A steganography tool that uses histogram shifting techniques to hide encrypted text messages within PNG images. ShadowShift combines AES encryption with histogram-based data embedding for secure covert communication.
- Histogram Shifting Steganography: Utilizes peak and zero point detection in image histograms for data embedding
- AES Encryption: Messages are encrypted using AES-256 in EAX mode before embedding
- Multi-channel Distribution: Distributes encrypted data across RGB channels
- Key-based Security: Uses cryptographic keys for both encryption and randomized pixel selection
- Format Validation: Ensures only valid PNG images are processed
- Capacity Analysis: Automatically calculates and reports embedding capacity
- CLI Interface: Simple command-line interface for embedding and extraction
pip install Pillow numpy pycryptodomegit clone https://github.com/kaizoku73/ShadowShift.git
cd ShadowShiftHide a secret message in an image:
python cli.py embed --in "Your secret message here" --cover image.png --key mypassword123Parameters:
--in: The text message to hide (max 100 characters)--cover: Path to the cover PNG image--key: Password for encryption and randomization
Output: Creates encoded.png with your hidden message
Retrieve the hidden message from a steganographic image:
python cli.py extract --stego encoded.png --key mypassword123Parameters:
--stego: Path to the image containing hidden data--key: The same password used during embedding
- Peak Detection: Finds the peak (most frequent) pixel value in each RGB channel
- Zero Point Detection: Identifies empty histogram bins near the peak
- Pixel Shifting: Shifts pixel values between peak and zero to create embedding space
- Data Distribution: Distributes encrypted payload bits across RGB channels
- Randomized Embedding: Uses key-derived seeds for secure, random pixel selection
- AES-256 Encryption: Messages encrypted with AES-EAX mode before embedding
- SHA-256 Key Derivation: Secure key generation from passwords
- Start/End Markers:
HISTOSTARTandHISTO_END!markers for data validation - Randomized Selection: Cryptographically secure pixel position randomization
For a detailed explanation of Histogram shift steganography and how it works, check out this article: https://kaizoku.gitbook.io/steganography/histogram-shift-in-image
- Image Format: PNG only (automatically validates format)
- Color Mode: RGB (auto-converts from other modes)
- Message Limit: 100 characters (padded to 100 bytes)
- Encryption: AES-256-EAX with nonce and authentication tag
- Key Derivation: SHA-256 hash of password
- Finds maximum frequency value (peak) in histogram
- Locates nearest zero-frequency bin for shifting
- Calculates embedding capacity based on peak frequency
- Total bits distributed across 3 RGB channels
- Remainder bits allocated to first channels if not evenly divisible
- Each channel processes its allocated bit sequence
- Peak pixels (value = u) remain unchanged for '0' bits
- Peak pixels shifted by ±1 (u + shift) for '1' bits
- Non-peak pixels shifted away to maintain histogram integrity
- Only supports PNG images (validates format before processing)
- Maximum message length: 100 characters
- Requires sufficient histogram peaks for embedding capacity
- Both embedding and extraction require identical keys
- Basic console output (no rich formatting implemented)
- Uses AES-256-EAX providing both encryption and authentication
- Key-derived randomization prevents pattern detection
- Start/end markers ensure data integrity
- Password-based key derivation with SHA-256
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-feature) - Commit your changes (
git commit -m 'Add new feature') - Push to the branch (
git push origin feature/new-feature) - Open a Pull Request
This project is open source, feel free to use and modify it. Just don't forget to credit me if you share it!
The tool includes comprehensive error handling for:
- Missing or invalid image files
- Non-PNG format images
- Empty or oversized messages
- Insufficient embedding capacity
- Wrong extraction keys
- Corrupted steganographic data
This tool is for educational and legitimate purposes only. Users are responsible for ensuring compliance with applicable laws and regulations when using steganography techniques.
Made by kaizoku