How to hide RAR files inside images?
It is possible to hide some RAR files inside images. In turn, RAR files are containers with can also carry other files inside. Be careful next time: a JPEG file can contain more than what you see. On this tutorial, we will see how to find images containing RAR files inside JPEGs and how to create such files.
What I need
- A .rar file containing contents to hide
- A .jpeg file with any image
- An application to uncompress .rar files (WinRAR/unrar or 7-zip)
- Basic command line knowledge (Windows or Linux)
Hiding files inside a JPEG file
For Windows:
- Open the console (Start menu > Execute > cmd)
- Go to the folder where your files are (cd c:\path\to\the\folder)
- Run the following command
copy /b image.jpg + secret.rar newimage.jpg
For Linux:
- Open Bash or equivalent
- Go to the folder where your files are (cd /path/to/the/folder)
- Run the following command
cat image.jpg secret.rar > newimage.jpg
In either case, you should see a “newimage.jpg” file, which contains the image with the hidden RAR file. The trick here is simple: we’re creating a single file with the union of the image files and the RAR contents at the end.
Accessing the hidden files
When oppening the file in an image viewer, it should be displayed correctly. However, to access the archive files, you should use WinRAR. The contents should be displayed in the application.
The choose of RAR and JPEG formats is not random: the JPEG file contains an header on the start of the file telling how many bytes the image contains. This allows to display the image on image viewers and ignore the contents after it. On the other hand, the WinRAR is smart enough to ignore the start of the file (containing the image) and display successfully the contents of the RAR file. In fact, WinRAR looks for “Rar!” sequence in the image file, knowing that from that point onwards is the data corresponding to the archive.
Archive extractor from images
As a contribution, where goes a small C application I created to detect and extract RAR files inside an image. It searches for the “Rar!” sequence inside the file and extracts the archive to the same directory:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv)
{
if (argc != 2) {
printf("Usage: %s filename.jpg\n", *argv);
return EXIT_FAILURE;
}
FILE* jpeg = fopen(*++argv, "r");
if (jpeg == NULL) {
perror("Cannot open file");
return EXIT_FAILURE;
}
// looking for Rar!
int seq[] = {
0x52 , 0x61 , 0x72 , 0x21 , 0x1A , 0x07 , 0x00
};
int seqSize = 7;
int seqPos = 0;
int fpos = 0;
int found = 0;
int c;
while ((c = fgetc(jpeg) ) != EOF) {
fpos++;
if (c == seq[seqPos])
seqPos++;
else
seqPos = 0;
if (seqPos >= seqSize) {
found = 1;
fpos -= seqPos;
break;
}
}
if (found == 0) {
printf("Nothing found...\n");
} else {
printf("Found Rar! at %X\nExtracting... ", fpos);
char rarname[255];
strcpy(rarname, *argv);
strcat(rarname, ".rar");
FILE* rar = fopen(rarname, "w");
if (rar == NULL) {
perror("Unable to extract file");
fclose(jpeg);
return EXIT_FAILURE;
}
fseek(jpeg, fpos, 0);
int c;
while ((c = fgetc(jpeg)) != EOF)
fputc(c, rar);
fclose(rar);
printf("Done!\n");
}
fclose(jpeg);
return EXIT_SUCCESS;
}
First, you need to compile the application with GCC:
gcc fatjpeg.c -o fatjpeg
And then you can use it:
./fatjpeg newimage.jpg
If a RAR file is inside the image file, it will be extracted and saved to a file having the same name of the image, followed by the .rar extension.