Using Steganography to reveal code embedded in Q pics & vids

Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.

Mostly because it doesn't look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them.

also data can be hidden in audio files and video files

>>3264

Let’s get started

Who has a starter pack of images of interest and known techniques to look for?

Good luck guys

>>3264

>>3266

I came over from /qreseaech/, got the subject rolling in a few breads now. Saw an anon post these:

https://8ch.net/qresearch/res/4837362.html#4837427

https://8ch.net/qresearch/res/4837362.html#4837484

Now I am here. Good for analysis, connecting dots, organization.

>>3267

It’s going to take a consistent and persistent effort. Lots of ground to cover and data to gather.

Timestamps, brackets, spaces, etc.

All posts, videos, and images will need to undergo analysis. Best bet to is to just do one at a time together, starting from the beginning. At least until we get more people together. I’m in it for the long haul though. Looking forward to working with you.

>>3269

>It’s going to take a consistent and persistent effort

I'll be watching and helping where I can

If the anon who posted the images can step forward, would be interested if you have the raw images. Kind of hard to see in the ones provided. Has anyone tried messing with Flynn’s new banner twat update yet?

Apparently the method they used was putting Qs pics into a zip folder then selecting edit on the file. This is what came up. This is something else to be considered on top of everything else.

>>3272

>Apparently the method they used was putting Qs pics into a zip folder then selecting edit on the file

not what I would consider as a viable method of detecting an embedded message

I know a tiny bit about steganography

I've always liked crypto

I'll look to see what tools I have accumulated that are still usuable

one from long ago (XP days) is called

binaryTextScan and does what it says

scans a file for text strings (you get to set parameters such as minimum length and character set limits etc…)

I remember looking into pixelKnot a bit, but as it's an android only program as of now I didn't do much with it

I've seen some others

openPuff

stegDetect

VSL

I'd suggest we gather a set of links to tools for the purpose of detecting and decoding messages hidden in files

https://www.geekdashboard.com/best-steganography-tools/

http://www.jjtc.com/Steganography/tools.html

http://stegano.net/tools

Post at will. This thread was listed in Global Notables on /qresearch/

I'd like to help out if I can but I'm very much a novice at this sort of thing. On the other hand I can find my way around a hex editor and would be willing to work at prying apart image files. At a minimum I could try to help gather up best practices and tools from what people post.

>>3266

I think I have every Q image in original compression.

The thing is - they read one size, and then a different when downloaded.

Anyone know 8ch well enough to understand that phenomenon?

Also, will commit to this location for a week, avoiding the distractions of the main board as much as possible.

ANON NEEDS HELP

Working with an above average IQ and 20 years of photo experience including website design and various compressions, but still in over my head.

Here's the original image - in my best knowledge - for the file discovered by helper anon.

06.12.2018 13.08.57 alaska vols sing

This was the G7 trip where the missile was launched, remember? I'd presume the other file info is the time stamp.

It's going to be a bear to get you up to my speed, but stick with me. Will be glad to carefully convey my trials and errors. Have tried to document them well in my files over the months. Will confess that anon is not working on the best machine for this work. Alternate work in another location, but can't get to it for a while. Hopefully, we'll duplicate that work well enough to make it of no consequence.

First concern: some of these results might be computer/platform/compression algorithm specific. We need to find it, and then we need to duplicate it.

Next concern: this work has been shilled so heavily over the months - even to the point of being removed by a bad BV back in the day - that there will be holes in being able to duplicate some of it. But I bet we can. And we are hopefully oldfag enough to ignore the shills.

>>3276 Believe it or not, anon, this is my weakness. So glad to have you here.

(And crazy to be using such low post numbers!)

We can do this.

Anon is available, available, available, but is fond of sleep. (Currently well rested. Needed that nap.)

Go time.

Ready?

>>3276

So HexAnon:

Compress the image from 3277 in a zip

Open that zip in your favorite text editor

Search for the words "zip"

Open compressed data in hex editor

Copy the ZIP components

(This is where anon got lost.

Between the words? Zip at the end. Have no idea what Hex looks like. Raised geeks, but never properly converted myself.)

Copy the data re: zip

Try to read it? Decompress it? Edit that string again? This is where help is required.

It seems that was where helper anon was leading us. Did not convey zip program, etc., but something was able to read through the compressed and embedded data.

(Also suspect that kids to raise routine was a cover.)

>>3277

Shills are easy to filter. Let’s do this

Billed as full-sized images.

A resource:

https://postimg.cc/gallery/29wdmgyze/

>>3277

>Anyone know 8ch well enough to understand that phenomenon?

yes it has to do with the method of calculating the size

1kb = 1000 bytes or 1024 etc…

>Anon needs help

try reading the wiki page

https://en.wikipedia.org/wiki/Steganography_tools

https://en.wikipedia.org/wiki/Steganography

I'll try to answer any questions that I can

Steganography Made Easy in Linux 11 June 2016

Now it is time for our recipient to open this file. After they open this jpg in SteGUI they simply go to the Actions tab and select “extract”. Another pop-up box will appear to input the necessary files. The input file at the top will simply be the jpg that we have sent them. The output file will be a new file we can name anything. Here I've just made it a file called out.txt. Now that we have our information in a text file we can easily open it for display.

https://linuxconfig.org/steganography-made-easy-in-linux

pic of another tut, couldn't copy and paste.

https://www.yeahhub.com/use-steghide-stegosuite-steganography-tools-kali-linux/

Learning how to create an image which contains additional content will help to learn how to extract content. Those who hide information in files using steganography usually do so with the intention that the information will be retrieved by the recipient.

If encryption is employed as an additional layer of security it will limit who can extract valid data.

For Windows users, if you have more than 3 or 4 gigs of ram, you could get linux running in Virtual Box. There are many ready made images of distros, like lemnux, a forensic discovery linux distro. Because it is a prebuilt image there is no need to install the OS. There are several security suites available as prebuilt images. Many are made for VMWare. VMWare runs on Windows, they used to offer a free version called VMWare Player, in which you can run prebuilt images. VirtualBox can run the VMWare format images also.

Running multiflavors OS will allow you to access all potential tools. Sometimes there are OS centric tools with no comparable alternative for the other OS platform.

Have played with a lot of steganography detection, etc., but this video took me the furthest.

https://youtu.be/KUZVIBXfoeA

>>3282

>Learning how to create an image which contains additional content will help to learn how to extract content.

Yep. Already came to that conclusion.

>>3281

Ah! That clicked immediately. Thanks.

Been waiting for this board to happen since the very start!

If we get any data of real value

I believe it will come from this and nothing else,

Good luck, it will be hard and lonely.

does qmap.pub pull raw files from Q posts?

https://media.8ch.net/file_store/a7ffb193423f0a5573ceeefe7c2a7863d1fc6d1559e28d93af78f63e36cdceed.png

I cant replicate the original results from freedom.png

Reposting the first round - the flag.

Remember when it was first posted and their were the dots everyone chased? The code and bars - from what I can tell - came from layers pulled out of the image on another board.

So, this is where the image came through in layers, not zip files.

Means there's likely more than one technique at play.

Also, anon has begged and begged for help and missed a Q & A where anon would ask about steganography, so said so in a link.

Q posted pixelknot not long after that. But somehow I understood that pixelknot (as far as the software) wasn't going to be the answer.

While I've played with passwords off and on, kind of abandoned them after a while. Might need to reconsider.

Two images from bread #3316 as posted earlier. From private archive.

https://8ch.net/qresearch/res/2627000.html#2627687

Has missing images.

Will dig into it deeper in a minute.

>>3264

http://stylesuxx.github.io/steganography/

this might work.

https://postimg.cc/gallery/29wdmgyze/

Archive off all Q images in full rez

>>3289

Link in image

archive.4plebs.org/pol/thread/149158110

Eventually a good discussion in this thread: http://archive.4plebs.org/pol/thread/149183142/#149183683

(FFS. AFLB is there!)

>>3287

>does qmap.pub pull raw files from Q posts?

good question, and a crucial one to our task here

>>3289

>Reposting the first round - the flag.

do you have the original file for 'FreedomFlag' ?

the original file is crucial to finding anything as far as I know

>>3291

Thanks! Posted also a few above you in

>3280

>>3293 (we crossed paths)

>archive.4plebs.org/pol/thread/149158110

READ before posting. READ IN TREE VIEW before posting.

Can't afford to waste our efforts.

>>3276

I've worked in software, written machine code, so hex is no biggie, now that the family isn't pestering me nonstop I can take a look. Thanks.

The flag seems to have come from deriving layers in a photo imaging program, not by code.

Different techniques at play.

I have examples of near hits on the Podesta photo with the fish and number using text edit

and

a couple of layered images embedded in the photos of the garbage truck that was used to ram the train with congressional family members on it.

Will dribble those out, but not right now.

(Can't even begin to process what a year has taught me. That train crash seems like a lifetime ago, but less than a year.)

Oh, and then there's the refrigerated truck drops from Asia where /someone/ and I had a great chat in the middle of the night about "staring at those photos forever or finding out what's in them given their size."

This is real. We have to finish it.

>>3290

Alaska Vols Returned this gibberish. Anyone?

===

Û¡–Èd3I$²Hd–É&ÒË$’K-’™$’Óm6É-’_MšI%²Ù$’[$ÒÛm6[-šÛ-¦S’Ùi K%É šI¶Ël–Ûi²I 6Ó 2“

„@D‚Oí2BM¦S!ºHI¤Úm¶“m²M’[I¤Ù$–Ù’BI²où’Ûd’[m´Ë-ÒKm’m°I–“IÙ$’H$·ó­$É-¤™ $ 0m’Ø@M°’`I:ÛM’Ûm”Ù%&Úa'ÿm¦’m´ëi6ÙM¤©¤Ýý¶ÚM¦Ûm¤ŠM¼Ûm6Ûø£icLÏa9‚ù

BãQè[õö5׆WF—âúH]öÖdt͂èq†—/9¯@H‚hö½_ €ÔH¿TWì³Ù.Š}÷…µsV*óë~!‰Ú˜q¯S–½õ›ì́aA`ñf¹Tã/ô‚>I×kEô»#Odû¾$óè¹Q%ú¼Á:95C$âÕ"Ø·Ÿ­htJ½Ñ‹îŸ]ËïV¤¬[N4Û

m¼Å½nuðY-dg76ž”8›Ù$ó´§ñ©à¶°Éœ•±‰Ñ¬-‰)ËxoÎýùutìgv(Œû.£16Þõa0

.Ñ%Lc"U!pÁþ=Ælø†ø=¸?­–’ŒX ð)sfÿÁ[?Ô,å¯a玃˜–3I®œ‰ßúº­u¦ä\‰öáÞwg€;T!Vq–týZîÏyÃ.nC©ÆeŸD<ý/ÈȖMŒ ¹»õFÉÜvW`Ð?46Qý|[’¶Ž ™<º¤©QLíU¨Œã¢ü8èî¼´7K‰ØLµt³èɃÁ¤Ž

Fh>r*šÚ!cz÷,êøÿ±(Q¢Ÿp%òôΩs.P“-å8½€Iîélۀ¿¯c9ì“I1µ´»aã »XðåM§ö”IÏ°^60ÎǧÃùÀ]O~Oà?ï3ö¡/ѸµPégó‡÷[+Aÿ‘°ðø& HÊÐ0 ‘ÁIï_({"Üp½¨n©´c̝ÁAd|ÍFWx÷þ=|FÀ•º3ÞqóÌŨÐ}ËðN=!Î;bh¹Ø.|Æ9Ž,>çÉÃdYçm½

Ãî2¾}hcq˜Çß+€f¶óÍêFËD†S™ö5ób‰µß,mrÒñC¶ë[Ešµ¶ {#ÃówÈ)?c:Øtô­)U‰'£Øãf…d!øN*,ÔæïüÀ{¬=ÿhû·ƒY\Kí>ñ²Î%Ëñdp d6ߢßϞj–›

øßó'†Á.™ –R8”¹ØL§!†¼ùÓ~ü†b¨œ–ãR48š+„ˆÁ¿±ÙïçÚì/b¢«+Ú/£Îl²oÜ

Ëï@5H{F«¢ð=?¼URóMoÜ2ˆ/|=òE²ZÒ¡câÒ½™¡³ÑÃÞüË÷ߚC1ú9Z»Ks)¿S¨9߀àTÎVãCÛêJ};¶0BٝÁ\ÆâÈ@ÊE¸;4µÜpQz¤pcs^JaÀ÷ÿåšvŸ¹áE¾€P¢+ÉÐÙ

n‡!…

­

Partial. Too long.

>>3291

thanQ that will be very helpful

>>3295

>archive.4plebs.org/pol/thread/149158110

it's possible, I don't immediately recognize that thread (from Sun 12 Nov 2017) do you have a particular post in mind from that thread? I don't really have the time to search thru it

>>3300

It's a Q post there, anon.

http://archive.4plebs.org/pol/thread/149158110/#q149160361

Anything else I can do? Coffee? Tea?

>>3301

ah… OK I understand

by that the original filesize is 3Kb far too small to hold much but who knows?

I'm finding that the different steg software is quite specific about file types

when looking to decode

.png

.jpeg

seem to be most common as outputs for the encoding programs

anybody know what pixelKnot's outputs are ?

>>3299

>FËD

>Ëñd

only thing I saw. Several ways (other than steg) to hide info - been decades since I played with this stuff (on dialup)…

might have a marker before data (think like a comma in a csv)

might be in a grid

might be every so many characters every so often

>>3299

maybe also search for keywords/shorthand names like HRC NN etc

>>3278

I don't think you have to compress it before opening it. I opened it in a hex editor (plenty online for free) and could search the data for the word 'zip' in there. It only shows up once as far as I can tell. If it is some kind of bookmark or flag for zip data then you'd need to figure out the extents of it. Where does it stop and start?

I'm going to do a little bit of learning on zip file structure to see if I can get some other clues. Sadly I never had much training in forensics. That isn't to say I don't find the stuff rather interesting.

>>3305

I tend to be a skeptic in that I will take something like this and think, well you know the 'zip' showing up in all that junk could just be stupid random happenstance. What if it isn't even intentional? (But we know there are no coincidences).

SO I had noticed upon looking at a zipped txt file with just one word in it that the zip file had the letters PK showing up in it (beginning and end) and I thought that was interesting.

If you read up on zip file structure (thanks wikipedia):

Most of the signatures end with the short integer 0x4b50, which is stored in little-endian ordering. Viewed as an ASCII string this reads "PK", the initials of the inventor Phil Katz. Thus, when a ZIP file is viewed in a text editor the first two bytes of the file are usually "PK". (DOS, OS/2 and Windows self-extracting ZIPs have an EXE before the ZIP so start with "MZ"; self-extracting ZIPs for other operating systems may similarly be preceded by executable code for extracting the archive's content on that platform.)

So applying that to the original image from 3277

>>3277

If you open it in a hex editor you can absolutely find PKs in there. If that encourages anyone at all… I think that that it is further evidence that there is a zip file hidden in the image. I will pry at this some more and see if I can tease it out but this is my first time trying anything like this.

>>3306

you might want to read this

https://www.isunshare.com/blog/hide-and-unhide-zip-file-in-picture/

>pic related

They took down the Notable from qresearch, hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.

>>3308

>They took down the Notable from qresearch,

not much of a surprise

>hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.

sounds good anon

experienced help would be greatly appreciated

some of the anons here mean well, but are a bit short of actually understanding the mechanics of what we are doing

I'll keep this thread alive for a few months minimum and see if we get any results

I'll also fire up a few of the steg programs to see what works and what doesn't (some of 'em are OLD!) and provide some examples to help bring people up to speed

>>3307

If there is actually a zip file in there, I don't think it was cobbled together with this method. I tried opening it in 7-zip earlier and it didn't find an archive. There are a few tutorials like this online and it is a clever way to combine images with files but I don't think it applies here.

>>3310

> but I don't think it applies here.

I tend to disagree

If you wish to detect these embedded files you first find a method of encoding and see if that method was used.

If you want to cast off blindly then I'd strongly suggest you investigate the parameters of zip files

header

file descriptor

end of record marker

when you find all three then and only then can be sure there is a zip file embedded in the data between the header and the EOCD (Not to be confused with EOF)

https://en.wikipedia.org/wiki/Zip_(file_format)

>>3311

I've been studying the file in a hex editor and while I did initially find PK in there and the text string 'zip' easily enough, there is no Central directory file header signature = 0x02014b50

The central directory is a crucial part of the zip file. If there is none, then there can't be a zip file archive.

Since there is no obvious central directory file header signature, I went back to looking at the PNG file format to see if there were any other clues in there.

I was not discounting it just because I couldn't open it in 7zip. I was discounting the method because the author said that using that method it ought to be openable in 7zip (which makes sense based on a number of things). I also discounted it because of the other observations I had made.

Note: there is only one instance of 'zip' and one instance of 'PK' (all caps and case is important) in the file.

You can make these observations on your own with a hex editor just by doing searches for the relevent lines.

I also did go back and look at

>>4837427

What he did is NOT stenography. It looks to me like he was looking at hex code and trying to imagine words out of it. He was including the standard PNG tags like IHDR and IDAT in his supposed coded message. This is not legit. I have not studied forensics but I have done programmed computers professionally and I am sure based on things that I do have experience with that this was not a sensible way to analyze a hex file.

and before someone else pounces on me for it, I did not find the header for a pkzip central directory file header in there either… this would be 504b0102

The test file I created to verify my methods did include a pkzip header in it and I was able to find it effectively with my method.

>>3313

Yep definitely not stenography. And if nothing came of the flag either then it’s back to the drawing board.

>>3314

Not Steganography either heheh

>>3309

I guess we need to pop an image up now and then to keep interest high. I don't think a couple of hours are enough to grab moar brain power.

From what I'm reading in this thread, not even close. Lots of helpful suggestions but very little knowledge. Frustrating.

Adding an image that has, according to the place I grabbed it, been decoded, but did not come with the decode. Or maybe it's that one of the train crash images came from the red/blue meme? When that meme is small in the preview, you can see layers behind it.

AGAIN IT APPEARS THIS NEW MEME HAS SOMETHING IN IT, BUT THE TECHNIQUE IS ANOTHER IMAGE LAYER AND NOT A ZIP FILE.

Will spend the day going through archives to see what's been missed with regard to possible techniques.

Tackling Android Stego Apps in the Wild

https://arxiv.org/pdf/1808.00430.pdf

according to this

>As shown in the “Output Format” column, 2 of the 7

>apps produce stego images in JPEG format while the other

>5 produce PNGs. The two types of output format indicate

>different embedding domains: frequency domain embedding

>for JPEG and spatial domain embedding for PNG.

so… if it's done on an android platform the output format is either JPEG or PNG

>>3320

> I don't think a couple of hours are enough to grab moar brain power.

I agree

I will attempt to educate those who browse here in an attempt to grow 'moar brain power'

some step-by-step instruction & examples of how to use some of these software packages to hide data in images may help people learn the techniques necessary for detecting and decoding any 'found in the wild'

>>3322

Here's a link I was given ages ago - about the time of the refrigerated truck drop from Aisa:

https://www.mobilefish.com/services/steganography/steganography.php

That video I posted - comms BO - can you allow video embedding? Might catch attention that way.

Will leave it to you to do the job if it's a go.

https://youtu.be/KUZVIBXfoeA

Moar tools stashed somewhere. Let me find them. Can't say they matter without a better understanding, though. Part of anon's barrier has always been the issue of preserving anonymity. Could work with a local group in person, but that seems risky.

>>3323

>can you allow video embedding?

done

>>3324

Huzzah!

>>3325

Warning this is NOT a PDF

This is a test to see if we can share programs here.

this program BinaryTextScan.exe is an old windows XP utility for scanning files of any type for text strings.

I've changed the extension on the file

BinaryTextScan.exe (a useful tool for the windows platform) to

BinaryTextScan.pdf

in order to see if I can upload it here.

If successful you should be able to download this file and change the extension back to .exe and have the working program

http://www.antionline.com/showthread.php?245747-Binary-Text-Scan

>>3327

I'm uploading two files

qrflagEditedWreadible.png - original PNG graphic

crFzip.png - final output file with zip embedded

crFzip.png also has the plain text Hello World in it

I set the color of the text to be slightly off from one of the major colors in the graphic and then placed the text in that area

I first ran into that type of stego way back in the web design days

You'd have a front page for your website that the web crawlers would read… there was the black text on the background that all humans could read and also there was text in a color so near the background color the human eye couldn't see it. This was to stuff the page with key-words for the search engine crawlers… the crawler would see ALL the text while the humans wouldn't see all the key-words and phrases the web site designer wanted the search engine to see.

Other Steg help:

https://medium.com/@FourOctets/ctf-tidbits-part-1-steganography-ea76cc526b40

https://www.kitploit.com/2018/06/stego-toolkit-collection-of.html

>>3328

I remember that. Trying to game Google for page ranking.

>>3328

uploading both the hex editor's view of the beginning and end of crFzip.png and HelloWorld.zip for comparison

and the 'color swap' technique to reveal the Hello World plain text message color embedded in a red stripe

most of the red stipe is color AB1E31 (171,30,49) so I wrote the text with font color AF1E31 (175,30,49) and it's invisible until I do a color swap

>>3330

yup that's the trick

>>3329

thanQ

looks good, I'll prolly try the toolkit as it seems to install many of the programs I've already been looking at / test driving.

one question

what is CTF ?

>>3332

Best I can tell? Geek games. Capture the Flag.

https://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/

Race-to-the-finish type challenges.

>>3333 (cheKEKed)

>Capture the Flag.

makes sense.

>>3334

pixelKnot sux

can't get it to decode a test message I just encoded with it

kek

>>3335

Thanks for trying.

Do think this is how we learn: Make and decode our own. Test for techniques.

>>3336

>Make and decode our own. Test for techniques.

I agree

I remember reading somewhere a myth about the origins of stegonography

Seems in Roman times it was common to use a small piece of wood (tabula) covered with wax as a notepad. You could scratch your message or notes onto the surface, then commit it to something more permanent at leisure if needed or simply melt the wax to erase and make the tablet ready for another use. These things were fairly common and the practice well known so of course the military used it for orders and correspondence. Here's where the fun starts, at some point a smart man figured out a method to get a secret message thru to it's intended recipient undetected. Simply scrape off all the wax, sand the surface a bit, write your real message in charcoal onto the bare wooden surface, then re-cover the tablet with wax scratch a cover message into the surface and have the tablet delivered.

Anyone not knowing there was a hidden message or how to extract it would assume the message seen on the surface was the totality of the tablets meaning.

I've wondered about Q's possible use of steganography. There are simple methods and complex methods of encoding, some are easy to detect and some not so easy… IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?

>>3337

I'm going with both, from what I've seen.

Someone work with this in photoshop to reveal a back layer?

Does this cipher look familiar to anyone?

>%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

>&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

>>3337

good forensic tools for detecting the presence of messages hidden in files is a little hard to find, so far I've tried a few different stego progs and some work, some don't and some I cannot use due to platform restrictions.

the following is a quote from the softpedia site

++++++++++++++++

In order to be able to encrypt images, users will require specialized software applications for embedding messages and extracting them.

The main advantage of this security technique is that encrypted images typically require the original application to display the message, therefore unauthorized users have little chance of decrypting pictures without the appropriate tool.

Lost our mojo?

Will be around for a couple of days. Working at least one idea.

FIGHT FIGHT FIGHT.

We have to get this done.

>>3359

Very interested in this also .. but need someone to show us a proof of concept ie what works.

Have tried the app suggested in the Q drops but didnt get anywhere - but have been wondering if this is why Q keeps on about needing the keystone … because it unlocks hidden information contained in the graphics.

>>3360

>the app suggested in the Q drops

which Q drops

what app?

>>3360

Today anon will set up to perform hiding a message and then decrypting it. If successful, will post here to see of others can decrypt.

But first, much coffee.

>>3362

what app will you be using to do the encoding?

see

>>3341

> typically require the original application to display the message,

I've found this to be true in my limited experience.

I'll reciprocate,

I used Open Puff v4.01

password A ~ Quiet Skies

password B ~ Flesh-Eating

password C ~ Alabama Election

under the PNG options I used the 1/4 [25%] - High encryption setting

original image ~ schiffMagaHatOriginal.png

image with encoded message ~ schiffMagaHat.png

you tell me what the message is

>>3363

Yes, but no.

Going with the hunch that decode is photoshop or decompression (zip) and not app specific.

>>3364

>the hunch that decode is photoshop or decompression (zip) and not app specific

OK…

care to elaborate on the method of embedding the message you'll be using?

a simple bit shift on the color for the text as discussed >>3328

or are you thinking it will be an embedded photoshop layer ?

>>3364

try this one then

a message was embedded using the color method

look for D51629

>>3361

pixelknot

Q1715

>>3368

or do you think that was misdirection from Q ?

>>3338

>>3370

Its Franklin and Washington in front of Independence Hall.

>>3371

>>3369

>or do you think that was misdirection from Q ?

I don't know

>>3337

> IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?

I didn't have much luck with pixelKnot

I'm platform limited, the only android machine I have is ancient (lollipop 5.1.1)

I could try installing android in a VM and then trying it again.

currently exploring ghiro

>>3365

Did you watch this?

>>3324

>>3374

I've watched part of it

it seems to be the intimate dissection of a png file, exploring the multiple hiding places within it

It seems there are many, many ways of hiding data in a graphics file. If you do not know the method used, it is almost impossible to determine if any message is hidden or not.

So… is the current thinking to try all known methods, one at a time on each graphic file under question?

>>3375

My current thinking is that there are at least two methods.

1) The original images that Q drops with black headers and footers have zip files embedded. The black provides ample room to hide the data.

2) The other drops - without black - might have layers that can be detected using some of the first methods described in that video.

IMAGE SIZE is important. The black-bordered images that Q uses are generally very large, much larger than is necessary to convey a photo to this board.

>>3376

>much larger than is necessary to convey a photo to this board.

on this we very much agree

>The original images that Q drops with black headers and footers have zip files embedded.

from my understanding the files do not have to be zipped, it can be plain text / cypher text. in the video you reference >>3324 the 'flags' are in various forms & places

>>3277

>>3376

I've loaded some of the graphics from

https://postimg.cc/gallery/29wdmgyze/

with the black top & bottom border

>pic related it's the list

I've run them thru ghiro (an automated detection app)

I'll post anything I find

if there are graphics you'd like to add to this list, please let me know

>>3378

Thanks. I've got them all, too, with their original names. I kind of think that might be important.

Anyway, my apologies anons. Day late and dollar short. IRL is kicking my ass, but hope to experiment more tomorrow with embedding zip into a black bar image like those we've been given. Still think our best instruction might come from doing it ourselves.

Godspeed, y'all. May sleep find your way.

Can you find the text zipped into this png image?

Created on a mac, but it shouldn't be specific. If you can handle png and zip files it should be there.

>>3306 Will go in and see if PK and zip are in there.

>>3276 Hexeditor anon - give it a try?

>>3380

>Can you find the text zipped into this png image?

yes

when I tried to look at it on my XP system I could tell your message was encoded on a Mac

my linux system decodes it fine

I've added a file

>>3381

Sadly, anon is allergic to corn. And cold. Kek.

Ok, so you weren't able to get to the text.

I did, however read your addition beautifully.

Well, we got this far. I guess I'll think on it again.

>>3382

>>3381

I was able to read it

the text encoding didn't set well with XP

but works fine with linux

this is edit.zip that I've renamed edit7.pdf

download & rename… enjoy

>>3384

won't load.

So now that we have a method - do we start going through the drops that are png and large with black at top and bottom?

>>3386

Tried my method with this image. Nothing.

>>3385

I just tried downloading it & renaming it edit7.zip

worked fine

>>3386

(a method?) there is a color shift method discussed above

adding a zip file to a png is only one of several methods, it's a simple one like the color shift can be done without steganography software

I've loaded several of the files into ghiro

>>3378

I'll dig into the results (some of the files show interesting oddities) and share which files might be worth looking at

>>3388

Method:

https://www.hongkiat.com/blog/hide-zip-image-mac/

>>3389

my point was that there are many methods besides the hidden zip file at the end of a PNG

in the video >>3324 seven (7) different areas where data can be hidden inside a PNG file without using a zip file

the color shift technique as demonstrated

>>3366

>>3328 (another demonstration and short explanation)

I see this isn't getting much attention. Crap.

Guess I'll keep going at it alone.

>>3391

you aren't alone

I'm still chugging away with the ghiro results. some of the graphics do have anomalies I'll upload a list in a day or so

IRL calls, and I must answer

this thread will be here

New Q image. I suggest looking here.

>>3393

Photo is 3kb .. so not much room to hide anything.

Original photo has been located and possible links discussed.

https://voat.co/v/QRV/3009700

https://www.dvidshub.net/image/1565208/airstrikes-syria

Hopefully this may help you guys figure out where best to start searching.

>>3394

there are many earlier versions

and yes, you are correct the size of the JPG file makes it very hard to hide anything.

the string that was found (hex address 00068) may or may not be meaningful

I've been going thru the palette to see if the color method has been used to hide text, so far no luck

>>3393

I did try to unzip it with the method I used earlier. No luck.

Come on Q. You know we are trying.

So atypical. Tiny file size. jpg instead of png. But, all of that black at the bottom is typically a good place to hide something.

Frustrated and STUCK. Which sucks. Arrrrgh.

>>3393

Super noisy around the planes. Increased sharpness.

>>3397

Keep trying … I know I have felt that way a 1000 times with tweet decodes .. which then leads to questioning yourself.

It may be that in this case the picture was an identifier .. designed to lead people somewhere .. rather than a carrier packet. Just a thought.

>>3398

the originally posted image

>>>/qresearch/4989823 is the one you want to look at

the

>noisy around the planes

is due to compression from the original (oldest on the interwebz) image according to Tin Eye was from r/MilitaryPorn/ at reddit and is significantly larger at 811KB seen

>>3395

IF Q hid anything in the image it's in the smaller one Q posted and not the earlier ones

a new Q posted graphic to investigate

>>>/patriotsfight/468

>>4048

Yes it is. And there was some done on it, but the anon who claimed to have the most content refused to explain how the content was derived.

Sigh.

>>4115

when they can't explain it, they don't really have anything.

the one interesting thing I'll share from the most recent Q graphic

this pic >>4048

has 260 unique colors

they might all be used for shading… or maybe one of them is used to hide text as in the example

>>3328

>>3331

IF a code anon could make a script that would

1. count and identify the unique colors in a graphic then

2. swap each unique color with a high contrast color one at a time

3. run an OCR (optical character recognition) program on the modified graphic and make note if characters are identified

4. if characters are identified note which unique color

5. swap color back and try the next unique color on the list.

A human could then take this short list of unique colors that are used in characters and read the message(s)

another tool for the arsenal

https://www.incoherency.co.uk/image-steganography/#unhide via DarkPoint

>>>/qrb/37786

>>5646

bump

Posted this in /qresearch/ and got directed here. I was looking at the 2 flags in Q posts 3908 and 3983.

Same dimensions, and imagemagick even reports the same visual "signature" hash for the images, but they have different file sizes and checksums.

What I found was interesting was the SHA256 hash of the most recent image (3983) is the filename of the image in 3908:

sha256sum AMERICA.png

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920 AMERICA.png

Post 3908 filename: f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

My theory is that the key to decrypt an image is contained in a previous image. But I'm not sure how to take this further.

>>10807

please post the actual files here

>My theory is that the key to decrypt an image is contained in a previous image.

when you have an "original unmodified file" and a "modified file" it makes it much easier to find the changes

Anon is correct we they say the file name for the earlier flag is a sha256 hash however. America does not hash in sha256 to the same file name as the earlier flag. From what I can find out so far sha256 is a one way hash. So when you "decrypt" these hashes on the random websites that do that all they are doing is checking it against their database of collected hashes and checking if they have a match. So one possible method would be to build our own database of likely Q related words converted to sha256 and this would give us the name of the earlier flag picture. These file names could be passwords for pixelknot. Also I did note that file names from original Q posts are different than the file names from q.map.pub but that's to be expected no comms outside these boards right.

I am new to Steg, Programming/Database background. Long time Q follower.

I am suspicious of the two "Hunters" posters from 2-10-20 and 4-09-20. They are the same canvas size (1500x1500) 8 bit gamma, but they are different physical file sizes. The pictures are slightly different quality.

WHY ?

Q doesnt do things like that without a reason. I am currently working with Stegcracker and looping through the Q image filenames as a password list. next list Stringers.

I need all the help I can get. Building the image filename list is time consuming and I have found no complete list of Q's image filenames, only partial.

as posted

>>>/qresearch/8973193

Thought this was interdasting r.e. the flag pics do any of the ideas in here correspond to steg data etc.?

The flag photos posted by Q recently have the same filename, but different canvas sizes and physical disk sizes. in my uploads, the one filename has a "-2" appended.

I ran the ExifTool on the Steeple from #3988 and found the author shows "events847".

Post #847 says "Watch the Water"

I found the original Steeple pic here, and running it through the ExifTool shows the same metadata. Still, there are no coincidences:

https://oldnorth.com/wp-content/uploads/2016/09/lclitlantern.jpg

>>3266

check out StegoAppDB.

This is a HUUUUGE database of stego & original cover images used to train algorithms to identify steganography.

There are many machine learning stego projects up on github. Clone one of those bitches, import your clean set and your steg set for training… then go grab a bunch of "suspect images" from whatever board you want, and run them against your newly trained algo.

The one I suggest trying is PixelKnot. PixelKnot is an Android app that uses the F5 algorithm to do its thing. There is well over 300gb of PixelKnot pictures to play with on StegoAppDB, free to use & download.

You can obviously create your own sets as well by scripting tools, but this is an easy way to get started with KNOWN images.

#HappyHunting

>>11727

Wouldn't that go back to "Two if by sea"?

>>13401

So someone with an Android device should get busy. #offthehook

as posted

>>>/qresearch/9122180

>>>/qresearch/9121987

https://blackarch.org/tools.html

>>13457

Yep, that was my thought.

Working with the Easton flag. There's a small row at the top. Using the stego video to get started.