run it on windows/mac:
https://www.bluestacks.com
https://guardianproject.info/releases/PixelKnot-release-0.3-RC1.apk
I'll see about packaging up something easy to use, I'm running a devfag environment
jdk 1.8
https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
intellij community https://www.jetbrains.com/idea/download/
File -New -> Project from Version Control -> Git
https://github.com/banona/PixelUnknot.git
little popup click "Add as maven project"
"Maven Projects" menu sideways on right side
, PixelUnknot -Lifecycle -> package -> run
error message about jdk, click link, set the jdk-1.8 (new, browse to where you installed it)
run -edit configurations -> + -> application
Main class: q.Main
Program Arguments: Q4example.jpg passwords.txt
handy! cpu is pegged going through common passwords on https://i.4pcdn.org/pol/1532237608528.jpg
looking for a way to detect if there is actually steg data in the image, pic related is from https://etd.ohiolink.edu/rws_etd/document/get/kent1310505218/inline
great idea, no dice on those
maybe something in the post text? https://archive.4plebs.org/pol/thread/179647411/#179647703
right? must be all the pixels, need more zoom and enhance.. brb i'll do a visual basic program on unix it'll be faster
thx anon!
wrong password LMTGW MAX YNVD WHPG
wrong password ZAHUK AOL MBJR KVDU
> where are we at with your unknot app? How can I help?
the app works and is multithreaded but it'll take me days to get through the millions of passwords in crackstation-human-only.txt and leaked_db-rockyou.txt
if we want to brute force we need to package into something easy for other anons to run (docker container?) and divide up the wordlistsโฆ
the paper on f5 detection says decompress, trim by a few pixels, then recompress and see if there is a difference in the color distributionsโฆ would be great to know there's actually data in this image
otherwise we keep looking at the code for ways to narrow down the search domain, we know we only need the first 2/3 of the password
I'm using a couple of common password lists (crackstation-human-only.txt and rockyou.txt), about 70million total along with anything any anon posts
went through and double checked all the ideas in this thread, still no luck
anybody else have a list of words to try?
right! if the results start with the string โ- PK v 1.0 REQUIRES PASSWORD โ- then you have the right first 2/3 of the password
oh wait that's not right, it's from_password.substring((from_password.length()/3)*2)
right, the f5 seed is the first 2/3 of the password
you made me laugh so hardโฆ oh i know, i fucking know, but i have to try
wow we must be doing something right if those that glow in the dark in hereโฆ
why go to the sarah password thread and talk about how impossible it is unless you wanted to discourage anons from finding something
it's only a matter of time before we figure this out
tick tock
> implement it in Java. It woudn't be as fast
surprisingly java is nearly as fast as c, and faster than c++, for this type of thing
>There is a LOT that doesn't need to be repeated for each test (extracting the image, Huffman decoding, etc)
killer ideas, updated PixelUnknot to do exactly that and it is much faster!!!
>I'd have to learn Java
easier than you'd expectโฆ
breakthrough
we can start by guessing the last 30% of the password
all you need is f5.jar (compiled in 2011) and java
https://code.google.com/archive/p/f5-steganography/downloads
choose a password (trusttheplan = plan)
java -jar ../../Downloads/f5.jar x -p plan -e out.txt Q4example.jpg
and look at out.txt - if it starts with "โ- PK v 1.0 REQUIRES PASSWORD โ-" you have the right last 1/3 of the password
curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar โoutput f5.jar
java -jar f5.jar x -p plan -e out.txt Q4example.jpg
cat out.txt
more observations:
-
PixelKnot only outputs jpg images
-
the jpeg decoder is buggy and won't open a lot of jpg (it'll hang at some percent as people are noticing). those images were not encoded with PixelKnot have no data
-
from the password it generates a 20 character hash and uses that to seed a random number generator, creates an array from 1 to n and then randomly swaps the numbers in that array. those swapped numbers are the index in the image of where it hides the data
-
there is not much entropy in the swapped numbers (Permutation class), many hashes would come up with similar swaps
-
pixelknot puts 8 '-' characters in the header of the encoded message
so that means a jpg that f5/pixel(un)knot can open and find many passwords that return a '-' in the decoded text probably has data encoded by PixelKnot!!!
I've sampled cat jpgs from google and half wouldn't open, and others find few '-' solutions.
the silverman pic and the WWGWGA!.jpg from >>94 both have a bunch of '-' solutions
i'm running all the q post texts against WWGWGA!.jpg for a while to see if anything pops out
i don't know though, this random cat picture also has a bunch of '-' solutions using q post texts so maybe i'm barking up the wrong tree
smart, can't blame you, wasn't my jar though from google code archive : https://code.google.com/archive/p/f5-steganography/
>Can you pastebin your modified Extract.java
https://github.com/banona/PixelUnknot/blob/master/src/q/f5/Extract.java
you can git clone https://github.com/banona/PixelUnknot.git and compile yourself with an ide like eclipse or intellij
did some math and this is great
>crunch 1 3 '0123456789!@#$%^&*()-=_+[]{}\|/.,<>?:;~`abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
>Crunch will now generate the following number of lines: 787241
>787241 lines to catch any password 9 chars or less
> elapsed: 300s, rate: 73 lines/s
> 787241 lines / 73 lines/second = 10,784 seconds = 3 hours
> 3 hours to check every password 9 chars or less
if that doesn't work then to check every 4 chars, which would be any password 12 chars or less
> 71639296 / 73 lines/sec = 11.4 days
that's only on one desktop, split that work up in the aws and one could detect pixelknot encryption and have the last 30% of the password pretty quickly
> lines: 52927 / elapsed: 720s = rate: 73 lines/s
> lines: 57480 / elapsed: 780s = rate: 73 lines/s
> lines: 62061 / elapsed: 840s = rate: 73 lines/s
Tick Tock
>some cheap VPS server
please! if anon has compute to spare
this narrows down the problem enough that we can distributed brute force
>;Q: good byte - at 0
>lines: 269462 / elapsed: 3600s = rate: 74 lines/s
first hour down, two more to go toโฆ
that's what i came up with but crunch made a file with 787241 lines because it includes all 1, 2 and 3 character combination (73 + 73^2 + 73^3)
only need to match the last 1/3 of the password to verify that there is a message - so passwords under 12 characters, we only need to check up to 4 chars. 15 char password is 2 billion or 1 year on my desktopโฆ that isn't going to work, would have to divide that up
anyway, the < 9 char passwords are easy enough
lines: 390636 / elapsed: 5220s = rate: 74 lines/s
yeah the param is the start of the substring and returns the rest, so it's starting a 2/3 of the way through
more mathsโฆ my desktop has 32 core, so 2.3 lines per core per second
aws spot instances can get 72 core for $0.62/hr, which is 596,160 lines
4 letters - 71,639,296 combination would cost $74 to for password 12 or less long
5 letters - 2 billion combination would cost $2079 for passwords 15 or less
any richfags want to get this solved?
the f5Android jar uses sun's SecureRandom, and the f5 jar on the google website is able to decode PixelKnot encoded so I think we're using the right one
https://github.com/guardianproject/F5Android/blob/master/src/main/java/info/guardianproject/f5android/plugins/f5/crypt/F5Random.java
smart! I get 76 passwords a second so each chunk will take about 5 hours - I'll take aq, ar, as, and at
this is great, can you put your code on pastebin or something i don't open pdfs
it's probably nothing
looking at partial matches (passwords that extracted two โ at the start see pic), these shouldn't be close to real password as secure random does SHA hash so small changes make big change to the random.. but looking through the list this one stood out to me:
he few the proud
tried extract with f5.jar with that password and it crashes my computer, done it twice now
java -jar f5.jar x -p 'he few the proud' -e msg.txt 1532237608528.jpg
looking over the code and I can't think of any reason why and the partial marine slogan is a creepy coincidence
PixelUnknot doesn't crash on it, just a partial matchโฆ hmm
other observation is that none of the 1-3 letter combinations i did ever produced output with two leading 'โ' in it
great code, the only other optimization i did was in Permutation to cache result of the initial shuffled list (it starts with sequential array of 178k integers) so it can memcpy the array
all the work is in SHA hash of the password and shuffling that array, can't think of any good way to shortcut that
uh oh wonder if something is wrong, PixelUnknot and f5.jar produce the same results for me
java -jar f5.jar x -p 0+CE -e msg.txt 1532237608528.jpg
Huffman decoding starts
Permutation starts
1843200 indices shuffled
Extraction starts
Length of embedded file: 4947636 bytes
(1, 1023, 10) code used
Incomplete file: only 92 of 4947636 bytes extracted
yeah they both work with that and the Q4example and another test image an anon posted (Boom?)
here are some other passwords that decrypt with leading โ but are junk after
8CEi
0cOi
rtyu
OMG you are brilliant - not exactly correct but still brilliant - look at the code for f5Android on the leftโฆ it doesn't add the JFIF tag to the image!!!
WE CAN DETECT PIXELKNOT ENCODED IMAGES
THEY ARE MISSING THE JFIF AT THE BEGINNING
they start with the hex bytes
FF D8 FF DB 00 84
andโฆ..
the silverman picture is not a pixelknot image
python script to detect if a jpg was written by pixelknot
https://pastebin.com/eszXC1yb
download all jpeg from a 4chan/pol thread
wget -P pictures -nd -r -l 1 -H -D is2.4chan.org -A jpg,jpeg https://boards.4chan.org/pol/thread/<ID>
loop over using detect.py https://pastebin.com/eszXC1yb
for F in pictures/*; do python detect.py $F; done
happy hunting
agreed, smaller images crack faster too - i get 245 pw/s on this one
โฆwe're going to need new bread soon
almost all of them have start of frame header at the same spot, offset matches the size of the DQT in the source
1000 password/second with this image, I can check all 1-3 letter combinations in 10 minutes, and all 4 letter combinations in 15 hours
let's see if AWS will lend me some cores
look at those file name
0_PDlwBQSymrdu7_5D.jpg
https://8ch.net/qresearch/res/2320343.html#2320477
1 MT8T1L4CxKYxic6avNxIMg.jpeg
https://8ch.net/qresearch/res/1828419.html#q1829054
1*xv-xqPhM_w3qdIatlg8L9A.jpeg
https://8ch.net/qresearch/res/624511.html#q625298
maybe if you cache results of F5random getNextByte for each pass, but the permutations are based on the coeff of the image so not sure if it'll help much
filenames
anon can you script up to get the posted filenames of each of the?
anon posted a link to a c f5 steg cracker in c that is very fast but it doesn't work on example image
stick with f5.jar or PixelUnknot to crack
Android secure random? Android OS changed but the PixelKnot .apk jar uses sun's SecureRandom implementation no matter which OS it runs on
decode pixelknot images on any OS with using f5.jar
test with Q4example.jpg
look at the filenames and posts
find how the password transmitted
thank you, here are the filenames
https://pastebin.com/
look at all these weird filenames.. there's something there
1002d04c080ad3a7ef4dfc57fea6e248e424f6b7489db59024a1ca0657123a68.jpeg 1_agrJgMO-s-RsbCy6Eepp8Q.jpeg
252ff478b5b8fff4c1f21d2a2fc1e7fb7fe63567f97c0d48f8015554c238f95f.jpeg 94ff5ed6-9581-4cd3-999b-4รขโฌยฆ.jpeg)
419a76281780faaba70a562eadb3259afa20f110bde50d6b3a59611a1990c63e.jpeg 1_Wu-LPq1zKK-R5lsT67nRYA.jpeg
4a1c560bc205a1fc0c70971a71136688c8649335974d9098187de99a42a77dfb.jpeg 1*WkosvaZ2ARJ2hnmXFs02Ow.jpeg
5cafc8b7f9199b0de6df05deb6258103bd22bd9b9ea96ee7e962f2db87090d2c.jpeg 1VsuwyS2ZeBqADEscy6cmw.jpeg
68ccb4146da74068a0d8749ac6bd3dab249e1a6d947c8ee106ef5bfdc0c9cf6e.jpeg 1_xv-xqPhM_w3qdIatlg8L9A.jpeg
69c39d2ea71d4b16290a28c5e4b39a7604ff23ad140565f60a9e4829b668f8ff.jpeg 1-lRz-cOnX2WtHdqwo5BWf-Q.jpeg
6bd21101102aacbd67da60b0c9e8a4cbc9a48ef351d3ee3eae1cb07c699c6d1e.jpeg LJfMqGPBVw2PCM28YYQy_A.jpeg
9cb86a7438663bfb4b3d144e74eea17b202a6d7df9386bc6058d921446d6acff.jpg 0_xFDd1jWKzAU7BI6v.jpg
a1677d3d755fabf1c73b1786f5ac39f714c59cf72fc288029c166f9be119b7cf.jpg 0_PDlwBQSymrdu7_5D.jpg
c982c0559e47b8cb34e964b06738e790211da399aae6cc73e384efc164eb1da9.jpeg 1-AqvMU0oaVzL8UR-llP2k9g.jpeg
ca13d1dfa5616d6a52d6ecf050d42f4a6b3e2a8692f3713bec26186d09a35027.jpeg MT8T1L4CxKYxic6avNxIMg.jpeg
cd6baec96cde97e436667c8ba2ca3a1fcd999f2769470a07429afd8c9b21790d.jpeg 1_m2TxftKgufz3i_CvdybVJg.jpeg
e32140dca7b6a613fc23e47d7c7fb80ee953ae905328bff12a63afbade44cddc.jpeg 1_v3vvVO3DuvEB-osQDcIqlw.jpeg
e5393fba4fcca1dab2d66f98e520503ca942e3bf42bae78de2aa08c8576fa024.jpg 1-0V2r2vC9pJRhMu8E_i0B7A.jpg
f5ee16710b749e2c4dd3e95a1f725723b322f9963010256dc3cffad0eddff752. hiGMu0kkUXL5Z3tG.jpg
length doesn't matter only if the output starts with
โ- PK v 1.0 REQUIRES PASSWORD โ-
then you have the correct last 1/3 of the password
decoder uses a random array to decide where to look and runs and algorithm, if the password is wrong it'll get bounced outside the bounds of the file and exit early
q said information passing on /pol/ - here we go
1_Wu-LPq1zKK-R5lsT67nRYA.jpg
https://archive.4plebs.org/pol/thread/179461614/#179476204
PIXELKNOT GENERAL
1_m2TxftKgufz3i_CvdybVJg
/qresearch/
https://archive.is/HchFi
You'd be amazed how much is shared on /pol/
0_PDlwBQSymrdu7_5D[1].jpg
https://archive.4plebs.org/pol/thread/170109703/ Hello I am a reporter from CBS.
1_Wu-LPq1zKK-R5lsT67nRYA.jpg
https://archive.4plebs.org/pol/thread/179461614/#179476204
and on medium.com
1_agrJgMO-s-RsbCy6Eepp8Q.jpeg
https://web.archive.org/web/20180730212802/https://medium.com/@jamesmcavoy09/5-interesting-things-everyone-should-know-about-cigars-6100d6a1a6ac
https://medium.com/@jamesmcavoy09/5-interesting-things-everyone-should-know-about-cigars-6100d6a1a6ac
0_kg8VD6qd0xL1M5-X.jpg
https://web.archive.org/save/https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99
https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99
1-lRz-cOnX2WtHdqwo5BWf-Q.jpg
https://web.archive.org/save/https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8
https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8
1*WkosvaZ2ARJ2hnmXFs02Ow.jpg
https://medium.com/@nathanielhebert/around-the-world-with-phineas-phileas-fogg-11b23048550e
https://web.archive.org/save/https://medium.com/@nathanielhebert/around-the-world-with-phineas-phileas-fogg-11b23048550e
0_xFDd1jWKzAU7BI6v.jpg
https://web.archive.org/save/https://onehallyu.com/topic/690975-%E2%80%98incredibles-2%E2%80%99-smashing-records-with-174m/
https://onehallyu.com/topic/690975-โincredibles-2โ-smashing-records-with-174m/
PIXELKNOT STORY
q drop about pixelknot
>https://8ch.net/qresearch/res/2298164.html#q2298508
anons found pixel knot messages posted on /qresearch/ before Q drop
>https://nofile.io/f/PR5CxvthaYp/jpeg_ffd8_ffdb_0084.zip
sha256 hashes
>https://pastebin.com/4e6Eswvc
pages they were posted
>https://pastebin.com/z4cXBLMv
html files of pages
>https://nofile.io/f/vQUoqymbq79/original_htmls.zip
original filenames of the images
>https://pastebin.com/qnieJg81
original weird filenames
>https://nofile.io/f/czFOXr2wYBF/out.zip
YOU CAN HELP
look at the old posts, at the id of the post and replies
find the originals
figure out clues for the keys
hiding in plain sight?
examples
https://8ch.net/qresearch/res/624511.html#q625298
>>625298
https://8ch.net/qresearch/res/1828419.html#q1829054
>>1829054
https://8ch.net/qresearch/res/1531874.html#q1532685
>>1532685
https://8ch.net/qresearch/res/1508591.html#q1509109
>>1509109
https://8ch.net/qresearch/res/1477025.html#q1477588
>>1477588
https://8ch.net/qresearch/res/2313270.html#q2314068
>>2314068 Exodus Chapter 8
BREAKING THE ENCRYPTION
none of the images have been cracked yet
these methods are confirmed to work on test images
PixelKnot on Bluestacks
>https://www.bluestacks.com/
>https://guardianproject.info/releases/PixelKnot-0.3.2-RC-1.apk
>https://guardianproject.info/apps/pixelknot/
use the last 1/3 of the password to crack first layer of f5 encryption
PixelUnknot
>https://github.com/banona/PixelUnknot
f5.jar
>curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar โoutput f5.jar
>java -jar f5.jar x -p plan -e out.txt Q4example.jpg
>cat out.txt
did anons find these other places and post them here?
or did somebody post these on qresearch on purpose?