A command-line steganography tool that embeds files into images using LSB techniques with optional ChaCha20 encryption and DEFLATE compression.
DeepScene hides arbitrary files within image carriers by manipulating the least significant bits of RGB channels. The tool preserves lossless image formats (PNG, BMP, TIFF) and automatically converts lossy formats during encoding. Embedded data includes a header with magic bytes, length field, and checksum for integrity verification.
cargo build --releaseThe binary will be located at target/release/deepscene.
Embed a file into an image:
deepscene encode <IMAGE> <FILE> [OPTIONS]Arguments:
<IMAGE>- Carrier image path<FILE>- File to embed
Options:
-o, --output <PATH>- Output image path (default:<input>_steg.png)-p, --password <PASSWORD>- Encryption password
Examples:
deepscene encode carrier.png secret.txt
deepscene encode photo.jpg document.pdf -o hidden.png
deepscene encode image.png data.zip -p mypassword -o output.pngExtract an embedded file from an image:
deepscene decode <IMAGE> [OPTIONS]Arguments:
<IMAGE>- Steganographic image path
Options:
-o, --output <PATH>- Output file path (default: original filename)-p, --password <PASSWORD>- Decryption password
Examples:
deepscene decode hidden.png
deepscene decode output.png -p mypassword
deepscene decode steg.png -o extracted.txtThe embedding format consists of:
- Compression Flag (1 byte):
0x01if DEFLATE applied,0x00otherwise - Header (10 bytes):
- Magic bytes:
DPSN(4 bytes) - Payload length: big-endian u32 (4 bytes)
- Header checksum: big-endian u16 (2 bytes)
- Magic bytes:
- Metadata:
- Filename length: u8 (1 byte)
- Filename: UTF-8 string
- Encryption flag:
0x01if encrypted,0x00otherwise
- Payload: File data (optionally encrypted)
Encoding:
- Convert image to PNG if lossy format detected
- Read input file and construct metadata
- Apply ChaCha20 encryption if password provided
- Compress payload using DEFLATE (skipped if size increases)
- Embed data into LSB of RGB channels
- Save output image
Decoding:
- Extract LSB data from RGB channels
- Validate header magic bytes and checksum
- Decompress if compression flag set
- Decrypt if encryption flag set and password provided
- Parse metadata and extract filename
- Write output file
- Key Derivation: Argon2 with 16-byte random salt
- Encryption: ChaCha20 stream cipher with 12-byte random nonce
- Integrity: BLAKE3 hash (first 16 bytes) prepended to plaintext
Maximum embeddable bytes: (width × height × 3) / 8
For a 1920×1080 image: approximately 777,600 bytes (~760 KB).
- Maximum file size: 256 MB
- Maximum image dimension: 20,000 pixels per side
- Maximum filename length: 255 bytes
Lossy formats (JPEG, WebP) will corrupt embedded data. The tool automatically converts such inputs to PNG during encoding, but users must avoid re-saving output images in lossy formats.
- LSB steganography is detectable through statistical analysis
- No plausible deniability; header magic bytes identify embedded data
- Encryption uses password-based key derivation (vulnerable to weak passwords)
- No forward secrecy or authentication beyond BLAKE3 checksum
DeepScene is inspired by DeepSound, a Windows steganography tool for audio files. The name follows the same "Deep-" prefix convention, substituting "Scene" (image) for "Sound" (audio). Key differences:
- DeepSound: Closed-source Windows GUI application
- DeepScene: Open-source cross-platform CLI tool
- DeepSound: Embeds data in audio files (WAV, FLAC)
- DeepScene: Embeds data in images (PNG, BMP, TIFF)
- Portability: Runs on Linux, macOS, Windows without dependencies
- Automation: CLI interface enables scripting and batch processing
- Transparency: Source code auditable for security verification
- Modern Cryptography: ChaCha20 cipher vs AES-256 (comparable security, faster on platforms without AES-NI)
- Integrity Verification: BLAKE3 checksums detect corruption during extraction
- Adaptive Compression: Automatically disables compression when counterproductive
- Capacity: Images typically hold less data per file size than audio
- Usability: CLI requires terminal proficiency vs GUI point-and-click
- Detection Resistance: Both LSB methods are equally vulnerable to statistical analysis