Pixelknot: Hidden Messages

pixelknot banner hide messagesWhat is Pixelknot?

pixelknot qr

Play Store

Pixelknot is an Android application that allows users to hide short text-based messages in photographs and share them across trusted channels.

Pixelknot is now available on the Google Play store, Amazon appstore, and also on our website and verifiable via the asc.

What is Steganography?

The practice of embedding secret messages into a piece of media so that no one, apart from the sender and intended recipient, know that the secret message exists. The newly developed algorithm F5 withstands visual and statistical attacks, yet it still offers a large steganographic capacity. F5 implements matrix encoding to improve the efficiency of embedding. Thus it reduces the number of necessary changes. F5 employs permutative straddling to uniformly spread out the changes over the whole steganogram.

The Guardian steganography standard: we are working towards ensuring that the secret message in an image must:

  1. Have the original image appear, to the trained human eye, unedited.
  2. Have the bytes of the image appear, to a trained analyst, undistorted so much so as to arouse suspicion.
  3. Have the complete message be recoverable no matter how it is transmitted.


pixelknot UIFeatures

Have a secret that you want to share? Why not hide it in a picture? With Pixelknot, only your friends with the secret password can unlock your special message. Everyone else just sees a pretty picture. It’s a fun and easy way to share hidden messages without anyone knowing. Take those pixels, twist them in a knot, and see for yourself!

★ DISGUISE YOUR MESSAGES: Pictures are public, the text is hidden inside. Even a trained eye will think the image is unedited. It’s security through obscurity!
★ FOR YOUR EYES ONLY: Put a password on the secret message to make sure that no one can read it except the person it’s meant for.
★ EASY IMAGE CHOOSER:  You can use the camera to take photos, or just use photos you’ve already taken.
★ INVISIBLE CHANGES: Even a trained analyst analyst shouldn’t be able to detect any message. The image bytes should seem undistorted.
★ SHARE ACROSS PLATFORMS: Want to share the images over email, file sharing tools (like Dropbox & Sparkleshare), social media (like Google+ & Flickr) or directly through Bluetooth or NFC? Not a problem! The messages are still recoverable on the other side. We’ll have even more tools (like Facebook) working soon, so stay tuned!
★ AD-FREE: We want your love, not your money.
★ MATHEMATICALLY SECURE: We use the newly developed steganography algorithm F5 which implements matrix encoding to improve the efficiency of embedding and employs permutative straddling to uniformly spread out the changes over the whole steganogram.
★ ATTACK RESISTANT: We’ve launched attacks on images with messages hidden in them using a specialized version of stegdetect, an automated tool for detecting steganographic content in images. In most cases, the pictures have been impervious to attack. We will be including detection in an upcoming version of the application so you can easily test it yourself!
★ ARTIST FRIENDLY: The app features the work of Pablo Picasso. His painting “Girl before a Mirror” from March 1932, to be exact. We hope it inspires you to share beautiful imagery and wonderful ideas.
★ WE SPEAK YOUR LANGUAGE:  Or at least we try to. Don’t see your language? Join us and help translate the app: https://www.transifex.com/projects/p/pixelknot/

Usage Notes

This is still an experimental application and should not be used in real world deployments. We’re skeptical yet optimistic about stenography usage in the field. Most existing steganography tools are security through obscurity. Detection has become easier, but we’re experimenting with new newer methods. Getting users to adopt the tools means insuring that these tools, are verifiably secure, and also usable. We’re exploring options and reviewing best design practices from the field. Overall, this research and not a definitive study. We look forward to further focus, research, and collaboration in the field.

The Guardian steganography standard results:

  1. Unedited? Many of the apps produced rendering errors, warped in some way. Otherwise, images did not appear edited in any of the apps.
  2. Undistorted? Initial tests with stegdetect have had success. Trained analysts have not yet been engaged analyze whether distortion has occurred..
  3. Recoverable? Certain apps re-render the image when sharing, thereby making it unrecoverable. We’ve tried to integrate this into our User Interface to limit problems.


  • Source code is available via our Github > git clone https://github.com/guardianproject/PixelKnot.git
  • Come discuss on #guardianproject on irc.oftc.net or #guardianproject on freenode.

29 thoughts on “Pixelknot: Hidden Messages

    1. Open an image sent to you or in your Gallery using the “Share” action bar option, and send it to PixelKnot.

    1. I was able to open an image and retrieve the embedded message. From the Share icon, if PixelKnot doesn’t show up in the list, try “Show All” and then select PK.

  1. It’s great but wouldn’t anyone with the app or with the right ‘algorithmic’ tools be able to pull the message from the picture? It could be nice to be able to add some encryption to the text before it’s embedded…

    1. It is true that it is possible to run pixelknot on a stream of images to see if there is anything hidden in them. That process is quite CPU intensive, so it is a roadblock to mass scanning of images. The app also lets you encrypt the message using AES and a password.

        1. AES stands for Advanced Encryption Standard. It is a strong method for encrypting data.

  2. Pixelknot is useless, as it is not working on my Nexus one android.
    It stopps working at the stage of decoding. (Surgeons)
    So it is totally useless.

  3. Nice app. Seems to hang when scanning images with no messages in them, or maybe i was not patient enough. Some notification that an image was not found or a progress notification if it’s still scanning would be nice

    1. Pixelknot can not decrypt on the same device that encrypted the picture. Could someone please help with figuring out what is going wrong!

      1. Make sure you are choosing a large, high-resolution photo to share. Also, try with a short message and short password as a test.

  4. I am intrested on the attacks used spicifucally ang if you put up against hip which may beable to extract the hidden content if not I may test this myself

  5. why between the “trusted apps” there are Gmail and Gdrive ?

    can, optionally, be marked in a visible way the output picture ? I know that this would be anti-steganography behavior, but can help to notify the other person to use pixelknot (is not executed automatically, then the casual adopters can forget to extract data, and the casual user do not need really steganography defense, but is strong has the possibility in the pocket).

    then I believe an optional and recurring mark can help in spread pixelknot usage.

  6. Hello,
    great app but many time I can’t restore the message because it says “wrong password”

  7. It seems to work fine but the recipient can’t enter the password anywhere. It’s just a picture. What am I doing wrong?

  8. Cannot recover msg. after sending as attachment or just opening the file w. PKnot after entering password. Gives invalid password error no matter what jpg , what password or which version of PKnot. Tried all I could find. Is there a jpg or password limitation ? Samsung @galaxy tablet 7.co.7

    1. The goals of using stenography are different, but similar, to the goals of using cryptography. PixelKnot supports encrypting the data that is embedded into the image, so the data will remain private. The point of the stenography is to make it hard to notice that cryptography is being used. Unfortunately, it is relatively easy to automatically detect encrypted data. Using stenography makes it harder to spot encrypted data. But with all stenography algorithms, there is no “guarantee” something is hidden, it just makes it harder to find.

  9. To make it safe i suggest: encrypt the Text with AES or PGP , maybe also with SQLcipher or truecrypt/vera or whatever would be the optimal algorithm which produces not to much data but still gives strong security. Then copy thd encrypted message in the picture via pixel knot. Use a high resolution picture, minimum 15 mega Pixels, 25 would be better. Then send some ; gh resolution pics so it seems normal that you send pics in this solution. Maybe also to different friends. But only in one or two will be a secret message.
    Maybe it also makes sense to send them via textsecure, chatsecure, conversations (encrypted for sure. There you can choose if encrypted by PGP or by OTR ). Maybe also b, threema, wickr or Telegramm, even though they are not ( not yet i hope) OpenSource.

  10. You guys need to add a “decrypt” option. I have no idea how to add the picture that has the message to he app and then let alone decrypt it even with the password.

    This is basically an unusable app the way it stands.

    Otherwise the thought behind the app is good but that is all that’s good about this app.

Leave a Reply

Your email address will not be published. Required fields are marked *