Using Steganography to reveal code embedded in Q pics & vids
Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.
Mostly because it doesn't look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them.
also data can be hidden in audio files and video files
>Itโs going to take a consistent and persistent effort
I'll be watching and helping where I can
>Apparently the method they used was putting Qs pics into a zip folder then selecting edit on the file
not what I would consider as a viable method of detecting an embedded message
I know a tiny bit about steganography
I've always liked crypto
I'll look to see what tools I have accumulated that are still usuable
one from long ago (XP days) is called
binaryTextScan and does what it says
scans a file for text strings (you get to set parameters such as minimum length and character set limits etcโฆ)
I remember looking into pixelKnot a bit, but as it's an android only program as of now I didn't do much with it
I've seen some others
openPuff
stegDetect
VSL
I'd suggest we gather a set of links to tools for the purpose of detecting and decoding messages hidden in files
https://www.geekdashboard.com/best-steganography-tools/
http://www.jjtc.com/Steganography/tools.html
http://stegano.net/tools
>Anyone know 8ch well enough to understand that phenomenon?
yes it has to do with the method of calculating the size
1kb = 1000 bytes or 1024 etcโฆ
>Anon needs help
try reading the wiki page
https://en.wikipedia.org/wiki/Steganography_tools
https://en.wikipedia.org/wiki/Steganography
I'll try to answer any questions that I can
ahโฆ OK I understand
by that the original filesize is 3Kb far too small to hold much but who knows?
I'm finding that the different steg software is quite specific about file types
when looking to decode
.png
.jpeg
seem to be most common as outputs for the encoding programs
anybody know what pixelKnot's outputs are ?
you might want to read this
https://www.isunshare.com/blog/hide-and-unhide-zip-file-in-picture/
>pic related
>They took down the Notable from qresearch,
not much of a surprise
>hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.
sounds good anon
experienced help would be greatly appreciated
some of the anons here mean well, but are a bit short of actually understanding the mechanics of what we are doing
I'll keep this thread alive for a few months minimum and see if we get any results
I'll also fire up a few of the steg programs to see what works and what doesn't (some of 'em are OLD!) and provide some examples to help bring people up to speed
> but I don't think it applies here.
I tend to disagree
If you wish to detect these embedded files you first find a method of encoding and see if that method was used.
If you want to cast off blindly then I'd strongly suggest you investigate the parameters of zip files
header
file descriptor
end of record marker
when you find all three then and only then can be sure there is a zip file embedded in the data between the header and the EOCD (Not to be confused with EOF)
https://en.wikipedia.org/wiki/Zip_(file_format)
Tackling Android Stego Apps in the Wild
https://arxiv.org/pdf/1808.00430.pdf
according to this
>As shown in the โOutput Formatโ column, 2 of the 7
>apps produce stego images in JPEG format while the other
>5 produce PNGs. The two types of output format indicate
>different embedding domains: frequency domain embedding
>for JPEG and spatial domain embedding for PNG.
soโฆ if it's done on an android platform the output format is either JPEG or PNG
> I don't think a couple of hours are enough to grab moar brain power.
I agree
I will attempt to educate those who browse here in an attempt to grow 'moar brain power'
some step-by-step instruction & examples of how to use some of these software packages to hide data in images may help people learn the techniques necessary for detecting and decoding any 'found in the wild'
Warning this is NOT a PDF
This is a test to see if we can share programs here.
this program BinaryTextScan.exe is an old windows XP utility for scanning files of any type for text strings.
I've changed the extension on the file
BinaryTextScan.exe (a useful tool for the windows platform) to
BinaryTextScan.pdf
in order to see if I can upload it here.
If successful you should be able to download this file and change the extension back to .exe and have the working program
http://www.antionline.com/showthread.php?245747-Binary-Text-Scan
I'm uploading two files
qrflagEditedWreadible.png - original PNG graphic
crFzip.png - final output file with zip embedded
crFzip.png also has the plain text Hello World in it
I set the color of the text to be slightly off from one of the major colors in the graphic and then placed the text in that area
I first ran into that type of stego way back in the web design days
You'd have a front page for your website that the web crawlers would readโฆ there was the black text on the background that all humans could read and also there was text in a color so near the background color the human eye couldn't see it. This was to stuff the page with key-words for the search engine crawlersโฆ the crawler would see ALL the text while the humans wouldn't see all the key-words and phrases the web site designer wanted the search engine to see.
uploading both the hex editor's view of the beginning and end of crFzip.png and HelloWorld.zip for comparison
and the 'color swap' technique to reveal the Hello World plain text message color embedded in a red stripe
most of the red stipe is color AB1E31 (171,30,49) so I wrote the text with font color AF1E31 (175,30,49) and it's invisible until I do a color swap
yup that's the trick
thanQ
looks good, I'll prolly try the toolkit as it seems to install many of the programs I've already been looking at / test driving.
one question
what is CTF ?
>Make and decode our own. Test for techniques.
I agree
I remember reading somewhere a myth about the origins of stegonography
Seems in Roman times it was common to use a small piece of wood (tabula) covered with wax as a notepad. You could scratch your message or notes onto the surface, then commit it to something more permanent at leisure if needed or simply melt the wax to erase and make the tablet ready for another use. These things were fairly common and the practice well known so of course the military used it for orders and correspondence. Here's where the fun starts, at some point a smart man figured out a method to get a secret message thru to it's intended recipient undetected. Simply scrape off all the wax, sand the surface a bit, write your real message in charcoal onto the bare wooden surface, then re-cover the tablet with wax scratch a cover message into the surface and have the tablet delivered.
Anyone not knowing there was a hidden message or how to extract it would assume the message seen on the surface was the totality of the tablets meaning.
I've wondered about Q's possible use of steganography. There are simple methods and complex methods of encoding, some are easy to detect and some not so easyโฆ IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?
good forensic tools for detecting the presence of messages hidden in files is a little hard to find, so far I've tried a few different stego progs and some work, some don't and some I cannot use due to platform restrictions.
the following is a quote from the softpedia site
++++++++++++++++
In order to be able to encrypt images, users will require specialized software applications for embedding messages and extracting them.
The main advantage of this security technique is that encrypted images typically require the original application to display the message, therefore unauthorized users have little chance of decrypting pictures without the appropriate tool.
what app will you be using to do the encoding?
see
> typically require the original application to display the message,
I've found this to be true in my limited experience.
I'll reciprocate,
I used Open Puff v4.01
password A ~ Quiet Skies
password B ~ Flesh-Eating
password C ~ Alabama Election
under the PNG options I used the 1/4 [25%] - High encryption setting
original image ~ schiffMagaHatOriginal.png
image with encoded message ~ schiffMagaHat.png
you tell me what the message is
>or do you think that was misdirection from Q ?
I don't know
> IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?
I didn't have much luck with pixelKnot
I'm platform limited, the only android machine I have is ancient (lollipop 5.1.1)
I could try installing android in a VM and then trying it again.
currently exploring ghiro
I've watched part of it
it seems to be the intimate dissection of a png file, exploring the multiple hiding places within it
It seems there are many, many ways of hiding data in a graphics file. If you do not know the method used, it is almost impossible to determine if any message is hidden or not.
Soโฆ is the current thinking to try all known methods, one at a time on each graphic file under question?
>much larger than is necessary to convey a photo to this board.
on this we very much agree
>The original images that Q drops with black headers and footers have zip files embedded.
from my understanding the files do not have to be zipped, it can be plain text / cypher text. in the video you reference >>3324 the 'flags' are in various forms & places
I've loaded some of the graphics from
https://postimg.cc/gallery/29wdmgyze/
with the black top & bottom border
>pic related it's the list
I've run them thru ghiro (an automated detection app)
I'll post anything I find
if there are graphics you'd like to add to this list, please let me know
>Can you find the text zipped into this png image?
yes
when I tried to look at it on my XP system I could tell your message was encoded on a Mac
my linux system decodes it fine
I've added a file
I just tried downloading it & renaming it edit7.zip
worked fine
(a method?) there is a color shift method discussed above
adding a zip file to a png is only one of several methods, it's a simple one like the color shift can be done without steganography software
I've loaded several of the files into ghiro
I'll dig into the results (some of the files show interesting oddities) and share which files might be worth looking at
you aren't alone
I'm still chugging away with the ghiro results. some of the graphics do have anomalies I'll upload a list in a day or so
IRL calls, and I must answer
this thread will be here
there are many earlier versions
and yes, you are correct the size of the JPG file makes it very hard to hide anything.
the string that was found (hex address 00068) may or may not be meaningful
I've been going thru the palette to see if the color method has been used to hide text, so far no luck
the originally posted image
>>>/qresearch/4989823 is the one you want to look at
the
>noisy around the planes
is due to compression from the original (oldest on the interwebz) image according to Tin Eye was from r/MilitaryPorn/ at reddit and is significantly larger at 811KB seen
IF Q hid anything in the image it's in the smaller one Q posted and not the earlier ones
a new Q posted graphic to investigate
>>>/patriotsfight/468
when they can't explain it, they don't really have anything.
the one interesting thing I'll share from the most recent Q graphic
this pic >>4048
has 260 unique colors
they might all be used for shadingโฆ or maybe one of them is used to hide text as in the example
IF a code anon could make a script that would
count and identify the unique colors in a graphic then
swap each unique color with a high contrast color one at a time
run an OCR (optical character recognition) program on the modified graphic and make note if characters are identified
if characters are identified note which unique color
swap color back and try the next unique color on the list.
A human could then take this short list of unique colors that are used in characters and read the message(s)