Hiding compressed files in images

Have been doing this for quite some time, just wanted to share the method. The following code should work on Linux/Mac.

Step 1. Zip/Rar/7z your secret file

zip hideme.zip s3cr3t

Step 2. Append the zip file to a random image file

cat hideme.zip > randompic.jpg

Thats all. When you open the jpg, it should display the image normally. However, if you attempt to unzip it, the archive will show up. This method is detectable only if someone decides to scan the binary for file headers. Even if you try to execute file randompic.jpg, it will display file type as JPEG image data. In order to ensure it stays undetected, the zip file should not be too large. A 150MB jpg file will definitely raise suspicions.

This could be used in quite a number of scenarios. Contraband could be traded via pictures posted on websites, forums etc. We could start using Facebook/Flickr as file storage(not tested). Or just for plain simple storage of keys and passwords as an additional layer of security.