Anonymous ID: f04ce8 STEGANOGRAPHICS Jan. 20, 2019, 1:30 p.m. No.3264   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3265 >>3268 >>3290

Using Steganography to reveal code embedded in Q pics & vids

 

Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.

Mostly because it doesn't look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them.

 

also data can be hidden in audio files and video files

Anonymous ID: 1b6cbb Jan. 20, 2019, 2:05 p.m. No.3268   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3264

>>3266

I came over from /qreseaech/, got the subject rolling in a few breads now. Saw an anon post these:

 

https://8ch.net/qresearch/res/4837362.html#4837427

 

https://8ch.net/qresearch/res/4837362.html#4837484

 

Now I am here. Good for analysis, connecting dots, organization.

Anonymous ID: 1b6cbb Jan. 20, 2019, 2:09 p.m. No.3269   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3270

>>3267

Itโ€™s going to take a consistent and persistent effort. Lots of ground to cover and data to gather.

 

Timestamps, brackets, spaces, etc.

All posts, videos, and images will need to undergo analysis. Best bet to is to just do one at a time together, starting from the beginning. At least until we get more people together. Iโ€™m in it for the long haul though. Looking forward to working with you.

Anonymous ID: 1b6cbb Jan. 20, 2019, 2:22 p.m. No.3271   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

If the anon who posted the images can step forward, would be interested if you have the raw images. Kind of hard to see in the ones provided. Has anyone tried messing with Flynnโ€™s new banner twat update yet?

Anonymous ID: 1b6cbb Jan. 20, 2019, 2:36 p.m. No.3272   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3274

Apparently the method they used was putting Qs pics into a zip folder then selecting edit on the file. This is what came up. This is something else to be considered on top of everything else.

Anonymous ID: f04ce8 Jan. 20, 2019, 3:04 p.m. No.3274   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3272

>Apparently the method they used was putting Qs pics into a zip folder then selecting edit on the file

 

not what I would consider as a viable method of detecting an embedded message

I know a tiny bit about steganography

I've always liked crypto

I'll look to see what tools I have accumulated that are still usuable

one from long ago (XP days) is called

binaryTextScan and does what it says

scans a file for text strings (you get to set parameters such as minimum length and character set limits etcโ€ฆ)

I remember looking into pixelKnot a bit, but as it's an android only program as of now I didn't do much with it

I've seen some others

openPuff

stegDetect

VSL

 

I'd suggest we gather a set of links to tools for the purpose of detecting and decoding messages hidden in files

https://www.geekdashboard.com/best-steganography-tools/

http://www.jjtc.com/Steganography/tools.html

http://stegano.net/tools

Anonymous ID: df65cb Jan. 20, 2019, 3:40 p.m. No.3276   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3277 >>3278 >>3297 >>3380

I'd like to help out if I can but I'm very much a novice at this sort of thing. On the other hand I can find my way around a hex editor and would be willing to work at prying apart image files. At a minimum I could try to help gather up best practices and tools from what people post.

Anonymous ID: aae2ba Jan. 20, 2019, 4:22 p.m. No.3277   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3279 >>3281 >>3306 >>3378

>>3266

I think I have every Q image in original compression.

The thing is - they read one size, and then a different when downloaded.

 

Anyone know 8ch well enough to understand that phenomenon?

 

Also, will commit to this location for a week, avoiding the distractions of the main board as much as possible.

 

ANON NEEDS HELP

 

Working with an above average IQ and 20 years of photo experience including website design and various compressions, but still in over my head.

 

Here's the original image - in my best knowledge - for the file discovered by helper anon.

06.12.2018 13.08.57 alaska vols sing

This was the G7 trip where the missile was launched, remember? I'd presume the other file info is the time stamp.

 

It's going to be a bear to get you up to my speed, but stick with me. Will be glad to carefully convey my trials and errors. Have tried to document them well in my files over the months. Will confess that anon is not working on the best machine for this work. Alternate work in another location, but can't get to it for a while. Hopefully, we'll duplicate that work well enough to make it of no consequence.

 

First concern: some of these results might be computer/platform/compression algorithm specific. We need to find it, and then we need to duplicate it.

 

Next concern: this work has been shilled so heavily over the months - even to the point of being removed by a bad BV back in the day - that there will be holes in being able to duplicate some of it. But I bet we can. And we are hopefully oldfag enough to ignore the shills.

 

>>3276 Believe it or not, anon, this is my weakness. So glad to have you here.

(And crazy to be using such low post numbers!)

 

We can do this.

Anon is available, available, available, but is fond of sleep. (Currently well rested. Needed that nap.)

Go time.

Ready?

Anonymous ID: aae2ba Jan. 20, 2019, 4:31 p.m. No.3278   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3305

>>3276

So HexAnon:

Compress the image from 3277 in a zip

Open that zip in your favorite text editor

Search for the words "zip"

Open compressed data in hex editor

Copy the ZIP components

(This is where anon got lost.

Between the words? Zip at the end. Have no idea what Hex looks like. Raised geeks, but never properly converted myself.)

Copy the data re: zip

Try to read it? Decompress it? Edit that string again? This is where help is required.

 

It seems that was where helper anon was leading us. Did not convey zip program, etc., but something was able to read through the compressed and embedded data.

(Also suspect that kids to raise routine was a cover.)

Anonymous ID: f04ce8 Jan. 20, 2019, 4:46 p.m. No.3281   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3285

>>3277

>Anyone know 8ch well enough to understand that phenomenon?

 

yes it has to do with the method of calculating the size

1kb = 1000 bytes or 1024 etcโ€ฆ

 

>Anon needs help

 

try reading the wiki page

https://en.wikipedia.org/wiki/Steganography_tools

https://en.wikipedia.org/wiki/Steganography

 

I'll try to answer any questions that I can

Anonymous ID: da7097 Jan. 20, 2019, 4:52 p.m. No.3282   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3284

Steganography Made Easy in Linux 11 June 2016

 

Now it is time for our recipient to open this file. After they open this jpg in SteGUI they simply go to the Actions tab and select โ€œextractโ€. Another pop-up box will appear to input the necessary files. The input file at the top will simply be the jpg that we have sent them. The output file will be a new file we can name anything. Here I've just made it a file called out.txt. Now that we have our information in a text file we can easily open it for display.

 

https://linuxconfig.org/steganography-made-easy-in-linux

 

pic of another tut, couldn't copy and paste.

https://www.yeahhub.com/use-steghide-stegosuite-steganography-tools-kali-linux/

 

Learning how to create an image which contains additional content will help to learn how to extract content. Those who hide information in files using steganography usually do so with the intention that the information will be retrieved by the recipient.

If encryption is employed as an additional layer of security it will limit who can extract valid data.

 

For Windows users, if you have more than 3 or 4 gigs of ram, you could get linux running in Virtual Box. There are many ready made images of distros, like lemnux, a forensic discovery linux distro. Because it is a prebuilt image there is no need to install the OS. There are several security suites available as prebuilt images. Many are made for VMWare. VMWare runs on Windows, they used to offer a free version called VMWare Player, in which you can run prebuilt images. VirtualBox can run the VMWare format images also.

 

Running multiflavors OS will allow you to access all potential tools. Sometimes there are OS centric tools with no comparable alternative for the other OS platform.

Anonymous ID: 8eb0c6 Jan. 20, 2019, 5:14 p.m. No.3286   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Been waiting for this board to happen since the very start!

If we get any data of real value

I believe it will come from this and nothing else,

 

Good luck, it will be hard and lonely.

Anonymous ID: 5ebd58 Jan. 20, 2019, 5:26 p.m. No.3287   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3293

does qmap.pub pull raw files from Q posts?

 

https://media.8ch.net/file_store/a7ffb193423f0a5573ceeefe7c2a7863d1fc6d1559e28d93af78f63e36cdceed.png

 

I cant replicate the original results from freedom.png

Anonymous ID: ae9398 Jan. 20, 2019, 5:40 p.m. No.3289   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3292 >>3293

Reposting the first round - the flag.

 

Remember when it was first posted and their were the dots everyone chased? The code and bars - from what I can tell - came from layers pulled out of the image on another board.

 

So, this is where the image came through in layers, not zip files.

 

Means there's likely more than one technique at play.

 

Also, anon has begged and begged for help and missed a Q & A where anon would ask about steganography, so said so in a link.

 

Q posted pixelknot not long after that. But somehow I understood that pixelknot (as far as the software) wasn't going to be the answer.

 

While I've played with passwords off and on, kind of abandoned them after a while. Might need to reconsider.

 

Two images from bread #3316 as posted earlier. From private archive.

https://8ch.net/qresearch/res/2627000.html#2627687

Has missing images.

 

Will dig into it deeper in a minute.

Anonymous ID: ae9398 Jan. 20, 2019, 5:52 p.m. No.3292   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3289

 

Link in image

archive.4plebs.org/pol/thread/149158110

 

Eventually a good discussion in this thread: http://archive.4plebs.org/pol/thread/149183142/#149183683

(FFS. AFLB is there!)

Anonymous ID: f04ce8 Jan. 20, 2019, 5:53 p.m. No.3293   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3295

>>3287

>does qmap.pub pull raw files from Q posts?

 

good question, and a crucial one to our task here

>>3289

>Reposting the first round - the flag.

 

do you have the original file for 'FreedomFlag' ?

the original file is crucial to finding anything as far as I know

Anonymous ID: ae9398 Jan. 20, 2019, 6 p.m. No.3298   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

The flag seems to have come from deriving layers in a photo imaging program, not by code.

 

Different techniques at play.

 

I have examples of near hits on the Podesta photo with the fish and number using text edit

and

a couple of layered images embedded in the photos of the garbage truck that was used to ram the train with congressional family members on it.

 

Will dribble those out, but not right now.

 

(Can't even begin to process what a year has taught me. That train crash seems like a lifetime ago, but less than a year.)

 

Oh, and then there's the refrigerated truck drops from Asia where /someone/ and I had a great chat in the middle of the night about "staring at those photos forever or finding out what's in them given their size."

 

This is real. We have to finish it.

Anonymous ID: ae9398 Jan. 20, 2019, 6:07 p.m. No.3299   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3303 >>3304

>>3290

Alaska Vols Returned this gibberish. Anyone?

 

===

ร›ยกย–รˆd3I$ยฒHdย–ร‰&ร’ร‹$ย’K-ย’ย™$ย’ร“m6ร‰-ย’_MยšI%ยฒร™$ย’[$ร’ร›m6[-ยšร›-ยฆSย’ร™i K%ยร‰ ยšIยถร‹lย–ร›iยฒI 6ร“ 2ย“

ย„@Dย‚Oรญ2BMยฆS!ยบHIยครšmยถย“mยฒMย’[Iยคร™$ย–ร™ย’BIยฒoรนย’ร›dย’[mยดร‹-ร’Kmย’mยฐIย–ย“Iยร™$ย’H$ยทรณยญ$ร‰-ยคย™ $ย 0mย’ร˜@Mยฐย’`I:ร›Mย’ร›mย”ร™%&รša'รฟmยฆย’mยดรซi6ร™MยคยฉยครรฝยถรšMยฆร›mยคยŠMยผร›m6ร›รธยฃicLรa9ย‚รนย

BรฃQรจ[รตรถ5ร—ย†WFย—รขรบH]รถร–dtรย‚รจqย†ย—/9ยฏ@Hย‚hรถยฝ_ ย€ร”HยฟTWรฌยณร™.ยŠ}รทย…ยตsV*รณรซ~!ย‰รšย˜qยฏSย–ยฝรตย›รฌรยaA`รฑfยนยTรฃ/รดย‚>Iยร—kEรดยป#Odรปยพ$รณรจยนQ%รบยผร:95ยC$ยรขร•"ร˜ยทยŸยญhtJยฝร‘ย‹รฎยŸ]ร‹รฏVยคยฌ[N4ร›

mยผยร…ยฝnuรฐY-dg76ยžย”8ย›ร™$รณยดยงรฑยฉร ยถยฐร‰ยœย•ยฑย‰ร‘ยฌ-ย‰)ร‹xoรŽรฝรนutรฌgv(ยŒรป.ยฃ16รžรตa0

.ร‘%Lc"U!pรรพ=ร†lรธย†รธ=ยธ?ยญย–ย’ยŒX รฐ)sfรฟร[?ร”,รฅยฏaรงยŽยƒย˜ย–3Iยฎยœย‰รŸรบยบยญuยฆรค\ย‰รถรกรžwgย€;T!Vqย–tรฝZรฎรyรƒ.nCยฉร†eยŸD<รฝ/รˆรˆย–MยยŒย ยนยปรตFร‰รœvW`ร?ย46Qรฝ|[ย’ยถยŽย ย™<ยบยคยฉQLรญUยจยŒรฃยขรผ8ยรจรฎยผยด7Kย‰ร˜Lยตtยณรจร‰ยƒรยคยŽ

Fhย>r*ยšรš!czรท,รชรธรฟยฑ(QยขยŸp%รฒรดรŽยฉs.Pย“-รฅ8ยฝย€Iรฎรฉlร›ย€ยฟยฏc9รฌย“I1ยตยดยปaรฃ ยปXรฐรฅMยงรถย”Iรยฐ^60รŽร‡ยงรƒรนร€]O~Oร ?รฏ3รถยก/ร‘ยธยตPรฉgรณยย‡รท[+Aรฟย‘ยฐรฐรธ&ย HรŠร0 ย‘รIรฏ_({"รœpยฝยจnยฉยดcรŒยรAd|รFWxรทรพ=|Fยร€ย•ยบ3รžqรณรŒร…ยจร}ยร‹รฐN=!รŽ;bhยนร˜.|ร†9ยŽ,>รงร‰รƒdYรงmยฝ

รƒรฎ2ยพ}hcqย˜ร‡รŸ+ย€fยถรณรรชFร‹Dย†Sย™รถ5ยรณbย‰ยตรŸ,mrร’รฑCยถรซย[Eยšยตยถ {#รƒรณwรˆ)?cย:ร˜tรดยญ)Uย‰'ยฃร˜รฃยfย…d!รธยN*,ยร”รฆรฏรผร€{ยฌ=รฟhรปยยทยƒY\Kรญ>รฑยฒรŽ%ร‹รฑdp d6รŸยขรŸรยžjย–ย›

รธรŸรณ'ย†ร.ย™ ย–R8ย”ยนร˜Lยง!ย†ยผรนร“~รผย†bยจยœย–รฃR48ยš+ย„ยˆรยฟยฑร™รฏรงรšรฌ/bยขยซ+รš/ยฃรŽlยฒoรœ

ร‹รฏ@5H{Fยซยขรฐ=?ยผURรณMoรœ2ยˆ/|=รฒEยฒZร’ยกcรขร’ยฝย™ยกยณร‘รƒรžรผร‹รทรŸยšC1รบ9ZยปKs)ยฟSยจ9รŸย€ร TรŽVรฃCร›รชJ};ยถ0Bร™ยร\ร†รขรˆ@รŠEยธ;4ยตรœpQzยคpcs^Jaร€รทรฟรฅยšvยŸยนรกEยพย€Pยข+ร‰รร™

nย‡!ย…

ยญ

 

Partial. Too long.

Anonymous ID: f04ce8 Jan. 20, 2019, 6:11 p.m. No.3300   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3301

>>3291

thanQ that will be very helpful

 

>>3295

>archive.4plebs.org/pol/thread/149158110

 

it's possible, I don't immediately recognize that thread (from Sun 12 Nov 2017) do you have a particular post in mind from that thread? I don't really have the time to search thru it

Anonymous ID: f04ce8 Jan. 20, 2019, 6:28 p.m. No.3302   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3301

ahโ€ฆ OK I understand

by that the original filesize is 3Kb far too small to hold much but who knows?

 

I'm finding that the different steg software is quite specific about file types

when looking to decode

.png

.jpeg

seem to be most common as outputs for the encoding programs

anybody know what pixelKnot's outputs are ?

Anonymous ID: 0277fd Jan. 20, 2019, 7:03 p.m. No.3303   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3299

>Fร‹D

>ร‹รฑd

 

only thing I saw. Several ways (other than steg) to hide info - been decades since I played with this stuff (on dialup)โ€ฆ

 

might have a marker before data (think like a comma in a csv)

 

might be in a grid

 

might be every so many characters every so often

Anonymous ID: df65cb Jan. 20, 2019, 7:55 p.m. No.3305   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3306

>>3278

I don't think you have to compress it before opening it. I opened it in a hex editor (plenty online for free) and could search the data for the word 'zip' in there. It only shows up once as far as I can tell. If it is some kind of bookmark or flag for zip data then you'd need to figure out the extents of it. Where does it stop and start?

 

I'm going to do a little bit of learning on zip file structure to see if I can get some other clues. Sadly I never had much training in forensics. That isn't to say I don't find the stuff rather interesting.

Anonymous ID: df65cb Jan. 20, 2019, 8:15 p.m. No.3306   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3307 >>3380

>>3305

I tend to be a skeptic in that I will take something like this and think, well you know the 'zip' showing up in all that junk could just be stupid random happenstance. What if it isn't even intentional? (But we know there are no coincidences).

 

SO I had noticed upon looking at a zipped txt file with just one word in it that the zip file had the letters PK showing up in it (beginning and end) and I thought that was interesting.

 

If you read up on zip file structure (thanks wikipedia):

 

Most of the signatures end with the short integer 0x4b50, which is stored in little-endian ordering. Viewed as an ASCII string this reads "PK", the initials of the inventor Phil Katz. Thus, when a ZIP file is viewed in a text editor the first two bytes of the file are usually "PK". (DOS, OS/2 and Windows self-extracting ZIPs have an EXE before the ZIP so start with "MZ"; self-extracting ZIPs for other operating systems may similarly be preceded by executable code for extracting the archive's content on that platform.)

 

So applying that to the original image from 3277

 

>>3277

 

If you open it in a hex editor you can absolutely find PKs in there. If that encourages anyone at allโ€ฆ I think that that it is further evidence that there is a zip file hidden in the image. I will pry at this some more and see if I can tease it out but this is my first time trying anything like this.

Anonymous ID: 1b6cbb Jan. 20, 2019, 9:35 p.m. No.3308   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3309

They took down the Notable from qresearch, hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.

Anonymous ID: f04ce8 Jan. 20, 2019, 10:06 p.m. No.3309   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3320

>>3308

>They took down the Notable from qresearch,

 

not much of a surprise

 

>hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.

 

sounds good anon

experienced help would be greatly appreciated

some of the anons here mean well, but are a bit short of actually understanding the mechanics of what we are doing

 

I'll keep this thread alive for a few months minimum and see if we get any results

 

I'll also fire up a few of the steg programs to see what works and what doesn't (some of 'em are OLD!) and provide some examples to help bring people up to speed

Anonymous ID: df65cb Jan. 20, 2019, 10:13 p.m. No.3310   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3311

>>3307

If there is actually a zip file in there, I don't think it was cobbled together with this method. I tried opening it in 7-zip earlier and it didn't find an archive. There are a few tutorials like this online and it is a clever way to combine images with files but I don't think it applies here.

Anonymous ID: f04ce8 Jan. 20, 2019, 10:24 p.m. No.3311   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3312

>>3310

> but I don't think it applies here.

 

I tend to disagree

If you wish to detect these embedded files you first find a method of encoding and see if that method was used.

 

If you want to cast off blindly then I'd strongly suggest you investigate the parameters of zip files

header

file descriptor

end of record marker

 

when you find all three then and only then can be sure there is a zip file embedded in the data between the header and the EOCD (Not to be confused with EOF)

https://en.wikipedia.org/wiki/Zip_(file_format)

Anonymous ID: df65cb Jan. 20, 2019, 10:35 p.m. No.3312   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3311

I've been studying the file in a hex editor and while I did initially find PK in there and the text string 'zip' easily enough, there is no Central directory file header signature = 0x02014b50

 

The central directory is a crucial part of the zip file. If there is none, then there can't be a zip file archive.

 

Since there is no obvious central directory file header signature, I went back to looking at the PNG file format to see if there were any other clues in there.

 

I was not discounting it just because I couldn't open it in 7zip. I was discounting the method because the author said that using that method it ought to be openable in 7zip (which makes sense based on a number of things). I also discounted it because of the other observations I had made.

 

Note: there is only one instance of 'zip' and one instance of 'PK' (all caps and case is important) in the file.

 

You can make these observations on your own with a hex editor just by doing searches for the relevent lines.

Anonymous ID: df65cb Jan. 20, 2019, 10:52 p.m. No.3313   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3314

I also did go back and look at

>>4837427

 

What he did is NOT stenography. It looks to me like he was looking at hex code and trying to imagine words out of it. He was including the standard PNG tags like IHDR and IDAT in his supposed coded message. This is not legit. I have not studied forensics but I have done programmed computers professionally and I am sure based on things that I do have experience with that this was not a sensible way to analyze a hex file.

 

and before someone else pounces on me for it, I did not find the header for a pkzip central directory file header in there eitherโ€ฆ this would be 504b0102

 

The test file I created to verify my methods did include a pkzip header in it and I was able to find it effectively with my method.

Anonymous ID: ffb64b Jan. 21, 2019, 6:01 a.m. No.3320   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3322

>>3309

I guess we need to pop an image up now and then to keep interest high. I don't think a couple of hours are enough to grab moar brain power.

 

From what I'm reading in this thread, not even close. Lots of helpful suggestions but very little knowledge. Frustrating.

 

Adding an image that has, according to the place I grabbed it, been decoded, but did not come with the decode. Or maybe it's that one of the train crash images came from the red/blue meme? When that meme is small in the preview, you can see layers behind it.

 

AGAIN IT APPEARS THIS NEW MEME HAS SOMETHING IN IT, BUT THE TECHNIQUE IS ANOTHER IMAGE LAYER AND NOT A ZIP FILE.

 

Will spend the day going through archives to see what's been missed with regard to possible techniques.

Anonymous ID: f04ce8 Jan. 21, 2019, 6:06 a.m. No.3321   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Tackling Android Stego Apps in the Wild

https://arxiv.org/pdf/1808.00430.pdf

 

according to this

>As shown in the โ€œOutput Formatโ€ column, 2 of the 7

>apps produce stego images in JPEG format while the other

>5 produce PNGs. The two types of output format indicate

>different embedding domains: frequency domain embedding

>for JPEG and spatial domain embedding for PNG.

 

soโ€ฆ if it's done on an android platform the output format is either JPEG or PNG

Anonymous ID: f04ce8 Jan. 21, 2019, 6:26 a.m. No.3322   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3323

>>3320

> I don't think a couple of hours are enough to grab moar brain power.

 

I agree

I will attempt to educate those who browse here in an attempt to grow 'moar brain power'

 

some step-by-step instruction & examples of how to use some of these software packages to hide data in images may help people learn the techniques necessary for detecting and decoding any 'found in the wild'

Anonymous ID: ffb64b Jan. 21, 2019, 6:37 a.m. No.3323   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3324

>>3322

Here's a link I was given ages ago - about the time of the refrigerated truck drop from Aisa:

 

https://www.mobilefish.com/services/steganography/steganography.php

 

That video I posted - comms BO - can you allow video embedding? Might catch attention that way.

 

Will leave it to you to do the job if it's a go.

 

https://youtu.be/KUZVIBXfoeA

 

Moar tools stashed somewhere. Let me find them. Can't say they matter without a better understanding, though. Part of anon's barrier has always been the issue of preserving anonymity. Could work with a local group in person, but that seems risky.

Anonymous ID: f04ce8 Jan. 21, 2019, 9:16 a.m. No.3327   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3328

>>3325

Warning this is NOT a PDF

This is a test to see if we can share programs here.

this program BinaryTextScan.exe is an old windows XP utility for scanning files of any type for text strings.

I've changed the extension on the file

BinaryTextScan.exe (a useful tool for the windows platform) to

BinaryTextScan.pdf

in order to see if I can upload it here.

If successful you should be able to download this file and change the extension back to .exe and have the working program

http://www.antionline.com/showthread.php?245747-Binary-Text-Scan

Anonymous ID: f04ce8 Jan. 21, 2019, 12:42 p.m. No.3328   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3330 >>3331 >>3365 >>3390 >>4116

>>3327

I'm uploading two files

 

qrflagEditedWreadible.png - original PNG graphic

crFzip.png - final output file with zip embedded

 

crFzip.png also has the plain text Hello World in it

I set the color of the text to be slightly off from one of the major colors in the graphic and then placed the text in that area

 

I first ran into that type of stego way back in the web design days

You'd have a front page for your website that the web crawlers would readโ€ฆ there was the black text on the background that all humans could read and also there was text in a color so near the background color the human eye couldn't see it. This was to stuff the page with key-words for the search engine crawlersโ€ฆ the crawler would see ALL the text while the humans wouldn't see all the key-words and phrases the web site designer wanted the search engine to see.

Anonymous ID: f04ce8 Jan. 21, 2019, 1:27 p.m. No.3331   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4116

>>3328

uploading both the hex editor's view of the beginning and end of crFzip.png and HelloWorld.zip for comparison

 

and the 'color swap' technique to reveal the Hello World plain text message color embedded in a red stripe

most of the red stipe is color AB1E31 (171,30,49) so I wrote the text with font color AF1E31 (175,30,49) and it's invisible until I do a color swap

 

>>3330

yup that's the trick

Anonymous ID: ffb64b Jan. 21, 2019, 2:03 p.m. No.3333   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3334

>>3332

Best I can tell? Geek games. Capture the Flag.

 

https://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/

 

Race-to-the-finish type challenges.

Anonymous ID: f04ce8 Jan. 22, 2019, 10:06 a.m. No.3337   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3338 >>3341 >>3373

>>3336

>Make and decode our own. Test for techniques.

 

I agree

 

I remember reading somewhere a myth about the origins of stegonography

Seems in Roman times it was common to use a small piece of wood (tabula) covered with wax as a notepad. You could scratch your message or notes onto the surface, then commit it to something more permanent at leisure if needed or simply melt the wax to erase and make the tablet ready for another use. These things were fairly common and the practice well known so of course the military used it for orders and correspondence. Here's where the fun starts, at some point a smart man figured out a method to get a secret message thru to it's intended recipient undetected. Simply scrape off all the wax, sand the surface a bit, write your real message in charcoal onto the bare wooden surface, then re-cover the tablet with wax scratch a cover message into the surface and have the tablet delivered.

Anyone not knowing there was a hidden message or how to extract it would assume the message seen on the surface was the totality of the tablets meaning.

 

I've wondered about Q's possible use of steganography. There are simple methods and complex methods of encoding, some are easy to detect and some not so easyโ€ฆ IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?

Anonymous ID: f04ce8 Jan. 22, 2019, 4:47 p.m. No.3341   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3363

>>3337

good forensic tools for detecting the presence of messages hidden in files is a little hard to find, so far I've tried a few different stego progs and some work, some don't and some I cannot use due to platform restrictions.

 

the following is a quote from the softpedia site

++++++++++++++++

 

In order to be able to encrypt images, users will require specialized software applications for embedding messages and extracting them.

 

The main advantage of this security technique is that encrypted images typically require the original application to display the message, therefore unauthorized users have little chance of decrypting pictures without the appropriate tool.

Anonymous ID: d6258f Jan. 26, 2019, 1:21 a.m. No.3360   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3361 >>3362

>>3359

 

Very interested in this also .. but need someone to show us a proof of concept ie what works.

 

Have tried the app suggested in the Q drops but didnt get anywhere - but have been wondering if this is why Q keeps on about needing the keystone โ€ฆ because it unlocks hidden information contained in the graphics.

Anonymous ID: f04ce8 Jan. 26, 2019, 7:22 a.m. No.3363   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3364

>>3362

what app will you be using to do the encoding?

see

>>3341

> typically require the original application to display the message,

 

I've found this to be true in my limited experience.

I'll reciprocate,

 

I used Open Puff v4.01

password A ~ Quiet Skies

password B ~ Flesh-Eating

password C ~ Alabama Election

 

under the PNG options I used the 1/4 [25%] - High encryption setting

 

original image ~ schiffMagaHatOriginal.png

image with encoded message ~ schiffMagaHat.png

 

you tell me what the message is

Anonymous ID: f04ce8 Jan. 26, 2019, 7:57 a.m. No.3365   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3374

>>3364

>the hunch that decode is photoshop or decompression (zip) and not app specific

 

OKโ€ฆ

care to elaborate on the method of embedding the message you'll be using?

a simple bit shift on the color for the text as discussed >>3328

 

or are you thinking it will be an embedded photoshop layer ?

Anonymous ID: f04ce8 Jan. 26, 2019, 7:52 p.m. No.3373   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3369

>or do you think that was misdirection from Q ?

I don't know

>>3337

> IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?

 

I didn't have much luck with pixelKnot

I'm platform limited, the only android machine I have is ancient (lollipop 5.1.1)

I could try installing android in a VM and then trying it again.

currently exploring ghiro

Anonymous ID: f04ce8 Jan. 26, 2019, 9:23 p.m. No.3375   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3376

>>3374

I've watched part of it

it seems to be the intimate dissection of a png file, exploring the multiple hiding places within it

 

It seems there are many, many ways of hiding data in a graphics file. If you do not know the method used, it is almost impossible to determine if any message is hidden or not.

Soโ€ฆ is the current thinking to try all known methods, one at a time on each graphic file under question?

Anonymous ID: aae2ba Jan. 27, 2019, 5:56 a.m. No.3376   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3377 >>3378

>>3375

My current thinking is that there are at least two methods.

 

1) The original images that Q drops with black headers and footers have zip files embedded. The black provides ample room to hide the data.

 

2) The other drops - without black - might have layers that can be detected using some of the first methods described in that video.

 

IMAGE SIZE is important. The black-bordered images that Q uses are generally very large, much larger than is necessary to convey a photo to this board.

Anonymous ID: f04ce8 Jan. 27, 2019, 9:14 a.m. No.3377   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3376

>much larger than is necessary to convey a photo to this board.

 

on this we very much agree

 

>The original images that Q drops with black headers and footers have zip files embedded.

 

from my understanding the files do not have to be zipped, it can be plain text / cypher text. in the video you reference >>3324 the 'flags' are in various forms & places

Anonymous ID: f04ce8 Jan. 27, 2019, 1:12 p.m. No.3378   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3379 >>3388

>>3277

>>3376

 

I've loaded some of the graphics from

https://postimg.cc/gallery/29wdmgyze/

 

with the black top & bottom border

>pic related it's the list

 

I've run them thru ghiro (an automated detection app)

I'll post anything I find

 

if there are graphics you'd like to add to this list, please let me know

Anonymous ID: dd0485 Jan. 27, 2019, 8:23 p.m. No.3379   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3378

Thanks. I've got them all, too, with their original names. I kind of think that might be important.

 

Anyway, my apologies anons. Day late and dollar short. IRL is kicking my ass, but hope to experiment more tomorrow with embedding zip into a black bar image like those we've been given. Still think our best instruction might come from doing it ourselves.

 

Godspeed, y'all. May sleep find your way.

Anonymous ID: 1f76ba Jan. 28, 2019, 8:41 a.m. No.3380   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3381

Can you find the text zipped into this png image?

Created on a mac, but it shouldn't be specific. If you can handle png and zip files it should be there.

 

>>3306 Will go in and see if PK and zip are in there.

 

>>3276 Hexeditor anon - give it a try?

Anonymous ID: f81cdf Jan. 28, 2019, 3:04 p.m. No.3382   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3384

>>3381

Sadly, anon is allergic to corn. And cold. Kek.

 

Ok, so you weren't able to get to the text.

I did, however read your addition beautifully.

 

Well, we got this far. I guess I'll think on it again.

Anonymous ID: f04ce8 Jan. 28, 2019, 4:05 p.m. No.3388   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3389

>>3385

I just tried downloading it & renaming it edit7.zip

worked fine

 

>>3386

(a method?) there is a color shift method discussed above

adding a zip file to a png is only one of several methods, it's a simple one like the color shift can be done without steganography software

I've loaded several of the files into ghiro

>>3378

I'll dig into the results (some of the files show interesting oddities) and share which files might be worth looking at

Anonymous ID: f04ce8 Jan. 29, 2019, 6:06 a.m. No.3390   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3389

 

my point was that there are many methods besides the hidden zip file at the end of a PNG

in the video >>3324 seven (7) different areas where data can be hidden inside a PNG file without using a zip file

 

the color shift technique as demonstrated

>>3366

>>3328 (another demonstration and short explanation)

Anonymous ID: f04ce8 Jan. 31, 2019, 5:55 p.m. No.3392   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3391

you aren't alone

I'm still chugging away with the ghiro results. some of the graphics do have anomalies I'll upload a list in a day or so

IRL calls, and I must answer

 

this thread will be here

Anonymous ID: d6258f Feb. 1, 2019, 3:48 p.m. No.3394   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3395

>>3393

 

Photo is 3kb .. so not much room to hide anything.

 

Original photo has been located and possible links discussed.

 

https://voat.co/v/QRV/3009700

 

https://www.dvidshub.net/image/1565208/airstrikes-syria

 

Hopefully this may help you guys figure out where best to start searching.

Anonymous ID: f04ce8 Feb. 1, 2019, 5:52 p.m. No.3395   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3400

>>3394

there are many earlier versions

and yes, you are correct the size of the JPG file makes it very hard to hide anything.

the string that was found (hex address 00068) may or may not be meaningful

I've been going thru the palette to see if the color method has been used to hide text, so far no luck

Anonymous ID: 9c4c0c Feb. 2, 2019, 1:24 p.m. No.3397   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3399

>>3393

I did try to unzip it with the method I used earlier. No luck.

 

Come on Q. You know we are trying.

 

So atypical. Tiny file size. jpg instead of png. But, all of that black at the bottom is typically a good place to hide something.

 

Frustrated and STUCK. Which sucks. Arrrrgh.

Anonymous ID: d6258f Feb. 2, 2019, 3:35 p.m. No.3399   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3397

 

Keep trying โ€ฆ I know I have felt that way a 1000 times with tweet decodes .. which then leads to questioning yourself.

 

It may be that in this case the picture was an identifier .. designed to lead people somewhere .. rather than a carrier packet. Just a thought.

Anonymous ID: f04ce8 Feb. 2, 2019, 3:37 p.m. No.3400   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>3398

the originally posted image

>>>/qresearch/4989823 is the one you want to look at

the

>noisy around the planes

is due to compression from the original (oldest on the interwebz) image according to Tin Eye was from r/MilitaryPorn/ at reddit and is significantly larger at 811KB seen

>>3395

 

IF Q hid anything in the image it's in the smaller one Q posted and not the earlier ones

Rusty ID: f04ce8 March 16, 2019, 7:54 a.m. No.4116   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>4115

 

when they can't explain it, they don't really have anything.

 

the one interesting thing I'll share from the most recent Q graphic

this pic >>4048

has 260 unique colors

 

they might all be used for shadingโ€ฆ or maybe one of them is used to hide text as in the example

>>3328

>>3331

 

IF a code anon could make a script that would

 

  1. count and identify the unique colors in a graphic then

  2. swap each unique color with a high contrast color one at a time

  3. run an OCR (optical character recognition) program on the modified graphic and make note if characters are identified

  4. if characters are identified note which unique color

  5. swap color back and try the next unique color on the list.

 

A human could then take this short list of unique colors that are used in characters and read the message(s)

Anonymous ID: 94de5f April 18, 2020, 8:05 a.m. No.10807   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0808

Posted this in /qresearch/ and got directed here. I was looking at the 2 flags in Q posts 3908 and 3983.

 

Same dimensions, and imagemagick even reports the same visual "signature" hash for the images, but they have different file sizes and checksums.

 

What I found was interesting was the SHA256 hash of the most recent image (3983) is the filename of the image in 3908:

sha256sum AMERICA.png

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920 AMERICA.png

 

Post 3908 filename: f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

 

My theory is that the key to decrypt an image is contained in a previous image. But I'm not sure how to take this further.

Anonymous ID: 4c7ff4 April 18, 2020, 10:11 a.m. No.10808   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>10807

please post the actual files here

 

>My theory is that the key to decrypt an image is contained in a previous image.

 

when you have an "original unmodified file" and a "modified file" it makes it much easier to find the changes

Pry ID: 5744af April 27, 2020, 4:40 a.m. No.11574   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Anon is correct we they say the file name for the earlier flag is a sha256 hash however. America does not hash in sha256 to the same file name as the earlier flag. From what I can find out so far sha256 is a one way hash. So when you "decrypt" these hashes on the random websites that do that all they are doing is checking it against their database of collected hashes and checking if they have a match. So one possible method would be to build our own database of likely Q related words converted to sha256 and this would give us the name of the earlier flag picture. These file names could be passwords for pixelknot. Also I did note that file names from original Q posts are different than the file names from q.map.pub but that's to be expected no comms outside these boards right.

Anonymous ID: 6fe4e3 April 30, 2020, 8:32 a.m. No.11665   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I am new to Steg, Programming/Database background. Long time Q follower.

I am suspicious of the two "Hunters" posters from 2-10-20 and 4-09-20. They are the same canvas size (1500x1500) 8 bit gamma, but they are different physical file sizes. The pictures are slightly different quality.

WHY ?

Q doesnt do things like that without a reason. I am currently working with Stegcracker and looping through the Q image filenames as a password list. next list Stringers.

I need all the help I can get. Building the image filename list is time consuming and I have found no complete list of Q's image filenames, only partial.

Anonymous ID: 6fe4e3 April 30, 2020, 1:40 p.m. No.11711   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

The flag photos posted by Q recently have the same filename, but different canvas sizes and physical disk sizes. in my uploads, the one filename has a "-2" appended.

Anonymous ID: 2ad1ee April 30, 2020, 3:23 p.m. No.11727   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3457

I ran the ExifTool on the Steeple from #3988 and found the author shows "events847".

 

Post #847 says "Watch the Water"

 

I found the original Steeple pic here, and running it through the ExifTool shows the same metadata. Still, there are no coincidences:

https://oldnorth.com/wp-content/uploads/2016/09/lclitlantern.jpg

Anonymous ID: c2987a May 9, 2020, 3:11 p.m. No.13401   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3458

>>3266

check out StegoAppDB.

This is a HUUUUGE database of stego & original cover images used to train algorithms to identify steganography.

 

There are many machine learning stego projects up on github. Clone one of those bitches, import your clean set and your steg set for trainingโ€ฆ then go grab a bunch of "suspect images" from whatever board you want, and run them against your newly trained algo.

 

The one I suggest trying is PixelKnot. PixelKnot is an Android app that uses the F5 algorithm to do its thing. There is well over 300gb of PixelKnot pictures to play with on StegoAppDB, free to use & download.

 

You can obviously create your own sets as well by scripting tools, but this is an easy way to get started with KNOWN images.

 

#HappyHunting