An Introduction to S-Tools

Steganography (as we discussed in our coverage of the CISSP Cryptography Domain) is the hiding of information within a picture, say a *.bmp file or a *.gif file.  To demonstrate steganography’s simplicity this article will cover a brief demonstration of hiding information within a BMP picture and then retrieving the text message once the picture has been sent to another person.  First, a caveat and a ground rule for using S-Tools.  The caveat is there are other more robust tools out there and if you are interested in really studying steganography take a look at the list of different steganography software packages at

The ground rule is that S-Tools requires that both sender and receiver have a shared passphrase.  The problem comes into being with how do you share a passphrase and at the same time have different ones.  Here’s what I like to do.  Let’s say I send a picture to a friend of mine and the file name is Back Yard.gif. By previous agreement, my friend and I have agreed that the passphrase for any picture will be the name of the picture except the “.” will be spelled out.  So the passphrase for this hidden file will be “Back Yarddotgif”  Really it’s quite simple yet unless you know the rules, you’ll never get the passphrase.

So let’s begin.  You can download S-Tools from  Once you’ve downloaded S-Tools version 4, create a folder on your desktop and name it “S-Tools” then upzip the download into that folder.  We will be working from that folder for this entire article.

To start S-Tools, all you have to do is click on the S-tools.exe.  That will bring up this window:

Click the “Continue” button.  Now open up Notepad and write the following message:

“This message was hidden using S-Tools.”

Save the message as “I HID IT.txt” in the S-Tools folder on your desk top.  If you look in the folder it should look like:

Now copy a BMP file of your choosing into the same S-Tools folder.  I’ve chosen a nice “Pecan Pie.bmp” for this example.

Now go back to the S-Tools window that you have open and drag the BMP file into the open window:

Now drag the “I HID IT.txt” over the top of the BMP image.  The next window that you see will be asking you to enter the passphrase and to select your encryption algorithm.  Let’s leave the algorithm as the default “IDEA” and let’s put our passphrase in, remember we said we were going to use the name of the picture so, let’s enter “Pecan Piedotbmp” in the passphrase line and also in the Verify Passphrase line.  If you typed correctly you’ll now see a second picture of the Pecan Pie only this time it will have Hidden Data in the top blue bar.

Now let’s right click that new “hidden data” picture and then Save As and name it “Pecan Pie Plus.bmp”

Now close out of everything and re-open S-Tools.exe.  Next, drag the “Pecan Pie Plus.bmp” file onto the S-Tools window.  Put your mouse over the picture and right-click.  Select the option “Reveal” and you will see the same window you saw before requesting the passphrase.  Type in your passphrase, (Pecan Piedotbmp) and click OK.  What you will see next is a pop-up window that says:

Right-click the txt file to highlight it and then select Save As and give it a name like “I HID IT Revealed.txt”

So now let’s close S-Tools and then open up the “I HID IT Revealed.txt” with Notepad.  You’ll notice that it’s the same file that you hid in the original picture.

So delete the original “Pecan Pie.bmp” file, rename the Pecan Pie Plus.bmp to be Pecan Pie.bmp and send it to a friend and see if they can decrypt your secret message with S-tools.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.

I hope you’ve enjoyed this simple demonstration of Steganography. Fill out the short form below for pricing information and details regarding our various CISSP training options (self paced, online mentored & instructor lead).


Until next time, “Happy Hiding.”