Anonymous ID: a50e5b Sarah Silverman Password Thread July 26, 2018, 1:41 p.m. No.2300468   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0485 >>0578 >>0585 >>0646 >>0822 >>0874 >>1386 >>1965 >>2324 >>3562 >>6938 >>9790 >>1401 >>4235 >>2743 >>9732 >>5742

from bread #2897:

>>2299352

WE HAVE TRIED:

 

STAND THE FUCK DOWN

B8028-Z-KDHYQ-M5-ZAF1aT9

Jbppa

SSHGQQ

REAL

B8028ZKDHYQM5ZAF1aT9

YANDEX

SOMANYLEVELS!!!

SOMMANYLEVELS

NO IDEA

WILLBESERIOUSREPERCUSSIONS

FEDWANTSWAR

NXIVM

justleavethepedosaloneyounazis

!CbboFOtcZs

BigS

IMG382

FUCKTRUMP

WWG1WGA

Variations of Sarah Silverman

BV/Jbppa

CLEAR

 

NONE HAVE WORKED

 

website for app: https://guardianproject.info/apps/pixelknot/

 

download the app

save the pic

open WITH the app, then try password

 

(pic related) is an example of how it works

save, open with app, type in password: trusttheplan

 

ALL PASSWORDS ARE CASE SENSITIVE

 

HAPPY HUNTING ANONS!

Anonymous ID: c5ad61 July 26, 2018, 1:43 p.m. No.2300523   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Always try every password backwards as well. Think mirror.

Also, remember they are case sensitive. So vary that up as well (just first character, first character of every word, all upper, all lower, on backwards pass try with just the last letter, last letter of each word, etc.).

Anonymous ID: 4da8e0 July 26, 2018, 1:48 p.m. No.2300606   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

TY for board

 

Anons who want to dig on this

 

there is a yr 2012 video called

Paint the Picture

 

Official video for Paint The Pictures from of Verona's debut album, The White Apple

 

Lyrics:

 

I paint the pictures of the oceans I'll never see

I'll hold a candle through the darkness so I believe

There is a future find and narrow find me home

I paint the pictures of emotions I'll never own

Send me on my way I drift in out of here in to outer space

I found my place out there you'll find me on the moon you'll never me alone

Here among the stars is home away from home

You tell the story of the forces that build your fire

You wait for silence find the sources or you'll expire

There is the sorrow of an island I can't go

You stuck in your cage sent to be now feel with me struggles

Send me on my way I drift in out of here in to outer space

I found a place out there find me on the moon you'll never be alone

Here among the stars is home away from home

There's a moment of surrender there's a moment to make it better

Find the old now and remember there's no longer only forever

There's a moment of surrender there's a chance to make it better

Find the old now and remember that's forever

I paint the picture of the ocean I'll never see

I hold a candle through the darkness so I believe

Anonymous ID: 0f52b8 July 26, 2018, 1:49 p.m. No.2300621   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2300575

 

from main board - thought to bring here fro Anon who posted:

 

TRY THIS PW

 

I can't my cpu doesn't have the right app to use it.

it's 111 day theory tho just lemme know.

one tried said it was 0% stuck

 

GREEN_578cDT324-45785sd4DMP

Anonymous ID: 4fdb58 July 26, 2018, 1:52 p.m. No.2300659   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

from:SarahKSilverman since:2013-07-20 until:2013-07-23 on twitter search

 

maybe they use someone's old tweets to enrypt and hint at it

but there's urretly no tweet from that date

so the question is since /hph/ has been archiving whole accounts is there one for her?

Anonymous ID: df7aa1 July 26, 2018, 2:06 p.m. No.2300878   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

So whos tried attaching a debugger to this yet?

If its an app lets find the open message routine and see if we can jump it.

Skip password entirely, make sure for any CRC on memory to protect it.

They use some stupid math to encrypt the key but fuck that.

If you cant go through, go around right?

May need multiple eyes on this for the purposes of debugging, testing, code injection, sub routine checks etc.

 

Anyone? Im not that good to go at it alone.

Anonymous ID: f04913 July 26, 2018, 2:08 p.m. No.2300908   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

i'm convinced the date is the biggest clue

 

wrong date

wrong sunday

wrong year

 

also - any1 try holding the msg to a mirror? wondering if a mirror image (not just backwards) holds a clue

Anonymous ID: 20e9c3 July 26, 2018, 2:10 p.m. No.2300934   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0969

Since we have tried all the obvious passwords I think we need a more automated approach.

 

We could run the f5 program through a word list, and have it check every possible password in the list.

 

To generate the list we could use the tool cewl to crawl that thread and compile it into a word list, in case they posted the password anywhere in the thread.

 

If it's not in there then we could add in anons suggestions as well, and then use the johntheripper tool which mutates the words according to specific rules.

Anonymous ID: e5c8b1 July 26, 2018, 2:15 p.m. No.2301021   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1038

>>2300877

Gotta prove it. Stranahan types will never buy into it unless it can be proven. Q's still a bit cryptic about who actually posted it. If Sarah didn't, and it's a shoop, then where is the actual original photo from? That's what needs to be figured out.

Anonymous ID: f04913 July 26, 2018, 2:25 p.m. No.2301135   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

sunday silverman

 

just the key pts?

 

its gotta be something people would be able to guess/find fairly easily if its meant to out to a wide audience, right?

pedowood would recogn silverman, wrong date is an easy catch

or just

sunday?

sunday 721?

Anonymous ID: 339ec2 July 26, 2018, 2:26 p.m. No.2301151   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Ok just found this thread todayโ€ฆ Can someone explain to me whats going on here? I get the data in image part but what are you using to try to extract data/pw crackingโ€ฆ Something about an app? I have a beast of a pc 16cores. maybe i can brute force it? Give details im on board love this kinda stuff. Thanks

Anonymous ID: d9e58c July 26, 2018, 2:43 p.m. No.2301384   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1461

Pixelknot uses f5android library

 

import info.guardianproject.f5android.plugins.PluginNotificationListener;

import info.guardianproject.f5android.plugins.f5.Extract;

import info.guardianproject.f5android.plugins.f5.james.Jpeg;

import info.guardianproject.pixelknot.crypto.Aes;

 

https://github.com/harlo/F5Android

Anonymous ID: d9e58c July 26, 2018, 2:50 p.m. No.2301461   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2301384

Just posting interesting stuff from the source.

 

package info.guardianproject.pixelknot.crypto;

/*

  • Based on code from K9Mail:

  • https://code.google.com/p/k9mail/source/browse/k9mail/branches/apg-integration/src/com/fsck/k9/crypto/Apg.java

*/

 

https://github.com/k9mail/k-9

 

Outside of that part, in apg.java

 

static final long serialVersionUID = 0x21071235;

 

/**

* Get secret key ids based on a given email.

*

* @param context

* @param email The email in question.

* @return key ids

*/

 

aes.java

 

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

 

I'll look some more when I can. I'll check it out in Android Studio when I get off work.

Anonymous ID: 4c9cca July 26, 2018, 2:53 p.m. No.2301487   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1542 >>1611

TRY THIS FUCKING PASSWORD PLEASE I DONT HAVE ANDROID OR WINDOWS

 

GORE ATTACKED MY POST OVER IN GENERAL I SEE HE IS HERE NOW!!!!!!!!!!

 

GREEN_578cDT324-45785sd4DMP

 

GREEN_578cDT324-45785sd4DMP

 

GREEN_578cDT324-45785sd4DMP

 

GREEN_578cDT324-45785sd4DMP

 

GREEN_578cDT324-45785sd4DMP

 

GREEN_578cDT324-45785sd4DMP

Anonymous ID: bbe9a9 July 26, 2018, 3:06 p.m. No.2301651   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

https://8ch.net/qresearch/res/2300420.html#2301373

 

I posted SKIPPY above.

 

Also, someone on 4chan said they found a name in the file. Not sure if you saw that. They posted on the main thread.

Anonymous ID: 39b3e3 July 26, 2018, 3:07 p.m. No.2301664   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2301637

 

I thought the same and thought the picture was telling where to get the password: sarah silverman. I checked her twatter for the date shown and din't see anything of note and tried the works she capitalized and had in quotes but no luck

Anonymous ID: a42933 July 26, 2018, 3:14 p.m. No.2301752   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Here's another steg decoder:

https://futureboy.us/stegano/decinput.html

 

Here's one for png files - which are a lot of q files.

https://www.mobilefish.com/services/steganography/steganography.php

 

That's the site given in a 3am drop several months ago by a helper.

 

I've spent hours on this with nothing to show for it. But now we know it's real.

Anonymous ID: 6f3be0 July 26, 2018, 3:18 p.m. No.2301805   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Some form of "Delta Fire" might be a password for one of Q's pics. I got this response to a graphic I made in May from a one-reply ID that I always thought was interesting. Might be worth a try.

Anonymous ID: 92c728 July 26, 2018, 4:05 p.m. No.2302324   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2300468

Just getting on & not criticizing, just an anon observation but this Sarah S bitch's ego is loving' the thread title & whoever's driving "The Sick Train" with her.

 

Always thought the flag pic was coded but I'm sure anons have jumped on that one.

Anonymous ID: ddfd8a July 26, 2018, 4:22 p.m. No.2302514   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2561

Does this PixelKnot app work for anyone? Both on my phone and on BlueStacks it just stays at 0%, even if I try to create a password on an image. Or once in a while it'll go right to 10% and stop there instead.

Even when I try it with the image the anon created and another anon confirmed. Doesn't work.

Anonymous ID: 293dc0 July 26, 2018, 4:26 p.m. No.2302562   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2579 >>6371

>>2302460

Interesting

Have you tried the date on the phone

7212018

or mirrored 8102127

The only thing i can think of beyond that is taking the numerical values of letters which would be gbab0ah - the zero maybe could also be the letter o

and that mirrored would be hao/0babg

Anonymous ID: e95b0a July 26, 2018, 4:27 p.m. No.2302569   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Anyone try the first letter of every word? These fuckers love their cyphers. STFD. Maybe all the letters down and then across. STFDTHUOAECWNKND different shit like this. Also could include capital letters in her text too somehow.

Anonymous ID: c2f3b6 July 26, 2018, 4:54 p.m. No.2302927   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3066 >>1401

Alright guys, here's what you do.

 

First, create an image with a hidden text using pixelknot, or outguess.

Then run stegdetect on it until you learn how to get it to work and say "yes there is hidden data here".

Good.

 

Then:

Go to github and download the qanon.pub backup zipfile. It contains every image ever posted by Q in a folder.

Pic related.

 

Then:

Run stegdetect with the same settings as above on this entire folder.

If there is any hidden data, maybe you'll find it.

 

Good luck anons, I'd help, but I can't.

 

>>2302893

Just use stegdetect

It knows how to detect F5

Anonymous ID: 1261d0 July 26, 2018, 4:58 p.m. No.2302967   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2980

Can someone please explain how we can try this at home? Do we download the image that Q posted today? I was on 4chan the night she (or someone) posted the original pic, and I did not download the original pic she posted, dammit. All I did was make a screenshot.

 

Attached is the screen cap that I made, with the original image name and size details, etc.

 

Are we running Q's pic through a program? As in, did Q upload the original?

 

If so, Anons, can you please explain how we test passwords? I have some ideas that I want to try. . . . .

 

Thank you.

 

And on

Anonymous ID: ddfd8a July 26, 2018, 5:32 p.m. No.2303362   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3894

I tried to recreate what the original would look like in an attempt to find the original using reverse image searches. Got nothing.

 

Brute force is probably the only way. I have no idea how to do that so it's up to you guys.

Anonymous ID: 339ec2 July 26, 2018, 5:48 p.m. No.2303556   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

trying to set a wordlist attack on the file right now but im not sure if the pass would be in any of the dict. files i haveโ€ฆ. may have to rewrite the code to do brute force instead but its gonna take timeโ€ฆ anyone use stegdetect yet? does it actually contain data or what?

Anonymous ID: 4f758d July 26, 2018, 5:57 p.m. No.2303667   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Another thought: any anons tried any PWs against Q photos? Assuming white hats encrypted a message in photos they control, it makes sense that each photo in a sequence may have part of a message that becomes a whole when combined. (Like a PW) Will definitely try this later but still a work fag and don't have the right hardware to give it a go.

Anonymous ID: 9c664b July 26, 2018, 6:10 p.m. No.2303818   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I see gore/porn shill is here trying to discourage the search. Over the target.

 

Has anyone tried CH_Navy_Bund.jpg from Nov 6th post? It tells me wrong password after 66%

Anonymous ID: 7733e3 July 26, 2018, 6:27 p.m. No.2304030   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4402 >>1144

>>2301393

Here's a link to the archived thread with the Silverman post:

https://archive.4plebs.org/pol/thread/179647411/#179647703

 

>>2301557

(search 'wikileaks jbppa')

That email is damningโ€“it's one of the best examples of collusion between the media and the HRC campaign I've seen. Inviting reporters to dinner is one thing, but that email has a) a preferred format for stories, b) a schedule for rolling them out, c) names named for maximizing impact (ie, release stories at this time so Andrea Mitchell can comment on them on her show a little later).

 

But what was used to find that isn't a passwordโ€“it was something associated with a BV (maybe part of his/her username or trip code). Maybe the BV had seen the email before and decided to incorporate it into their nameโ€“it's an important one and should be brought to the public's attention.

 

I've attached a .pdf that describes the F5 algorithm. Here's some example code that someone else put up:

https://github.com/matthewgao/F5-steganography/blob/master/crypt/F5Random.java

 

Digging through that code, it seems to rely on sun.security.provider.SecureRandom to hash the password:

https://hg.openjdk.java.net/jdk7/jdk7/jdk/file/tip/src/share/classes/sun/security/provider/SecureRandom.java

 

Interestingly, one of the error types is a "NoSuchAlgorithmException" โ†’ NSAException

 

Maybe the NSA developed the pseudo random number generator for Sun Microsystems? That would be interesting, to say the least.

 

Anyway, that's a compilation of things I've found thus far. There is work going on at /VQC that may help somehow, but at the moment we're being taught how to deal with RSA. Maybe we'll be able to extend those teachings to this somehowโ€ฆbut it will take some time, as this is an entirely new way of looking at things for most (or all) of us.

Anonymous ID: a38818 July 26, 2018, 6:29 p.m. No.2304062   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Pixelknot won't work on my machine without upgrades.

For Silverman pic: try the obvious - misspelled words in text; also uncapped words at beginning of sentences

For Q pics: try letters in brackets; some strings even spell words

Wish I could work this myself on the "Who do you see?" pic. The plane pic, too.

Anonymous ID: 773ff1 July 26, 2018, 6:46 p.m. No.2304257   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4331

>>2304115

it's been floating around. Check out the neck though, she had a pearl necklace in the original but looks like a T-shirt in the shopped version. If there's something embedded or whatever, I bet its there in the neck (hope its not obvious how much of a newfag I am after that last statement)

Anonymous ID: 0b4335 July 26, 2018, 6:47 p.m. No.2304271   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4620

Got this out of the apple mirrored one. Check others for exif?

 

GPS GPSAltitudeRef: 0

EXIF DateTimeOriginal: 2018:07:03 21:18:35

GPS GPSLongitudeRef: W

GPS GPSDate: 2018:07:04

GPS GPSAltitude: 87612/319

GPS GPSLatitude: [34, 52, 4007/100]

GPS GPSImgDirectionRef: T

GPS Tag 0x001F: 10

GPS GPSImgDirection: 48211/3206

GPS GPSSpeedRef: K

GPS GPSLatitudeRef: N

Image Make: Apple

GPS GPSDestBearingRef: T

GPS GPSDestBearing: 48211/3206

GPS GPSSpeed: 0

EXIF DateTimeDigitized: 2018:07:03 21:18:35

GPS GPSLongitude: [82, 15, 3271/100]

Anonymous ID: 1261d0 July 26, 2018, 6:54 p.m. No.2304369   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4387 >>4488

Passwords To Try for Silverman Pic:

 

silvermansarah

SilvermanSarah

silvermanksarah

SilvermanKSarah

I would also go to her Wikipedia page and dig for possibilities there.

https:// en.wikipedia.org/wiki/Sarah_Silverman

Anonymous ID: 1261d0 July 26, 2018, 6:56 p.m. No.2304387   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4488

>>2304369

P.S. For what it's worth, when I tried

silvermansarah

I got a message stating that it found text. I could not open it because I'm a moron and I didn't know which program to try to use.

 

Maybe that's it? silvermansarah

If I knew how to do this I'd try that. . . .

Anonymous ID: a7d73e July 26, 2018, 6:57 p.m. No.2304402   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2304030

You might start with a better understanding of what a "hash" actually does. It is not encryption.

 

Definition - What does Message Digest mean?

 

A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula.

 

Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. They are a type of cryptography utilizing hash values that can warn the copyright owner of any modifications applied to their work.

 

Message digest hash numbers represent specific files containing the protected works. One message digest is assigned to particular data content. It can reference a change made deliberately or accidentally, but it prompts the owner to identify the modification as well as the individual(s) making the change. Message digests are algorithmic numbers.

 

This term is also known as a hash value and sometimes as a checksum.

 

Am one-way hash is just that - one way (non reversible)

 

As an integrity check (dhecksum) you simply take the source, run the given hashing algorithm and compare the resulting has to the one inluded with the source material.

 

A match of those two "hashes" confirms the "message" is an unmodified replica of the original. Digital Signatures (using various algorithms) fill a "similar" function, as do message authentication codes like SHA- 256.

 

Like reversible encryption, the longer the better i.e more secure

 

Scripting languages are optimized for convenience, not speed so are inferior to custom hardware-based ASICs, similar to the old school generic "math co-processors"

 

How that helps to avoid wasting you time on hash "decodes"

Anonymous ID: 5b8087 July 26, 2018, 7:27 p.m. No.2304792   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4816 >>4842 >>4966

Sorry I went for a walk with fam. anyways my issue is this, say I have a 8 bit binary, 10101010 this is the original binary, now I'm going to hide my data (a single bit) 10101011 you can clearly see the difference right? Now what if I delete the original binary, what do you have to compare it to? The other issue with the f5 algorithm is what if I randomly hid my data through out the image, and used the password to generate this randomness, how do we know they used f5 ? That's why it's easiest to find a source image to compare.

Anonymous ID: 8dd729 July 26, 2018, 7:30 p.m. No.2304823   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8270

Has anyone tried McGovern? Her mom Beth Ann Halpin was his campaign photographer and her mom also founded a suspicious group of theater types. I also question exactly HOW WELL KG knew her before 18 considering SS started at 17.

Anonymous ID: 5b8087 July 26, 2018, 7:31 p.m. No.2304842   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2304792

Q team knows all this, I think his message was really to tell us and they know what they're doing, you know? I love math, and cryptography and love the thought of sitting for hours trying to solve this but I have to follow logic which leads Me too the realisation that if they had even basic competence to them they could hide this data beyond my abilities to discover it fairly easy. Lol

Anonymous ID: 4ad38c July 26, 2018, 7:33 p.m. No.2304868   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4938

>>2304817

Historically they embed an image when doing steg. Gibberish could be another embedded file that needs to be renamed to the type. Sometimes you can tell if the embedded file has headers. You can download irfanview, install all plugins and try renaming to file,jpg โ€” it will try to fix it if itโ€™s an image and detect the file type / offer to rename it.

Anonymous ID: a7d73e July 26, 2018, 7:41 p.m. No.2304966   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5009 >>5244

>>2304792

Would you expect an ASCII text reader to translate a 24-bit or 256-bit color code?

 

Where did you learn about computers?

 

Sesame St?

 

What would a megapixel graphic look like in binary

 

IIf you looked a s HDD sector with a very powerful microscope, would you see letters, numbers or pictures?

 

Hint: you would see nothing since they are extremely localized magnetic fields.

Anonymous ID: 339ec2 July 26, 2018, 7:41 p.m. No.2304970   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I pulled the file into hexedit and checked the hex for the code used to end a jpg image.. FF D9. All jpgs end the file like that.. If there was anything else in there it would appear twice once for the orig. And once for the embedโ€ฆ Only one, that file is bogus guysโ€ฆ No text or extra imagesโ€ฆ No PK in there so no zip file eitherโ€ฆ. Even looked for binary once again a dead end.

Anonymous ID: 5b8087 July 26, 2018, 7:45 p.m. No.2305009   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2304966

it was a example in practice you would take the ARGB of a pixel which would be (a=0-255,R0-255,G=0-255,b=0-255) and change the LSB and then rewrite the image. I was trying to illustrate how hard it is to detect a LSB change when you view the image in a editor/image viewer without the original to compare it to.

Anonymous ID: 4ad38c July 26, 2018, 7:49 p.m. No.2305055   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5119

>>2304982

Can you post the text extracted using notepad - the pass may be embedded outside of the header and EOF - which you can do without impacting the image opening. They have also done this routinely. (Using a hex editor or something to embed plain text in files.) they are found in the Podesta WL. Many of them appear to be corrupt images and stand out more though from doing lousy steg

Anonymous ID: 5b8087 July 26, 2018, 7:49 p.m. No.2305060   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

See where anon pasted the hidden data sarah picture of the original they found? see the noise, static in the pasted portion? thats from file compression removing the pixels with compression, or that is evidence of the pixel colors being changed when data is hidden in them, if that makes any sense? i was trying to say that if you compare the original to the tampered photo you will beable to see a difference (either visually, or not with you eyes but by comparing the binary 0's and 1's directly)

Anonymous ID: 5b8087 July 26, 2018, 7:58 p.m. No.2305158   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

for a further example, remembering that a image is made up of individual pixels and each pixel is made up of a ARGB value you can see visual what i mean about editing the LSB by going here and generating a Hex value for a color

https://www.colorhexa.com/

mine is this #221d1d (this is a black color)

then ill change it to binary for us to see

//

https://www.binaryhexconverter.com/hex-to-binary-converter

//

now here is my color

0010 0010 0001 1101 0001 1101

if i change that to this

0010 0010 0001 1101 0001 1100

go and compare that color to the original?

they arent visually different to the naked eye

Anonymous ID: 1261d0 July 26, 2018, 7:58 p.m. No.2305160   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5785 >>9365

>>2304901

Here's what I did, exactly.

 

First, I downloaded the pic that Q posted, and I left the name just as Q had it. For simplicity I'm uploading it here.

 

Then, all I did was go to this link:

https://desudesutalk.github.io/f5stegojs/

 

I uploaded the file in the first slot possible ("EXTRACT") and for the password I typed silvermansarah.

 

That's it It yielded a file that I could not open, which I've tried to upload here but cannot because the file extension is not recognized.

 

I just uploaded the file on Anonymous File Upload, and the link to it is here: https://anonfile.com/33af62f7bc/1532658784766.data

 

So I guess if anyone can download that adn open it, that might give us a clue.

Anonymous ID: da46d0 July 26, 2018, 7:59 p.m. No.2305178   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5197

>>2301695

 

my 2cents..

 

if the SENDER is sending secret password secured messagesโ€ฆ the RECEIVER must be able to find the PASSWORD..

 

i don't think it's a catch-all password for all images.. imho.. the passwords are included in the TEXTโ€ฆ

 

so, maybe examine the PUBLIC TEXT message with the IMAGE.. to find the PASSWORD..

 

have anyone checked the TEXT thats included with the IMAGEโ€ฆ???

Anonymous ID: f49b70 July 26, 2018, 8:11 p.m. No.2305319   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2301295

Alice & Wonderland

ileac an end world

ilยทeยทac 1 (ฤญlโ€ฒฤ“-ฤƒkโ€ฒ)

adj.

Of, relating to, or having the nature of ileus.

ileus = to squeeze, hold in check.

an end world

 

PASSWORD?

ileac an end world

 

Is like saying ( to hold in check an end world)

Anonymous ID: a7d73e July 26, 2018, 8:20 p.m. No.2305416   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5486

>>2305197

So who has the private key?

 

BTW a password is not and encryption/decryption key.

 

Also understand that "symmetrical encryption has one shared key that is used to encrypt and decrypt. Asymmetrical encryption has two keys on to encrypt and one to decrypt. Public/private key systems are one method but Diffie Hellman exchange is another.

 

It helps to understand the terms before theorizing from misunderstanding

Anonymous ID: 293dc0 July 26, 2018, 8:23 p.m. No.2305464   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2305088

Yeah. Whatever it is here, it cannot be that difficult imo

We just dont understand the method they use or what it is we are looking at and are trying to go way outside of the box with it.

but who the fuck knows really

Most of this is way above my paygrade but I think you guys are doing great

Has anybody checked /pol to see if theyve made any progress?

Anonymous ID: 9b76ad July 26, 2018, 8:24 p.m. No.2305472   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5480

>>2300529

not a bad idea, but could be a needle in the haystack. just tried for a few minutes and could only find one anagram using all the letters.

FUD KNOWNS CHATTED

 

no-brainer for a supercomputer, but we could be here for awhile trying this. and every string would need be tried in all combos.

e.g. FUD CHATTED KNOWNS / CHATTED KNOWNS FUD / CHATTED FUD KNOWNS / KNOWNS FUD CHATTED / KNOWNS CHATTED FUD

Anonymous ID: 5b8087 July 26, 2018, 8:26 p.m. No.2305486   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5589

>>2305416

say i have your public key, you can attach it with your email. i can encrypt the password to my data i'm going to send you with your public key (using a public encryption method). so then you receive the data i sent you and i encrypted the password for that data with your public key, you can decrypt that password but no one else can because only you have your private key to combine with your public key.

Anonymous ID: bc983b July 26, 2018, 8:29 p.m. No.2305506   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

If its sigintel cointelpro shit to fear tf outta them and start the shit showโ€ฆ then youll have to BF itโ€ฆ.

If its not, then run libs against it since theyve proven themselves sloppy time and again.

This is all assuming that theres something in that file to be hadโ€ฆ anyone able to see how it changes footprint/hex of a file thats loaded with coms yet?

 

If no progress has been made, i can jump on this tomorrowโ€ฆ currently workfag slammed writting manual ascii scrubbers for utf-% files that idiots fcked me with or id get on it now.

Anonymous ID: bc983b July 26, 2018, 8:38 p.m. No.2305589   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5617

>>2305486

From looking over the app info on their siteโ€ฆ. i didnt get the impression theyde using keys for shitโ€ฆ. seems waaaay to much serverside nonsenseโ€ฆ.

Got the impression itd just be a simple hash compareโ€ฆ which means libs or BFโ€ฆ

Why key it when someone can slide you and snag the key in transitโ€ฆ better just to hash compare and give images imbedded with comms a life that ends.. safer as long as your users adhere somewhat closely to length of life terms for covrt comms

Anonymous ID: 5b8087 July 26, 2018, 8:45 p.m. No.2305661   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2305617

"if you", * meant "if they". Anyways, Q team seems to truly have everything. its basically military vs civilian assets, how can you compete? they are light years ahead of us as far as technology. who knows what q's team has and is capable of?

Anonymous ID: 1261d0 July 26, 2018, 8:56 p.m. No.2305785   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5797 >>5956

>>2305160

First, are people running passwords on the screen grab from 4chan? I think we should be runni g passwords on the original pic she embedded in that 4chan post, not on the picture W posted.

 

Silverman couldn't have hidden text in that.

 

So where do we get that original file named IMG_382?

 

Second, has anyone tried the word comedy?

Anonymous ID: 773ff1 July 26, 2018, 9:01 p.m. No.2305844   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2305797

its in this thread. First mirror it, because Im not sure anyone has mirrored the original 4chan image yet. The 4chan image is actually a mirror of the original Alamy image. so 4chan is mirrored. Mirror it again to revert to oriignal orientation

Anonymous ID: f49b70 July 26, 2018, 9:05 p.m. No.2305896   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7227

>>2305647

I'm sure I'm wrong here because I always start with simplicity is the crown of genius.

 

Theory โ€ฆ if you going to give information you want spread near and wide and you have coded it โ€ฆ you want to make sure everyone with a heartbeat could probably figure it out.

 

Or with a simple online tool could figure it out like the JFK Con Room Q linked.

 

Well did we link to it and find out what time of decoding games it was using and use them on some of DJT's misspelled tweets or unusually worded tweets?

 

I can't believe the Anon's at the time didn't use the site to play around with decoding techniques to play against the sources Q was pointing to for us to examine. Like DJT's tweets.

 

So I'm asking did the Anon's already do that and confirm it was a dead end?

Anonymous ID: c7d269 July 26, 2018, 9:11 p.m. No.2305982   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6399 >>6680 >>9191 >>1463

According to Q, we have more than we know, and Qteam and POTUS have it all. Enjoy the show is one of his favorite phrases. All of this digging is speculation and useless. I sometimes wonder why Q posts anymore. We can meme, and redpill, but none of us are in the action. The stage has been set, the outcome is assured. Sit back. Smoke a stogie. Watch the movie. Someone hit the fast forward button though.

Anonymous ID: f9f55d July 26, 2018, 9:31 p.m. No.2306258   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6366 >>1401

I've been looking through the source code for Pixel Knot and I found that it has a default password.

public final static byte[] DEFAULT_PASSWORD_SALT = new String("When I say \"make some\", you say \"noise\"!").getBytes();

If it was intended as a direct comm to Q then they would not have made things difficult for him.

Silly question: Has anyone tried not imputing a password and letting it go to defaults?

Anonymous ID: 5b8087 July 26, 2018, 9:39 p.m. No.2306366   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6493

>>2306258

That's the salt, not the password, it's used as part of the encryption process to add noise to the algorithm, good find though. Remember there is no such thing as a random number with a computer, that's why true crypto machine will get the noise or salt from say external sensors like current radio wave readings that are random. I'm CS we use pseudo random generators to try to make random noise with the password generators. Basically the salt plus the pass is helpful, but if it's hard coded like you said then the salt is applied with the password automatically. Make sense? I have no people skills lol fuck it.

Anonymous ID: f49b70 July 26, 2018, 9:42 p.m. No.2306399   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6482 >>1401

>>2305982

From this these crumbs, it would appear Q is saying download pixelknot. Which the Anons have done.

Take the pictures Q gave us and download them into the Pixel software program and figure out the password to untwist the knot and get the hidden picture.

 

The password has to be in the same crumb Q posted with the picture.

 

So the password is one of the words or combo of the words in that post as it makes the most sense to have the password accompanying the picture.

 

To simple?

Anonymous ID: f9f55d July 26, 2018, 9:50 p.m. No.2306493   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2306366

Opps, wrong line.

Anyway, it looks like it has the option to run without a password. I haven't installed in in a sandbox yet, but was wondering if anyone bothered to try the obvious.

private String getPassword() { if(!hasPassword()) { return null; } return extractPassword(mPassword); } private byte[] getPasswordSalt() { if(!hasPassword()) { return Constants.DEFAULT_PASSWORD_SALT; } return extractPasswordSalt(mPassword).getBytes(); } private byte[] getF5Seed() { if(!hasPassword()) { return Constants.DEFAULT_F5_SEED; } return extractF5Seed(mPassword).getBytes(); }

Anonymous ID: a92cdf July 26, 2018, 9:56 p.m. No.2306573   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6694 >>9191

Guys, it's been a shill tactic for at least a year or two to show up, claim stego hidden cp msgs omg, then just do nothing. Aside from one or two pics that seemed to legitimately have extra data in them, nobody's ever found shit or posted anything we could repeat or confirm.

 

Wtf are we supposed to do, brute force stego passwords? This shit exists. It can be done. But there are steps we can take and steps that are retarded.

 

  1. Confirm data separate from the pic.

 

  1. Try passwords on pics with extra data.

 

  1. Try to brute force these when nothing else works.

 

That's all.

 

Unless Q gives us the pw or it's a findable Easter egg, there's not much to do. W also might need instruction on how to interpret the data so confirmation of a correct pw isn't all that cut and dry either. And it might just be a fucking troll to get bad actors wasting their time the same way it's been done to us all this time.

 

Dig efficiently.

Anonymous ID: a7d73e July 26, 2018, 10:05 p.m. No.2306680   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6768 >>9191

>>2305982

He post to keep up the morale.

 

Notice his recent posts are mostly open source from Normie World.

 

He doesn't need our help, and never really did.

 

We were invited to "propagate" as our role.

 

Some took it way too seriously like the Q team was waiting for our "research".

 

That was always for "our benefit" and his credibility. We were a small part of the messaging, but failed to deliver as normie news picked up the baton and ran with it.

 

We get trophy for "participation".

 

But like John Kerry's Purple Heart it is not like we saw any action ( He shot up some bags of rice on a wooden boat and got splinters in his ass, according to his crew).

 

He used it to impress people how he was in the thick of war and took a bullet ==combat veteran Hero.

 

His crew ratted him out when he tried to run for president against Bush in 2004 after Gen.Norman Schwatzkopf took Iraq down in 3 weeks; Bush was his commander-in-chief.

 

Q is being "decent" and still comes around so we don't feel stiffed and left out.

 

Very few here are really making any effort on Qstuff anyways

 

Good think he wasn't counting too heavily on this board. The Plan would be FUBAR

Anonymous ID: a92cdf July 26, 2018, 10:06 p.m. No.2306694   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6905

>>2306573

Ok maybe they're actually using that stego service and Q is juking us into ddosing the site with nonsensical attempts just so they're inconvenienced. Because seriously, what is our best option besides running a fucking dictionary against the picture via the site q posted?

 

Lol.

Anonymous ID: 449a76 July 26, 2018, 10:26 p.m. No.2306886   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

A good idea.

>>2306853

My guess, if there is a message in the pic, the pw is in the twat itself. Perhaps the FILE NAME?!

Maybe that's how Q got twat to name the pic DOITQ- reverse engineering their encryption?

Autists follow me? Don't have android.

Anonymous ID: f9f55d July 26, 2018, 10:56 p.m. No.2307211   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7241 >>7260 >>1401

>>2307117

The only way we are going to crack this thing is by reimplementing the F5 algorithm in something faster so we can make intelligent guesses quicker or simply brute-force it. I found the Java library used:

https://github.com/guardianproject/F5Android

I don't know Java. So it's going to mean a bit of monkey-see-monkey-do if I'm going to port it to C.

I know what I'm doing this weekend. :)

Anonymous ID: a7d73e July 26, 2018, 11:03 p.m. No.2307281   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2307112

Someone just echoing Q? Duh!

โ€ฆ Something big is going to drop..

 

.. Nothing small is ever going to riseโ€ฆ..

'Mighty oaks from little acorns grow'?

 

Seem like a contradiction.

 

Deductive logic does not allow for contradictions.

 

They are "illogical fallacies"

 

Reconcile your premise and conclusion.

 

They don't follow a logical IF โ†’THEN

 

In your context that would translate to:

 

Nothing small (dough) is never going to rise

Double negative is irrational

 

How does a mirror modify your meaning

 

Perhaps you could state it more logically and coherently?

 

Thanks in advance

Anonymous ID: b02e9d July 26, 2018, 11:54 p.m. No.2307624   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

โ€œYou think this is some sort of game?โ€ - Silverman LARP

 

Thought the โ€œgameโ€ references in Q posts might be relevant. Interesting lines in here.

 

Q!UW.yye1fxo

23 Jan 2018 - 5:36:34 PM

 

The light will reveal those on the team and those pretending to be.

This is not a game.

They want us divided.

Last posts [self destruction] will immediately show the world the TRUTH.

Instructions will be sent on how to preserve offline.

You didnโ€™t think this was simply about words did you? <โ€”โ€”โ€”โ€”

We have it all.

Coming soon to a theater near you.

Q

 

::::WARNING::::

This is not a game!

DIRECT ATTACK TODAY BY NYT/CLOWNS IN AMERICA:

https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html

Do you believe in coincidences?

How many coincidences do you need before you believe?

This is the biggest insider drop in the history of the world.

Pray. <โ€”โ€”โ€”โ€”โ€”โ€”โ€”-

Q

 

Anonymous

14 Dec 2017 - 9:27:05 PM

Shall we play a game?

Find the spider(s) and build the web (the โ€˜mapโ€™).

Remember, they consider you to be the fly (specifically, the โ€˜feederโ€™).

Remember, they never thought she was going to lose.

Therefore, they never thought investigations and/or public interest into their criminal acts would be exposed/investigated.

Therefore, they never thought they had anything to fear. <โ€”โ€”โ€”โ€”โ€”

Therefore, they openly showcase their symbolism.

Therefore, they were sloppy. <โ€”โ€”โ€”โ€”-

Husseinโ€™s last speech in Chicago re: โ€˜scandal freeโ€™.

Why did he continually emphasize that phrase? <โ€”โ€”โ€”โ€”โ€” was this Husseinโ€™s unlock passcode?

As a backup, they infiltrated and control the narrative (the โ€˜MSMโ€™).

As a backup, they install only those on the team.

As a backup, they blackmail those that arenโ€™t.

As a backup, they defined โ€˜conspiracyโ€™ as crazy/mentally unstable and label anything โ€˜trueโ€™ as such.

This works given most of what they engage in is pure evil and simply unbelievable (hard to swallow).

The โ€˜fixโ€™ has always been in โ€“ no matter which party won the election (-JFK (killed)/Reagan(shot)).

This was always the promise made to those who played the game (willingly or otherwise) (i.e., they would never lose power).

Power of the (3) letter agencies.

Power over the US Military (WW dominance to push against other nations and install like-kind).

These people are really stupid.

Follow the husbands.

Another Hint: <โ€”โ€”โ€”โ€”โ€”โ€”- PW hint???

Ian Cameron

McKinsey & Company

Clowns In America.

Dr. Emmett J. Rice.

Federal Reserve.

Everyone is connected.

How about a nice game of chess?

Q

(No ability to enter trip code - last dump)

Anonymous ID: f9f55d July 27, 2018, 3:05 a.m. No.2308432   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8616 >>8956 >>1401 >>1902 >>4926 >>6293

I found a way to modify the PC version of this to test is a password is correct. It won't decrypt it. If you happen find the right password you'll still have to use the app to decrypt.

 

First down load the PC version,

https://code.google.com/archive/p/f5-steganography/

 

Unpack the JAR file and change line in /main/Extract.java from,

final F5Random random = new F5Random(password.getBytes());

to

final F5Random random = new F5Random(password.substring((password.length()/3)*2).getBytes());

This will cause it generate the F5 seed the same way that SteganoDecryptionJob.java in the app does it.

 

Then recompile the java using "javac Main.java" in the top level directory and then either repack the JAR file or call it directly from the command line like,

java Main x -p "passphrase" imagefilename.jpg

It will dump the result into output.txt. If it is the wrong passphrase it will give an error like "Incomplete file: only 0 of 123456 bytes extracted" (or it sometimes spits out some garbage). If it is the correct passphrase it will NOT give this error and the output file will be base64 starting with "โ€”- PK v 1.0 REQUIRES PASSWORD โ€”-"

 

It runs in about one second. And I could post a shell script to test whole lists of passphrasesโ€ฆ but it's time for me to go to bed.

Anonymous ID: a92cdf July 27, 2018, 5:03 a.m. No.2308956   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8982 >>1819

>>2308432

Niiiice. Wtf. It never even crossed my damn mind that there would be a prepackaged success check. Wtf.

 

I guess it makes the app run smoother because it doesn't have to try to comprehend the garbage. But it's like begging to be brute forced.

 

Any chance there's a prepackaged indicator of whether the pic has been encoded at all?

Anonymous ID: b9ef71 July 27, 2018, 5:49 a.m. No.2309191   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9219

>>2305982

>>2306573

>>2306680

How soon some forget โ€ฆ

 

https://hooktube.com/watch?v=brrtFf-KTX4&t=12m39s

President Donald J. Trump: A Conversation with Americaโ€™s Future

Published by The White House on Wed, 27 Jun 2018 17:17:36 GMT

 

'"You amaze me," I commented โ€ฆ "A few years ago you were failing at everything. โ€ฆ Please explain this remarkable change in you."'

 

'"Really it was quite simple," he replied. "I merely learned the magic of believing. I discovered that if you expect the worst, and if you expect the best you will get the best. It all happened through actually practicing a verse from the Bible."'

 

'"And what is that verse?"'

 

'"If thou canst believe, all things are possible to him that believeth." (Mark 9:23)'

โ€“ The Power of Positive Thinking, Chap. 7, Expect the Best and Get It

Anonymous ID: 155810 July 27, 2018, 6:19 a.m. No.2309365   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9730 >>4916

>>2305160

 

I've just done this with the original pic posted on here (not Q's version) and the stego.js site placed a file on my phone called dinfo.doc but when I tried to open it my docs program told me it was a plain text file so.. Renamed to .txt and got this:

 

 

<SYSINFO>

<KASDTSync canUse="NO"></KASDTSync>

<KASKeys>

<KASKey>DXTG-VWR-AND::4234674-0692</KASKey>

</KASKeys>

<MSMode active="NO"></MSMode>

</SYSINFO>

 

Anybody know what it means?

Anonymous ID: e5e7a4 July 27, 2018, 6:28 a.m. No.2309404   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9825

TigerDroppings QBoard Daybaker here.

 

Maybe it's some weird deal vu, Mandela effect, or a glitch in the Matrix, but I could have SWORN that Silverman did post that very same text a few years ago about some other online kerfuffle.

 

I remember the part about "these are people's lives you are fucking with" or whatever the exact wording was.

 

Q says :

>>2298369

The author of the postโ€ฆ..

The face is never the author.

Direct comms come in many different forms.

Q

 

I can't be the only person who remembers this. Maybe the original instance of this event will help unlock.

 

Who is photog of original Grammy pic?

Anonymous ID: e5e7a4 July 27, 2018, 7:19 a.m. No.2309730   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9755

>>2309365

>I've just done this with the original pic posted on here (not Q's version) and the stego.js site placed a file on my phone called dinfo.doc but when I tried to open it my docs program told me it was a plain text file so.. Renamed to .txt and got this:

 

No PW?

Anonymous ID: 155810 July 27, 2018, 7:23 a.m. No.2309755   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2309730

Another anon tells me all I've posted is the key for the free version of Docs to go (my docs app) so safe to ignore I'm afraid..

 

Although I'm confused why "extract data" on the stegojs site would generate a file like that unless perhaps I'd need the paid for version to create the proper dinfo.doc? I don't know..

Anonymous ID: db5ceb July 27, 2018, 8:43 a.m. No.2310407   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Q saidโ€ฆread the bible

 

colossians 3:5 (clue?)

 

butโ€ฆif there is a hidden message, the password will most likely be in the picture or text of the author. there has to be a stereo procedure to catch the password. otherwise Q would not have posted the pixelknot link.

Anonymous ID: f9f55d July 27, 2018, 10:12 a.m. No.2311819   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2680 >>7736

>>2308956

No, there is no easy way to tell if the image has a hidden message. That is a design goal of steganography. But if there is a fairly large payload relative to the carrier image size then it's possible to detect it statistically. We don't know that there is actually anything there. We don't even know it this is the correct program or if Q was linking to it as a generic example of stenography.

The designer of this app did some really stupid things. First, the stegano layer only uses 2/3rds of the password. This obviously makes it easier to bruteforce. And if your big computer goes "ding!" to spits out 2/3rds of a natural language password then a human can probably guess the remaining third. The same password is used for the encryption. The second dumb thing he did was have the message start with the same sentinel string every time! And this is OUTSIDE the AES encryption layer. The F5 algorithm for distributing the message bits is probably not very cryptographically secure. Bruce Schneier would be mortified (then he'd break down in hysterical laughter). And what is the point of the bas64 encoding layer?

So we have a 6,000 year old global cabal putting there lives (literally) in the hands of some toy crypto program they found in the Google Apps store and expecting that to protect them from the mighty power of the NSA. These People are Stupidโ„ข.

Anonymous ID: ddfd8a July 27, 2018, 1:37 p.m. No.2315352   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5699

>>2314235

How would the average person use it (i.e. someone that doesn't have special software to be able to run something like that)? I tried and I couldn't get it to work (through command line) or by clicking the jar directly (missing main something).

Easiest solution?

Anonymous ID: b856fa July 27, 2018, 1:58 p.m. No.2315699   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6353

>>2315352

 

I'll see about packaging up something easy to use, I'm running a devfag environment

 

jdk 1.8

https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

 

intellij community https://www.jetbrains.com/idea/download/

 

File -New -> Project from Version Control -> Git

https://github.com/banona/PixelUnknot.git

 

little popup click "Add as maven project"

 

"Maven Projects" menu sideways on right side

, PixelUnknot -Lifecycle -> package -> run

 

error message about jdk, click link, set the jdk-1.8 (new, browse to where you installed it)

 

run -edit configurations -> + -> application

 

Main class: q.Main

Program Arguments: Q4example.jpg passwords.txt

Anonymous ID: ee8f98 July 27, 2018, 2:44 p.m. No.2316353   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7207 >>0181 >>0980

>>2315699

Below code to generate a diff from the upstream repo to anon's PixelUnknot program.

This is to ease up code review, as we all know, that we shouldn't run code that we can't understand. This should make it easier to understand what anon changed from the original library code.

Tl;dr: this code is not necessary to run PixelUnknot, but it may be helpful to run it in order to see changes and ensure there's no harmful code included. Based on my preliminary audit there's no such code included. This code (not PixelUnknot!) is Unix/Linux only.

 

#!/bin/sh

git clone https://github.com/banona/PixelUnknot

git clone https://github.com/harlo/F5Android

 

rm -rf refrepo; mkdir refrepo

cp -a F5Android/src/main/java/info/guardianproject/f5android/plugins/f5/ refrepo/f5

mv refrepo/f5/james/ refrepo/james

rm -f refrepo/f5/F5Buffers.java

cp -a PixelUnknot/src/q/james/*.txt refrepo/james/

 

diff -waur refrepo PixelUnknot/src/q

Anonymous ID: b856fa July 27, 2018, 3:47 p.m. No.2317207   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7510

>>2316353

handy! cpu is pegged going through common passwords on https://i.4pcdn.org/pol/1532237608528.jpg

 

looking for a way to detect if there is actually steg data in the image, pic related is from https://etd.ohiolink.edu/rws_etd/document/get/kent1310505218/inline

Anonymous ID: 5b8087 July 27, 2018, 4:26 p.m. No.2317736   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7909

>>2311819

Similar crappy bugs to the first encryption app I put online i used the bytes of the hash of the users password and appended it to a string to feed into a password algorithm but I did this lol

Byte [] pass = new byte [stringlength];

 

Then I appended it to the string like this, string+pass.ToString () it literally appends "system.net.byte []" in c# lol anyways, where are we at with your unknot app? How can I help?

Anonymous ID: b856fa July 27, 2018, 4:41 p.m. No.2317909   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2317706

thx anon!

wrong password LMTGW MAX YNVD WHPG

wrong password ZAHUK AOL MBJR KVDU

 

>>2317736

> where are we at with your unknot app? How can I help?

 

the app works and is multithreaded but it'll take me days to get through the millions of passwords in crackstation-human-only.txt and leaked_db-rockyou.txt

 

if we want to brute force we need to package into something easy for other anons to run (docker container?) and divide up the wordlistsโ€ฆ

 

the paper on f5 detection says decompress, trim by a few pixels, then recompress and see if there is a difference in the color distributionsโ€ฆ would be great to know there's actually data in this image

 

otherwise we keep looking at the code for ways to narrow down the search domain, we know we only need the first 2/3 of the password

Anonymous ID: aeb934 July 27, 2018, 5:29 p.m. No.2318514   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2300727

Your eyes will bug out when you find out whatโ€™s in it

Iโ€™m not gonna pretend to know whatโ€™s in it yet but this shit is deep. I know itโ€™s being slowly walked and for good reason but FFS I want a MF covert heads up which day to take off work so I can see do the perp walk. Hopefully separate day as Renegade so I can have two DayDrinking holidays this summer.

Anonymous ID: e6b647 July 27, 2018, 5:39 p.m. No.2318632   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8667

>>2318493

I hate to beat a dead horse but from the the message under the pic my intuition, again after seeing the q post re slayer evilhasnoboundries

 

else it has to be boxed out in the image code.

if I was gonna send a message i would include it there in the code

 

or its a password they all use to get into the parties. gotta be

Anonymous ID: e629d8 July 27, 2018, 5:51 p.m. No.2318772   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8793 >>8880

any Ideas who "the author might be ? could be their pass? I saw a name in hollywood anon post high priestess cant find it

cant remember it

The author of the postโ€ฆ..

The face is never the author.

Direct comms come in many different forms.

Q

Anonymous ID: b856fa July 27, 2018, 6:10 p.m. No.2319036   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9101 >>9811 >>0846

>>2318727

>>2318674

>>2318545

 

I'm using a couple of common password lists (crackstation-human-only.txt and rockyou.txt), about 70million total along with anything any anon posts

 

went through and double checked all the ideas in this thread, still no luck

 

anybody else have a list of words to try?

 

>>2318616

right! if the results start with the string โ€”- PK v 1.0 REQUIRES PASSWORD โ€”- then you have the right first 2/3 of the password

Anonymous ID: e5806b July 27, 2018, 6:11 p.m. No.2319042   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7999

S.T.F.D. - a reverse Beale cipher?

see reference to DoI.

https://www.usna.edu/Users/math/wdj/_files/documents/sm473-capstone/Price%20_BealeCipher_SM473-Capstone.pdf

 

hunting down Gillogly's program.

will post any results to run.

Anonymous ID: e629d8 July 27, 2018, 6:12 p.m. No.2319053   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9114

>>2318923

Beatty with Diane Keaton and First Lady Nancy Reagan, at a White House screening of Reds (1981)Beatty is a longtime supporter of the Democratic Party. In 1972, Beatty was part of the "inner circle" of Senator George McGovern's presidential campaign. He traveled extensively and was instrumental in organizing fundraising

Anonymous ID: a51533 July 27, 2018, 6:41 p.m. No.2319432   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

There's a program for Linux that works very well for shit like this. You input all the known information about the person. Dogs name, birthday, anniversaries, siblings names. It'll take all the info you can give it. It basically takes all that you input and it mixes up the order and does more and it'll create a huge word file that you can then use to brute force it.

Anonymous ID: 9c664b July 27, 2018, 6:54 p.m. No.2319635   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8313

Realized this comment may be better suited here than in the general thread

>>2319081

 

The first review that shows for me on the Pixelknot app complains that he noticed the app sending data to another server. Dated May 2017

The Guardian Project replies they do no such thing over a year later. Dated June 2018

The app hasn't been updated since Feb 2017, so whatever that user found is still programmed in the app.

 

Can someone with Wireshark or another packet sniffer confirm any odd network activity from the app?

 

My hope is that traffic was transferred to a white hat server

>We Have It All

John Doe ID: 5b0ccb July 27, 2018, 7:11 p.m. No.2319860   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9972 >>3524

PNG. pong pizza [HI]dden in plain sight until JA. (DR)opped emails!

IF you pay attention Q has A[][]0^^&[]) U.S. 4[][] o|# ][+.

Truth IS behind U.S.

We really DO have MORE.

ARCHIVE EVERYTHING.

ED[]โ€”[ Carefully re_read:

John Doe ID: 5b0ccb Sayers of Nay July 27, 2018, 7:59 p.m. No.2320502   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0614

Tiptoe over to the Baphomet /b/ Lurk There.

Observe them Joking about a 9 yr old and

things most foul while her parents watch helplessly.

Lurk MORE!!! Not a game and Its not a joke.

These fucks are actually laughing about something they witnessed (Deep Dark). Think its a game? Think its funny?

Know what I thinks funny? The face your father made on the nut which you were conceived. They are all as guilty as the ones committing the crimes. As are all of you who turn a blind eye to injustice,

Maryland Patriot ID: d0a28a July 27, 2018, 8:14 p.m. No.2320708   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0854 >>2121 >>2151

Guys I don't want to burst your bubbles, but If I'm a child sacrificing deepstate bad actor hiding a message to a fellow sick fuck in a pictureโ€ฆ

 

I'm not going to make the password real words that someone can guess. Not when my freedom is on the line.

John Doe ID: 5b0ccb July 27, 2018, 8:16 p.m. No.2320723   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Im limited to research these days.

Ever been the victim of Gang Stalking?

Not just a yootoob vid

Like it or not the truth is yours to know.

Like Qs Cockpit photos being pics of the Sver.โ€”get it.

Anonymous ID: e6b647 July 27, 2018, 8:34 p.m. No.2320932   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1034 >>1264 >>1600 >>3776 >>4113

Moloch

Beelzebub

ashtar

isis

Osiris

 

So there are over 8000 false gods mentioned in the bible

if i post a list, can you parse out the names?

It looks easy enough for a coder

list looks like

 

Name Origin Description

  1. A Babylon/ Chaldea A moon goddess

  2. A'as Hittite/ Hurrian The god of wisdom

  3. A'ra W. Arabia A local god

  4. A-a Mespoptomia/ Babylon/ Akkadia/ W. Semitic She was a sun goddess

  5. Aa Maakhuer Egypt A lion god of truthful speech

  6. Aabit Egypt A goddess of song

  7. Aaghu Gugu Cherokee A goddess of the of the dawn

  8. Aah Egypt The moon god of Memphis.

  9. Aahmes Nefertari Egypt A protector/ punisher of humans elevated to goddesshood

  10. Aakuluujjusi Inuit The great creator mother

  11. Aasith Egypt/ Syria A goddess of the hunt, war, and the desert

  12. Aataentsic Iroquois A goddess

  13. Aatxe Basque An evil spirit capable of assuming human form

  14. Ab Kin Xoc Maya A god of war

  15. Aba khatun Baikal/ Siberia A sea goddess

  16. Abaangui Guarani A god whose huge nose became the moon

  17. Abaasy Yakut/ Siberia Netherworld beings

  18. Abaddon Hebrew/ Christian The chief of the demons of the 7th hierarchy

  19. Abandinus Roman/ Celtic/ British A god known only by inscription

  20. Abarta Irish A god of the Tuatha De Danann

  21. Abassi Efik Creator of the world

  22. Abat[t]ur Mandaeans It weighs souls &/ or their deeds

  23. Abeguwo Melanesia/ New Guinea A rain goddess

  24. Abello/ Abellio Gaul A god of apple trees

  25. Abeona Roman She is the goddess guardian of children l

Anonymous ID: f04913 July 28, 2018, 12:11 a.m. No.2321613   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

soโ€ฆ we should proally try to bust a few twitter pics too - wondering if that would help us break the code. if they are all doing it - there must be a set way they give out the password and not just everyone knows it beforehand.

 

like tom hank's weird number + neptune remark.

 

have we tried stfd THUO (thou) aecw nkn (d)

 

*taking all the letters in column order for STAND THE

FUCK DOWN

Or just split it in half and line up that way?

 

SFTU ACNK DDTO HWEN

Anonymous ID: 0efd35 July 28, 2018, 12:17 a.m. No.2321660   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1984 >>3552

Been trying to crack the picture for the last couple days.

I didn't know there was a thread.

Have been using Stegcracker to try multiple dictionaries of brute force attacks.

It seems to like 64 char+ passwords as those are the ones that get actual attempts.

Have been running for 2 days straight now.

Need newer dictionaries with long passwords.

Tried Rockyou, crackstation(failed, file too big), Apnee, all of Sublazer.

Nothing has worked, but the long PW's seem to be making actual attempts.

Anonymous ID: 7c73bd July 28, 2018, 1:13 a.m. No.2321984   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2011 >>3986 >>7203

>>2321660

Stegcracker is designed to crack file made by Steghide. Steghide used the Least Significant Bit (LSB) method. PixelKnot uses an algo called F5 that works by modifying the non-zero DCT values in a JPEG file. Stegcracker will never crack it. My condolences for your electric bill.

 

I'm scoping out the feasibility to making a similar tool for the F5 algo. The only way we are going to ever crack this thing is by generating and trying millions or billions of passwords. The Java implementation would be way too slow. It's about one second per test. Thus, someone needs to implement a very efficient minimal test in C. Most of it is pretty straight forward. But PixelKnot uses SecureRandom for the all-important psudo-randomness generator. So I need to make a byte-exact recreation of it's behavior. That's where I'm at. The exact code for the SHA1PRNG algo is surprisingly elusive.

It's going to take a while. I am starting to wonder if it's really that important to see whatever trash talk someone was sending to Q.

A slightly shorter route is to just implement it in Java. It woudn't be as fast but we could get it sooner. There is a LOT that doesn't need to be repeated for each test (extracting the image, Huffman decoding, etc). There is room for several orders of magnitude improvement over hitting the Extract function again and again. However, I'd have to learn Java. Some other codefag could probably do this before I finish reading the Java 101 tutorial. Read a line from STDIN, treat it as the password, decode the first few bytes, then if it's the correct sentinel string print the possible passwordโ€“ else continue at top with the next line from SDTIN.

Anonymous ID: 8f7d32 July 28, 2018, 1:48 a.m. No.2322151   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2320708

im thinking logically. If it's a message that has to be read by multiple people with multiple intelligence levels, the password should be something either easy to remember, or if it's a different password each time a hint is given in the text or the picture itself.

Anonymous ID: 5167a0 July 28, 2018, 2:05 a.m. No.2322238   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2344 >>2691

>>2310262

>>2317532

 

Bare with me on this oneโ€ฆ

 

So Qโ€™s last 4 posts were the โ€˜Device testโ€™ posts. The letters following โ€˜device testโ€™ in the last 3 posts were E, X, & C. EXC is the ticker symbol for Exelon, a (((Rothschild))) company. Itโ€™s also a nuclear energy company. Also, these posts were made at 10:51 - 10:53 PM in Moscowโ€™s time zone, when the eclipse of the blood moon was at its full there. It is also a lunar shift from Capricorn to Acquarius, and the solar shift between those two signs is from Capricorn (ends January 19) to Acquarius (Starts January 20). January 20 Trump became President. Q also said REBIRTH, which is what the blood moon represents.

 

Although there is nothing directly tying the โ€˜device testโ€™ posts to the SS post, variations from the keywords that can be derived from the paragraph above might be part of the password:

 

Rothschild

Moscow

Exelon

Blood moon

Nuclear

Lunar

Eclipse

REBIRTH

Capricorn

Aquarius

January 20

20

Etcโ€ฆ

 

A very large stretch, but might be worth trying variations or combinations of those keywords and numbers.

John Doe ID: 5b0ccb Gotta be July 28, 2018, 2:15 a.m. No.2322281   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Smacked my head about half a day on this thing.

See so many do the same. Lets put that energy

towards something productive. Never know the answer you seek may be inside. Q if its a matter of our safety not to divulge please call me down 30 mins

Anonymous ID: a7d73e July 28, 2018, 2:17 a.m. No.2322286   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2455 >>3524

>>2322011

How do you know which one was used to "encrypt"

 

Have you done the calculation on how long 1 billion seconds really is: 60 (sec) x 60 (min) x 24 (Hours) x 365 (days) = 31,536,000 seconds per year.

 

1,000,000,000 / 31,536,000 = 31.71 years

 

Better get some more computers

John Doe ID: 5b0ccb July 28, 2018, 2:46 a.m. No.2322396   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>319860 >>2320197

Take photo from Qanon.pub

R-click send to

Compressed zipped folder

open folder w/photo inside

R-click edit copy contents into

rich text document helps a little

Access to Qs hidden drops

Now for the tricky partโ€ฆ

Anonymous ID: 0efd35 July 28, 2018, 3:03 a.m. No.2322455   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2735 >>3552

>>2322286

I don't, that's where a large part of the problem.

My computer, while running the stegcracker, was doing about 30 tries per second.

I had 8 going at once, so 240 tries per second.

so about 20,000,000 per day, it would take about 50 days with my current usage.

If I used all my threads, it would take less than a month for a billion tries.

Anonymous ID: c7c18a July 28, 2018, 4:05 a.m. No.2322691   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5814

>>2322344

Dubs confirm. Not just some ties, they own his fake black ass.

>>2322238

Good grab of EXC. Very important topic, but most likely completely OT here for now.

If you start a thread about it, will gladly participate.

EXC not only the power provider for DC and the mid-Atlantic region, but arguably the largest Uranium consumer in the world. That's beaucoup power.

Anonymous ID: 1bdc14 July 28, 2018, 4:15 a.m. No.2322743   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2750 >>2913

>>2300468

the silverman pic is just a crosspost from /pol

worry about the qimages, the ones with legit evidence in them, gonna have to bruteforce sarah's use john hte ripper, wordlists, hashcat

 

try stegbreak if you can find a working version

this is a 25percent slide pretty much

 

usually passsword hidden in alpha channel or lsb, maybe stegshow will work, just typing in shit is no way to go about it, recon her and her twiter, find out which words she uses the most, subjects talked about etc, like phishingโ€ฆ..

Anonymous ID: a7d73e July 28, 2018, 5:05 a.m. No.2322913   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3524

>>2322743

BY brute force do you really mean "Try lots of guesses: or do you have some supercomputer?

 

Only the weakest cryto has bee susceptible to brute force in the last 20-25 years.

 

You been watching too many movies where the genius hacker only need a couple minutes.

 

Do a simple calculation by talking the full ASCII code exponentiation to the power of the max length of the target password.

 

try a simpler example 26 letters to the 10 power. That is way low but I think you can see from all the permutations of that small set, what a "brute force" method might entail

 

hint: 26^10 = 141,167,095,653,376

 

make the set larger all ASCII characters (upper case, lower case, numbers, symbols etc) and look at max password length - you get the idea

 

THEN, worry that it may use something other than ASCII (english), like Cyrillic, Japanese, Hebrew, Arabic etc.

 

About 20 minutes should be enough, ya think?

 

Lastly consider how idiotic you sound to someone that actually understands crypt, including stenography

 

BTW what makes you think the password is within the graphic?

 

That would be dumb, since it could easily be shared separate from the document.

 

If so you would have to examine the entire (megapixel?) files as a contiuous binary number determine the edge/boundaries of the individual color code 8-bit/24-bit/256-bit etc.

 

Then you need to examine each group and fine the odd ones that weren't color codes and "hope" the substituted a "character" in place of the bits in the colorcode.

 

About 1,0000 years would be a good guess on that kind of brute force,

 

But you wouldn't need any password if you knew the substitution pattern/scheme.

 

Confused and overwhelmed yet?

Anonymous ID: 31d8be July 28, 2018, 7:52 a.m. No.2323844   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

A QRD OF JAMES GUNN EVENT!!!!

 

Time line that has occurred between 7/19-7/22

 

>Hollywood Anon posts lists and names and occurrences on pol

 

>few hours later james gunn info breaks on pol and floods the interwebs

 

>mass media panic and twitter start to be deleted

 

>mass archiving of said twitters with 1000s of big wig Blue checks in serious trouble with horrendous tweets

 

The tweets all seem to revolve around this inside joke of fucking, rapeing, murdering, eating, and other degenerate satanic acts

>Dan Harmon deletes his tweeter and begins scrubbing social media after bad tweets AND a video of him rapping a rubber baby doll

 

>a major player in Hollywood posted here after that and thought it was private

He posted his tax return gross income of 327 million for last yearโ€ฆ

 

He was demanding you talk to Adminโ€ฆ

 

> on July 22 the many threads and I investigations here were SHUT DOWN and blocked and mass people were banned for 2-14 daysโ€ฆ

 

Many refugees in FullFeg

 

This video is a must!!!

https://youtu.be/bUDCdhHeZgo

โ€ฆโ€ฆ..

Hollywood is the Royalty of Americaโ€ฆ

And commit just as much evil as them also

Anonymous ID: b856fa July 28, 2018, 8:07 a.m. No.2323986   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2321984

> implement it in Java. It woudn't be as fast

surprisingly java is nearly as fast as c, and faster than c++, for this type of thing

 

>There is a LOT that doesn't need to be repeated for each test (extracting the image, Huffman decoding, etc)

 

killer ideas, updated PixelUnknot to do exactly that and it is much faster!!!

 

>I'd have to learn Java

easier than you'd expectโ€ฆ

Anonymous ID: 1bdc14 July 28, 2018, 9:42 a.m. No.2324773   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2323484

its a rot cipher, not too hard, 7 extra bites at beginning of file, you can read most of it if you remove some red and black

i cant be for sure but i see fap, papa, vegas, dead, bass, then mirrored numbers, but theres still noise bytes in there, dont go to any festivals ladsโ€ฆโ€ฆ theres also words like this

.

word

STAND

word

THE

help

FUCK

me

Down

 

i can also see 20 20 we vote dc, and then some shit that looks like a ransom letter for BO but it might just be referring to last president

we have to solve this lads i was wrong, until BO shows up we DO have to solve this wwg1wga, pray for him.

 

im close but i been at it 36 hours i need sustinance, im still using least significant and most significant bit, what else does that pixel knot program do?

UT ID: dd2576 July 28, 2018, 10:02 a.m. No.2324975   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I started looking at the Q stuff at the end of February. I worked elsewhere because I was told that it's very hard to work here because it's a hostile environment, so I stayed away until now.

We need to dig into these files with new eyes, folks. Q created that file specifically to let us know that there is steganography in use and that he has sent us info that we haven't found yet.

I will have to go back and find the file that me and some friends were working on, I can't remember the post right now but I'll find the post number and share it soon. Within that photo was another photo AND a large file that had been encrypted with something like PGP. We needed the private password, but didn't have the programming skills to make it happen. The question is how many possible permutations can occur when using 128 bit encryption? I know it's an enormous number, but it could be split into sections and automated by programmers and it seems that some of you folks have that skill set. Anybody interested?

UT ID: dd2576 July 28, 2018, 10:09 a.m. No.2325035   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

If anyone wants to go look for the file that I'm talking about, go to the Q posts starting in February and download them. The file that I'm talking about was 1mb in size and it was a jpg, if memory serves. We found a small gif or jpg in it that was a small Q either white on black or black on white inside the file and the large encrypted file. You will know when you have found the file, because it takes several minutes to download. I thought for sure that you guys had already done this or I would have been here before. The research group that I have been associated with has fallen apart several times now, so much doesn't get done. I hope that this group is different.

Anonymous ID: b856fa July 28, 2018, 10:16 a.m. No.2325105   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5253 >>5273 >>5293 >>5352 >>6152 >>6226 >>2189

breakthrough

 

we can start by guessing the last 30% of the password

 

all you need is f5.jar (compiled in 2011) and java

 

https://code.google.com/archive/p/f5-steganography/downloads

 

choose a password (trusttheplan = plan)

 

java -jar ../../Downloads/f5.jar x -p plan -e out.txt Q4example.jpg

 

and look at out.txt - if it starts with "โ€”- PK v 1.0 REQUIRES PASSWORD โ€”-" you have the right last 1/3 of the password

 

curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar โ€“output f5.jar

java -jar f5.jar x -p plan -e out.txt Q4example.jpg

cat out.txt

Anonymous ID: 1bdc14 July 28, 2018, 10:31 a.m. No.2325253   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5263

>>2325105

pkzip password, use dd to carve it out

dd if=file bs=startbight size=math-to-last-byte of=extracted zip fle

make sense?

good work anon, a guide would be great so we can unleash everyone on all of them, ill start looking back thru my archives for original images, i made .mht of them all same as german anon

cant tell you how thrilled i am, hey try to sound out that password phonetically, it kinda makes sense if you think like a deviant toes and resing or see sight;ll fucks? why four? enco somethingโ€ฆ.

 

see what you come up with

ill be back in 8 hours

Anonymous ID: 1bdc14 July 28, 2018, 10:36 a.m. No.2325305   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2325293

also if the shit in there is illegal as fuck, recompress it with a simple password so that way you're uploading slightly compressed/encrypted data andyour isp doesnt send the feds when the bitstream flys by them

Anonymous ID: 1bdc14 July 28, 2018, 10:40 a.m. No.2325352   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2325105

sorry for so many replies that are seperate, am scatterbrained, did you try the 2013 version as well with minor fixes in commit notes?

if youre having trouble might be something to consider, but looks like you are aware of that! ok maximum progress! ill meet you here later or in a similiar named/looking thread if its full

UT ID: dd2576 July 28, 2018, 11:22 a.m. No.2326068   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Okay, I forgot there were other files that had stuff in them too. Go to Post #79. Download the file. There is a .zlib file in it. We couldn't open it. Honestly, all of the files should be downloaded and checked. Our group did not have the skill set that I see here.

Anonymous ID: 5b8087 July 28, 2018, 11:27 a.m. No.2326152   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6226

>>2325105

C#fag from yesterday here, i left my code running over night testing 2/3 Of various passes, no luck. Did you find something ? I used q images that he posted though, not silverman pic since I figured you were working on it.

UT ID: dd2576 July 28, 2018, 11:43 a.m. No.2326348   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Here is the list of images that were in Q posts that we found .zlib files in:

89

98

101

132

149

235

295

435

630

641

685

699

718

726

757

778

779

781

786

793

 

We stopped looking after that. No sense in finding files that couldn't be opened. I suggest again to download all of the files and recheck, we could have missed some and many more images have been posted since then. Good luck!

Anonymous ID: e6b647 July 28, 2018, 12:37 p.m. No.2327389   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8907 >>4334

MOS 3D0X2

 

I'm about to join the Air Force National Guard right now. Who cares if I'm 30. Our country needs us!

 

Try this, An anon posted right after i was asking Q about the password while Q is posting.try as remainder 2/3

 

or by itself

Anonymous ID: b856fa July 28, 2018, 2:17 p.m. No.2328825   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0928

more observations:

  • PixelKnot only outputs jpg images

  • the jpeg decoder is buggy and won't open a lot of jpg (it'll hang at some percent as people are noticing). those images were not encoded with PixelKnot have no data

  • from the password it generates a 20 character hash and uses that to seed a random number generator, creates an array from 1 to n and then randomly swaps the numbers in that array. those swapped numbers are the index in the image of where it hides the data

  • there is not much entropy in the swapped numbers (Permutation class), many hashes would come up with similar swaps

  • pixelknot puts 8 '-' characters in the header of the encoded message

 

so that means a jpg that f5/pixel(un)knot can open and find many passwords that return a '-' in the decoded text probably has data encoded by PixelKnot!!!

 

I've sampled cat jpgs from google and half wouldn't open, and others find few '-' solutions.

 

the silverman pic and the WWGWGA!.jpg from >>94 both have a bunch of '-' solutions

 

i'm running all the q post texts against WWGWGA!.jpg for a while to see if anything pops out

 

i don't know though, this random cat picture also has a bunch of '-' solutions using q post texts so maybe i'm barking up the wrong tree

Anonymous ID: 7c73bd July 28, 2018, 2:19 p.m. No.2328850   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9024 >>0181

>>2327840

Sounds like you are way ahead of me. Can you pastebin your modified Extract.java ?

I saw that PixelUnknot jar you posted. No offense, but I'm not gonna run a large program that I can't verify that was posted in this board.. not with all the fuckery afoot.

Anonymous ID: b856fa July 28, 2018, 2:29 p.m. No.2329024   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2328850

smart, can't blame you, wasn't my jar though from google code archive : https://code.google.com/archive/p/f5-steganography/

 

>Can you pastebin your modified Extract.java

https://github.com/banona/PixelUnknot/blob/master/src/q/f5/Extract.java

 

you can git clone https://github.com/banona/PixelUnknot.git and compile yourself with an ide like eclipse or intellij

Anonymous ID: b856fa July 28, 2018, 3:44 p.m. No.2330113   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0157 >>1266

did some math and this is great

 

>crunch 1 3 '0123456789!@#$%^&*()-=_+[]{}\|/.,<>?:;~`abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'

>Crunch will now generate the following number of lines: 787241

>787241 lines to catch any password 9 chars or less

 

> elapsed: 300s, rate: 73 lines/s

> 787241 lines / 73 lines/second = 10,784 seconds = 3 hours

> 3 hours to check every password 9 chars or less

 

if that doesn't work then to check every 4 chars, which would be any password 12 chars or less

 

> 71639296 / 73 lines/sec = 11.4 days

 

that's only on one desktop, split that work up in the aws and one could detect pixelknot encryption and have the last 30% of the password pretty quickly

 

> lines: 52927 / elapsed: 720s = rate: 73 lines/s

> lines: 57480 / elapsed: 780s = rate: 73 lines/s

> lines: 62061 / elapsed: 840s = rate: 73 lines/s

 

Tick Tock

Anonymous ID: 0efd35 July 28, 2018, 3:47 p.m. No.2330157   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1266 >>1316 >>3474 >>4025 >>5257 >>7253

>>2330113

Opened the file in a HEX editor.

the first part of the file has unusual text in it.

Other pictures I've opened don't have this.

รฟร˜รฟร ๏ฟฝJFIF๏ฟฝ๏ฟฝH๏ฟฝH๏ฟฝ๏ฟฝรฟร›๏ฟฝC๏ฟฝ

 

รฟร›๏ฟฝC

 

รฟร€๏ฟฝรบ๏ฟฝรฟร„๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ

รฟร„๏ฟฝยต๏ฟฝ๏ฟฝ๏ฟฝ}๏ฟฝ!1AQa"q2ยโ€˜ยก#BยฑรRร‘รฐ$3brโ€š

%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzฦ’โ€žโ€ฆโ€ โ€กห†โ€ฐล โ€™โ€œโ€โ€ขโ€“โ€”หœโ„ขลกยขยฃยคยฅยฆยงยจยฉยชยฒยณยดยตยถยทยธยนยบร‚รƒร„ร…ร†ร‡รˆร‰รŠร’ร“ร”ร•ร–ร—ร˜ร™รšรกรขรฃรครฅรฆรงรจรฉรชรฑรฒรณรดรตรถรทรธรนรบรฟร„๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ๏ฟฝ

รฟร„๏ฟฝยต๏ฟฝ๏ฟฝw๏ฟฝ!1AQaq"2ยBโ€˜ยกยฑร #3Rรฐbrร‘

$4รก%รฑ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzโ€šฦ’โ€žโ€ฆโ€ โ€กห†โ€ฐล โ€™โ€œโ€โ€ขโ€“โ€”หœโ„ขลกยขยฃยคยฅยฆยงยจยฉยชยฒยณยดยตยถยทยธยนยบร‚รƒร„ร…ร†ร‡รˆร‰รŠร’ร“ร”ร•ร–ร—ร˜ร™รšรขรฃรครฅรฆรงรจรฉรชรฒรณรดรตรถรทรธรนรบรฟรš๏ฟฝ๏ฟฝ๏ฟฝ?

Anonymous ID: 7c73bd July 28, 2018, 4:43 p.m. No.2330928   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0984

>>2328825

That cannot possibly be correct. If I counted correctly, you are trying all 3 length combinations of 73 different characters. So it should require 3^73 combinations. That is 6.76x10^34

And the minimum the PixelKnot will allow is 4 chars. That would take one CPU until the heat death of the universe. And any reasonable person would use 10 to 15 chars for something like this.

We need to find or create a program that takes a list of possible word (scraped from that 4chan thread, plus other relevant terms, for example) and numbers up to a few digits and assembles them in various natural language ways. And then with 1337 speak substitute characters. Human beings chose that passphrase. So it's better to look at it as psychology problem than purely a math problem.

But first we need to make the tester as efficient as possible. That's what I'm working on now.

Anonymous ID: ee8f98 July 28, 2018, 4:48 p.m. No.2330980   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2316353

Hereby I'm adding instructions how to run the PixelUnknot code on a Unix/Linux machine, because it happened to be quite difficult for me at first.

 

First, install packages: maven, java-1.8.0-openjdk-devel, bouncycastle (Red Hat, on Debian packages may be named differently)

Clone the repository, open the directory

Edit file pom.xml: after <buildadd <sourceDirectory>src</sourceDirectory>

Execute: mvn package

Execute: java -cp /usr/share/java/bcprov.jar:target/PixelUnknot-1.0-SNAPSHOT.jar q.Main Q4example.jpg passwords.txt

 

(file bcprov.jar may be in a different location if your distribution is not Red Hat-based. check files in your bouncycastle package)

Anonymous ID: b856fa July 28, 2018, 4:57 p.m. No.2331057   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1140 >>1312 >>2718

>>2330984

that's what i came up with but crunch made a file with 787241 lines because it includes all 1, 2 and 3 character combination (73 + 73^2 + 73^3)

 

only need to match the last 1/3 of the password to verify that there is a message - so passwords under 12 characters, we only need to check up to 4 chars. 15 char password is 2 billion or 1 year on my desktopโ€ฆ that isn't going to work, would have to divide that up

 

anyway, the < 9 char passwords are easy enough

 

lines: 390636 / elapsed: 5220s = rate: 74 lines/s

Anonymous ID: 7c73bd July 28, 2018, 5:03 p.m. No.2331140   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1186 >>1367

>>2331057

>only need to match the last 1/3 of the password to verify

You sure? final F5Random random = new F5Random(password.substring((password.length()/3)*2).getBytes()); Int-divide by 3, times 2. Unless Java does some weird string math thing I don't understand it, it should be 2/3rds of the password.

Anonymous ID: e6b647 July 28, 2018, 5:12 p.m. No.2331266   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2330157

>>2330113

 

That is interesting

I can make a little sense of it but i haven't coded for over a decade. One thing Iv'e learned is coding aint like riding a bike. If you fall off, it's hard to keep up. Atleast for me it is.

I'm brushing up but you guys have me beat by miles.

I wish I could help. I do have a couple of friends (web masters) that may be able to yield resources for a short time that would probably be up for lending a machine or two if needed.

Ill send them here if they are up for it.

Anonymous ID: 7c73bd July 28, 2018, 5:14 p.m. No.2331291   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2331186

Ohhhhhโ€ฆ that explains why it I didn't for for me as quite I expected when I was tinkering with using the original F5 algo to decode test images.

 

Then it looks like your approach my be indeed be feasible.

Anonymous ID: b856fa July 28, 2018, 5:16 p.m. No.2331312   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2718

>>2330984

>>2331057

 

more mathsโ€ฆ my desktop has 32 core, so 2.3 lines per core per second

 

aws spot instances can get 72 core for $0.62/hr, which is 596,160 lines

 

4 letters - 71,639,296 combination would cost $74 to for password 12 or less long

 

5 letters - 2 billion combination would cost $2079 for passwords 15 or less

 

any richfags want to get this solved?

Anonymous ID: ee8f98 July 28, 2018, 5:20 p.m. No.2331367   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2331140

The example file included matches just "plan". I would kind of want to optimize the PixelUnknot source code.

 

diff โ€“git a/src/q/Main.java b/src/q/Main.java

index 9954f97..ab94435 100644

โ€” a/src/q/Main.java

+++ b/src/q/Main.java

@@ -132,14 +132,14 @@ public class Main {

Files.readAllLines(filePath, StandardCharsets.ISO_8859_1)

.parallelStream()

.forEach(line -{

  • for (int j = 0; j<line.length() - 2; j++) {

  • String l = line.substring(j);

  • //for (int j = 0; j<line.length() - 2; j++) {

  • //String l = line.substring(j);

// System.out.println("trying " + l);

  • int res = extract(coeff, l);

  • int res = extract(coeff, line);

if (res == 1) {

System.exit(1);

}

  • }

  • //}

});

}

}

 

What has changed? Now, our password file contains only the 1/3 suffixes, for example "plan" and so we check only "plan", before that optimization, for a line "trusttheplan" in the password file we would check "n", "an", "lan", "plan", โ€ฆ, "rusttheplan". The problem is, that with the original code suffixes like "a", "b", "c" get checked too often.

 

I'm now trying all strings of a form [a-z]{4}.

Anonymous ID: 6cbe57 July 28, 2018, 5:21 p.m. No.2331383   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2311049

google search "naked nudists" and start clicking on sites and they will lead you to much child porn. then you can report all you see! click on main sites then start clicking away. click enough times and you will make it to real sick child porn. please bust all these urls! together we can eliminate them all!

Anonymous ID: ee8f98 July 28, 2018, 5:45 p.m. No.2331682   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1713 >>2171 >>2416

>>2331580

Yes, we should use SHA256 as it's what 8chan uses for filenames.

 

5A7F006BC6398E644EC960D83A9E36F04BE80E96BB4A48082D18042FE55993CD

This is the "Sarahposter"-original.

fabd30ac56bac002df63a0e6961c10eb5c307e6aadb91743306fa217bbd6fe49

This is Q-original

 

Incidentally, the original Q image is named:

3930a76b2028bf79781986862c68c6bfd3e36bd727f7c2dd8e14c5cc702aae34

 

So let's do an experiment: does 8chan rewrite images upon upload. The images I will upload now should have the following SHA256 checksums:

 

286e0495d8feaa363a2060471064e41662cdeea6e53c023cca89dfb2a0e57c0f test2.png

2c1efa6ceef7e02ece13f538b1234b4cc52d09cad3b471994037f417d7bd5872 test.jpg

d695fab6d2dc8fd1417723a014712925a99fbd1beafa1aec08fd71aed8c0f7bb test.png

 

If they don't match, they got rewritten on the fly.

Anonymous ID: ee8f98 July 28, 2018, 5:52 p.m. No.2331785   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1819

>>2331713

Incorrect. They got rewritten:

 

886094e3f5ddc2aeab88c295b7d9b5529272af8a271bff1068d1734612d28f15 286e0495d8feaa363a2060471064e41662cdeea6e53c023cca89dfb2a0e57c0f.png

874087581dc97a9f447bb4f8aef9d72d8d1d6817b25bbee1b2f45b78a416caa4 2c1efa6ceef7e02ece13f538b1234b4cc52d09cad3b471994037f417d7bd5872.jpg

886094e3f5ddc2aeab88c295b7d9b5529272af8a271bff1068d1734612d28f15 d695fab6d2dc8fd1417723a014712925a99fbd1beafa1aec08fd71aed8c0f7bb.png

 

test2.png was constructed by appending some data (that happen to be test.jpg) to test.png. 8chan dropped the extra data, so test.png equals to test2.png. What if I upload them again?

Anonymous ID: ee8f98 July 28, 2018, 6:10 p.m. No.2332051   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2232 >>2419

>>2331831

Ok, I tried downloading with the "download with an original filename" link and it's how you can ensure you will download the original file and not a rewritten one (not really - I don't know how it works).

 

This is the original Q checksum, as denoted by the filename:

3930a76b2028bf79781986862c68c6bfd3e36bd727f7c2dd8e14c5cc702aae34

 

I managed to download the original, but I can't recreate it anymore. Pic related, you may have some luck clicking on the (h), (u) buttons.

 

Not that we should focus on this image, but on the "Sarahposter"-original. Just be aware, that 8chan rewrites images.

Anonymous ID: ee8f98 July 28, 2018, 6:24 p.m. No.2332232   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2344 >>2408 >>2545

>>2332051

Ok, I know now. This is how you can download the Q-original image:

 

https://media.8ch.net/file_dl/3930a76b2028bf79781986862c68c6bfd3e36bd727f7c2dd8e14c5cc702aae34.jpg/typeheresomethingrandom.jpg

 

Make sure it's random, so you don't get the modified 840e56f8babf0c9d8292f73d7ca34f00dfbb741c338aed0859a7ca80590eca80 file.

 

>>2332171

It rewrites both, but not on the first access.

Anonymous ID: ee8f98 July 28, 2018, 6:39 p.m. No.2332408   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2331831

Yes anon, you are right. Your image in >>2301393 is actually correct, just make sure to check the checksum later on. For reference, it's: 5a7f006bc6398e644ec960d83a9e36f04be80e96bb4a48082d18042fe55993cd . I didn't intend to muddy the waters, but I actually did. But at least make sure to check the SHA256 checksum before trying to crack. Use this method for best results in downloading the original file: >>2332232 or download from 4plebs: https://i.4pcdn.org/pol/1532237608528.jpg

Anonymous ID: ee8f98 July 28, 2018, 6:54 p.m. No.2332545   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2748

>>2332344

>>2332368

You are both wrong, unfortunately. See pic related. You need to get a random link as described here: >>2332232

>>2332416

You got the right files because you were the first to download them. See pic related. If you try to download them now, they will be cut. But I think we don't need to derail the thread more, I will report the issue on /sudo/ in a moment.

Anonymous ID: ee8f98 July 28, 2018, 7:13 p.m. No.2332679   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2332419

Ty anon, I can confirm the sha256 checksum of the file still served by 4chan on https://is2.4chan.org/pol/1532237608528.jpg to be 5a7f006bc6398e644ec960d83a9e36f04be80e96bb4a48082d18042fe55993cd as expected.

Anonymous ID: ee8f98 July 28, 2018, 7:38 p.m. No.2332904   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2332748

I repeated my results from another ISP (HTTPS hijacking? That would be interesting). For the record, changing from curl to wget did not trigger getting the original file. You don't look like a Tor user though, so I don't really know where's the culprit.

 

>>2332809

>>2332850

I checked it out and yeah, that's not a result.

Anonymous ID: ee8f98 July 28, 2018, 8:35 p.m. No.2333474   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5257

>>2330157

Nice find. I stumbled across the same now. I found 3 files in my research that have this "CDEFGHIJSTUVโ€ฆ" string.

 

First one is Q4example.jpg (OP's image)

Second one is 5a7f006bc6398e644ec960d83a9e36f04be80e96bb4a48082d18042fe55993cd (SS image)

Third oneโ€ฆ is 3930a76b2028bf79781986862c68c6bfd3e36bd727f7c2dd8e14c5cc702aae34 (Q's image)

 

It probably means that all 3 were generated with the same image generation library. Which could be the Java generation library. And that could mean, that while we know that the first one has some obfuscated dataโ€ฆ Q tells us the second has as wellโ€ฆ But he himself probably embedded a message too :) Or not. Just make sure you get the rare original file.

Anonymous ID: 7c73bd July 28, 2018, 8:48 p.m. No.2333595   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4176

>>2332718

What kind of speed are you getting?

I'm trying to optimize this code. I'm only getting about 200 per minute. And I can't think of any obvious way to optimize the Permutation part. But I'm going to keep thinking about it.

I assume you are generating a list with Crunch in the same method you posted above but with 4 chars. I'll do the same and start from the other end of the list.

Anonymous ID: e6b647 July 28, 2018, 9:29 p.m. No.2334025   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5257

>>2330157

How would a coder block out a note within this code language? You know like when he leaves a note to himself and needs it to be mute to the program itself?

Something looks fishy but not sure.

 

is it worth noting that the letters and numbers missing from 456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

 

123 ABKLMNOPQRabklmnopqr

is missing

 

and from 56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

 

01234KLMNOPQRabklmnopqr

is missing

I understand that there's an equation involved but to my limited knowledge it almost looks like none of it is seen by the program or maybe part of it.

Anonymous ID: 7c73bd July 28, 2018, 9:42 p.m. No.2334176   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6001 >>1663

>>2332718

>>2333595

Better idea.

Many of these characters are awkward to produce from a phone keyboard or are simply not what a human picking a password would use. How many people are going to stick curly brackets in a passphrase? I wouldn't even use parentheses. So I suggest shortening the symbol set to "!@#%&-_+*? ". And don't forget 'space'. It's likely to turn up in passphrases.

For devision of labor let's generate a set of chunks the same way and attack it a few at a time. I generated them with,crunch 4 4 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#%&-_+*? "split -n 20 passwords4.txt passwords4.txt.

I've started with the first four, chunks aa through ad.

Anonymous ID: 2188ca July 29, 2018, 1:05 a.m. No.2335506   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5545

>>2328417

 

I think C# Anon is going to have an issue with SecureRandom(). They won't be the same on .NET vs. JAVA, I'm running into this issue as I'm porting the JAVA code to JS.

 

I can call JAVA code from JS, but I want all this to run client side browser.

Anonymous ID: 7c73bd July 29, 2018, 2:01 a.m. No.2335715   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5793 >>1663

>>2335545

I generated test images with known passwords in the Android app and then tested them on my Linux machine. It works. There is apparently no reason for SecureRandom to deviate from the default SHA1PRNG algo, at least not in this case. But I suspect that SecureRandom going out and grabbing other sources of entropy is why the app often fails to decode it own output. The app's creator should have rolled their own PRNG. It would have been trivially easy.

Anonymous ID: 2188ca July 29, 2018, 2:23 a.m. No.2335793   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2335715

 

I think there was a change in Jellybean 4.3, where the underlying SecureRandom was changed. If this is the case, if the image F5'd with pre 4.3, it may not work correctly 4.3 and greater. I'm guessing these people are using burner phones for all this.

 

What a mess, and we probably don't know if Q uses f5, but I think iOS is used.

Anonymous ID: 7c73bd July 29, 2018, 3:24 a.m. No.2336001   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6031 >>6698 >>1663 >>1802

Anons in the General thread are talking about this. So here is the method I'm using right now.

I'm not using the PixelUnknot tool written by [b856fa]. There is too much code for me to read through to verify that he's not a shill trying fuck with me. So I grabbed the original F5 algo that was rolled into F5Android and then into PixelKnot. Then I heavily modified Extract,java (PDF related).

 

  1. Install Java. OpenJDK on Linux works. Don't know about Windows.

  2. Download F5-steganography-master.zip

shasum:ef47173ed89dcd2173270de9f106774cc4c6e9d7

https://github.com/matthewgao/F5-steganography

Unpack it.

  1. Copy and paste the PDF into a file called BruteCrackPK.java. Save it right next to Embed and Extract.

  2. Compile the it with "javac BruteCrackPK.java"

  3. Generate a bunch of passwords. See

>>2334176

for an example. Feel free to jumble together any set of relevant words and variations.

  1. BruteCrackPK is setup to take the wordlist from standard input. I wanted to be able to eliminate filesystem overhead between Crunch and it. That was before I realized how much work it has to do internally for each test. Turns out fs overhead is comparatively trivial. By anyway, run it with something like,

java BruteCrackPK imagefilename.jpg < passwordlist.txt

  1. Wait. Maybe a long time.

 

The other attached image is encoded with the password "testtesttest". This program should produce a hit with "test". Only the last third of any password is crackable with this technique (it's only possible because of a design goof by PixelKnot's author). The hope is that if we can get the last third it will provide enough of a clue that we can guess the rest, or at least greatly reduce the search space for the next phase.

 

  1. (Optional, inefficient) You can also feed full-length passwords into the class in the other PDF file. But be aware of false positives. The image will hit on "blahblahtest" as well as the correct password. Save as "BruteCrackPH_fullpassword.java"

Anonymous ID: 2188ca July 29, 2018, 3:41 a.m. No.2336057   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6071 >>1663

>>2336031

 

We should probably consider using this impl:

 

https://android.googlesource.com/platform/libcore/+/android-5.1.1_r37/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java

 

I hope that this will eliminate some concerns in regards to Android versions of these pedos.

Anonymous ID: 7c73bd July 29, 2018, 5:34 a.m. No.2336510   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2336293

The vast majority of the original pics from Q are in PNG format. The stegano technique used by PixelKnot is for JPEGs exclusively. If you can assemble a list of URLs for all JPEG images Q has posted than I'll be happy pull them down and test for any passphrases you suggest (eg: "WWEG1WGA").

 

Robots, canonical, nor manifest work. In fact, we think we've already ruled out all password of 9 chars or shorter.

 

And that is a strange image. The F5 decoder stalls when I try to examine it. I get the message "Nf weder 1 noch 3". This appears to be an error message (in german, "Nf neither 1 nor 3") coming from HuffmanDecode.java. I should have been in bed 4 hours ago. So I'll let some other codefag determine the significance for that and if it's something we need to be concerned about.

Anonymous ID: ca6a33 July 29, 2018, 5:37 a.m. No.2336523   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8683

>>2336293

Q can't prove they're on the inside, the same way they can't actually do any good with the info they release

 

Look, if you're allowed to post riddles and gibberish and self promoting crap, but if you post anything that might actually produce results you get killed, then what is actually going on here ? Qanon can't be real, Trump can't be real because it's dangerous ? How do you ever make it not-dangerous ? Wait 100 years ? But what ? I thought these people were sick and they wouldn't be able to walk down the street ? Haven't you had Weiners laptop since 2016 ? Isn't there some "we got the server" report coming in once a week or something ? That's a lot of servers, how many is needed ?

 

Just more cognitive dissonance ? So the MSM will never report the truth, so it's ok for the only inside truth the people get is from a assholish star trek character on an online mesageboard and in riddles without proper explanation ?

 

I can understand if someone is working hard and doing their best, but I think it's fair to say that if this level of communication is deemed enough, then there may be some misconceptions about the relationship and where it's headed

Anonymous ID: 54da36 July 29, 2018, 9:08 a.m. No.2337999   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8119

>>2319042

https://web.archive.org/web/20060126085231/https://members.fortunecity.com/jpeschel/gillog3.htm#

THE BEALE CIPHER: A DISSENTING OPINION by James J. Gillogly

In 1885 James B. Ward of Virginia published a pamphlet describing a fabulous treasure buried by an explorer named Thomas Jefferson Beale in Bedford County, Virginia, over 60 years earlier. The location, contents, and intended beneficiaries of the treasure were concealed in three separate ciphers.

 

Ward claimed to have broken the second cipher (B2), describing the contents, and found it to be a book cipher based on the Declaration of Independence (DOI).

The words of the DOI were numbered consecutively, and each plaintext letter was replaced with the number of a word in the DOI beginning with that letter.

 

The details of the encryption are discussed exhaustively by Dr. Carl Hammer [1], The initials of words in the DOI are given in Table 1.

Anonymous ID: 54da36 July 29, 2018, 9:16 a.m. No.2338119   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2337999

https://en.wikipedia.org/wiki/James_J._Gillogly

James J. Gillogly (born 5 March 1946) is an American computer scientist and cryptographer.

 

Gillogly worked as a computer scientist at RAND, specializing in system design and development, and computer security. He has written several articles about technology and cryptography, is currently the editor of the "Cipher Exchange" column for The Cryptogram, and was president of the American Cryptogram Association.

 

He is best known for his work solving or debunking some of the world's most famous unsolved codes. In 1980 he wrote a paper on unusual strings in the Beale Ciphers, and he received international media attention for being the first person to publicly solve parts 1-3 on the CIA's Kryptos sculpture in 1999.

Anonymous ID: 54da36 July 29, 2018, 9:32 a.m. No.2338313   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2319635

>Can someone with Wireshark or another packet sniffer confirm any odd network activity from the app?

> app hasn't been updated since Feb 2017, so whatever that user found is still programmed in the app.

Please. Could be important, especially to those using it.

>My hope is that traffic was transferred to a white hat server

Along with all the passwords. Message within a message from Q?

Anonymous ID: b856fa July 29, 2018, 12:51 p.m. No.2341663   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1888

>>2336057

>>2336071

>>2335715

 

the f5Android jar uses sun's SecureRandom, and the f5 jar on the google website is able to decode PixelKnot encoded so I think we're using the right one

 

https://github.com/guardianproject/F5Android/blob/master/src/main/java/info/guardianproject/f5android/plugins/f5/crypt/F5Random.java

 

>>2334176

 

smart! I get 76 passwords a second so each chunk will take about 5 hours - I'll take aq, ar, as, and at

 

>>2336001

this is great, can you put your code on pastebin or something i don't open pdfs

Anonymous ID: 7c73bd July 29, 2018, 1:06 p.m. No.2341888   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2377

>>2341663

You must have a monster of a machine! I haven't had a need to upgrade my AMD Phemon II in 10 years. So I'm getting about 230 per minute x4 processes (about 15 per second). Time to upgrade to at high-end Ryzen.

 

BruteCrackPK.java

https://pastebin.com/Y1exTrjL

 

BrutcCrackPK_fullpassword.java

https://pastebin.com/PEnTtSaA

 

I made some optimizations for quick return as soon as it has enough to rule out a given password. But they didn't speed it up that much. It looks like >95% of the time is spend calling SecureRandom and its internal SHA1 based PRNG 1.8million times before it can decode the first byte. There is not a lot I can do to speed that up.

Anonymous ID: b856fa July 29, 2018, 1:21 p.m. No.2342141   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2377 >>4586

it's probably nothing

 

looking at partial matches (passwords that extracted two โ€“ at the start see pic), these shouldn't be close to real password as secure random does SHA hash so small changes make big change to the random.. but looking through the list this one stood out to me:

 

he few the proud

 

tried extract with f5.jar with that password and it crashes my computer, done it twice now

 

java -jar f5.jar x -p 'he few the proud' -e msg.txt 1532237608528.jpg

 

looking over the code and I can't think of any reason why and the partial marine slogan is a creepy coincidence

Anonymous ID: b856fa July 29, 2018, 1:33 p.m. No.2342377   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2792 >>4586

>>2342141

PixelUnknot doesn't crash on it, just a partial matchโ€ฆ hmm

 

other observation is that none of the 1-3 letter combinations i did ever produced output with two leading 'โ€“' in it

 

>>2341888

 

great code, the only other optimization i did was in Permutation to cache result of the initial shuffled list (it starts with sequential array of 178k integers) so it can memcpy the array

 

all the work is in SHA hash of the password and shuffling that array, can't think of any good way to shortcut that

Anonymous ID: c2f389 July 29, 2018, 2 p.m. No.2342867   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6188

I found some Java software for "F5 stegnography" and ran a script to invoke it with every lowercase English word in a file "enable1.txt" but found no matches. Not confident of doing it right and trying a 2nd time.

Anonymous ID: 9c664b July 29, 2018, 2:17 p.m. No.2343179   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Trying something out here. Going to take the original file and several with messages with and without passwords to compare them in a hex editor to try and find any patterns. To those of you with the hardware to brute force, thank you for I don't have much to work with.

 

passwords: (none), Qanon, qanon, TrustThePlan

Anonymous ID: e6b647 July 29, 2018, 3:25 p.m. No.2344334   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2327389

So disregard the MOS 3DOX2

 

I think the anon that posted it originally verified it was him, And therefore meaningless.

 

He let me know it too. lol!

He may be back to check my spelling here. Better watch my P's and Q's.

Anonymous ID: 7c73bd July 29, 2018, 3:52 p.m. No.2344703   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4904 >>5204

>>2344586

I just get garbage.java Extract -p "0+CE"-e 1532237608528.jpg Huffman decoding startsPermutation starts1843200 indices shuffledExtraction startsLength of embedded file: 2951877 bytes(1, 255, 8) code usedIncomplete file: only 297 of 2951877 bytes extracted

Anonymous ID: b856fa July 29, 2018, 4:09 p.m. No.2344904   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5053 >>5191

>>2344703

uh oh wonder if something is wrong, PixelUnknot and f5.jar produce the same results for me

 

java -jar f5.jar x -p 0+CE -e msg.txt 1532237608528.jpg

Huffman decoding starts

Permutation starts

1843200 indices shuffled

Extraction starts

Length of embedded file: 4947636 bytes

(1, 1023, 10) code used

Incomplete file: only 92 of 4947636 bytes extracted

Anonymous ID: 7c73bd July 29, 2018, 4:21 p.m. No.2345053   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5066 >>5181 >>5191

>>2344904

Hmm. When I use f5.jar I still get the same results as with calling Extract directly.

You get consistent results both ways on your matching and I get different consistent results on mine. This shouldn't happen.

Have you tested images created with the app with known passwords? Does this image decode with "test" for you? (pic related).

Maybe there is some little variation in SecureRandom. I'm using OpenJDK 8. This probably shares much of its codebase with the Android version.

Anonymous ID: 7c73bd July 29, 2018, 4:52 p.m. No.2345468   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2345204

No, quotes are not being set. If that were true "test" wouldn't work. It behaves that same way from a file as from a command line arg. And none of those strings produce anything for me but garbage on either the SS image or the test image.

That is exactly what testtesttest.jpg is supposed to decode to. PixelKnot stores the messages as base64 encoded AES encrypted blobs. This is not part of the F5 system.

One would expect 1-in-65536 bad decodes to start with two "-" chars by chance. If we are testing millions of passwords then a few that start with "- -" is not surprising. That's why BruteCrack doesn't go ding! until it sees 20 chars of matching sentinel string.

But even if PixelUnknot is simply not testing far enough it wouldn't explain why you would see valid message using F5.jar and I don't.

Very very strange.

Anonymous ID: 2188ca July 29, 2018, 5:06 p.m. No.2345670   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5700

Comments like this are concerningโ€ฆ

 

https://stackoverflow.com/questions/13433529/android-4-2-broke-my-encrypt-decrypt-code-and-the-provided-solutions-dont-work

 

https://stackoverflow.com/questions/39097099/security-crypto-provider-deprecated-in-android-n/42337802#42337802

Anonymous ID: 2188ca July 29, 2018, 5:09 p.m. No.2345700   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5735

>>2345670

 

So I think it's going to be an uphill climb given that we don't know what version of Android the OG images were created with.

 

I think burner phones are pretty much a given, and with that in mind we mind have lower version of Android (typical with cheap phones).

Anonymous ID: 7c73bd July 29, 2018, 5:12 p.m. No.2345741   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2345204

Actually.. if you are implementing that same size filter I am it would skip the vast majority before it got to that stage. Very few 32bit random integers will be between 96 and 2000, roughly 1-in-2.3million. That times 65536โ€ฆ and it's an eyebrow raising coincidence.

Anonymous ID: b856fa July 29, 2018, 5:15 p.m. No.2345784   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5936 >>5938 >>6032 >>7556 >>7826

>>2345257

>>2345073

OMG you are brilliant - not exactly correct but still brilliant - look at the code for f5Android on the leftโ€ฆ it doesn't add the JFIF tag to the image!!!

 

WE CAN DETECT PIXELKNOT ENCODED IMAGES

 

THEY ARE MISSING THE JFIF AT THE BEGINNING

 

they start with the hex bytes

 

FF D8 FF DB 00 84

 

andโ€ฆ..

 

the silverman picture is not a pixelknot image

Anonymous ID: 182eda July 29, 2018, 5:22 p.m. No.2345864   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2345257

After a quick look, paint.net adds that same signature when I save images, photo shop doesn't. So, it might be a paint.net thing or whatever lib it uses for images. I will look more into it and see what part of the header that actually is. But for now, assume that it's nothing.

Anonymous ID: 2188ca July 29, 2018, 5:28 p.m. No.2345938   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5998 >>6148

>>2345784

 

WOW, this is greatโ€ฆ

 

I was right about the SS image then.

 

BTW - I was using a tool called autosteg, which uses the same F5 lib, and will encode a folder of images with a given password. The one thing it will do is detect F5, it didn't detect F5, but it did detect it for the jumping comey pic.

 

One thing that's concerning that gets back what I just recently said, I built PixelKnot app, and encoded my own image, and it didn't detect it, but it does have the JFIF tag in the image. I need to dig some more on why that is.

Anonymous ID: d34037 July 29, 2018, 5:50 p.m. No.2346188   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2342867

My battery died around 75% through the wordlist, even though most the number crunching was on a remote server. The software I was using goes into an extremely slow decode process when using correct password on test images other anons posted. Therefore you can tell if a password wasn't rejected immediately.

 

Instead of general vocabulary trials we should compile list of more probable passwords. The vocabulary of Q posts (including image file names) is one start. The vocabulary of the original 4Chan post likewise. Newspaper quotes could be a lead too. It should try one word at a time, then 2 following words at a time, 3 words in a row at a time all from the text corpusโ€ฆ

 

I don't understand the F5 algorithm but if wrong passwords are rejected quickly most the time then a timing attack could guide the crack, maybe. But almost all trials quit early anyways.

Anonymous ID: 7c73bd July 29, 2018, 6:02 p.m. No.2346356   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2346134

I'l already at work scanning my entire offline backup of Q General. :)#!/bin/shrm with_tag.txtrm without_tag.txtlist=jpeg_list.txtprefix=~/q_backup/file_store/for filename in $(cat $list) ; do echo -n $filename echo -n " " head -c 20 $prefix$filename | grep "JFIF\|Exif" /dev/null if [ $? -eq 0 ] ; then echo "Yes" echo $filename >> with_tag_list.txt else echo "No" echo $filename >> without_tag.list.txt fidone

Anonymous ID: e6b647 July 29, 2018, 6:06 p.m. No.2346408   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6649

Future topic.

Relevant.

#FLYROTHSFLY#

Q

 

B8028-Z-KDHYQ-M5-ZAF1aT9

Giranamo

ihearyou

dZ68J_729282D_B^02928xABVtZ

b7al8920289-sLBTCZA99_jXK

38201820281028201820484739201837474

B_1

B_2

KILL_CHAIN

SKY_TAR_[E_BZ_y]

[]

[]PAK[]

[]-13-[]

A-9zBT1-033

"Republic-D"

"Republic-E"

"Republic-F"

"Republic-MILMAR-E"

INFIL-[2]-OP_TAKE_O_

WATCH_TOWER_OK

RED_RED_OK

RED_CASTLE_OK

NIGHT_BOX_OK

SKY_BEAM_OK

NORTH_TRADE_OK

MOUNTAIN_DEEP_OK

COMM_SAT_6_OK

COMM_SAT_7_OK

COMM_SAT_8_FALSE

COMM_SAT_9_OK

COMM_SAT_SEC_R140_OK

TELCON_SIG_CONF_C-83028

ZEBRA_PACIFIC_SIG_COMM_[GOOD]

DESIGNATE CODE: [ _D7_UND<93829]

ACTIVATE CODE: [0 0000 018739 7-ZjG]

Q, DELTA

 

Bravo-TK_964389&6

 

Q !CbboFOtcZs No.105 ๐Ÿ“

Jun 12 2018 15:20:02 (EST)

JDLKD-8382KDJDzAZ7301

YTRR-aRb730100-JQE195

CZTA68-KDHG-[ t]

CASTLE ARRIVAL GOOD

BLUE METAL

 

Q !CbboFOtcZs No.106 ๐Ÿ“

Jun 12 2018 15:55:46 (EST)

FOX M1 STOLEN TAKEDOWN

ACTION KDN-0000

VIC-INTEL_34.xxxxCLAS_38.xxxxCLAS

[]CON SIT-AWARE

ON GUARD Z-BUNK_T6_Y

EXE_70283-BM-3802873492719236872021028392821000T

 

ffd74019f9c089f17e39a7d0d83efca29717eaa08d1bc7c7a973a748296a105c

 

32536AA00: _ MI TM (UTAH)(STRAT SIGINT)

32536AB00: _ MI TM (OCMC)(STRAT SIGINT)

32536AC00: _ MI TM (DET A)(STRAT SIGINT)

 

-D_CsTBA_YES[AUTH_H7^pZBVTZ7302-]

##FLY##

[OWLS]

HOT-1_pre_D

HOT-2_pre_D

HOT-3+

HOT-4_TERM_AUTHC-TVFCAZD-837392x

HOT-5_pre_D

HOT-6_pre_D

HOT-7_corr_TAXjV^-293Z

HOT-8_pre_D

HOT-9_pre_D

HOT-10_pre_D

HOT-11_pre_D

HOT-12_pre_D

AS THE WORLD TURNS.

HAPPY HUNTING.

P_PERS: WRWY [N1LB][FG&C]

Jeremiah 29:11

Q

ENOU[G]H IS EN[O]UGH.

CONF_AW-CjF78-82(Z 00:00)

:OWLS:

Good Hunting!

Q

Anonymous ID: e6b647 July 29, 2018, 6:15 p.m. No.2346522   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6649

SEA_TO_SHINING_SEA

DIRECT: CODE 234 SEC: B1-3

DIRECT: CODE 299 SEC: F19-A

[ C P 19]

Show the World Our Power.

RED_OCTOBER >

Q

>>130030

SWEET DREAMS.

P_pers: Public (not private).

NATSEC_19384z_A_DT-approve

Q

 

21_[ f ]_SEQ1239

22 _SEQ_FREE_9-ZBA

22 _WH_POTUS_PRESS

Divert-ATT_CAP_H

Q

 

1 _y

Q

 

Term_[#2]19_y

NAT_SEC_

NAT_SEC_A,H,H, L, B, E, classified Cdg-23k

FREEDOM_#1-43

CAP_H(9).

MAVERICK.

JUSTICE_FED_J[1-4]_remove + appellate

Q

Trip code on 4 working.

#FLYSIDFLY#

We don't like to say his name.

Q

 

Trip code on 4 working.

#FLYSIDFLY#

We don't like to say his name.

Q

 

#FLYJOHNNYFLY

Anonymous ID: b856fa July 29, 2018, 6:17 p.m. No.2346540   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2346134

download all jpeg from a 4chan/pol thread

 

wget -P pictures -nd -r -l 1 -H -D is2.4chan.org -A jpg,jpeg https://boards.4chan.org/pol/thread/<ID>

 

loop over using detect.py https://pastebin.com/eszXC1yb

 

for F in pictures/*; do python detect.py $F; done

 

happy hunting

Anonymous ID: 23eddd July 29, 2018, 6:23 p.m. No.2346641   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6733 >>6781 >>6981

>>2306905

I was trying to find a test image so I can see if programs/code I'm trying to get working on my desktop is compatible. Your image doesn't work for me. Pixelknot is stuck on 10% "Fetching your message".

 

I made a test image with Pixelknot (pic related). The password is "test".

Anonymous ID: 08c1a5 July 29, 2018, 6:49 p.m. No.2346981   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7019 >>7058

>>2346641

Pixelknot locked up for me too

I am thinking they fuckered over the app somehow, looking through the reviews, some say it works, others say it does not.. I am more than sure if the deep state players are using it, it is โ€œlegitโ€.. maybe a hiccup here or there.. phone ES to get it worked out..

 

I think we are still kinda at ground zero. I have been reading up on it, btw I have seen Stenography, Stegnography,.. and at least 1 other spelling for the same thing.. so damn weird.. just like the peopleโ€™s names..

Anonymous ID: e6b647 July 29, 2018, 6:49 p.m. No.2346987   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2346698

>>2345664

 

_FREEDOM-_vSA_yes_DC08vC_EX_y_AW_Conf-go.

 

Reads as (freedom)

 

v (for) SA (Saudi Arabia) US (USA) yes

 

DC (Device Confirmation) 08 (recipient 1 of 17)

 

C_EX (4 devices tested 2 days ago) y (yes) AW (Alice and Wonderland) Conf-go (is a confirmed go).

Anonymous ID: d34037 July 29, 2018, 7:31 p.m. No.2347536   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2346134

Does YouTube use F5 stegnography in video poster images as a kind of watermark? One of the few images in Downloads folder detected is from a youtube video. I had to edit code and might have screwed up, it should have detected example imagesโ€ฆ

Anonymous ID: 23eddd July 29, 2018, 7:32 p.m. No.2347556   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8153

>>2347264

The original SS image is 70KB, but Pixelknot wasn't used on the image because JFIF is present (the image has a sha256 beginning in "5a7f006").

 

As mentioned in this comment, Pixelknot does not have "JFIF" at the beginning of its output files:

>>2345784

 

The image I created with Pixelknot does not have the JFIF at the beginning. The image on..

>>2306905

does however. Maybe a mistake, maybe a slide, I dunno.

Anonymous ID: 7c73bd July 29, 2018, 7:37 p.m. No.2347619   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7681 >>7705 >>7731 >>7883 >>0331 >>2189

>>2346134

Here is the set of Q Research images that start with those 6 bytes (from since I starting backing up the breads a few months ago). 66 files, 9.1MB. I haven't checked when they were uploaded. The two SS pics were clearly created by anons recently.

 

https://nofile.io/f/PR5CxvthaYp/jpeg_ffd8_ffdb_0084.zip

 

I haven't tried 4chan/pol/. The archive doesn't save the original images.

Anonymous ID: 08c1a5 July 29, 2018, 7:43 p.m. No.2347705   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7731 >>1610

>>2347619

What sucks is us who have Mac, I have an old broken screen android samsung whatever, and it is helpful, I erased and reinstalled the app, it actually got off zero but stalled out on 10%. For the corn I used the password โ€œField Agentโ€ fuck if I know if it works..

 

I have pictues of the info off the files, having to do that cause it is about the easiest. I will post now.

 

I think the sarah pic was strickly Q talking to DS or letting us know what they do.. that thing was fucked anyway.. being chopped and all.. at 6k, is it compressed?

Anonymous ID: 9c664b July 29, 2018, 7:51 p.m. No.2347826   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8169

>>2345784

>>2346808

>>2347027

Thanks guys

 

>>2347058

Speaking of poorly written, is it possible that the developers made a mistake with the random seed generator? Using the same seed for each encryption.

 

https://github.com/guardianproject/F5Android/tree/master/src/main/java/sun/security/provider

 

https://www.synopsys.com/blogs/software-security/issues-when-using-java-securerandom/

>However, if you attempt to seed the following implementations before obtaining any output from the SecureRandom implementation, you will bypass the internal seeding mechanism of the SecureRandom implementation:

>sun.security.provider.SecureRandom

>com.ibm.crypto.provider.SecureRandom

>com.ibm.crypto.provider.SHA1PRNG

>com.ibm.crypto.provider.HASHDRBG

>com.ibm.crypto.provider.SHA2DRBG

>com.ibm.crypto.provider.SHA5DRBG

>This may be desirable in some situations; for example, if you need to generate the same outputs multiple times, you can seed your SecureRandom implementation with the same seed each time. However, when unpredictability is required, bypassing the internal seeding mechanism of the PRNG is not a good idea.

Anonymous ID: 08c1a5 July 29, 2018, 7:57 p.m. No.2347923   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7993

>>2347731

I havenโ€™t been able to get PK to finish up. So does it totally change the filename?

 

Couple things to note, if you didnโ€™t already know. The darker a pic, the littler the size because there is less data written to the pic, you can see relatively same size for the kayaker and the field pic, kayaker pic is larger, brighter and more there.. field pic not so muich.

 

Also the differences between the sarah pics, notice how after 4chan it was both changed in name and added โ€œdocumentsโ€ to one.

Anonymous ID: a7d73e July 29, 2018, 8:10 p.m. No.2348153   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2347556

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet. The change is so subtle that someone who is not specifically looking for it is unlikely to notice the change.

 

Sooo.. What is the pattern/ formula you are using on the raw binary color-codes of mega-pixel graphics?

 

What is the pattern "adjustment" do you expect to find in the original color codes ?

 

ACSII text 8-bit replacement of 8-bit sections of color coding or something else?

 

That would presume you could detect edge boundaries on color-codes then compare to ASCII of appropriate segment of 8/15/24/32/48-bit color coding.

 

Or some other approach?

Anonymous ID: 23eddd July 29, 2018, 8:11 p.m. No.2348169   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6926

>>2347826

>Speaking of poorly written, is it possible that the developers made a mistake with the random seed generator? Using the same seed for each encryption.

 

There is no randomness for the seed. See method extractF5Seed(). The last 1/3 of the password string is used.

https://github.com/guardianproject/PixelKnot/blob/version_2/PixelKnot/src/main/java/info/guardianproject/pixelknot/StegoEncryptionJob.java

Anonymous ID: 7c73bd July 29, 2018, 8:13 p.m. No.2348214   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8244 >>8285 >>8439

I think the logical way to approach this is to pick one or two very spoopy images to bruteforce for short passwords. I'm not gonna launch month-long efforts without confirmation from On High that there is something to find. Pics related.

 

Q's people are smarter than to use PixelKnot of they are communicating with stegano. Only the badguys would be using it. So the question is.. would they do it here right under our noses or on 4chan away from us? I don't know the 4chan ecosystem well enough.

If the baddies are doing this then they are probably using one password or a system of passwords for everything. If we can crack one then it would be relatively easy to scan huge data sets with the same password.

But before we get carried away we should examine known PK images to any other distinguishing features that can be used to further reduce the search space.

Anonymous ID: 7c73bd July 29, 2018, 9:07 p.m. No.2349117   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9161 >>1351

>>2349017

And that shasum of the first 100 bytes turns up in about half of the suspect images posted above.alec@LinuxMint18 ~/sandbox/suspectJPEGs $ for filename in $(ls -x); do head -c 100 $filename | shasum | sort ; done3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -4e4f9f3343ec6dc8a18e504199f94ae3a16f1930 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -83b4365bc0019319cefb805b63f256c056899a04 -2c5f4e2a4e7ec5227ce72216291bb59339cd6779 -83b4365bc0019319cefb805b63f256c056899a04 -4e4f9f3343ec6dc8a18e504199f94ae3a16f1930 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -4e4f9f3343ec6dc8a18e504199f94ae3a16f1930 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -aa05b3385043676fc62e8dc4a87b8012c5c7f1d4 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -92a5cf0ead183258bd6184119e1a34dc832597dd -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -bee3287f79d35ab382750e8d3e3c7d88b9549a46 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -eb1806eb4f8844e0f9f368a57cd7dde25999f67f -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -6728c784fd823976c21f0cf1ef499b1fd3d96c18 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -bad252a36df757ff13dcd3fb2edb700f3f647164 -cd61d1fb36dc7d732fa123eb92f4f5d87b017663 -83b4365bc0019319cefb805b63f256c056899a04 -c901d6a82cc6cdbde6045647294a92e60501c317 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -352a738298546e72d3fac121536a313254b8fe7c -58396cc7c6c8996e68db794660339e291e369707 -83b4365bc0019319cefb805b63f256c056899a04 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -2cd7066aa944bfba204ca606dd654448ce95d35e -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -2cd7f80e375376a6274f012bed6d49a49546690e -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -d6b48f4360d9ae3ee12744c932b3ece682669e90 -fc4cf8b9ee6771fec14b502d8a2e4b508e9778c0 -83b4365bc0019319cefb805b63f256c056899a04 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -2cd7066aa944bfba204ca606dd654448ce95d35e -c3a09c88024ea7079d128ccdf4469d622b4e96ef -c2ebb5d2d7cf8ce51d94dcc3f80314143061d60d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -4e4f9f3343ec6dc8a18e504199f94ae3a16f1930 -c3a09c88024ea7079d128ccdf4469d622b4e96ef -4e4f9f3343ec6dc8a18e504199f94ae3a16f1930 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -5b4bcafab4c9fe7066b489f07ca243c6adfbfbc9 -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -465215dd9c144d3b2cff93b17b6210b6dfe1c99f -

Anonymous ID: 23eddd July 29, 2018, 9:17 p.m. No.2349272   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9288

>>2349017

Nice find!

 

I wrote a script to scan all files in a directory and compare them to see if they have this signature.

 

[code]#!/bin/bash

 

PN_HASH_DESIRED_OUTPUT="3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -"

 

for filename in .jp; do

FILE_HEADER_SHASUM_OUTPUT=$(head -c 100 $filename | shasum)

if [[ $FILE_HEADER_SHASUM_OUTPUT = $PN_HASH_DESIRED_OUTPUT ]]; then

echo "File $filename looks like it was made by Pixelknot."

fi;

done[code]

Anonymous ID: 7c73bd July 29, 2018, 10:47 p.m. No.2350592   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0621 >>0775 >>2189

>>2350331

 

I was already thinking about that. Many of these files were likely uploaded AFTER mentioned PixelKnot. There is no point in cracking files that were uploaded by anons as a joke. Q mentioned PK in bread #2896, which was post #2298164.

8ch.net/qresearch/res/2298164.html

The images from before that are more interesting.

 

https://pastebin.com/z4cXBLMv

 

As you can see many were posted long before Q put the idea of stegano in anons' heads.

Anonymous ID: 7c73bd July 29, 2018, 11:29 p.m. No.2351079   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1362 >>7961

>>2350775

A suspiciously large number of this image set contains direct symbology.

That must be how (((they))) recognize which ones to examine.

And a large fraction of the images on QR are memes, baker-babes, shill infographics, side-by-side proofs, or clock faggotry. Yet none of that in in this set.

I think we're on the right track.

 

Here is a bundle of everything for the other anons.

https://nofile.io/f/SnmADANBz6t/suspect_images.zip

Anonymous ID: a7d73e July 29, 2018, 11:45 p.m. No.2351207   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2351060

It is ,,, if you have the coding pattern.

 

If not, you are wasting you time.

 

That's why people use encryption methods that can't be compd

 

If a couple of mopes could figure it out, why would they bother?

Anonymous ID: b856fa July 29, 2018, 11:58 p.m. No.2351300   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1325 >>7961

look at those file name

 

0_PDlwBQSymrdu7_5D.jpg

https://8ch.net/qresearch/res/2320343.html#2320477

1 MT8T1L4CxKYxic6avNxIMg.jpeg

https://8ch.net/qresearch/res/1828419.html#q1829054

1*xv-xqPhM_w3qdIatlg8L9A.jpeg

https://8ch.net/qresearch/res/624511.html#q625298

Anonymous ID: ee8f98 July 30, 2018, 12:05 a.m. No.2351362   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1432 >>1579

>>2351079

One protip: The pseudorandom function will have the same seed for all those images. You could in theory speed up the search by caching the generated random values, same with individual image coefficients, moving the problem from O(m*n) to O(m+n) (where: m - number of images, n - number of passwords to check)

Anonymous ID: 55ccd7 July 30, 2018, 12:49 a.m. No.2351610   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1681 >>6070

>>2347705

 

I managed to get Android Studio working on my mac well enough to build the PixelKnot application and deploy it into the emulator. My goal with this was to see if I could verify that different Android base versions lead to different results with PixelKnot. I believe we are running up against this issue with F5 PK images that we are trying to crack with F5 lib running on a linux host. It's pointless to try to BF crack these images if we cannot know for sure what we are trying to BF actually matches the source image.

Anonymous ID: 55ccd7 July 30, 2018, 1:45 a.m. No.2351936   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2351895

 

It just sucks we have all these potential different gotcha's is all. I think most celeb's use iPhone's as their primary device, which means they probably have a burner phone for other comms. I think HRC had an Android device if I remember correctly, I wonder what images are in JP wikileaks.

Anonymous ID: b69407 July 30, 2018, 7:20 a.m. No.2353947   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

OP

Someone fucked up last night and clicked F+ instead of F*, or F.

I realize this fuckup comes at a really gay time, but there is no benefit to us to remove your sarah silverman picture.

This was an honest accident, I hope our future actions can prove our intentions.

Anonymous ID: b856fa July 30, 2018, 10:23 a.m. No.2356070   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2351895

>>2351849

>>2351751

>>2351610

 

anon posted a link to a c f5 steg cracker in c that is very fast but it doesn't work on example image

 

stick with f5.jar or PixelUnknot to crack

Android secure random? Android OS changed but the PixelKnot .apk jar uses sun's SecureRandom implementation no matter which OS it runs on

 

decode pixelknot images on any OS with using f5.jar

test with Q4example.jpg

look at the filenames and posts

find how the password transmitted

Anonymous ID: b856fa July 30, 2018, 10:45 a.m. No.2356344   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7079 >>7961

>>2351681

 

thank you, here are the filenames

 

https://pastebin.com/

 

look at all these weird filenames.. there's something there

 

1002d04c080ad3a7ef4dfc57fea6e248e424f6b7489db59024a1ca0657123a68.jpeg 1_agrJgMO-s-RsbCy6Eepp8Q.jpeg

 

252ff478b5b8fff4c1f21d2a2fc1e7fb7fe63567f97c0d48f8015554c238f95f.jpeg 94ff5ed6-9581-4cd3-999b-4รขโ‚ฌยฆ.jpeg)

 

419a76281780faaba70a562eadb3259afa20f110bde50d6b3a59611a1990c63e.jpeg 1_Wu-LPq1zKK-R5lsT67nRYA.jpeg

 

4a1c560bc205a1fc0c70971a71136688c8649335974d9098187de99a42a77dfb.jpeg 1*WkosvaZ2ARJ2hnmXFs02Ow.jpeg

 

5cafc8b7f9199b0de6df05deb6258103bd22bd9b9ea96ee7e962f2db87090d2c.jpeg 1VsuwyS2ZeBqADEscy6cmw.jpeg

 

68ccb4146da74068a0d8749ac6bd3dab249e1a6d947c8ee106ef5bfdc0c9cf6e.jpeg 1_xv-xqPhM_w3qdIatlg8L9A.jpeg

 

69c39d2ea71d4b16290a28c5e4b39a7604ff23ad140565f60a9e4829b668f8ff.jpeg 1-lRz-cOnX2WtHdqwo5BWf-Q.jpeg

 

6bd21101102aacbd67da60b0c9e8a4cbc9a48ef351d3ee3eae1cb07c699c6d1e.jpeg LJfMqGPBVw2PCM28YYQy_A.jpeg

 

9cb86a7438663bfb4b3d144e74eea17b202a6d7df9386bc6058d921446d6acff.jpg 0_xFDd1jWKzAU7BI6v.jpg

 

a1677d3d755fabf1c73b1786f5ac39f714c59cf72fc288029c166f9be119b7cf.jpg 0_PDlwBQSymrdu7_5D.jpg

 

c982c0559e47b8cb34e964b06738e790211da399aae6cc73e384efc164eb1da9.jpeg 1-AqvMU0oaVzL8UR-llP2k9g.jpeg

 

ca13d1dfa5616d6a52d6ecf050d42f4a6b3e2a8692f3713bec26186d09a35027.jpeg MT8T1L4CxKYxic6avNxIMg.jpeg

 

cd6baec96cde97e436667c8ba2ca3a1fcd999f2769470a07429afd8c9b21790d.jpeg 1_m2TxftKgufz3i_CvdybVJg.jpeg

 

e32140dca7b6a613fc23e47d7c7fb80ee953ae905328bff12a63afbade44cddc.jpeg 1_v3vvVO3DuvEB-osQDcIqlw.jpeg

 

e5393fba4fcca1dab2d66f98e520503ca942e3bf42bae78de2aa08c8576fa024.jpg 1-0V2r2vC9pJRhMu8E_i0B7A.jpg

 

f5ee16710b749e2c4dd3e95a1f725723b322f9963010256dc3cffad0eddff752. hiGMu0kkUXL5Z3tG.jpg

Anonymous ID: 23eddd July 30, 2018, 11:41 a.m. No.2357079   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2356344

If you drop the file extension, almost every one of these filenames look like base64 encoded data. The base64url variant uses "-" and "_" instead of "+" and "/".

 

https://en.wikipedia.org/wiki/Base64#URL_applications

 

https://www.base64decode.org/

Anonymous ID: 6596f1 July 30, 2018, 12:59 p.m. No.2358195   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8251

Incomplete file: only 1526 of 3161425 bytes extracted

 

"1526" is the higher the number the better?

 

if so whats the highest number anyone has gotten yet?

 

higher the number closer we are or no?

Anonymous ID: b856fa July 30, 2018, 5:23 p.m. No.2362189   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2222 >>2409

PIXELKNOT GENERAL

 

1_m2TxftKgufz3i_CvdybVJg

/qresearch/

https://archive.is/HchFi

 

You'd be amazed how much is shared on /pol/

 

0_PDlwBQSymrdu7_5D[1].jpg

https://archive.4plebs.org/pol/thread/170109703/ Hello I am a reporter from CBS.

 

1_Wu-LPq1zKK-R5lsT67nRYA.jpg

https://archive.4plebs.org/pol/thread/179461614/#179476204

 

and on medium.com

 

1_agrJgMO-s-RsbCy6Eepp8Q.jpeg

https://web.archive.org/web/20180730212802/https://medium.com/@jamesmcavoy09/5-interesting-things-everyone-should-know-about-cigars-6100d6a1a6ac

https://medium.com/@jamesmcavoy09/5-interesting-things-everyone-should-know-about-cigars-6100d6a1a6ac

 

0_kg8VD6qd0xL1M5-X.jpg

https://web.archive.org/save/https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99

https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99

 

1-lRz-cOnX2WtHdqwo5BWf-Q.jpg

https://web.archive.org/save/https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8

https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8

 

1*WkosvaZ2ARJ2hnmXFs02Ow.jpg

https://medium.com/@nathanielhebert/around-the-world-with-phineas-phileas-fogg-11b23048550e

https://web.archive.org/save/https://medium.com/@nathanielhebert/around-the-world-with-phineas-phileas-fogg-11b23048550e

 

0_xFDd1jWKzAU7BI6v.jpg

https://web.archive.org/save/https://onehallyu.com/topic/690975-%E2%80%98incredibles-2%E2%80%99-smashing-records-with-174m/

https://onehallyu.com/topic/690975-โ€˜incredibles-2โ€™-smashing-records-with-174m/

 

PIXELKNOT STORY

q drop about pixelknot

>https://8ch.net/qresearch/res/2298164.html#q2298508

>>2298508

 

anons found pixel knot messages posted on /qresearch/ before Q drop

>>2347619

>https://nofile.io/f/PR5CxvthaYp/jpeg_ffd8_ffdb_0084.zip

 

sha256 hashes

>https://pastebin.com/4e6Eswvc

 

>>2350592

pages they were posted

>https://pastebin.com/z4cXBLMv

 

html files of pages

>https://nofile.io/f/vQUoqymbq79/original_htmls.zip

 

original filenames of the images

>https://pastebin.com/qnieJg81

 

original weird filenames

>https://nofile.io/f/czFOXr2wYBF/out.zip

 

YOU CAN HELP

look at the old posts, at the id of the post and replies

find the originals

figure out clues for the keys

hiding in plain sight?

 

examples

https://8ch.net/qresearch/res/624511.html#q625298

>>625298

https://8ch.net/qresearch/res/1828419.html#q1829054

>>1829054

https://8ch.net/qresearch/res/1531874.html#q1532685

>>1532685

https://8ch.net/qresearch/res/1508591.html#q1509109

>>1509109

https://8ch.net/qresearch/res/1477025.html#q1477588

>>1477588

https://8ch.net/qresearch/res/2313270.html#q2314068

>>2314068 Exodus Chapter 8

 

BREAKING THE ENCRYPTION

none of the images have been cracked yet

these methods are confirmed to work on test images

 

PixelKnot on Bluestacks

>https://www.bluestacks.com/

>https://guardianproject.info/releases/PixelKnot-0.3.2-RC-1.apk

>>2298508

>https://guardianproject.info/apps/pixelknot/

 

use the last 1/3 of the password to crack first layer of f5 encryption

PixelUnknot

>>2311401

>https://github.com/banona/PixelUnknot

 

f5.jar

>>2325105

>curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar โ€“output f5.jar

>java -jar f5.jar x -p plan -e out.txt Q4example.jpg

>cat out.txt

Anonymous ID: 2188ca July 30, 2018, 8:41 p.m. No.2365664   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

#

# Sun Provider SecureRandom seed source.

#

# Select the primary source of seed data for the "SHA1PRNG" and

# "NativePRNG" SecureRandom implementations in the "Sun" provider.

# (Other SecureRandom implementations might also use this property.)

#

# On Unix-like systems (for example, Solaris/Linux/MacOS), the

# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from

# special device files such as file:/dev/random.

#

# On Windows systems, specifying the URLs "file:/dev/random" or

# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding

# mechanism for SHA1PRNG.

#

# By default, an attempt is made to use the entropy gathering device

# specified by the "securerandom.source" Security property. If an

# exception occurs while accessing the specified URL:

#

# SHA1PRNG:

# the traditional system/thread activity algorithm will be used.

#

# NativePRNG:

# a default value of /dev/random will be used. If neither

# are available, the implementation will be disabled.

# "file" is the only currently supported protocol type.

#

# The entropy gathering device can also be specified with the System

# property "java.security.egd". For example:

#

# % java -Djava.security.egd=file:/dev/random MainClass

#

# Specifying this System property will override the

# "securerandom.source" Security property.

#

# In addition, if "file:/dev/random" or "file:/dev/urandom" is

# specified, the "NativePRNG" implementation will be more preferred than

# SHA1PRNG in the Sun provider.

#

securerandom.source=file:/dev/random

Anonymous ID: 7c73bd July 30, 2018, 8:54 p.m. No.2365916   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6835

>>2362467

You wrote on QR that we are 100% sure that these images contain hidden massages. Ehโ€ฆ I'm about 90% sure.

It is possible that somewhere in the world there exist a piece of editing or conversion software that outputs jpeg headers in exactly same way. If the guy who wrote the F5 jpeg encode copy-and-pasted some example code and the developer of a different piece of software did the same then the outputs would look the same.

The only way to ever really be sure of the truth about anything is to try to prove what you don't believe and disprove what you do believe.

So before I invest lots of time and, maybe, money into cracking these things I want to eliminate any possibility that these files could have been made by something else.

Anonymous ID: a7d73e July 30, 2018, 9:53 p.m. No.2366835   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2365916

No one credible ever said that - anon theory

 

Q pointed out how simple it would be, now that deep state comms were disrupted and monitored.

 

He posed it an an example of what they might have to resort to,

 

His mention if Pixelknot may have been intentional, since it is likely an amateur implementation that might be exploited.

 

A tricky honeypot for the deep state maybe.

 

Like the SecureDrop the MSM used (that wasn't so secure)

 

Think like a spy.

Anonymous ID: 9c664b July 30, 2018, 9:58 p.m. No.2366926   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2348169

>โ€ฆ/PixelKnot/blob/version_2/PixelKnot/

 

https://play.google.com/store/apps/details?id=info.guardianproject.pixelknot&hl=en_US

>Updated: February 17, 2017

>Current Version:1.0.1

https://github.com/guardianproject/PixelKnot/releases/tag/1.0.1

>n8fr8 released this on Feb 16, 2017 ยท 0 commits to version_2 since this release

 

I'm probably tired or a dumbass, maybe both. But is version 2 in github the same as the one on in the play store right now?