Hidden messages with Zero-Width-Character

We have many ways to encode hidden messages within a string of characters of a normal text files, or even send a whole txt file disguised as a normal photo.

Hiding a secret message within a strings of characters known as Zero-Width-Character, this method commonly used to prevent people from leaking news or important documents as you send the document to each one of your team along with their names as the hidden message, so whoever leak the important document it will be leaked along with their name inside it.

There is very good tool we can use to hide the messages in the text files, download it from this LINK:

git clone https://github.com/vedhavyas/zwfp.git and then navigate to the directory /root/zwfp/cmd/zwfp/

go build

To see how it works write ./zwfp

Now let’s say we want to hide a message “HELP ME!!!” inside the normal message “HOW ARE YOU” and the file is HI.txt

The command for this will be:

./zwfp “This is Top Secret Document” “Hacker” > Secret.txt

Now as you can see if we use “cat HI.txt” all we can see is the normal message “HOW ARE YOU”, but if you want to reveal the hidden message it will be like this:

cat Secret.txt | xargs -0 ./zwfp

The output are in two parts, the Cover Text: HOW ARE YOU, which is the normal message we wrote, the second part is the hidden message which is Payload: HELP ME.

But let copy this massage in test it in different applications, i tried WPS Office and the result was this:

The letters came separated with spaces between them, making this message a bit suspicious, also pasted the message in note++ and changed the Encoding to ANSI and looked like this:

Which again a bit suspicious as it shouldn’t change if it’s a normal letters.

Now there is a better way in my opinion that you can send a whole text file embedded inside a photo or any normal picture you choose, this way when you view it the photo doesn’t reveal any important information unless you extract the text file from it.

It’s a simple command line in Linux terminal, one to embed the file and another command to extract the file, so let’s get to it:

Let’s say we have a photo Logo.txt and the text file Secret.txt

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s