Last updated:

Steganalysis Lab

Test an image for hidden data. The lab runs a chi-square LSB attack (the classic detector for least-significant-bit steganography), visualizes the LSB bit-plane, and attempts to recover any plain-text hidden in the low bits. The engine is real Python (NumPy + Pillow) compiled to WebAssembly and runs entirely in your browser — your image is never uploaded.

🔗 Related tools
Steganography Guide Forensics Lab EXIF Viewer Reverse Image Content Credentials
Runs locally via Python (NumPy + Pillow) in WebAssembly. Engine downloads once (~16 MB), then works offline. Your image is never uploaded.
👁️ ② Drop an image here, or click to choose.

How LSB steganalysis works

The most common image steganography hides data in the least-significant bit of each pixel. Embedding random (encrypted) data makes the counts of each value-pair (2k, 2k+1) converge, which the chi-square attack detects. Plotting the test over an increasing fraction of the image reveals sequential payloads — the curve stays high across the embedded region, then falls. The bit-plane view shows the LSB layer directly, where hidden data often looks like structured noise, and the lab also tries to read any plain-text written into the low bits. These are strong indicators for naive LSB tools, not a universal detector — adaptive or transform-domain steganography needs other methods.

Frequently asked questions

What can this detect?

Least-significant-bit (LSB) steganography in images — the most common kind used by free stego tools. It uses the chi-square attack, a bit-plane view, and a plain-text LSB reader. It will not reliably catch adaptive or transform-domain (e.g. JPEG DCT) steganography, which need other techniques.

What does the embedding probability mean?

It is the chi-square attack's estimate that value-pairs have been equalized by LSB embedding. Near 1 across part of the image strongly suggests hidden data there; near 0 suggests none. Natural images with very flat histograms can occasionally read high, so corroborate.

Is my image uploaded?

No. The analysis runs in your browser through Python (NumPy + Pillow) compiled to WebAssembly. After the one-time engine download it works offline and your image never leaves your device.

It found no hidden text — does that mean the image is clean?

Not necessarily. The text reader only recovers data stored as plain ASCII in row-major LSB order. Encrypted or differently-ordered payloads will not show as text even when the chi-square attack flags embedding.