Friday, 8 August 2014

Send exe files through gmail using steganography

Mails used to be the easiest way to spread malware. So obviously Gmail doesn't allow users to attach windows executables (.exe) to mails in order to protect it's users from screwing up their windows machines. However, we may have to send .exe files which are not malware via mail. Before, you could've just renamed the extension from .exe to something else or made a zip/rar archive and gmail would simply allow you to attach it. Sadly, it doesn't work anymore as gmail started reading file headers of attachments and started reading files inside zip/rar archives.

So I figured out a simple way to do this using steganography. The idea here is to embed the exe file inside any image and attach it to the mail. Gmail will think that it is just an image and will be oblivious to the fact that there is an exe file hidden inside that. Later the other user can simply extract the exe file from the image and use it .


Download mailexe (Don't forget to make it executable).


$ ./mailexe -e  [exe file] [image file]

A file called image.png will be created. This image file has exe file hidden in it. Send this via gmail.


$ ./mailexe -d [original image] [duplicate image]

A file called output.exe will be created. This is exe file which had to be sent!!!!! Congrats!

How it works?



Convert the image and the executable to base64 and save it in a file

$ base64 [image file] > temp
$ base64 [exe file] >> temp


Decode base64 file and save it as image

$ base64 -d temp > image.png


Send image.png and the original image file via gmail


Step 1 

Download both the images and convert both of them to base64 and extract that base64 part of exe file.

$ base64 [original image] >original
$ base64 [duplicate image] >duplicate
$ diff -ed original duplicate >diffed
$ tail -n +2 diffed |head -n -1 >exe.64


Now convert extracted base64 to exe

$ base64 -d exe.64 > output.exe

Now you can simply run the exe file.


  1. I used to use mcrypt to encrypt the file and later decrypt it. I guess that's much easier than this!

    1. Nice idea! I guess complexity wise both the methods are same :P