitrate monitoring: If a player tells you that the stream has a bitrate of 1 Mbps, but by analyzing the file size, you can compute that it must have at least 5 Mbps, you can tell something is amiss. But who looks at bitrates this detailed? The only other ways would be (1) a sophisticated packet-by-packet analysis of the mdat data that would find out that from offset 65,536 on, there's not only random-looking compressed data, but random-looking garbage; (2) checking for a repetition of the first 64k or mdat somewhere later in the file and (3) seeing that there's much unused space in the mdat that isn't referenced by any chunk offset table.


To remount the volume, just enter the mp4 as a TrueCrypt container and make sure to mark that there is a hidden volume along with the password.


I tested out the process from beginning to end and it was very easy to do. Let us know if it works for you or if you have any questions about the process!


Real Steganography with TrueCrypt via KeyJ