spaceB0x ID: ffc9f6 Ghidra Hidden ByteCode/Stegonography/Crypto May 5, 2020, 9:20 a.m. No.9038853   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0069 >>9917 >>2790 >>5114 >>7343 >>8629

Long time lurker/autist, breaking silence. Have tried to get hacker community in on this but to no avail. Ghidra is a tool for reverse engineering. The image itself has code in it. I have been using radare2 to reverse for a long while on q images. Remember "graphic is key" and "you have more than you know"

 

Have been doing research in parallel with some others on Q posts for a while looking for stegonography, encryption keys, and more and have found bits and pieces that are near misses. See twitter for more details, though much hasn't been released. https://twitter.com/spaceB0xx/

 

But we need to get as many people who are cryptographically minded on this. It has been a struggle to get others involved on this route.

Anonymous ID: f8082f May 5, 2020, 10:42 a.m. No.9040069   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0860 >>1102

>>9038853

Ghidra isn't really a steganography tool

more a tool to crack programs, reverse engineer programs and some limited forms of security analysis and network analysis

 

>It has been a struggle to get others involved on this route.

 

ya, it has, been trying for a while

>>>/comms/3264

 

hacking, cracking background

some crypto & steg experience

been looking at Q posted graphics and so far have found nothing substantial either

 

possibilities

a. nothing to find

b. don't have password for specific program used

 

steganography is almost impossible to crack if you don't know the program / algorithm used

 

still waiting for further crumbs from Q

Anonymous ID: ab834d May 5, 2020, 11:33 a.m. No.9040860   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1086

>>9040069

>Ghidra isn't really a steganography tool

Q re-posted the link to Ghidra last night along with two pics, one of them a gift.

He doesn't post things without meaning and stated:

"Toolkits can be helpful. Q"

 

Based on that I think you are incorrect.

I believe there is something to find in all of his pics.

spaceB0x ID: ffc9f6 May 5, 2020, 11:54 a.m. No.9041102   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1137

>>9040069

This is correct, that it isn't a stego tool. it is a reversing tool. What I was trying to communicate is that there is stegonography in many of these images, as well as embedded code. You can see some of my posts in the twitter link.

 

The image of Ghidra that I posted is the disassembled 8chan image. I should have been more clear

spaceB0x ID: ffc9f6 May 5, 2020, 11:57 a.m. No.9041137   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4201

>>9041102

 

For example, the exifdata from last night's 8chan image also has a "Keyword" embedded in it. That is stegonography. See this screencap

 

There is something here I am convinced of it. I have done much crypto and cracking. Ghidra could help reverse binaries, and find binary/executable data in seemingly arbitrary files.

Anonymous ID: 3347cd May 5, 2020, 12:22 p.m. No.9041408   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1828

Thank you for this discussion, I am studying Industrial and Human Factors Engineering as a second masters track. Stopped Course for bit for health and money issues then November 2016 miracle happened. Followed crumbs from others to Q. Which direction are you headed with the this dig?

spaceB0x ID: ffc9f6 May 5, 2020, 12:52 p.m. No.9041828   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6344

>>9041408

 

The Ghidra reference is really for reversing, so in that regard, I would try to figure out what these functions are actually doing inside of the image. The fact that they is a "Keyword" in the exif data is a start.

 

What I have been working on the past number of months is finding cryptographic keys. I am convinced that Q post 1441 has an encryption certificate in it. I can see pieces of it, but can seem to cryptographically, or stegonographically extract them.

 

What one of the above posters said is true, that if you don't have the key and don't know algorithm, then decryping is worthless.

 

However, Q posted the work "Spray" (like password spraying?). A technique I use when hacking things with a password. Just brute forcing the crap out of it.

Anonymous ID: d1ffc5 May 5, 2020, 1:55 p.m. No.9042718   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2731

Pretty sure Q is showing the world how this language is unknown to quite a many and is something that needs to be addressed. This level of programming .. To older people it is simple.. a very few at that. and to a great many more they are more interested in the higher levels of code beyond the base. This is interesting to see again. Especially considering how game developers have been requiring users to submit to playing via essentially a streaming service now.

spaceB0x ID: ffc9f6 May 5, 2020, 2:22 p.m. No.9043048   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3078

>>9042906

Well, if you load the image into Ghidra (and originally I was using a software called radare2), there are "bytecode" functions which are identified. Bytecode is compiled binary/assembly which is actually executable code. (this is why "stegonography" and such are closely correlated with the work I have been doing.)

 

Now, when you are looking for random opcodes, in a sea of bytes (all the images) you are bound to run across a crapton of false positives. Like, a lot. So the key is to be able to know if any bytecode returns are legit (ie, the assembly code interpreted actually makes sense)

 

The code in the 8chan image does. Now what it is doing, I am not sure yet. But Ghidra interprets it properly as functions with parameters which are initialized, and then referenced/assigned, with conditional loops etc.

 

This would be hard to do randomly

spaceB0x ID: ffc9f6 May 5, 2020, 2:24 p.m. No.9043078   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9043048

 

They seem to be pieces to a binary whose "entrypoint" I cannot find. It also helps to have an idea what architecture the binary pieces were intended to run on, as that will dictate how the bytecode is actually interpreted.

Anonymous ID: 7d5539 May 5, 2020, 2:53 p.m. No.9043433   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3470 >>3052 >>8606

>>9042267

 

Tried concerting the +/- to number string and letters for passphraseโ€ฆdid not appear to work with steghide passphrase. There is definitely information in the gift file. If you fire up the image in GIMP you will find blocked out pixels at another layer. Use the brightness and contrast tools in gimp to reveal.

The "punisher pic" also reveals interesting information when using the brightness and contrast tools in gimp haven't fully revealed the information but there are patterns there. Ghidra may help on the gift image. I had an older version and was unable to get through the python analysis before it would crash my systeem. (I was on a shitty laptop.)

Anonymous ID: 710638 May 5, 2020, 3:06 p.m. No.9043561   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3689

>>9043470

 

Closeโ€ฆ.go the other direction on the spectrum to see if you see what I am seeing. Here is the hint I usedโ€ฆGet it to the point where you are making "red cross" like lines in the forehead area. I will have look at what you are seeing. TY

Anonymous ID: 4948e6 May 5, 2020, 3:21 p.m. No.9043711   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8629

>>9043689

#!/usr/bin/env pythonfrom PIL import Imageim = Image.open("skull-code.png")width, height = im.sizeyellowAsZero=""greenAsZero=""for y in range(height): for x in range(width): r,g,b = im.getpixel((x,y)) if r 200: yellowAsZero += "0" greenAsZero += "1" else: yellowAsZero += "1" greenAsZero += "0" yellowAsZero +="\n" greenAsZero +="\n"print(yellowAsZero)

 

It didnt come out with anything but that was my quick attempt

Anonymous ID: 872778 May 5, 2020, 3:38 p.m. No.9043883   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9043728

 

So moving the spectrum to the other end reveals a braille like dot patterns. Gets the image to red and white lines ( a few red / white crosses) reveals dot patterns the remind me of braille. Haven't tuned it in fully for decode. Just throwing that out there. Braille (dot patterns) is a common message passing technique for StegAnons

Anonymous ID: 3347cd May 5, 2020, 7:04 p.m. No.9046344   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9041828

file names seem to be pointing to abstract items or strings of information that are not random. You are aware of the cypher the founders used? books at the lib of congress cover it

So here is a path from the punisher file name capitals TTiC the file name transposed, missing, or incorrect syntax are paths to endless dataโ€ฆ seems to point to 1-99 items that tie each bad actor by money deed generational to the main death cult [93]

Anonymous ID: 2a5bd7 May 5, 2020, 8:07 p.m. No.9046953   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7252 >>7369 >>7423 >>8298 >>9698

How do we know that there isn't spyware or malware or a

rootkit or whatever, embedded in the ghidra code itself?

 

Stegano & reverse-engineering compiled code both interest

me, and I've always suspected (from the first time that Q

said, "you have more than you know"), that there might be a

lot of stegano in at least some of the images (and I have in

fact gone and looked inside some, finding nothing โ€“ which

doesn't mean it isn't there, but might mean there isn't โ€“ so,

this all interests me, but I'm not installing software on any of

my computers, that is DL'ed from this Wilderness of Mirrors,

unless I have solid reasons to trust it isn't itself malware/d.

Anonymous ID: 4d5cd6 May 5, 2020, 9:11 p.m. No.9047369   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7423 >>9853

>>9046953

>How do we know that there isn't spyware or malware or a rootkit or whatever, embedded in the ghidra code itself?

You mean so the NSA could get access to your personal information?

Have you even thought this through or are you just typing things as they flash into your little brain?

Anonymous ID: b3809b May 5, 2020, 9:25 p.m. No.9047423   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9428

>>9047252

>>9046953 ( Yep Yep never trust anything)

>>9047369

 

Sandbox isolation works well but at the end of the day if you are running anything other than linux secure OSs you are already sharing your information. This is why we are actually working with Ghidra. To mitigate that challenge. Kinda like cleaning the garage. You have to make a mess before you can get cleaned up and organized.

Anonymous ID: 26a5aa May 5, 2020, 9:57 p.m. No.9047613   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9047426

 

Jah me heart'E: ['ow's Davy do'n?]

 

Brainfuck<:>K.I.S.S.

 

F.I.R.E. ('n 'Hank's Louise) 'bout time, too.

 

Fire. . .. โ€ฆ (phive)<:>Live

 

A<:>D<:>Ana.

 

Circle-of-5ths<:>[,]7!

 

Fire!

 

Again: Louise_5; Out STAND'n!

 

>JAH FIRE - RASTA FOR LOVE AND PEASE

https://www.youtube.com/watch?v=X0B6zUykXWk

Anonymous ID: ce0691 May 6, 2020, 12:42 a.m. No.9048298   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8307 >>0192

>>9046953

Doesn't matter what is embedded in source of Ghidra. I have come about two and a half years following Q. I have to believe that if there is embedded code, it must be beneficial. Otherwise we don't "trust the plan", and if that WHAT THE FUCK ARE WE DOING HERE? In for a penny; In for a pound! WWG1WGA!

Anonymous ID: 7a2a58 May 6, 2020, 2:21 a.m. No.9048580   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9488 >>5529 >>3708

the filenames of Qs Images have always intrigued me.

Maybe put all of them chronologically together and decode?

I'm sure if someone gets creative enough there will be something.

 

other Ideas

  • try putting meta/exif-info tags together from multiple Images

  • always the "last" or "first" few characters of the actual Image Info

 

Might also make sense to think how one would go about to code info-snippets into these images.

I'm quite sure that if there is more info embedded in the images, in the end its something simple.

 

If there is info like "the Map" there must be a lot of characters - and it would take multiple Images to hide it, since the malformation of jpegs can only go so far until it breaks noticably down. Keep this in mind while experimenting.

Anonymous ID: 3347cd May 6, 2020, 6:15 a.m. No.9049488   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9048580

my oldest fine so far was 1867, railroad times, a financial newspaper with article written by [Librairain of congress] He was wrote about the need for central bank to foundry of their worksโ€ฆ. projection for the changes to come

Anonymous ID: 79faac May 6, 2020, 10:09 a.m. No.9052108   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5843

Ghidra / SRE Resources

For those that might be interested and struggle with how to start, or can't find help.

 

Course and Resources

Reverse Engineering Tutorial: How to Reverse Engineer Any Software

https://blog.udemy.com/reverse-engineering-tutorial/

 

Data Structures and Algorithms: Deep Dive Using Java

https://www.udemy.com/course/data-structures-and-algorithms-deep-dive-using-java/

 

GitHub Ultimate: Master Git and GitHub - Beginner to Expert

https://www.udemy.com/course/github-ultimate/

 

The Complete Networking Fundamentals Course. Your CCNA start

https://www.udemy.com/course/complete-networking-fundamentals-course-ccna-start/

 

Complete Python Bootcamp: Go from zero to hero in Python 3

https://www.udemy.com/course/complete-python-bootcamp/

 

97-things-every-programmer-should-know

https://github.com/97-things/97-things-every-programmer-should-know/tree/master/en

https://github.com/97-things/97-things-every-programmer-should-know

 

Articles and Blogs

How to start out in reverse engineering?

https://www.reddit.com/r/ReverseEngineering/comments/12ajwc/how_to_start_out_in_reverse_engineering/

 

How to Reverse Engineer Software

https://techeries.com/how-to-reverse-engineer-software/

 

The Power of Reverse Engineering

https://www.thesoftwareguild.com/blog/what-is-reverse-engineering/

Anonymous ID: 86e65b May 6, 2020, 2:47 p.m. No.9055579   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9048307

 

That would be nice.

I am enjoying the show and playing in an area I love. Its great expanding my knowledge on Ghidra, and other NSA tools and playing around with Steganography. Its great hanging with like minded anons diggin for the truth and taking down the [DS} at the same time.

Comfy AF!

Anonymous ID: 2a5bd7 May 6, 2020, 7:56 p.m. No.9059853   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9047369

 

You know, I almost impulsively carpet-bombed you back with insults โ€“ but then I realized:

you are almost certainly sperging out, and not shilling, so, hail and well-met, brother anon.

 

#pro-tip: on the internet, $="no one knows you're a dog".

 

One posts things into the vasty deep, to see what calls back. One baits a hook, according

to what fish one wishes to catch. One scans this part of the EM spectrum, and not that one,

to see who is broadcasting here, and not there. One pretends to be this kind of poster, so in

the event of a reply, one may make inferences from data unobtainable by posting as some or

other different set of personae.

 

Alle ist so klรคre wie schlรคm?

Anonymous ID: 605726 May 6, 2020, 8:01 p.m. No.9059895   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9989 >>9792

The only picture I've found anything is the punisher pic with the grey stripe at the lower edge. That one has 60kb of extra data. Went through it with a hex editor and binwalk. There's two valid png blocks of which the first is the image. The second I have no idea what is.

Anonymous ID: 2a5bd7 May 6, 2020, 8:30 p.m. No.9060192   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3717

>>9048298

 

I had had similar thoughts, and it is interesting to see them echoed.

 

But I have been following "this" story, in its broadest context, for, I dunno, close on 50 years. It surprised me completely when I realized that was the case, about 35-40 years in: I had always thought it was a bunch of separate, unrelated weird things, but it turns out it is one big weird thing. Or mostly so, anyway.

 

The digger you deep, the getter it weirds. The sophistication of some of the less obvious psy-ops is mind-bending to behold. Their implicit malice, inarguable.

 

If Clown City in Langley Virginia is setting up false drop boxes so they can catch, and do wet jobs on, bona fide US patriots who've decided to risk all and be whistle-blowers, then โ€ฆ?

 

If Snowden was sent to Kansas as an infiltrator, to do sabotage, so an entire, vast, fake privacy-theft crisis could be run, to conceal-in-plain-sight, another, far vaster one, then โ€ฆ?

 

If the moment facial recognition CCTV-harvesting AI's become technologically feasible, all of the sudden tattoo parlors start springing up everywhere because "it's popular", then โ€ฆ ?

 

If the rabbit hole goes down, and down, and down โ€“ if you drop a pebble, and it never seems to hit bottom, ever, ever, then โ€ฆ?

 

It's not that I don't "trust" Q; it's that at the end of the day, I don't trust.

 

When Q came along, I was core-optimistic for the first time in my life. So there's that.

 

But watching previous proto-counter-coups, however feeble, get crushed outright by cold-blooded murder ($={FBI "they're all insane"}) and decent, patriotic human beings die cruelly at the hands of a deeply-embedded Evil, because no one "normal" realizes what is going on in front of their very eyes (not blindness, but trance), has had this result: at the end of the day, I do not trust.

 

I hope Q is everything it promises to be. An America where the US Constitution is actually, you know, observed, and where, to pick a tiny example, you have to actually be sworn properly into the Office, in order to discharge the extensive executive powers of The President of The United States of America, would be an unprecedented (sic) and wonderful, World-improving thing.

 

But at the back of my mind is the thought, that (like the badly written final minutes of the movie, Basic, except more credibly and coherently), as every unveiling so far (I did say almost 50 years, right?) has got us to "bedrock" that proved to be 1" of mudstone, with a trap-door entrance right there, to another hundred feet of ladder, down, down, down into the dark โ€“ this could be just another one of those situations, only fancier, and with better theatrical props.

 

I do not trust. Not, at heart. Or rather, obviously I do: I am fully aware this channel is approximately as "private" as FB, just with ostensibly better-intentioned Overwatchers.

 

Except, I don't.

Anonymous ID: 2a5bd7 May 6, 2020, 8:44 p.m. No.9060366   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9048359

 

True. Also traffic analysis: not just the "Q Proof Offsets", but any other

patterns in the timing, timing-correlated size (length) and number, etc.

of the drops. Comms analysis isn't just about content alone.

 

I think the only "optimal" strategy is to start digging anywhere, and if it

doesn't hit pay-dirt before you get bored, stop and start digging in some

other place โ€“ iteratively.

 

Unless you have hard evidence a particular approach is a total waste of

time (and if so: serve it with sauce, of STFU & GTFO), don't shit on any

other Anon's wild guess.

 

Q has given us N haystacks hiding M needles, N>>M โ€“ except some of

the needles are something other than needles, and we don't know what.

 

The only reasonable strategy is to search anywhere. For anything.

 

All of which is a roundabout way of telling you to fuck off.

Anonymous ID: 2a5bd7 May 6, 2020, 8:51 p.m. No.9060480   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0586

>>9059825

 

Especially since showing us where the link was, and how concealed, would hint at methods for finding others, elsewhere.

 

I interpret that whole thing as being a slide.

 

The Shills on this (Ghidra) sub-board have to use different shilling tactics than on other sub-boards. Different human terrain here.

Anonymous ID: e58177 May 6, 2020, 8:57 p.m. No.9060586   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9060480

>>Especially since showing us where the link was, and how concealed, would hint at methods for finding others, elsewhere.

 

Except there is no link hidden in that file, the screenshot is not a representation of the jpeg file but is of a completely different file that is a malware executable.

 

It is a slide, but not a concealment of knowledge. That person only knows photoshop, not Ghidra or reverse engineering.

Anonymous ID: ddd144 May 7, 2020, 4:11 a.m. No.9062790   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3059 >>2945

>>9059825

>>9055716

>>9059824

>>9038853

>>9055934

>>9059825

>>9059836

 

I put the screenshot in the first post but I had checked the "spoiler" box (newfag here, as I said, this platform is new for me), but you can still see it on my first post, thoughโ€ฆ

 

In the image there is the sequence I followed.

I never said the pdf is IN the image, I just searched on internet what appeared in the code (it was not my intention to make it look as if I found the pdf inside the image, but English is not my first languageโ€ฆ what I meant is that I arrived to the pdf thanks to what I saw with Ghidraโ€ฆ and for that I attached a .png file with the steps I followed)

 

In the screenshot png file the steps are:

I just put in the browser what there was in the image according to Ghidra (so I tryied different parts in the browser) and

when I searched for "INTMEM:00-INTMEM:07" (which appeares at the beginning when opening the image with Ghidra, as I showed you in the screenshot), I found the pdf IN the internet

(so I found the pdf copying what Ghidra showed me and pasting it in the browser).

 

About Copia.exe:

I saw only now that I used the Copia.exe for the screenshot, here what it is:

I tryed to change the extension of the images to see if Ghidra showed me different codes (it may be stupid, but as I said.. that was my first time using Ghidraโ€ฆ I also tryied to change the images in .txt โ€ฆ ). There were no differencies between the original image (which I used for the research I was talking about) and the image with the extention modified in .exe (I just renamed it to distinguish them).

So here what happened: I used for the screenshot the version of the image with the modified extensionโ€ฆ

โ€ฆbecause here it was 3 am and I took the screenshot of the .exe instead of the original one for mistakeโ€ฆ also because there were no differencies in the codes, soโ€ฆ my mistake in that.

 

You can check what I'm saying by opening the original image, copying and searching for the "INTMEM:00-INTMEM:07" and you should see the pdf in the first page (depending on the browser you are using, of courseโ€ฆ)

 

(PS: I did not copy -in the attached png image- the full pdf I found IN the internet -not IN the image- as it was too long.)

Anonymous ID: ddd144 May 7, 2020, 5:30 a.m. No.9063059   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3162

>>9062790

 

โ€ฆand I thought the pdf could be something because if I try to copy and paste any part of it, what I paste is not what the pdf shows.

 

In example:

if i try to copy the first sentence: "Multicellular development depends (โ€ฆ) organization. "

what I have in the pasted text is:

"0XOWLFHOOXODU GHYHORSPHQW GHSHQGV RQ WKH GLIIHUHQWLDWLRQ RI FHOOV LQWR VSHFLILF IDWHV

ZLWK SUHFLVH VSDWLDO RUJDQL]DWLRQ"

 

that's why I shared it with you.

It may be nothing, thoughโ€ฆ

Anonymous ID: c18b56 May 7, 2020, 5:45 a.m. No.9063132   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>3750 >>0231

To the Anons in these threads, don't expect too much from Ghidra.

 

A lot of the nasty stuff that compromised mobile applications will be doing won't be on the app, but on the server they communicate with.

 

At best, Ghidra will be able to show and tell what information is being sent off and to where if they're not smart, as well as encryption methods and programming libraries used.

 

But the above is still a best case scenario for digging. Most decompiles won't return much.

Anonymous ID: ddd144 May 7, 2020, 5:57 a.m. No.9063210   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9063162

Yes, it happened to me too, but I downloaded the file and opened it with different reader and still does itโ€ฆ but again, except for the fact that I find the topic of the pdf interesting,

the copy issue may be nothingโ€ฆ and the pdf itself may be not related to what we are looking forโ€ฆ

 

I just shared here because I know there are many people who are better than me in this kind of things and in digging.

Anonymous ID: b55d6c May 7, 2020, 7:03 a.m. No.9063708   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9048580

>>9055529

 

Try this.

It's a graphic/analytic that has gathered up all the images that Q has posted and then cross references all of the filenames with text that Q has posted.

 

Freedom.png : 'Freedom' appears in 55 drops.

Links to all related drops and images.

https://qanon.news/Analytics/FileNameMap1

Anonymous ID: 2a5bd7 May 7, 2020, 7:06 a.m. No.9063737   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1370 >>1733

Is it possible to embed (stegano conceal) non-rendering pdf pages/docs inside another pdf? If so, how do you extract the "hidden" ones? If there is no pre-existing software to do this, how do you do it "by hand"?

 

Similarly for .doc, .docx, .odt, .xls, .xlsx, .ppt, .pptx, etc., etc. โ€“ but mainly for pdfs (I have some target files for that right now).

 

If a pdf weighs in at >10Mb, but renders as just one, single, miserable, boring page of mostly text & near-constant background color โ€“ is it a reasonable target for steganalysis? It should be (from the 'surface' needs, a way smaller file, no?

 

All the steganalysis tools I know are for image files โ€“ ignoring the obvious trick of opening any file format whatever either in a hex editor or as if a txt file.

 

I know just enough stegano to misunderstand everything badly โ€“ are there tools for the steganalysis of file formats that are not image file formats?

 

Hiding something as LSBs (etc.) does not make sense (that I understand โ€ฆ yet), except for image files. What are the (most frequently found in the wild) stegano methods that are based on other file formats?

 

For one thing, it is now public lore (thought not "knowledge") that you can hide things in image files. Therefore, people who want to avoid random scrutiny comping their stegano at the hands of script-kiddies (such as myself) probably would have shifted to other file formats.

 

Throw me a friggin' rope, here (no noose jokes, please: no noose is good noose).

 

โ€“ An anon.

Anonymous ID: b55d6c May 7, 2020, 7:07 a.m. No.9063750   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9063132

Agree.

I looked at Facebook.apk a couple days ago and found alot of camera related functions, alot of location functions, other sensors trying to detect the direction the user is facing.

Seemed out of place to me, but I don't lifelog. Possible it's all part of the Facebook featureset, could be that it's always running.

Anonymous ID: 605726 May 7, 2020, 1:04 p.m. No.9068395   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Latest flag image:

 

Offset 0 (0x00):

File type: Portable Network Graphics image

Extension: png

MIME type: image/png

 

Offset 138 (0x8a):

File type: Zlib Deflate

Extension: zlib

MIME type: application/x-deflate

 

Offset 396 (0x18c):

File type: MPEG-3 audio

Extension: mp3

MIME type: audio/mpeg

 

Offset 5255 (0x1487):

File type: Zlib Deflate

Extension: zlib

MIME type: application/x-deflate

 

Offset 18864 (0x49b0):

File type: MPEG-3 audio

Extension: mp3

MIME type: audio/mpeg

 

Offset 24673 (0x6061):

File type: Zlib Deflate

Extension: zlib

MIME type: application/x-deflate

Anonymous ID: 2a5bd7 May 7, 2020, 2:44 p.m. No.9069893   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9069881

 

Key paragraph:

 

"The steganalyst is usually something of a forensic statistician, and must start by reducing this set of data files (which is often quite large; in many cases, it may be the entire set of files on a computer) to the subset most likely to have been altered. "

Anonymous ID: 2a5bd7 May 7, 2020, 2:52 p.m. No.9070001   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0244

More tools:

 

Digital Invisible Ink Toolkit โ€“ http://diit.sourceforge.net/

 

"StegSecret. A simple steganalysis tool" โ€“ http://stegsecret.sourceforge.net/

 

"Virtual Steganographic Laboratory for Digital Images (VSL) - Free tool for steganography and steganalysis" โ€“ http://vsl.sourceforge.net/

Anonymous ID: a28a3c May 7, 2020, 3:07 p.m. No.9070231   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0452

>>9063132

 

Hmmm. While this is a true statement it is not necessary true for all apps. Take for example GEO location, facial recognition, voice recognition, iris tracking, finger print, sentance structure and language usage. etcโ€ฆ. There are all ways to correlate who you are, who you are communicating with, where you are, where you go, and what you are thinking about and create a dynamic profile. Notice recently that Scroogle and other companies stopped using cookies? Why? Because they don't need them any more for tracking. This tech is very advanced. They are using other techniques to identify you on your devices. While command and control (if well designed and thought out) does behave in this manor you are suggesting. There are many many layers and many many techniques as to how personal data / life is now compromised. Ghidra is very good at what it does. However extending your tool kits to steganography hide and seek tools, malware analysis checkers etc are very important as you do your detective work. There are many clues that can be discovered with Ghidra. Some can be easily missed. I just found an exe that was zipped up in an img file. I didn't see the exe in Ghidra (it was hidden very well) but I did find the bread crumbs for the zip file. Once I found the exe I put it back into Ghidra to see whats upโ€ฆanother layer of hidden information. Still working on that one particular challenge. I am always working to expand my tool kits and sharing what I know. If other anons have go to apps they like for this work it would be great to see what tools you use and the process you use for de compiling. It will take a digital army of anons to clean up all the compromised phone apps, PC, and Mac software. Now that we are on our way to cleaning up the compromised MSM "system" now its time to rip apart the web and its applications. Its disgusting what it has become. I love technology, been working in this area of tech for many years. I have watched brilliant technology get used for corruption fo way too long. Its time for this behavior to stop and make Technology Great Again. Our industry must be saved from what it has become. Surveillance is at an all time high right now. Chinese tech has subverted everything technical from the inside of or apps out. (Its a pervasive pattern in fact its right out of their playbook. Look up the book Unrestricted Warfare if interested). There are so many craptastic applications and services we all really need to get our shit together and fix these problems. Its a matter of national security when you think about how many chip sets we have in our homes, and businesses. They are all compromised in one way or another. Its shocking actually.

โ€ฆ.Hack the planet anons. Lets roll!!

Anonymous ID: 2a5bd7 May 7, 2020, 3:08 p.m. No.9070244   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9070001

 

DLs:

 

DIIT: https://sourceforge.net/projects/diit/files/diit/1.5/diit-1.5.jar/download?use_mirror=gigenet โ€ฆ from:

https://sourceforge.net/projects/diit/

 

<Documentation (incl. FAQs):

 

http://diit.sourceforge.net/doco.html

 

StegSecret: http://stegsecret.sourceforge.net/

http://stegsecret.sourceforge.net/XStegSecret.Beta.v0.1.zip

 

<Documentation & examples:

 

http://stegsecret.sourceforge.net/SpanishManual.pdf โ€ฆ sorry, no habla Inglez

http://stegsecret.sourceforge.net/imagenesEjemplo.zip

 

VSL: - https://sourceforge.net/projects/vsl/files/vsl/vsl-1.1/vsl-1.1.zip/download

 

<Documentation:

 

Forczmaล„ski, P., and Wฤ™grzyn, M. Open Virtual Steganographic Laboratory, International Conference on Advanced Computer Systems, ACS-AISBIS 2009.

Forczmaล„ski, P., and Wฤ™grzyn, M. Virtual Steganographic Laboratory for Digital Images. In Information Systems Architecture and Technology:

Information Systems and Computer Communication Networks (Wrocล‚aw, Polska, 2008), pp. 163โ€“174.

 

https://www.google.ca/search?as_q=Forczmaล„ski+steganographic

https://www.google.ca/search?as_q=Forczma%C5%84ski+steganographic&as_filetype=pdf

Anonymous ID: 65d3fb May 7, 2020, 3:18 p.m. No.9070428   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0481

>>9041086

 

Bingo!!! I see many useful Target for GHIDRA.

 

  • Various Covid Tracking app fro different country.

  • Tesla app

 

And The Windows Driver for this Chinese Chinese laptopโ€ฆ..

 

HUAWEI HONOR MagicBook Pro 2019

https://www.aliexpress.com/item/4000902503352.html?spm=a2g0o.productlist.0.0.3e6db10a6mkL0T&algo_pvid=2a5f306d-533f-43fc-a44d-23f540150779&algo_expid=2a5f306d-533f-43fc-a44d-23f540150779-9&btsid=0ab6f82215888889442575290e2be2&ws_ab_test=searchweb0_0,searchweb201602_,searchweb201603_

 

This Laptop come pre-installed with Deepin Linux. It is the only Linux Distro That can be installed. And if you decide to install windows 10 on it. It will boot. But it will work like crap until you install the Driver from HUAWEI. I guarantee that the driver are full of Backdoor that lead directly to the CCP surveillance apparatus. So if a NSA spook would like to have some funโ€ฆโ€ฆโ€ฆ.

Anonymous ID: 2a5bd7 May 7, 2020, 3:19 p.m. No.9070452   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>0498

>>9070231

 

That's not quite true.

 

Here's the returned URL for a Goolag search for "whatever", which is so effing long I have parsed it at every ampersand, as &amp; seems to be the field delimiter:

 

This is their domain: https://www.google.com/search?source=hp&

This is basically an in-link cookie: ei=CYe0XveWHoyStQXJ4JToBg&

This is my search string: q=whatever&

This is my original search string, so they can track refinements I make(*): oq=whatever&

This is, I think their attempt to geolocate my ass(**): gs_lcp=CgZwc3ktYWIQAzICCAAyAggAMgIIADICCAAyAggAMgIIADICCAAyAggAMgUIABCDATICCABQpw1YnxVg2x5oAHAAeACAAZgBiAHfB5IBAzMuNpgBAKABAaoBB2d3cy13aXqwAQA&

I haven't a fucking clue: sclient=psy-ab&

Who the fuck knows: ved=0ahUKEwi3v4KM4qLpAhUMSa0KHUkwBW0Q4dUDCAg&

No fucking idea: uact=5

 

(*): This is one of the ways they train their neural networks, for free โ€“ your work (our work, collectively), but "their" IP.

Terms of Service, my ass.

 

(**): It can only go to Internet nodes of a certain rank โ€“ the building in your neighborhood that houses your ISP's boxes.

Anonymous ID: 2a5bd7 May 7, 2020, 3:29 p.m. No.9070614   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

GitHub - https://github.com/ragibson/Steganography

 

Sales pitch: Least Significant Bit Steganography for bitmap images (.bmp and .png), WAV sound files,

and byte sequences. Simple LSB Steganalysis (LSB extraction) for bitmap images.

Anonymous ID: a28a3c May 7, 2020, 5:07 p.m. No.9071733   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9063737

 

The short answer is yes it is possible.

There are a few tools out there for decode. I had one at one time on my system I was looking at but can't remember the name. If you dig on PDF Steganography decoders you should find itโ€ฆ.

Anonymous ID: 2a5bd7 May 7, 2020, 6:04 p.m. No.9072636   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2737 >>1503 >>5813

OK, so โ€ฆ I was reading various things about how to identify candidate files for steganalysis,

and some of what I read said, good luck: no algorithm, no key, no can-do.

 

But other things said: well, what are your candidate files? Don't you have traffic analysis or

other hints that there might be steganography in play? Get a bunch of these files, and do a

statistical analysis of the data and metadata, and see what you find โ€“ maybe that will give

you clues about who, how, and what key, blah, blah, blah.

 

So โ€“ here's the deal: Q & Q+ are obviously operating under all kinds of hard legal, constitutional,

strategic, tactical and other constraints โ€“ but, if I thought they were just fucking with us and

nothing else, I wouldn't be here at all. So, I made the guess that they would hide things (plausible

deniability, parallel construction, blah, blah), but not bury them so deep that we couldn't find them.

 

Which means, therewillbe clues. Like what? Anon thinks and thinks and realizes: recurring files.

 

So, I went back through a bunch of Q Drops that had "the same" image files โ€“ here are some attached;

Why should the flag from #3908 be a smaller file-size than the others, when they "are the same image",

and all have "the same dimensions".

 

This hinted that, yes, there is something there. So I did the laziest of steganalysis possible: you open

the supposed image file as a .txt file (use a simple text editor like MSFT's notepad.exe), and just look.

 

So I did. The internal 1s & 0s of these files are completely different from each other! Go look yourselves.

"Same image file", my @$$.

 

If there isn't stegano in there, then I don't know what else could explain this. So, fellow anons: please

look inside these, and suggest steganalytic lines of attack based on what you see, or think you see.

 

How do we identify and extract?

 

There are other "recurring" image file series also: I am looking at some of them and will report back.

 

This is either garbage or gold โ€“ let's dig & find out!

Anonymous ID: dffc81 May 7, 2020, 6:11 p.m. No.9072714   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2789 >>3375

For those completely confused about Ghidraโ€ฆ

 

I've bee pouring through the tutorial included in the download and it looks like Ghidra is a tool for reverse engineering complied computer code. If you don't have a background in programmingโ€ฆ and a pretty good oneโ€ฆ it will most likely be a complete waste of time for you.

 

I haven't found a way to "inspect images" for hidden messages. If I'm wrong, please tell me how stupid I am. Show no mercy.

Anonymous ID: 2a5bd7 May 7, 2020, 6:13 p.m. No.9072737   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9072636

 

There's a sixth one @ QDrop #4140 โ€“ I tried to post it here, but was told it was already in the thread (where?)

 

Note that #2790 has smaller dimensions โ€“ it's the other ones (incl. #4140) that have "the same dimensions", but different binary guts.

 

Surface: all six are the same.

Guts: totally different.

 

Take a look at each in notepad.exe and compare โ€“ now what?

Anonymous ID: 2a5bd7 May 7, 2020, 6:17 p.m. No.9072789   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9072714

 

Ghidra, as other anons here have suggested, may be intended for us to use

to "out" spyware embedded in, say, Coronavirus-tracking "public health" apps

for smart phones, and other "gifts" from Bill Gates, WHO, and others.

 

I doubt Q intended us to use it for steganalysis โ€“ but I am also sure that we

are supposed to do steganalysis, โ€ฆ

 

which is why I posted all those links to misc. steganalytic tools, โ€ฆ not a single

one of which I know how to use โ€ฆ yet.

 

So, if steganalysis of images in Q Drops interests you โ€“ check out some of the other

posts here (above) for possible tools, and dig in.

Anonymous ID: e58177 May 7, 2020, 6:30 p.m. No.9072945   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8660

>>9062790

For the 8051 CPU, the PC memory register has RAM pointers: R0, R1, etc. What youโ€™re seeing is simply the memory map for these register arrays (banks).

 

In the Ghidra code you can see these register arrays mapped to specific addresses (BANK_R0 maps to INTMEM:00). So INTMEM:00 thru INTMEM:07 are assigned to register bank 1.

 

The result you got by Googling "INTMEM:00-INTMEM:07" was not because of any secret code you found in the image.

 

Test this:

Download any random jpg from the Internet and open it in Ghidra using the language 8051 Archimedes 16 bit Big and you will see the same thing.

Anonymous ID: 44ddbe May 7, 2020, 6:37 p.m. No.9073052   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9043433

>>9042267

>>9042464

 

Guys, not a coder or anything else but want to let you know something that might/might not be useful.

My phone has been getting hacked a lot when I'm on twatter posting for the team, and occasionally when I'm on /qr/.

By hacked, I mean I try to type text in a reply and something takes over and starts typing seemingly random shit. I can't stop it from happening, but it quits after a few minutes and doesn't come back.

 

What is typed looks A LOT like brainfuck string, except if you're looking for particular letters think upper and lower case letters Q and A and the number 1.

The string looks like that except with those differences. Never any other numbers or letters. Just those.

 

Dunno if it means anything or is helpful, I hope that it is. Just saw the discussion and that immediately registered. Thanks for all your hard work!

Anonymous ID: e58177 May 7, 2020, 7:04 p.m. No.9073375   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9072714

The way youโ€™d go about incorporating Ghidra into Steganalysis is by first using the various tools to inspect the image for hidden files. Binwalk is good for this.

 

If you find a hidden file you have to extract it using binwalk. Then you open that file in Ghidra to see what it does. Youโ€™ll have to figure out which CPU language it needs but you can try various platforms, or hopefully weโ€™ll be given some direction.

 

Reverse engineering is not for the faint of heart.

 

Thus far I have not found any hidden files or text in the more recent images as of yet.

Anonymous ID: 3fe71e May 7, 2020, 7:38 p.m. No.9073851   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8606

>>9042985

>>9042267

 

Your brainfuck string is the quantization tables for the image. It is related to the compression of the jpeg image.

 

That said, it is possible to use the quantization table to hide data, the space available severely limits the quantity of data that can be embedded.

Anonymous ID: 3c15f1 May 7, 2020, 7:43 p.m. No.9073921   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1503

The issue with stego in Q drops that is all the images are too small to really store much data. It also doesn't fit with what's been going on here to expect to find some secret leak or something linking us to some off site file drop. I feel like if we are to find anything hidden in the images it will be a simple message like "Bring on the PAIN" or "WWG1WGA", where the message itself isn't so much the drop, but the method we used to find it is. It'll probably be something trolly that not only shows us how they communicated in plain sight, but also taunts them that Q team knows everything that they've said.

Anonymous ID: f25184 May 7, 2020, 7:57 p.m. No.9074092   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4898

Anyone pulling apart the games? I'm just starting working on Star Wars Commander, Windows platform.

 

I am looking for unusual functions that might be described as 'easter eggs' which might open backchannel comms. 'Cheat' interfaces.

 

If anyone else is honchoing this particular operation, point me at 'em.

 

Otherwise I would suggest, let's pull apart each platform of this app because it was called out specifically by Q, and we can move onto others

Anonymous ID: 62f144 May 7, 2020, 8:31 p.m. No.9074616   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I'm doing the same thing with one of the PDF's that the Schiff just dropped to see if I can come up with anything.

 

So far no dice, but I'm also fairly new at reverse-engineering and Ghidra, so it's possible I'm missing things.

 

Having said that, I am glad OP put this board up for Ghidra hunting, and I think we may be focusing too much on his images and trying to decode the hidden meaning in them. There may very well be more there 'than we know,' but we shouldn't forget to tear new things apart too.

 

Anyway, glad to be here. Thanks for the board OP.

Anonymous ID: 62f144 May 7, 2020, 8:48 p.m. No.9074898   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9074092

Well I made myself look like an ass. I replied to the wrong guy with a question I easily answered by a quick search.

 

So from what I can tell I don't think you can download Star Wars: Commander from official sources anymore. However, I was able to find the Android apk file for download from:

 

https://star-wars-commander.en.uptodown.com/android

Anonymous ID: 96d63c May 7, 2020, 9:49 p.m. No.9075755   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

NaturalMotionGames Ltd

Pulled from all the stores early.

 

Could only find the APK if anyone is interested. Ghidra batch import worked. There are 15 embedded files.

 

https://apkpure.com/star-wars%E2%84%A2-commander/com.lucasarts.starts_goo

Anonymous ID: 62f144 May 8, 2020, 2:54 a.m. No.9077094   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8415 >>6726

Just occurred to me:

 

https://qmap.pub/read/4000

 

In this drop, Q asks us "Rebellion or Empire?"

 

Now, I've never played Star Wars: Commander before, but I could probably see this being a question on account creation. If we crack this apk open with Ghidra and take a look at where that screen/text is, maybe there's something there?

 

I'm starting to look through it now, but I likely wont be able to really dig into it until later today. I just wanted to share this idea in the meantime if someone else thinks it may be a good place to start.

Anonymous ID: 96d63c May 8, 2020, 6:55 a.m. No.9078415   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9077094

 

Neither have I played this game but I agree it is worth diving into. Given that Q mentioned Ghidra and then re-posted an Anon saying it is something to mess around with sounds like a direction.

 

From what I read in previous posts, others mentioned some thinks I was thinking too..that it is interesting he posted the flag in particular 6 times and that maybe even the file name has some relevance.

Anonymous ID: 62f144 May 8, 2020, 9:26 a.m. No.9079983   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

For you anons, another resource as I learn to go through this, myself:

 

https://maddiestone.github.io/AndroidAppRE/reversing_native_libs.html

 

It requires you to have an understanding of software/programming, but if you are like me (novice programmer) you should be able to understand it enough to jump on in.

 

One thing I found a lot easier to handle was unextracting all the files from the .apk first (linked above in other posts). You can do that with WinZip, and just place it in some random folder. I went too far down one rabbit hole and had the game running in an emulator, but I stopped after I got to the screen in the included image. I wanted to, at least, get to the screen we had mentioned that would have the option of joining the empire or the rebellion, and there it is.

 

So now I'm digging through the code a bit, trying to find out how the game runs (I've never programmed apps before so its new to me), but I think it runs out of the lib/(processor)/libmain.so file. I'm looking into the libunity.so file right now since its called out in the (I)Ljava/lang/String; line, but I'm not sure if I'm going down a rabbit hole again that I don't need to.

 

Anyway, I'm learning a lot. I hope some of you other anons that are more experienced in this than I are on a better path.

Anonymous ID: 564a3c May 8, 2020, 4:33 p.m. No.9085813   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4240 >>9831

>>9072636

 

I was thinking same about repetition of the flag, potentially having clues seems plausible. Q could have just said "great news everyone Flynn is free".

 

At first look, the file names displayed not necessarily matching actual is curious.

 

Why did Q bother changing the displayed file names to patriot phrases instead of just writing it normally in the body of the message?

 

Q2790 patriot phrase displayed, actual file nameโ€ฆ

a7ffb193423f0a5573ceeefe7c2a7863d1fc6d1559e28d93af78f63e36cdceed.png

 

Q3080 patriot phrase displayed, actual file nameโ€ฆ

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

 

Q3823 patriot phrase displayed, actual file nameโ€ฆ

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

 

Q3908 a file name is displayedโ€ฆ

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

โ€ฆbut the actual file name isโ€ฆ

274534d7d1780203956040e16a2fd8712e21596c92d7ac2ecd959d0166f8a501.png

 

Why display the last flag's file name. Seems deliberate, but what kind of delta if any might be here?

 

Q3983 is just AMERICA

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

 

Q4140 is the only flag with an exact match between displayed and actualโ€ฆ

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

Anonymous ID: 117af0 May 8, 2020, 5:51 p.m. No.9086726   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9077094

I was thinking the same thing. Soro's bought Blizzard. I think it would be worth digging into their games.

 

Also, it's long been said that China has built back doors into everything. You can reverse engineer software to find the vulnerabilities and back doors.

 

The other thing I was thinking is it might be worth to check out WeChat and Whatsapp. Zuckerberg made a major pivot in 2018 towards encrypted comms. His number one guy quit warning, specifically, it will allow child trafficking and terrorism to be impossible to trackโ€ฆ. very cryptic.

Anonymous ID: 62f144 May 9, 2020, 8:01 a.m. No.9093749   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I posted it already, but if you are looking to get into reverse-engineering App's (like android apps, such as Star Wars: Commander) I've put together a small list of resources. I'll also give my notes at the end since Q has told us to work together, essentially, in that one picture of people climbing a hill.

 

Resources

Virtual Environment

https://www.virtualbox.org/

 

Operating System Suggestion (Ubuntu is user-friendly)

https://ubuntu.com/

 

Star Wars: Commander App:

https://apkpure.com/star-wars%E2%84%A2-commander/com.lucasarts.starts_goo

-or-

https://star-wars-commander.en.uptodown.com/android

 

Ghidra

https://ghidra-sre.org/

 

Jadx (helpful for this project and other android apps)

https://github.com/skylot/jadx

 

Tutorial for Basic App Reverse Programming (get the .ova in this tutorial and load it into VirtualBox, it's essentially loaded with what the tutorial goes through)

https://maddiestone.github.io/AndroidAppRE/index.html

 

As a rule of thumb its much safer to run everything through the virtualbox, but if you want to all the above will also work/have options to work on an average Windows machine. I wouldn't suggest it, but I can't say that I'm above just running it all on my computer anyway. I'll accept the risk.

 

Exploratory Notes

As a disclaimer, I'm very new to software engineering and I've never reverse-engineered anything before in my life. Having said that, I encourage anyone with an interest in this to try their hand. The more people we have on this the better.

 

So right off the bat, looking at the AndroidManifest.xml, it looks like this application runs like a normal app does with nothing nefarious that stands out. I'm not seeing anything out of the ordinary in the Manifest but I still have a loooooooooooooot of code to go through. I did notice that a few things can be activated by other apps/programs though:

FBUnityDeepLinkingActivity (fuck you FaceBook)

SwrvePushEngageReceiver

SwrveEngageEventSender

FirebaseMessagingService

FirebaseInstanceIdService

Only thought on this is that the Firebase messaging service seems to be able to activate even when the app is closed, but I don't think that in and of itself is abnormal or malicious, as apps should be able to do this (right?). Someone with more app development experience can tell me otherwise, but I'm going to move on.

 

The game runs on the Unity3d.playerโ€ฆ

 

Lots of source code in Java to look throughโ€ฆ

 

Boy, Facebook really likes our activityโ€ฆ

 

Nothing stands out. I'm going to take a look at the Native Libraries now and see if I can pry those apart. The 'native libraries' are the '.so' files, such asโ€ฆ

libbugsnag-ndk.so

libbugsnag-unity.so (another bugsnag file, ho-hum)

libil2cpp.so (my God its huge [~30MB]. That's going to take forever!)

libmain.so

libunity.so (I haven't looked just yet, but I think this is the unity engine that the game runs in. Also my God its 19MB and is going to take forever)

 

Kind of getting hung up. I decompiled the libl2cpp.so with Ghidra and there's an awful lot to go through here, and it takes some in-depth analysis to do so. I'm thinking I need to hit the books a bit more before I start jumping into this because passively reading and hoping that something jumps out at me will be futile.

 

Any suggestions would be welcome.

Anonymous ID: 62f144 May 9, 2020, 8:54 a.m. No.9094189   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4214

Wait I just realized something.

 

Reading through some of the java code for the messaging service under:

Source Code>com>google>firebase>lib

I've realized that a lot of the messages sent back and forth aren't just stored at Google's cloud, but they SEEM to be also sent to FaceBook for tracking purposes.

 

This means that there are two separate locations that have stored that shady conversation we saw. And its not just message content, but user data as well (meaning it could be directly attributed to the sender).

 

I mean this isn't ground-shattering or anything, but it gives me some insight as to how Q and/or NSA could be catching these dudes.

Anonymous ID: 798730 May 9, 2020, 8:56 a.m. No.9094201   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9041137

 

"luke lurks" too. ;)

 

There are a few images that have "non-displayable characters" in them.

Pull the keyword field from the metadata & see what it's encoding is??

 

You know I'm all about "it's in little pieceslike a puzzlethat we have to reassemble" (combine all the little "crumbs" of data into 1 file and that'll give us XYZ proof)

 

MANY Q pics (PNGs) will reveal a similar NDC string with stegano-red.

 

zsteg has spit out some interesting stuff, but I'm wearing of short string false positives like we talked about.

 

We've talked about IMAGE NAMES being important because Q (or the poster) can CHOOSE what they name the image before they upload it. This and the TIMESTAMP (to me) are the most important pieces of the posts (that don't have to do with the content of themโ€“which truly could even just be "cover text" to conceal 'steganographic messages' utilizing timestamps and/or image names).

 

more to come!

Anonymous ID: 798730 May 9, 2020, 9:01 a.m. No.9094240   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9085813

yes @ flags w/ diff names & sizes!

 

some are ~23 kb lol

Some are PNG, some are JPG.

 

I remember someone even mentioning that one of the flags had the WRONG number of STARS? (don't recall which or if this was verified though)

 

Another little "coincidence" is that the PAIN/Punisher pics always seem to come FIRST, and then shortly after, there'll be a FLAG pic.

PAIN = Operation?

FLAG = SUCCESS?

Anonymous ID: 798730 May 9, 2020, 3:03 p.m. No.9099831   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>2598

>>9085813

 

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

 

This is the SHA256 of the PNG above.

274534d7d1780203956040e16a2fd8712e21596c92d7ac2ecd959d0166f8a501.png

 

Grab all the flags, check MD5, SHA256, etc. and you can see what IS and IS NOT actually the same files.

Anonymous ID: 6d5e4b May 9, 2020, 5:54 p.m. No.9102319   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Hi anons. Wondering if I could get a little help. Not a stenofag or a codefag. Totally useless. I used to pirate a lot of music and the folders always came with cover scans.

They've always been normal except the scans for this album. Instead of jpegs they're TIF files and they're fucking huge 68mb is the size of one. Ever since I downloaded it I wondered about the covers. Always suspected something hidden. Anyone wanna take a look?

 

https://anonfile.com/x2v5H1xeob/Covers_7z

Anonymous ID: 82ce9d May 9, 2020, 7:32 p.m. No.9103699   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9041086

 

By its very nature its a tracking tool. Of course its going to have bullshit it that app. Think about the database correlation on the backend. They have had this technology for years. Its a COVID tracking app. A shiny new nickel to ride the same shit slide.

Think about it! Cause and effect.

They have always been tracking us with phones and apps. Now they are putting a different label on it

"Install this app to save lives" "For your family." "For humanity" "Be a hero install this app"โ€ฆ.what a crock of shit. They are attempting to have you download bullshit and the sheep are willingly installing it on their phones. WILLINGLY By its very nature its comped. They call it a psyop for a reason BRO!

Anonymous ID: ec4333 May 10, 2020, 5:51 p.m. No.9115305   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>7546 >>8540 >>5782

ran this jpg through ghidra. got a SHA256 string

 

1bd7bc7c32abacc27045fbe189296c856bffda4999043db01d20e888f07368b6

 

ran through youtube search.

result-

https://www.youtube.com/watch?v=Hk1KNhCCAHM

 

At best 460 of (You)s found this already.

 

Seems this file has more data embedded, throughout. It's doing wierd shit on my first level look. Happy hunting, faggots.

 

Enjoy the show!

Anonymous ID: ec4333 May 10, 2020, 8:36 p.m. No.9117642   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9117546

>What language/cpu did you use? What was the SHA256 string?

 

SHA2 string just under the jpg. on the post. i gotta believe the language/cpu set is machine dependent. that said, my project ran on powerpc.

Anonymous ID: a55360 May 11, 2020, 3:08 a.m. No.9120686   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Checking in. Kind of set the Star Wars: Commander dig on the backburner since I'm not convinced that's the right rabbit hole to be jumping down. I heard someone mention that the redactions can be pulled off the Transcripts in Ghidra, but I'm not sure. The PDF's don't have any executable code in them, so Ghidra would really only show bytes in the documents.

 

Having said that, I loaded up two PDF's anyway just to take a cursory glance. I used Andrew Brown's transcript as an experiment, looking first at Schiff's release and then the DNI release.

 

Schiff's release looks about what I would expect a PDF to look like in Ghidra. Pretty mundane. I looked through the ASCII translation of the bytes and saw some XML formatting code, and I was able to differentiate when paragraphs start, but all-in-all there's nothing to see there.

 

The DNI's release is a bit more interesting though. I haven't found anything just yet, but it looks different from Schiff's. The ASCII readout is about the same with some differences (at first glance), but what stood out to me was that the code analyzer actually returned stuff. I'm not sure what it all means, but (as we knew) there's an obvious difference between the files that Schiff releases and the ones that the DNI released.

 

Observations:

The DNI's version seems to be images as opposed to Schiff's, which could be close to the original PDF documents but with redactions. The DNI, it seems, did the smart thing by scanning these documents back in after redactions, removing the ability for the documents to be torn apart. I think it would be worth opening Schiff's documents up in Adobe Pro and seeing if you can't just simply erase the bars.

 

I will have to give this a shot. As always, I'm open to anyone else's opinions or direction on this. I'm very new to this but I'm dedicated. Also, if these redactions CAN be stripped, it'd be smart to download all of them before they get taken down.

Anonymous ID: 2c6622 May 11, 2020, 6:47 a.m. No.9122082   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9121894

Big maybe. I've had a few of the documents open and I haven't seen anything specifically that would effectively allow me to remove the redactions. Now, I'm not the smartest, maybe someone else here can do just that.

 

I've taken a look at Schiff's released files versus the DNI released files. I was right, the DNI essentially printed the pages and scanned them back in, so the redactions on those are permanent. Not much we can do about that.

 

Now Schiff, thoughโ€ฆ we may be able to recover the redactions there, because when you tear them apart with Adobe Pro you can move the black 'redacted' parts around. There's no text behind them in the field (or rather above them, the black boxes are on a layer behind the text boxes), but maybe I'll take another look at these in Ghidraโ€ฆ

 

If this is a possibility, I'd vote on digging into Schiff's released files.

Anonymous ID: 699848 May 11, 2020, 7:42 a.m. No.9122598   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9099831

 

Good pointers., using SHA256 of the image. So probably nothing in that context. But perhaps there are clues in the images. I wonder if others think the repetition of images would indicate a pattern worth identifying, or, maybe Q is merely using them to reinforce events, e.g. use a flag when it is a patriotic win, use Obama's 'renegade' when they have evidence against him, etc.

Anonymous ID: a55360 May 11, 2020, 10:36 a.m. No.9125009   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>9955

Idea

 

Okay so PDF's are essentially heaps of code that Adobe Viewer/Acrobat translate into readable text. There are some nuances to it, but you can read a few articles here to get a good idea of how a PDF is built:

 

https://blog.idrsolutions.com/2013/01/understanding-the-pdf-file-format-overview/#helloworld

 

Here's where I'm at. PDF files will declare objects that will be present when opened in Adobe. Those objects can be a number of things (text, images, signatures, etc), but the problem is that the actual contents of those objects are encoded. Luckily for us, we know what it uses to encode:

 

FlateDecode

 

So I'm still learning a bit more about that, but conceptually one would be able to grab the bytes from the objects in Ghidra and run them through a Decoder (using theโ€ฆ FlateDecoder algorithm?). What this would do is essentially display the encoded object as plaintext. In the event that the object is a picture it'd look like jumbled plaintext, but if it were a text box it may have some code describing the box, and then possibly the string inside.

 

I haven't tried it yet. I'm having to learn about decoding first. I'm trying to figure out if there's a way for me to decode straight from binary or hex through the algorithm into plaintext, or if I'm just barking up the wrong tree again.

Anonymous ID: aea24e May 12, 2020, 1:35 p.m. No.9144066   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>4105

>>9138696

Novice anon hereโ€ฆIโ€™m finding symbols in Qโ€™s images. I have been doing symbol countsโ€ฆ& looking back at corresponding drop #s. That one is 428. Idk if Iโ€™m on the right path? Havenโ€™t seen anons saying thisโ€ฆthoughts?

Anonymous ID: 87d248 May 12, 2020, 3:38 p.m. No.9145994   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8162

What you all are doing here is interesting. I Only understand a little tiny bit of any of this but still like seeing what you find. The only thing I have to offer is some old knowledge that may or may not be useful. Many govt systems, especially legacy ones use the language COBOL. Sometimes PASCAL and FORTRAN were also used. I know those arenโ€™t as common anymore but donโ€™t forget about them.

Anonymous ID: a53a08 May 12, 2020, 6:06 p.m. No.9148279   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8379

So I have yet to install ghidra, but I took a look at some of the photos on Obama's tweets and ran some segments through an online brainfuck editor here's what I found. Is it normal for jpgs to have this?

 

>options passed to editor

Cell size (Bits): 8 16 32

Dynamic (infinite) Memory:

Memory size:

30000

 

Memory overflow behaviour:

undefined (fast) wrap abort

End of input: no change char:

\n

Dump Memory at char:

#

Count instructions

>input

รธ.Idโ€บยถร’รฎ %A^zโ€“ยณรรฌ &Ca~โ€บยนร—รต1Omล’ยชร‰รจ&Edโ€žยฃรƒรฃ#Ccฦ’ยคร…รฅ'Ijโ€นยญรŽรฐ4Vxโ€บยฝร &Ilยยฒร–รบAeโ€ฐยฎร’รท@eล ยฏร•รบ Ekโ€˜ยทรQwลพร…รฌ;cล ยฒรšR{ยฃรŒรตGpโ„ขรƒรฌ@jโ€ยพรฉ>iโ€ยฟรช A l หœ ร„ รฐ!!H!u!ยก!รŽ!รป"'"U"โ€š"ยฏ"ร#

#8#f#โ€#ร‚#รฐ$$M$|$ยซ$รš% %8%h%โ€”%ร‡%รท&'&W&โ€ก&ยท&รจ''I'z'ยซ'รœ(

(?(q(ยข(ร”))8)k)ย)ร5hโ€บร++6+i+ย+ร‘,,9,n,ยข,ร—--A-v-ยซ-รก..L.โ€š.ยท.รฎ/$/Z/โ€˜/ร‡/รพ050l0ยค0ร›11J1โ€š1ยบ1รฒ22c2โ€บ2ร”3

3F33ยธ3รฑ4+4e4ลพ4ร˜55M5โ€ก5ร‚5รฝ676r6ยฎ6รฉ7$7`7

 

>output

Syntax error: Unexpected closing bracket in line 4 char 445.

 

'use strict';var _,o=[],c=0,p=0,j=0,i=[],m=new Uint8Array(30000);function q(i){self.postMessage({o:[i]})}q(m[p]);m[p+1]+=5;i.length&&(m[p+1]=i.pop());i.length&&(m[p+1]=i.pop());i.length&&(m[p+1]=i.pop());i.length&&(m[p+1]=i.pop());i.length&&(m[p+1]=i.pop());m[p+1]-=5;q(m[p+1]);q(m[p+1]);q(m[p+1]);q(m[p+1]);q(m[p+1]);m[p+1]++;return self.postMessage({s:-1,o:o,c:c,m:m,p:p+1,n:-1});

Anonymous ID: e58177 May 12, 2020, 8:04 p.m. No.9149955   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9125009

I ran some of the House pdfโ€™s through various pdf forensic tools and even Ghidra (and ran the embedded jpgs through forensic tools) and got nothing revealing. I did not see a way to view redacted data.

 

I also havenโ€™t found anything in the flag or skull images, but I havenโ€™t looked at the most recent red skull, itโ€™s on my todo list. These are better suited for image forensic tools but also threw them into Ghidra but saw nothing.

 

Iโ€™m guessing Ghidra is meant for the Star Wars game or a future file or app.

Anonymous ID: e79ecb May 12, 2020, 8:09 p.m. No.9150018   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

StegoAnons

 

Not sure if this is anything yet. Still poking around. I work with a ton of different stego tools and scripts as I attempt to detect patterns. The other night I was using StegoDetect and StegoLSB (python stego tools family) with the recent flag image and the punisher_red image which appears to be identical to the original Q-posted (BTW).

 

I was getting strange results playing with the LSB number 2. The file was reporting incorrect sizes due to bit decision. Typically defaults to 2 when playing with LSB. I changed it to 17 for fun and got interesting results. Still working to figure out the file type signatures it producedโ€ฆbut just wanted to throw this out to the group in case you are playing with these types of tools. Here are the command lines I was using on the files.

 

stegolsb steglsb -r -i flag.png -o output_file. -n 2

and

stegolsb steglsb -r -i flag.png -o output_file -n 17

Anonymous ID: f2c621 May 12, 2020, 10 p.m. No.9151220   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>1706

>>9145517

 

Pixel Knot? Yes it is one of many tools for exchanging secret information. Steghide is anotherโ€ฆ.there are many. Wav and mp4 files etcโ€ฆ The key thing that Q did state is "'tools' All of these tools work together to find the surveillance challenges'' and hidden information etcโ€ฆ

Its really no different from digging in the web. All anons are actually wired for this type of forensic work. By our very observation, autism OCD, ADD nature.

Ghidra can do many things. It can decode many files types, different platforms, chip sets, controllers. Its a primary tool for decoding executable files, and code with internal functions. I have dug into images, PDFs and other file types. Just to look and see whats going on from a particular angle. With a similar tool I will look again from another angle. Its one of many tools that can be utilized. It is however extremely powerful. The thing isโ€ฆ we need all the tools we can get as we identify the security holes in most of the products we use every day. Phones / PCs, CPUs, routers, chip sets, software and apps. China has produced almost everything tech in the US and guess who we are in a silent war with right nowโ€ฆ. It will take an army of anons to dig into the compromised digital universe. I encourage every anon out there with skills or no skills to start digging into our technology.

Anonymous ID: 4948e6 May 13, 2020, 10:09 a.m. No.9155845   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6296

>>9155724

Ran it through hexdump and got this:

 

0000f1b0 26 94 bd 5c 08 22 d2 26 96 ff 00 c4 70 cb 1b e5 |&...".&....p...|0000f1c0 e2 22 ed 77 e4 a9 5c 60 39 55 ea 57 79 9c 0e 09 |.".w..`9U.Wy...|0000f1d0 a1 f1 2c 8a 0a d6 1f 03 ea 67 0a e5 e0 fe d0 b8 |..,......g......|0000f1e0 b6 d8 e0 7f dc ca 31 bc 32 b4 cf 98 fe c1 05 c2 |......1.2.......|0000f1f0 db 9f 13 31 8c 82 5a 8f 3a ac 47 40 4e ce 1b b8 |...1..Z.:.G@N...|0000f200 bc 10 46 cb 01 bf 98 60 c1 63 6e d1 e2 0b 62 d0 |..F....`.cn...b.|0000f210 0b 56 c3 d3 29 29 c3 16 ef 11 e9 98 10 70 1d a2 |.V..)).......p..|0000f220 09 3b 4c 1e d1 93 2c a7 a7 fc 4a 63 6e 47 4b ee |.;L...,...JcnGK.|0000f230 1f 52 94 55 d2 6e bc 5c ff d9 |.R.U.n...|0000f23a

Anonymous ID: c012ff May 15, 2020, 8:23 a.m. No.9184158   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9148162

I think I remember it being used to condense code and formulas or calculations because back in the day everything had to be done to save space on the system. Different than now. That is probably what you said but I donโ€™t know much of the lingo.

Jon James Pratt (999) aka the storm ID: bb460a Burn in hell America May 17, 2020, 3:44 a.m. No.9209405   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

For making your internal problems the problem of the rest of the world

 

And saying or doing nothing

 

Julian Assange made the game multidimensional and Trump betrayed him.

 

Black comedy, yes. Lol

 

And yes, yours truly owes Julian a massive thank you.

 

And no, iโ€™m not perfect either, but some of my knowledge is.

 

Big love to Julian.

 

A combination of high level information warfare based on Gregory Batesonโ€™s โ€˜theory of typesโ€™ , Lots of meditation and some incredible luck.

 

Seven weeks meditation with these bad boys.

 

http://www.973-eht-namuh-973.com/Alchemy/ADVENT%20INDEX.htm

 

And yes, it is all over 8kun too.

 

Illumination route (27 pages)

https://view.publitas.com/51899/497385/pdfs/a8c594cbd211702f0bef3bf4dbe1ae131b2d547c.pdf

 

Methodology (37 pages)

https://view.publitas.com/40132/322676/pdfs/842241c4185d6efcbf67950fee3772a2b07872e3.pdf

 

 

Youโ€™ve been duped by all your politicians and twitter too. Who collectively thought ๐Ÿ’ญ it would be a wise move to conceal, threaten and judge the true source of the storm โ˜”๏ธ.

 

Donโ€™t take it personally. All our politicians are shameless cunts. It doesnโ€™t take a genius to figure that out, does it?

 

And fixating on national identity is a recipe for disaster.

 

And yes, we are definitely all created equal.

 

And the dumb Jews do pay a price to handle the money too. Lol ๐Ÿ˜‚

 

KNOWLEDGEย 

Direct link to source document in pdf format. 2,238 pagesย 

 

17 year long beam of light from the absolute. 130 Mb

 

Every single entry date and time stamped.

 

https://view.publitas.com/72234/880115/pdfs/d4f86d8e8c2117fd530ef381c5b3b016936f5ad1.pdf

 

Kills the poor hurt feelings and opinions of individual humans dead.

 

Jon James Pratt (999)

 

49 year old illuminated polymath from Warwickshire

 

Humbly blessed as the worldโ€™s top intellectual and philosopher

 

Never lies and is never violent. Ever

 

Aka 'the storm โ˜”๏ธ'

Aka โ€˜cosmic lol ๐Ÿ˜‚โ€™

#allpointsarereconciled

 

BREADCRUMBS

https://www.google.co.uk/search?as_st=y&tbm=isch&as_q=%23allpointsarereconciled+&as_epq=&as_oq=&as_eq=&imgsz=&imgar=&imgc=&imgcolor=&imgtype=&cr=&as_sitesearch=&safe=images&as_filetype=&as_rights=

 

Emergency backup drive

https://drive.google.com/drive/mobile/folders/1du6pXkl_ZQ-87t51FH5aPEmpmchfGNYC?sort=13&direction=a

 

RESEARCH AND MEMES

https://drive.google.com/drive/u/1/mobile/folders/1qhE2UWiZJO9FId4Kq67oaQhnLKBuHJbSSBcCj-Cz/1U6Kfa7f0O5e_9JumXg_e8jJlduNitKEfUNszAU9U7w?sort=13&direction=a

 

Vile celebrity and money worshipping morons that have never had permission to kill, ever.

Jon James Pratt (999) aka the storm ID: bb460a May 17, 2020, 3:56 a.m. No.9209441   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9156296

 

You personally have put 7,7bn people in quarantine

 

Be truthful anons.

 

Here come the mandatory vaccines too.

 

Tbh I never thought Americans were this stupid.

 

Brits definitely.

 

Doesnโ€™t take a genius to figure out who is telling the truth here, does it?

 

Yet so many of you are still on twitter, pushing the deceitful claim that Donald Trump is anointed by God Almighty himself.

 

He isnโ€™t. And never will be.

 

And by refusing to acknowledge the real source of the storm, your dopey disrespectful president has not only betrayed the American people, but God Almighty too.

 

The royals here will have to give up the two old cunts at the top too.

 

Or it will be the whole family.

 

Zero negotiations or deals.

 

And Bibi is absolutely ruined too.

 

All of you chose to run the gauntlet.

 

And all of you have allowed this situation (killer virus and impending martial law) because all of you have put being American above being human.

 

Be truthful Americans.

 

Those 500 or so members of Congress are some of the biggest cunts in the world, and have betrayed all of you.

 

And by the mass media (((twitter))) framing a global holy war as an essentially American affair, highly polarised too, you have all been screwed by an essentially Jewish media.

 

The special talent of yours truly is to reduce the whole global power structure to a beam of light.

 

And thatโ€™s what the big pdf is..

 

And no, Iโ€™m not a prophet like Jesus (777), Iโ€™m God Almighty manifest in a human being. (999)

 

Thatโ€™s why Iโ€™m completely separated from my knowledge.

 

The big 2,238 page pdf

 

Just two rituals hold the whole global power structure in place.

 

Divine in design, obviously.

 

The original mandate for 11.11.18

(The shot heard around the world)

 

Obviously scrubbed from (((twitter))) now.

 

Was for yours truly to align the Commonwealth with Russia, USA and Israel. (90% of the worldโ€™s nuclear weapons) (the โ€˜winnersโ€™)

 

Dawkins and Hillary as the offering.

 

A return to nation states too.

 

With the kings and Queens being the losers.

 

And Israel being both the winner (Bibi) and the loser (mass media) .

 

With the prize being world peace and the knowledge of other worlds.

 

The eternal life mentioned in the bible. Yes.

 

But instead, as a direct consequence of playing at online light workers, the vile and deceitful cunts here, with the undying assistance of two violent and deceitful geriatrics (parents) thought it was without consequences to lock yours truly up for 3 weeks, then 7 weeks, force feed him medication and leave an extremely fit and tough (violently abused as a child) 48 year old former professional Bmx freestyler with a broken back, a heavily lacerated stomach and prone to shakes and fainting fits.

 

If you are so blind to not see the truth when it is staring you in the face Americans, then you deserve to be locked up and forcibly vaccinated by your politicians..

 

Because that is exactly what is going to happen if you continue the charade on twitter.

 

You will all get further and further away from the truth.

 

Knowingly too.

 

Thatโ€™s what makes it worse.

 

You see, I may have been born in England, but I had to relinquish my nationality when I was given a guided tour around 13 pizza ovens on the 1st January 2017.

 

The real pizzagate. Yes.

 

These politicians represent none of you, America, and never have done. Ever.

 

But because it was deemed more important to fake an American holy war rather than acknowledge the real winner in the global holy war, Team Israel, Team USA and team Britain have already dug a hole for themselves, that they will never get out of.

 

Sure many of you feel cheated.

 

Youโ€™re not the only one.

 

And yes, I have been to America many times, have many cousins there, been to Georgia, Alabama, North Carolina, Florida and California.

 

Always had an amazing time. Been for bmx competitions too. Been in the Appalachian mountains and south central LA too. Eaten cold beans out of a boat on the swamp. You get the picture.

 

And no, iโ€™m not perfect either, but some of my knowledge is.

 

KNOWLEDGEย 

Direct link to source document in pdf format. 2,238 pagesย 

 

17 year long beam of light from the absolute. 130 Mb

 

Every single entry date and time stamped.

 

https://view.publitas.com/72234/880115/pdfs/d4f86d8e8c2117fd530ef381c5b3b016936f5ad1.pdf

 

Kills the poor hurt feelings and opinions of individual humans dead.

 

Jon James Pratt (999)

 

49 year old illuminated polymath from Warwickshire

 

Humbly blessed as the worldโ€™s top intellectual and philosopher

 

Never lies and is never violent. Ever

 

Aka 'the storm โ˜”๏ธ'

Aka โ€˜cosmic lol ๐Ÿ˜‚โ€™

#allpointsarereconciled

Anonymous ID: a16e89 May 17, 2020, 4:56 a.m. No.9209698   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5525

>>9046953

you dont know, but I believe.its open sourced so any backdoors, rootskits etc would be easy to find in the code.

 

Also, I installed blackarch on a flash drive and Ghirdra comes.stock with it. just use a vm or flash drive or if yr really paranoid a 100 dollar powerbook with no personal info.on.it

Anonymous ID: b0e462 May 17, 2020, 1:59 p.m. No.9215525   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9209698

 

Or you could go with something like QubesOS and setup disposable VMs. / sandboxes. Very handy tool when playing with malware and other apps you don't trust. Very easy to contain using template OS installations of ghidra. You can have multiple projects isolated and contained running concurrently. With the separation of network interfaces you can also setup local networks that don't connect to the web and "watch" the behavior of a given app by setting up network monitoring and watch what resources the app may attempt to contact. Very handy environment for this type of work.

Anonymous ID: a8c12f May 19, 2020, 2:03 a.m. No.9235782   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9115305

Sorry if this has been asked, coding and such is a bit out of my wheelhouse. Has anyone ran the background "music" in this video through a spectrum analyzer to look for images or other data? It sounds like there might be something in there.

Anonymous ID: baa8ac May 19, 2020, 6:55 p.m. No.9246546   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

After 6 days of lifting the stay at home order, we are back toโ€ฆ a new type of normal. Local zipline park or abandoned crime scene? What did someone permanent marker over the sign at the park's rest rooms?

Anonymous ID: 6507eb May 19, 2020, 7:57 p.m. No.9247116   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9245902

It is software to program Alcatel Lucent hardware, MCT.exe, that one would find at a cellular site. Figure 1 there is embedded error reporting and would like to see which country they report to (Not American owned) and 2 we need to start making that stuff here so why not reverse engineer it?

Anonymous ID: a53a08 May 20, 2020, 6:42 p.m. No.9258629   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9038853

>>9043711

Maybe we need to look at the PNG images as well.

The tool below was originally published Dec 17, 2017 (near the start of Q drops), it was later updated Sep 23, 2019 (during downtime between 8ch/8kun).

 

I tried running the author's sample image through an LSB analysis and it wasn't detected

http://lukeslytalker.pythonanywhere.com/stegano/scan

 

I'm not saying this is exactly what's used, but this technique or a variation of it is out there delivering executable payloads undetected.

Invoke-PSImage

 

>Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

 

>Invoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.

 

>It can either create a new image using only the payload data, or it can embed the payload in the least significant bytes of an existing image so that it looks like an actual picture. The image is saved as a PNG, and can be losslessly compressed without affecting the ability to execute the payload as the data is stored in the colors themselves. When creating new images, normal PowerShell scripts are actually significantly compressed, usually producing a png with a filesize ~50% of the original script.

 

>With the embed method, the least significant 4 bits of 2 color values in each pixel are used to hold the payload. Image quality will suffer as a result, but it still looks decent. It can accept most image types as input, but output will always be a PNG because it needs to be lossless. Each pixel of the image is used to hold one byte of script, so you will need an image with at least as many pixels as bytes in your script.

 

https://github.com/peewpw/Invoke-PSImage

Anonymous ID: 4d5cd6 May 27, 2020, 5:41 a.m. No.9330105   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

I don't know if these are commonly available but i built a python script hex to decimal calculator. Thought I'd share here.

 

"""

hex to decimal calculator

"""

 

value = input('Please enter the hexidecimal code here: ')

 

h = {'1':'1', '2':'2', '3':'3', '4':'4', '5':'5', '6':'6', '7':'7', '8':'8', '9':'9', 'a':'10', 'b':'11', 'c':'12', 'd':'13', 'e':'14', 'f':'15', '10':'16'}

 

lst = list()

for item in value:

item = item.lower()

converted = h.get(item, 0)

lst.append(converted)

 

print(lst)

 

x = int(lst[0])*4096

y = int(lst[1])*256

z = int(lst[2])*16

xx = int(lst[3])*1

 

print(x, y, z, xx)

 

total_sum = (x + y + z + xx)

 

print('Total "Decimal Value" of Hex Code:', total_sum)

Anonymous ID: a53a08 May 27, 2020, 8:38 p.m. No.9340169   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9042549

>>9042985

I've ran the whole string (from the jpeg header through the end of the dashes) on several interpreters (https://tio.run/#brainfuck https://copy.sh/brainfuck/ https://fatiherikli.github.io/brainfuck-visualizer)

 

each of these had a seven character output "รฟรฑรฑรฐ" (hex: 01 01 01 FF F1 F1 F0)

 

with only the unbroken string after the forward slash as in your example outputs "รฒรฒรฑ" (hex: f2 f2 f1) you get -17 because the data pointer ends at 238. The pointer starts at 255 and increases/decreases with each +/- and the periods print out the value of the byte. So Q cycled the byte value up and down, printed, and then signed with value difference.

 

my thoughts is that it could be:

-a suspicious file signature to look for in malware or apps

 

-a bug that that's being exploited

>Netview SNMP Automation Task CNMAUTO unable to receive data

Start of CP-MSU data

02 D6 12 12 00 23 FF F0 00 0FFF F1 F1 F04B F3 .Oโ€ฆ..0 โ€ฆ110.3

End of CP-MSU data

SNMPAPI: TRACE: Entering snmpFreeDecodedPDU

SNMPAPI: TRACE: Exiting snmpFreeDecodedPDU

SNMPAPI: TRACE: CNMAUTO request completed with return code 24004

>This shows that we are receiving a trap through the snmp automation service in netview. However, it did not get converted into an ALERT and it does not go to NPDA

https://www.ibm.com/support/pages/netview-snmp-automation-task-cnmauto-unable-receive-data

 

-an ip address formatted in hex (not sure if executables store this ip's way), this would put it as 255.241.241.240 which would put it as a class e address "reserved for experimental purposes only for R&D or Study". is the traffic for the 4am news drops or other comms being routed through an otherwise "unused" ip?

Anonymous ID: cd02c3 May 28, 2020, 8:08 a.m. No.9344789   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9044191

 

Ever read Sherlock Holmes?

 

Looks a bit like the code Holmes deciphered that had dancing men on it:

 

https://www.boxentriq.com/code-breaking/dancing-men-cipher

 

Or the flag alphabet:

 

https://en.wikipedia.org/wiki/Flag_semaphore

Anonymous ID: cd02c3 May 28, 2020, 8:19 a.m. No.9344939   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

Has anyone connected any of this to the hashing/Wikileaks connection that another Anon had found?

 

I've worked on it a bit myself. I'm not sure whether the connection is legit or not.

 

You can hash phrases from Q posts using various hashing algorithms and they result in hashes that can be used as e-mail IDs on the Wikileaks site.

 

Another anon mentioned that md5 can be used. I found numerous other hashing algorithms worked.

 

The questionable aspects of it for me were:

 

  1. Some really old, no longer secure, algorithms were used. Why do that? Even for something like this. It de-legitimizes the whole thing.

 

  1. Some short/nonsense strings were hashed, making it seem like whoever hashed things did so with a brute force or dictionary style approach. (e.g. "b" and "1" could both be hashed and give results)

 

  1. There's no telling when the Wikileaks servers were updated with these e-mail IDs. Meaning, it might have seemed intelligent to have an e-mail ID for, say, "COVID-19" a year ago, but if that was hashed and those hashes were used for e-mail IDs within the past few months, that's not impressive, it's just following the news.

 

  1. I'm yet to find any connection between the key phrases that I hash and the e-mails that come up.

 

It's a little odd to go through all that trouble for a nothingburger, though, on the Wikileaks end of things.

 

If you find strings with Ghidra that could be used as hashes or if you try hashing them, consider plugging them into the e-mail ID search for the Wikileaks e-mail drops. This might just all tie together somehow.

 

I got results with most if not all of these algorithms: md4, md5, sha1, sha224, sha384, sha256, sha512, ripemd160

 

On these addresses: (append hash to end of link)

 

https://search.wikileaks.org/gifiles/?viewemailid=

https://wikileaks.org/podesta-emails/emailid/

https://www.wikileaks.org/clinton-emails/emailid/

https://www.wikileaks.org/dnc-emails/emailid/

https://www.wikileaks.org/akp-emails/emailid/

https://www.wikileaks.org/hbgary-emails/emailid/

Anonymous ID: cd02c3 May 28, 2020, 8:25 a.m. No.9345003   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9043728

 

Looks a bit like a cutout into a sheet of paper. Reminds me of a Grille type cipher. What's interesting about this is that people were accusing Comey, Obama, etc., of using a cipher of this type on social media to send out comms.

 

See: https://en.wikipedia.org/wiki/Grille_(cryptography)

 

If it is this kind of cipher, the real question is what it overlays on.

 

Thinking outside the box, it may not even belong on a word-based sheet of paper. What if it were laid onto a map to show something underneath or points of interest?

 

The original post this came from could give a clue what it could be laid overโ€ฆ

Anonymous ID: 2f429e May 31, 2020, 4:45 a.m. No.9392339   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9138910 (pb)

 

>>9138947 (pb)

>>9138947 (pb)

 

>[[[0.23529412 0.23137255 0.43137255]

> [0.23529412 0.23137255 0.43137255]

> [0.23529412 0.23137255 0.43137255]

> โ€ฆ

> [0.69803923 0.13333334 0.20392157]

> [0.69803923 0.13333334 0.20392157]

> [0.69803923 0.13333334 0.20392157]]

Anonymous ID: b0cdbc June 6, 2020, 6:05 p.m. No.9511610   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>9247409

 

This is a mixed C / C++ application built for linux, obvious from the .so names and the dbus. The mangled names (ZTI14โ€ฆ) are C++.

These are mostly function names and library names for dynamic linking. Nothing interesting here actually.