Dr Charles Clarke 03/12/2018 12:03 Document Version v03

Dr Charles Clarke 05/06/2022 16:45 Document Version 04

IMAGE INTEGRITY LAB

Question: Do WhatsApp, Instagram, TikTok and other social applications, maintain the
integrity of images sent between communicating parties? A cryptographic hash function can
be used to answer this question!

Lab Resources
• Kali Linux
• Access to: https://www.fileformat.info/tool/hash.htm?text=admin
• Access to an email account
• Access to a social media account

For this activity, you will need to pair with another person who shares a common social media App
with you. Examples of such Apps include:

• Instagram • Telegram
• WhatsApp • Line
• Facebook Messenger • TikTok
• SMS • Skype
• WeChat • Email
• Viber • etc.
• Snapchat

Note: You are free to use any App of your own choice.

ACTIVITY 1: Create two folders

1) Create two folders on the desktop, one called Sent and the other called Received

ACTIVITY 2: Find images

2) Find two random images online and save them in the Sent folder.
o One image must be a .png file format (less than 5 MB).
o The other must be a .jpg format (less than 5 MB).

3) Visit: https://www.fileformat.info/tool/hash.htm?text=admin and use the following option to get

a separate MD5 Hash for each image.

4) Save the hash for each image, in text files called SendHashPNG.txt and SendHashJPG.txt. Save
both files in the Sent folder.

Dr Charles Clarke 03/12/2018 12:03 Document Version v03

 Dr Charles Clarke 03/12/2018 12:03 Document Version v03
Dr Charles Clarke 05/06/2022 16:45 Document Version 04
ACTIVITY 3: Get the images on to your mobile ready to send via the social media App:
5) If you are running this activity on a Workstation, send your images as a personal email (e.g.,
GMAIL) from your workstation to yourself as the recipient.

6) From your mobile, open the email that you sent to yourself and save each image to your mobile
device.

ACTIVITY 4: Send each image to the person you have paired with via the social media App:
7) Send the .png file as an attachment to a message.
8) Send the jpg file as an attachment to a message.

ACTIVITY 5: Save the images from the Social Media App:

9) Once you have received each message containing the images sent to you via the messaging App,
transfer them from your mobile device to the Kali VM, and save them in a folder called Received.

NOTE: You can repeat the previous approach of emailing the images to yourself from the mobile device,
then retrieve them via email on the kali VM, and save them.

ACTIVITY 6: Scrutinise the integrity of the images received via the social media App:
10) Visit: https://www.fileformat.info/tool/hash.htm?text=admin and use the following option to get
a separate MD5 Hash for each received image.

NOTE: The file extension of the images received may have been changed by the messaging App. For ex-
ample, what originally had a .png extension may now have a .jpg extension. This already indicates that
integrity has not been maintained.

11) Save the hash for each image in text files called ReceiveHashPNG.txt and ReceiveHashJPG.txt.
12) Compare your SendHashPNG.txt with your recipients ReceiveHashPNG.txt
13) Compare your SendHashJPG.txt with your recipients ReceiveHashJPG.txt

If the hash values are different, the social media App that you used does not maintain image integ-
rity (i.e., they modify image content).

ACTIVITY 7: What is the answer to the question posed at the start of this lab activity?
Does the social media application that you used maintain the integrity of images sent between com-
municating parties?

Your answer: ___________________________________________________________

END OF LAB ☺

Dr Charles Clarke 03/12/2018 12:03 Document Version v03