White Hat Institute

Hide information in image files using WxHexEditor

WxHexEditor is a free hex editor tool for Linux, Windows, and MacOSX. WxHexEditor isn’t an ordinary hex editor, yet could fill in as a low-level disk editor as well. In any case that you have issues with your hard drive or segment, you can recoup your information from them by altering parts in raw hex. You can change your segment tables, or you can recover records from the File System by hand with the assistance of WxHexEdit. This tool is also useful for hiding secret messages in the null hex bytes of the image files. We will demonstrate how to perform this, but in the meantime, we should download WxHexEdit from the following website: https://www.wxhexeditor.org/home.php.”

wxhex editor 1

After you download it, extract the file and run the executable application. Click on the “File” tab and then select the “Open” option. Next, find the image file and add it to the hex editor.

wxhex editor 2

On the main page, the WxHexEditor will display all the hex bytes with their representations. In the hex field, find null bytes and replace them with your secret message, like in the screenshot below. Then save the changes and exit out.

wxhex editor 3

Our image with a secret message is now ready. To read the text, right-click on the file and open it up with a notepad or similar application.

wxhex editor 4

You will be able to view or read your message in the large white spaces of the file.

wxhex editor 5

This technique can be used to conceal data as well as to upload shellcodes to websites that allow for image uploading. Worms, on the other hand, will use this instead of uploading shellcode to a server.

Will the antivirus be able to detect it if it’s used to store shellcode? Antivirus software is unable to detect this because the signature would be altered by either altering the image or its dimensions. In any case, it is a good practice to use newly created custom shellcodes for stealthy attack vectors.