Some new computer parts arrived (pic related). New case doesn't fit where the old one did, which set off a cascade of furniture rearranging and reorganizing that spread to three rooms. So I've been busy.

>>2657955

>>2657981

F5.jar doesn't support progressive-scan JPEGs and handles them ungracefully. That's probably what it is.

>>2658832

That Raid on is interesting. I found a version of that pic without a JFIF header but a different hash here:

https://www.mantiseyes.com/bug-repellent-for-house.html

And another version with a JFIF header but the same hash-like filename as the above here,

https://www.dollargeneral.com/raid-flying-insect-killer-18-oz.html

The Google reverse image search also weirdly leads to these sketchy links, which bounce of a rotation of domain names an ultimately lead to a porn game:

https://sceneups.com/buy-mosquito-killer-spray-inspired.aspx

https://cancer-treatment.info/cancer/raid-day-and-night-instructions/

>>2658832

The notebook one is from here, a Medium satellite site:

https://amandagrimmett.com/keeping-notebooks-organized-915f4488f594

I was able to find it despite 8ch reencodeing it (but the hash of the file from the Medium site matches the 8chan filename.)

I know that I was that first person to open the Raid image link because the file I got, the first time, matched its hash and was without its JFIF header. 8chan's reencoding appears to be triggered after a file is first accessed.

>>2658832

For us to be successful in eavesdropping on the badguys' comms we need three things: Software, Image, and Password.

If we have a password then we can crawl image boards and game forums and try it against a millions of images. If We are given a single image with assurances from on high that it is a target then we can try billions of passwords. But we cannot try billions of passwords against millions of images. That is simply beyond the resources of a few guys with desktops. And we can't do anything if we don't have access to the same software that they are using. Q pointed to PixelKnot. But that could have been merely an example. The C_A would likely have developed their own stego system; and this could have been shared with their civilians cohorts.

But even if we assume on variable we cannot solve for the remaining two with the resources available. It would require an awful lot of luck. If any wizards or warlocks would like to give us a hint, they have my PGP key (they also have the secret key that I use for this. I emailed it to myself knowing there is nothing yummier to the NSA's systems than a PGP secret key packet transmitted in the clear).

The only stone left for me to turn over is this variant of the F5 algo I found on GitHub:

https://desudesutalk.github.io/f5stegojs/

https://github.com/desudesutalk/desudesutalk/wiki/How-to-use-this-script

While testing various stego programs with long and short messages in large and small files in search of clues to how the SS pic might be encoded, F5steg.js stood out. I've never written a line of JavaScript in my life. But perusing the code, it looks like it's doing basically the same thing as the baseline F5 algo. So it's strange that stegdetect can barely catch a whiff of it, even when a image is loaded to max payload capacity. I found that stegdetect can find F5 even with very sort messages in very large files. (passwords "redhead" and "pepe"). I haven't worked out yet what F5steg.js is doing so differently to evade detection. But given that this is specifically designed for image boards and is available as a browser plugin I think we should find a way to detect its handywork and make an efficient cracking program similar to the one for PK/baselineF5.