Experiments

Stego PNG

Hide a file inside a PNG image using least-significant-bit steganography. Add an optional passphrase for AES-GCM encryption on top. Drop the carrier PNG back in to recover the file. Everything runs in your browser.

Capacity will appear here once a secret file is selected.
Drop a secret file to begin.
Carrier preview will appear here.
No carrier yet.

The downloaded PNG looks like the cover image — the secret bytes live in the bottom bit of each red, green, and blue channel.

How it works

  1. The browser reads the cover image into a canvas, exposing every pixel as (R, G, B, A).
  2. The secret file (with a small JSON name/type/size header) is optionally gzipped, then optionally AES-GCM encrypted with a key derived from your passphrase via PBKDF2 (SHA-256, 250k iterations, 16-byte salt, 12-byte IV).
  3. A short framing header (CWTS1\0 + flags + length + salt/IV if encrypted) is prepended. The whole bit stream is written into the bottom bit of each red/green/blue channel, in row-major pixel order. The alpha channel is never touched, so transparency stays clean.
  4. Capacity is floor(width × height × 3 / 8) bytes. The download is exported as a lossless PNG so the LSBs survive intact — recompressing through JPEG, social-media uploads, or "optimisers" will destroy them.
  5. To reveal: drop the PNG back in, the tool scrapes the LSBs, finds the magic, verifies the length, decrypts/decompresses, and gives you the original file back.
  6. No upload, no signup, no analytics. Pixels never leave the device.