2PAC + RAT Finder

2PAC hides data inside images. RAT Finder catches the rats - people sneaking hidden data through your images, or corrupt files breaking your collection.

In memory of Jeff Young. All Eyez On Your Images.

Two tools, two jobs.

2PAC - You want to put data in. Someone is sneaking information to the feds, hiding messages inside vacation photos, or exfiltrating data through image attachments. That's what 2PAC does - it hides text inside images so nobody knows it's there. You can also extract it back out.

RAT Finder - You want to catch a RAT. Someone sent you an image that looks normal but might have a secret payload hidden inside. Or you have a folder of images and some of them are corrupt - broken headers, truncated files, gray blocks where the photo should be. RAT Finder detects both: steganography and corruption. Use a RAT to catch a RAT.

2PAC - Put Data In

You want to hide data inside an image.

  • Hide a message that nobody can see
  • Extract hidden messages from images
  • Password-protect your secrets

Go to the 2PAC tab to hide or extract data.

RAT Finder - Catch a RAT

You want to find out what's wrong with an image.

  • Someone sent you a photo - is there a hidden payload?
  • Is this JPEG corrupt? Is this PNG truncated?
  • Batch-check entire folders for problems

Go to the RAT Finder tab to analyze images.

How does steganography work?

Every pixel in a digital image is stored as numbers - three channels (red, green, blue), each 0–255. That's 8 binary bits per channel.

LSB steganography changes only the last bit - the least significant bit. The visual change is invisible:

Original pixel:   R=156   G=89    B=201
Binary:           10011100 01011001 11001001
                                            ^--- this bit stores your secret
Modified pixel:   R=156   G=88    B=201     (89→88, undetectable to the eye)

A 1000×1000 image can hide roughly 375 KB of text this way. What does that mean?

Reference Size
A text message ~100 bytes
A typical email ~2–5 KB
The US Constitution ~46 KB
A 20-page research paper ~150 KB
A full novel (~60,000 words) ~360 KB

So a single 1000×1000 photo can hide roughly a full novel. A 4K phone photo (4000×3000) can hide ~4.5 MB - about twelve novels.

Add a password and the data is XOR-encrypted before embedding.

2PAC also offers DCT mode (experimental) which hides data in the frequency domain instead of pixel values - harder to detect but with much lower capacity.

How does RAT Finder detect steganography?

Seven forensic techniques combined into a weighted confidence score:

  • LSB Chi-Squared - Natural images have structured LSBs. Steganography makes them uniformly random. A statistical test catches this.
  • Histogram Analysis - Systematic LSB modification creates a distinctive "comb pattern" in color histograms.
  • Error Level Analysis - Re-saves the image and measures pixel differences. Edited regions show different error levels.
  • Visual Noise - Compares noise levels across color channels. Steganography creates a detectable imbalance.
  • Metadata Inspection - Scans EXIF data for known steganography tool signatures (OutGuess, StegHide, JSteg, F5).
  • File Size Anomalies - Compares file size against expected ranges. Embedded payloads bloat files.
  • Trailing Data - Checks for data appended after the file's official end-of-file marker.

A confidence score >= 70% means HIGH SUSPICION.

How does image validation work?

RAT Finder runs images through a multi-step pipeline:

  1. Header check - Quick structural validation
  2. Full pixel decode - Reads every pixel to catch truncation
  3. Visual corruption (optional) - Detects gray/black blocks from damaged storage or incomplete writes
  4. Structure audit - JPEG marker chain or PNG chunk validation
  5. Re-encode test - Catches subtle decoder errors
  6. External tools - Runs exiftool and ImageMagick if available

Supports JPEG, PNG, GIF, TIFF, BMP, WebP, HEIC, and ICO. Repair is available for JPEG, PNG, and GIF.

GitHub | DeepNeuro.AI | In memory of Jeff Young