LSB Embedder
Hide text or files in PNG/BMP images using Least Significant Bit steganography. Sequential or PRNG pixel order. Variable bit depth. AES-256. Real-time stealth score.
Drop image file or click to browse
PNG, BMP, WebP, TIFF, JPEG — max 50 MB (10 MB on mobile)
100% Client-Side Processing
Your image is decoded using the Canvas API entirely in your browser. Nothing is uploaded. Output is always lossless PNG.
How to Hide Data in an Image Using LSB (4 steps)
- Upload a lossless cover image — PNG or BMP recommended. JPEG is rejected (lossy compression destroys LSB data). The tool shows exact capacity in bytes before you proceed.
- Type your secret message or upload a file (image, ZIP, PDF, or any binary). Switch to Standard or Forensic mode for PRNG pixel randomisation, bit depth control, and channel selection.
- Optional: enter a password to AES-256-GCM encrypt the payload before embedding — wrong password yields noise with no trace of the original data.
- Click 'Hide in Image' — processing runs in a WebWorker in your browser, nothing is uploaded. Download the stego PNG and share it. The file is visually identical to the original.
LSB Steganography — Modes & Methods
| Mode | Technique | Detection Risk | Best For |
|---|---|---|---|
| Sequential (Basic) | LSB in raster order (L→R, T→B) — same as stylesuxx, OpenStego | 🔴 Higher — chi-square detectable at >20% fill | CTF creation, testing, maximum tool compatibility |
| PRNG (Recommended) | Passphrase-seeded Mulberry32 random pixel selection | 🟡 Medium — breaks sequential correlation | Privacy, covert comms, better stealth vs chi-square |
| Blue Channel Only | Hides in Blue channel only — lowest perceptibility (2% eye sensitivity) | 🟢 Lower visual artefact risk | Maximum visual stealth with reduced capacity |
| 1-bit Depth | Modifies only the least significant bit (0.4% colour shift per channel) | ✅ Safest — barely shifts colour histogram | Best stealth, ~37.5% of raw pixels usable |
| 4-bit Depth | Modifies lowest 4 bits (6.3% average colour shift) | ❌ High — visible artefacts, heavy histogram distortion | Maximum capacity; lowest stealth |
Frequently Asked Questions
Why does the tool reject JPEG images?
JPEG uses lossy compression that rewrites pixel values during save. This destroys any LSB data you embed — the hidden bits are overwritten by JPEG's DCT quantisation. PNG and BMP preserve every pixel exactly as written. If you only have a JPEG, convert it to PNG first using squoosh.app.
What is the maximum payload size?
Capacity = (totalPixels − 54 header pixels) × numChannels × bitDepth ÷ 8 bytes. Example: a 1920×1080 PNG with 1-bit depth and RGB channels has ~776 KB usable (minus AES overhead if encrypted). The tool shows exact capacity live.
What is the LSBSTEG header and why is it needed?
The tool embeds a 20-byte header (magic 'LSTG', CRC-32, bit depth, channels, variant) in the first 54 pixels using 1-bit sequential RGB. This header allows the extractor to auto-detect encoding settings without guessing — no header means the extractor runs a 10-config ranked scan.
What does PRNG mode do?
Instead of embedding bits left-to-right, PRNG mode uses your passphrase to seed a Mulberry32 PRNG that shuffles the pixel positions. Bits are distributed pseudo-randomly across the image — this breaks the sequential correlation that chi-square attacks detect. Without the passphrase, the correct order of pixels cannot be recovered.
What does AES-256-GCM encryption do?
Your payload is encrypted with AES-256-GCM (PBKDF2, 100 000 iterations) before embedding. Wrong password decryption returns a DOMException — there is no 'close enough'. The embedded data is indistinguishable from noise without the key, even to someone who knows LSB steganography was used.
Will the stego image survive sharing online?
Only on platforms that preserve exact pixel data: email attachments, Google Drive, Dropbox, Discord file mode. Instagram, WhatsApp photo mode, and Twitter with images > 5 MB all re-compress and destroy hidden data. Always share as a file attachment, not as a social media image.
What is the stealth score?
The stealth score (0–100) estimates how resistant the stego image is to detection. It factors in: bit depth (lower = stealthier), variant (PRNG = better), channel count, fill ratio, and whether encryption is used. A score above 70 means low detection risk from standard chi-square tools.
Is my image or payload uploaded to any server?
Never. All encoding runs in a WebWorker inside your browser tab. Neither the cover image nor the payload ever leaves your device. You can disconnect from the internet after loading the page and the tool still works.