ef5a9ce9cb
Spread spectrum v2: independent per-channel embedding with round-robin bit distribution, preserving spatial stereo/surround mix. Adaptive chip tiers (256/512/1024) trade capacity for lossy codec robustness. LFE channel skipped for 5.1+ layouts. v2 header (20B) with backward- compatible v0 decode fallback. Environment toggles (STEGASOO_AUDIO, STEGASOO_VIDEO) gate audio/video features for minimal builds (e.g. Raspberry Pi image-only). Values: auto (default, detect deps), 1/true (force on), 0/false (force off). Web UI fixes: accordion defaults to step 1 on load, chevron arrow styling, required attribute toggling for audio carrier type switch, "Images & Mode" renamed to "Reference, Carrier, Mode". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Stegasoo
A secure steganography system for hiding encrypted messages in images and audio using hybrid authentication.
Features
- AES-256-GCM authenticated encryption
- Argon2id memory-hard key derivation (256MB RAM requirement)
- Pseudo-random pixel selection defeats steganalysis
- Multi-factor authentication: Reference photo + passphrase + PIN/RSA key
- Multiple interfaces: CLI, Web UI, REST API
- File embedding: Hide any file type (PDF, ZIP, documents)
- DCT steganography: JPEG-resilient embedding for social media
- Audio steganography: Hide messages in WAV, FLAC, MP3, OGG, AAC, M4A files (LSB and Spread Spectrum modes)
- Channel keys: Private group communication channels
Embedding Modes
Image Modes
| Mode | Capacity (1080p) | JPEG Resilient | Best For |
|---|---|---|---|
| DCT (default) | ~150 KB | Yes | Social media, messaging apps |
| LSB | ~750 KB | No | Email, direct file transfer |
Audio Modes
| Mode | Capacity (5 min WAV) | Noise Resistant | Best For |
|---|---|---|---|
| LSB | ~1.3 MB | No | Direct file transfer |
| Spread Spectrum | ~160 KB | Yes | Shared files, light processing |
Web UI
| Home | Encode | Decode | Generate |
|---|---|---|---|
 |
 |
 |
 |
Quick Start
# Install (Python 3.10-3.12)
pip install -e ".[all]"
# Generate credentials
stegasoo generate --pin --words 4
# Encode a message
stegasoo encode \
--ref my_photo.jpg \
--carrier meme.jpg \
--passphrase "apple forest thunder mountain" \
--pin 123456 \
--message "Secret message"
# Decode
stegasoo decode \
--ref my_photo.jpg \
--stego stego_image.png \
--passphrase "apple forest thunder mountain" \
--pin 123456
Interfaces
| Interface | Start Command | Documentation |
|---|---|---|
| CLI | stegasoo --help |
CLI.md |
| Web UI | cd frontends/web && python app.py |
WEB_UI.md |
| REST API | cd frontends/api && uvicorn main:app |
API.md |
Security Model
Reference Photo ──┐
(~80-256 bits) │
├──► Argon2id KDF ──► AES-256-GCM Key
Passphrase ───────┤ (256MB RAM)
(~43-132 bits) │
│
PIN ──────────────┤
(~20-30 bits) │
│
RSA Key ──────────┘
(optional)
| Configuration | Entropy | Use Case |
|---|---|---|
| 4-word passphrase + 6-digit PIN | ~153 bits | Standard security |
| 4-word passphrase + PIN + RSA | ~280+ bits | Maximum security |
Requirements
| Requirement | Version |
|---|---|
| Python | 3.10-3.12 |
| RAM | 512 MB+ |
Development
pip install -e ".[dev]"
pytest
black src/ tests/ frontends/
ruff check src/ tests/ frontends/
Docker
# Quick start (HTTPS enabled by default)
docker-compose -f docker/docker-compose.yml up -d
# Access
# Web UI: https://localhost:5000 (self-signed cert)
# REST API: http://localhost:8000
# Disable HTTPS if needed:
STEGASOO_HTTPS_ENABLED=false docker-compose -f docker/docker-compose.yml up -d
See DOCKER.md and docs/DOCKER_QUICKSTART.md for full documentation.
Raspberry Pi
Pre-built SD card images available for Pi 4/5:
# Flash image (download from GitHub Releases)
zstdcat stegasoo-rpi-*.img.zst | sudo dd of=/dev/sdX bs=4M status=progress
# First boot runs interactive setup wizard:
# - WiFi configuration
# - HTTPS with port 443
# - Channel key generation
# - Optional overclocking
See rpi/README.md for manual installation.
Documentation
- INSTALL.md - Installation guide
- DOCKER.md - Docker deployment
- CLI.md - Command-line reference
- API.md - REST API documentation
- WEB_UI.md - Web interface guide
- SECURITY.md - Security model details
- UNDER_THE_HOOD.md - Technical deep-dive
- CHANGELOG.md - Version history
- CONTRIBUTING.md - Contributor guide
man stegasoo- Man page (install:sudo cp docs/stegasoo.1 /usr/local/share/man/man1/ && sudo mandb)
License
MIT License - see LICENSE. Use responsibly.
This tool is for educational and legitimate privacy purposes. Users are responsible for complying with applicable laws.