dChan
Anonymous ID: 1b4548 July 31, 2018, 4:30 p.m. No.2378143   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0484 >>0486

>>2371388

>the pixel knot versions on the download page do NOT have the change (all 2015 and earlier)

>so ONLY the play store version has the change

Reposting from last bread, possibly relevant.

Are the brute force tools developed here based on the most recent github resources?

 

>>2348169

>โ€ฆ/PixelKnot/blob/version_2/PixelKnot/

https://play.google.com/store/apps/details?id=info.guardianproject.pixelknot&hl=en_US

>Updated: February 17, 2017

>Current Version:1.0.1

https://github.com/guardianproject/PixelKnot/releases/tag/1.0.1

>n8fr8 released this on Feb 16, 2017 ยท 0 commits to version_2 since this release

I'm probably tired or a dumbass, maybe both. But is version 2 in github the same as the one on in the play store right now?

Anonymous ID: 1b4548 July 31, 2018, 6:05 p.m. No.2380484   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1600 >>7890

>>2378143

>>2371258

THERE IS SOMETHING DIFFERENT IN THE APK THAN WHAT'S FOUND ON GITHUB

 

Took the apk, put it through a decompiler and found an additional file

F5buffers.java

import info.guardianproject.f5android.C0217R;

import info.guardianproject.f5android.plugins.PluginNotificationListener;

 

C0217R

package info.guardianproject.f5android;

 

public final class C0217R {

 

public static final class drawable {

public static final int ic_launcher = 2130837601;

}

 

public static final class string {

public static final int app_name = 2131165211;

public static final int cleaning_up = 2131165272;

public static final int downsampling_components = 2131165273;

public static final int init_coeffs = 2131165274;

public static final int init_huffman_buffer = 2131165275;

public static final int init_permutation = 2131165276;

public static final int querying_image = 2131165277;

public static final int reading_huffman_buffer = 2131165278;

public static final int setting_huffman_buffer = 2131165279;

}

 

public static final class style {

public static final int AppBaseTheme = 2131296416;

public static final int AppTheme = 2131296417;

}

}

Anonymous ID: 1b4548 July 31, 2018, 6:59 p.m. No.2381600   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2380484

 

I'm using

https://www.javadecompilers.com/apk

to obtain the source code directly from the android app, not github.

 

>https://guardianproject.info/releases/PixelKnot-0.3.2-RC-1.apk

 

Again, even the older version /pol/ shared also has an additional file in the F5 bundle

 

F5buffers.java

import info.guardianproject.f5android.C0064R;

import info.guardianproject.f5android.plugins.PluginNotificationListener;

 

C0064R.java

package info.guardianproject.f5android;

 

public final class C0064R {

 

public static final class drawable {

public static final int ic_launcher = 2130837631;

}

 

public static final class string {

public static final int app_name = 2131361805;

public static final int cleaning_up = 2131361806;

public static final int downsampling_components = 2131361813;

public static final int init_coeffs = 2131361809;

public static final int init_huffman_buffer = 2131361808;

public static final int init_permutation = 2131361807;

public static final int querying_image = 2131361810;

public static final int reading_huffman_buffer = 2131361812;

public static final int setting_huffman_buffer = 2131361811;

}

 

public static final class style {

public static final int AppBaseTheme = 2131427417;

public static final int AppTheme = 2131427418;

}

}

Anonymous ID: 1b4548 Aug. 1, 2018, 11:45 a.m. No.2393967   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Interesting review from Jan 11 2018 from a user called "The45Guy 1776"

 

The45Guy 1776

January 11, 2018

I tried to send 2 pics thru mms and facebook messenger and niether were hidden they showed just the way they were. Deleted

 

https://play.google.com/store/apps/details?id=info.guardianproject.pixelknot&hl=en_US&reviewId=gp%3AAOqpTOFaK4o4HlT8qDSRPSzYY-6whXi9qJUR2uAyIPaCeCBh7fFp49zqG2rPX4BcXyNGIkU7qIiz1jl-0e2COOg

Anonymous ID: 1b4548 Aug. 2, 2018, 5:02 p.m. No.2419895   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5587

>>2371388

>>2417121

>>2401017

>>2418768

Yup, reencoded to cover their asses. Not only to write in the JFIF in the initial line, but going back to this post

>>2345073

notice that between yesterday's and today's downloads the string after the DQT header is absent

 

a writeup on an online information security exercise points this out as a clue to get to the next level of the exercise

https://lonewolfzero.wordpress.com/2015/03/12/n00bs-ctf-labs-infosec-institute-teddy-zugana/

 

>could be contain malware or steganography on line

>()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

>()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

>inside alien picture

>use the application Steghide to extract data from the picture:

>steghide.exe extract -sf aliens.jpg -xf out.txt

example pic

https://ctf.infosecinstitute.com/img/aliens.jpg

Anonymous ID: 1b4548 Aug. 3, 2018, 4:22 p.m. No.2438967   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>2438149

>build for all archs

Refers to a make file for the app to compile shared object .so files for the architecture the OS is running on. ARM for phones and tablets x86 for the PC port of android. Not sure if Androidx86 and linux are directly compatible. Open the app's apk as a zip file and it shows libF5Buffers.so for different archs

Anonymous ID: 1b4548 Aug. 4, 2018, 2:01 a.m. No.2446299   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8673

>>2371688

>>2382513

>>2371258

 

Has anyone tried the experiment to estimate the original/cover image DCT that these two pointed out.

>>2388204

>>2388161

 

Not going to lie it was way too much post-grad statistical math for me to understand completely. Found a summary paper which made reference to it.

https://www.iosrjournals.org/iosr-jce/papers/Vol16-issue1/Version-3/M016137073.pdf

 

Steps for the F5 Steganalysis algorithm [3][4][6].

Step 1: Input the stego image for performing Steganalysis. (get steg quantization parameters)

Step 2: Decompressed the stego image.

Step 3: Crop the image by 4าณ4 column from all sides.

Step 4: Apply blurring operation to remove artifacts.

Step 5: Then re- compressed the image. (using quantization parameters from step 1)

Step 6: Count the different histogram value for the stego image and cover image.

Step 7: Calculate the difference

Difference = stego image value โ€“ cover image value.

Anonymous ID: 1b4548 Aug. 5, 2018, 2:31 p.m. No.2469199   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9375 >>9702 >>9816

>>2376493

>>2463526

>>2402121

>>2461532

With PixelUnknot code, is this kind of the workflow it's taking?

 

get wordlist string ~ "lovely8unch0fcoconut$"

test last third string "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))

if matched, test DecryptWithPassword with string "lovely8unch0fcoconut$"

return secret message

else, get new wordlist string

 

or ist it doing this?

 

get wordlist string1 ~ "oconut$"

test string1 "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))

if matched, crunch wordlist string2 with 2x length of string "oconut$" ~ "lovely8unch0fc"

test DecryptWithPassword with string "lovely8unch0fc"+"oconut$"

return secret message

else get new string2

else get new string1