It's weird how similar the filenames are to the stringers, no idea if they encoded the passwords this way, but it's possible. How else would DS operators share passwords? and if they could share passwords why not share messages that way? why F5?
I get the german huffman error with lime-cat.jpg.
>https://boards.4chan.org/pol/thread/180896139
steg detect was positive, these aren't following the filename formats though, i think they are changing password exchange up.
I think this is the case. The photos of the letter 'Q' for example only partially worked when I was looking at these last night. avenger.jpg didn't work but GreatAwakening.jpeg still did. maybe it missed the .jpeg extensions..
Interesting, I'm starting to think the filenames are a result of tooling or cache systems rather than being an autokey cipher of sorts. Back to the drawing board I guess. Maybe Q will help us out later with the 'key'.
Well if anybody wants to study a pixelknot mask we have a source and an encode photo. also bump.
Does anybody have more details on the underlying implementation of SecureRandom? Depending on the psuedo random number generator we may be able to reduce the search space to the possible values of the seed (ex, 0 to maxint).
Did you just realize the same attack vector I did? There a way we can group up outside public space? Here's a quick rundown, use your key.
https://pastebin.com/DP7avPrx
Thanks for the reply. I noticed the message byte XOR with a random byte after the fact, so yea I don't think we can reconstruct the first steps of 'the map'. If we are to take the brute force approach tho, I would suggest we patch F5.jar to short circuit if the first message byte doesn't come out as expected. We can also make it retry different passwords without reloading too to save some more time (instead of decompressing the image over and over again, reading disk, etc). Just some ideas.
The [1] is new actually. When I first pulled the file it was not there. Only after 'scrubpocalypse' last teusday evening did I look again and saw [1] added on the chan archives. Was strange.
I mean that it wasn't one on the archives before Tuesday. They CHANGED the archives. PixelKnot adds '_#' for conflicting filenames, so it wasn't from that. I literally downloaded a steg'd version from the archive without the [1]. plz no gaslight.
Heads UP, they may be changing the stego in their comms:
https://boards.4chan.org/pol/thread/181352394
https://boards.4chan.org/pol/thread/181366397
Filenames have a funny ~2 at the end, ironically they re-used the photo from a previously identified stego in their 'screenshot'.
another one:
https://boards.4chan.org/pol/thread/181352041
https://boards.4chan.org/pol/thread/181367598
$ md5sum 1533557639424.png
9f4a2a5c8b07b183e2de8fd4908c77aa 1533557639424.png
$ md5sum 1533557639424~2.png
1831a96086323b3994c9caa924467cb4 1533557639424~2.png
The ~2 may actually be the chan's way of handling duplicate filenames.. odd the md5s are different however. saw something said something.
steg detect comes back negative on your photo btw.