dChan
Anonymous ID: 5c991a Aug. 1, 2018, 1:44 p.m. No.2396481   🗄️.is 🔗kun   >>6504 >>6613

>>2396389

>>2395061

Very nice finds.

So yes, the filenames are reversed, and perhaps the images are as well.

Try flipping the images horizontally before trying to extract the data from them.

 

As for what the passwords are.. try the filename without any number appended to the end, both regular and reversed.

Let me know if that works for you… I still haven't found a way to test these out on my own computer.. MacOS.

Anyone know of a way? If so then I can help.

Anonymous ID: 5c991a Aug. 1, 2018, 1:46 p.m. No.2396504   🗄️.is 🔗kun   >>6613

>>2396481

Actually I'm not sure if flipping the image changes the ability to extract data from it or not - that would be the first thing to test with an image we already know has data and already know the password to.

Anonymous ID: 5c991a Aug. 1, 2018, 1:58 p.m. No.2396723   🗄️.is 🔗kun

>>2396613

Thank you anon I will set things up in a few hours and try and see if I can get anything out of these images.

I'll report back with any important findings.

Anonymous ID: 5c991a Aug. 1, 2018, 3:46 p.m. No.2398957   🗄️.is 🔗kun

Alright I am testing now.

I can confirm that flipping a test image horizontally (or doing anything to it) breaks the stenography. But putting it back in place, or back the right way even after saving makes it work again.

So flipping the images could be the right way to go.

 

Another thing I found online:

mention of f5 in clinton emails

 

https://archive.4plebs.org/pol/thread/159001495/

"nf weder 1 noch 3"

its in the source code for huffman

https://github.com/abronte/f5-steganography/blob/master/src/net/f5/ortega/HuffmanDecode.java

 

This pixelknot stuff might be bigger than we know.

Anonymous ID: 5c991a Aug. 1, 2018, 4:03 p.m. No.2399313   🗄️.is 🔗kun   >>9620

Alright guys I played around with it more. I learned that if you get near the actual password with f5.jar, it starts spitting out some bytes of data and extracting some stuff instead of giving nothing.

 

With this attached image (I flipped it horizontally) and a password of BwlDP I was able to extract some nonsense data. I think it means we are getting close, but I don't have pixelknot in order to try actually getting the real message out.

I'm not able to get a clean file out that says "pixelknot v1.0 password required" etc.

Will update.