Any fellow codefags in the house?

Steganalysis

Since Q has mentioned specifically the PixelKnot steganography tool supported by Google, rather than simply blindly trying stringers and has codes as passwords I have the following suggestion to some Anon who is programmatically-inclined and provide a starting point.

Benfords Law is one avenue of attack against the Faugere F5 algorithm used by PixelKnot, but it appears to require a clean source image for the attack.

J. Fridrich proposed a technique and subsequent updated technique to probabilistically analyze images to detect the presence of steganographic markers:

https://www.researchgate.net/publication/220059082_Breaking_the_F5_Algorith_An_Improved_Approach

A flawed but partial implementation of the original Fridrich technique is located here (Python and c++):

https://github.com/twinz/MscStegano/blob/master/am945-dissertation.pdf

Im proposing taking the dissertation (flawed) implementation and updating it to use the improved algorithm in order to detect the probability of steg messages (and their estimated length) in a given image.

The improved algorithm has true positive and true negative rates of ~80% and ~66% respectively. 80% accuracy is a minimum threshold of accuracy for many machine-learning algorithms and is sufficient for our purposes.

Im proposing running all of the images Q has posted through the updated implementation in order to determine which, if any, contain steg messages, and if so, their length.

Alternatively, there are other open source steganalysis tools available but few if any tailored to the F5 PixelKnot algorithm specifically.

>>2309210

I stand corrected, the Benford distribution attack may not need a clean comparison image at all, and is another value attack vector.

>>2309226

It will desteg if there is actually an embedded message and you know the password.

Read my post - we don't actually know if steg messages are present - or if this is more disinfi.

Let's start by detecting whether there ARE messages present, and if so, in which target images.

Then, attempt matching steg'd images to stringers/hashes.

>>2309210

BAKER I CAN HAZ NOTABLE?

Want to make sure eyes get on this, and it's not necessarily 400lb basement hacker witching hour right now.

>>2309253

That would defeat the purpose of steg and ruin opsec.

You'd transmit a password via a side channel. Like a different-timed post.

>>2309266

StegANALYSIS tools would be more useful than mere steganography tools. You're shooting in the dark otherwise if you don't know the algorithm, message length, or password.

>>2309273

Steg algos are a bit more advanced.

See my post:

>>2309210

>>2309262

You're assuming a file is embedded vs just a text message. That could be short to the degree that file size is modified to an unrecognizable degree, if at all.

>>2309288

Entirely dependant on compression levels.

720x600 48bit bitmap (or other low/ uncompressed image format) would reach megabyte levels quickly.

>>2309331

No. Steg can just be embedded text, or can be other embedded data of any type (other images, executables, etc).

We don't know is my point, and Q posted many images. We should filter those down that pass steganalysis detection tests, rather than going at this blind

>>2309355

See:

>>2309210

Benfords Law attack vector and the attack presented by J. Fridrich. Probabalistic analysis specifically targeting the F5 algo that PixelKnot uses.

>>2309368

Well, if half this board can't read, you'd realize my post is finding specific target images, which we can THEN simply use PixelKnot passcodes against rather than brute forcing every pic + stringer + hashes.

Because that's a waste of time.

>>2309414

That'd be a great resource to post