How do we know that there isn't spyware or malware or a

rootkit or whatever, embedded in the ghidra code itself?

Stegano & reverse-engineering compiled code both interest

me, and I've always suspected (from the first time that Q

said, "you have more than you know"), that there might be a

lot of stegano in at least some of the images (and I have in

fact gone and looked inside some, finding nothing – which

doesn't mean it isn't there, but might mean there isn't – so,

this all interests me, but I'm not installing software on any of

my computers, that is DL'ed from this Wilderness of Mirrors,

unless I have solid reasons to trust it isn't itself malware/d.

>>9046487

If future unlocks past, then maybe

"future" is the keyword – to unlock

some or other thing that is tagged

with "past" as a label.

I'm just speculating, here.

>>9047369

You know, I almost impulsively carpet-bombed you back with insults – but then I realized:

you are almost certainly sperging out, and not shilling, so, hail and well-met, brother anon.

#pro-tip: on the internet, $="no one knows you're a dog".

One posts things into the vasty deep, to see what calls back. One baits a hook, according

to what fish one wishes to catch. One scans this part of the EM spectrum, and not that one,

to see who is broadcasting here, and not there. One pretends to be this kind of poster, so in

the event of a reply, one may make inferences from data unobtainable by posting as some or

other different set of personae.

Alle ist so kläre wie schläm?

>>9048298

I had had similar thoughts, and it is interesting to see them echoed.

But I have been following "this" story, in its broadest context, for, I dunno, close on 50 years. It surprised me completely when I realized that was the case, about 35-40 years in: I had always thought it was a bunch of separate, unrelated weird things, but it turns out it is one big weird thing. Or mostly so, anyway.

The digger you deep, the getter it weirds. The sophistication of some of the less obvious psy-ops is mind-bending to behold. Their implicit malice, inarguable.

If Clown City in Langley Virginia is setting up false drop boxes so they can catch, and do wet jobs on, bona fide US patriots who've decided to risk all and be whistle-blowers, then …?

If Snowden was sent to Kansas as an infiltrator, to do sabotage, so an entire, vast, fake privacy-theft crisis could be run, to conceal-in-plain-sight, another, far vaster one, then …?

If the moment facial recognition CCTV-harvesting AI's become technologically feasible, all of the sudden tattoo parlors start springing up everywhere because "it's popular", then … ?

If the rabbit hole goes down, and down, and down – if you drop a pebble, and it never seems to hit bottom, ever, ever, then …?

It's not that I don't "trust" Q; it's that at the end of the day, I don't trust.

When Q came along, I was core-optimistic for the first time in my life. So there's that.

But watching previous proto-counter-coups, however feeble, get crushed outright by cold-blooded murder ($={FBI "they're all insane"}) and decent, patriotic human beings die cruelly at the hands of a deeply-embedded Evil, because no one "normal" realizes what is going on in front of their very eyes (not blindness, but trance), has had this result: at the end of the day, I do not trust.

I hope Q is everything it promises to be. An America where the US Constitution is actually, you know, observed, and where, to pick a tiny example, you have to actually be sworn properly into the Office, in order to discharge the extensive executive powers of The President of The United States of America, would be an unprecedented (sic) and wonderful, World-improving thing.

But at the back of my mind is the thought, that (like the badly written final minutes of the movie, Basic, except more credibly and coherently), as every unveiling so far (I did say almost 50 years, right?) has got us to "bedrock" that proved to be 1" of mudstone, with a trap-door entrance right there, to another hundred feet of ladder, down, down, down into the dark – this could be just another one of those situations, only fancier, and with better theatrical props.

I do not trust. Not, at heart. Or rather, obviously I do: I am fully aware this channel is approximately as "private" as FB, just with ostensibly better-intentioned Overwatchers.

Except, I don't.

>>9048359

True. Also traffic analysis: not just the "Q Proof Offsets", but any other

patterns in the timing, timing-correlated size (length) and number, etc.

of the drops. Comms analysis isn't just about content alone.

I think the only "optimal" strategy is to start digging anywhere, and if it

doesn't hit pay-dirt before you get bored, stop and start digging in some

other place – iteratively.

Unless you have hard evidence a particular approach is a total waste of

time (and if so: serve it with sauce, of STFU & GTFO), don't shit on any

other Anon's wild guess.

Q has given us N haystacks hiding M needles, N>>M – except some of

the needles are something other than needles, and we don't know what.

The only reasonable strategy is to search anywhere. For anything.

All of which is a roundabout way of telling you to fuck off.

>>9059825

Especially since showing us where the link was, and how concealed, would hint at methods for finding others, elsewhere.

I interpret that whole thing as being a slide.

The Shills on this (Ghidra) sub-board have to use different shilling tactics than on other sub-boards. Different human terrain here.

Is it possible to embed (stegano conceal) non-rendering pdf pages/docs inside another pdf? If so, how do you extract the "hidden" ones? If there is no pre-existing software to do this, how do you do it "by hand"?

Similarly for .doc, .docx, .odt, .xls, .xlsx, .ppt, .pptx, etc., etc. – but mainly for pdfs (I have some target files for that right now).

If a pdf weighs in at >10Mb, but renders as just one, single, miserable, boring page of mostly text & near-constant background color – is it a reasonable target for steganalysis? It should be (from the 'surface' needs, a way smaller file, no?

All the steganalysis tools I know are for image files – ignoring the obvious trick of opening any file format whatever either in a hex editor or as if a txt file.

I know just enough stegano to misunderstand everything badly – are there tools for the steganalysis of file formats that are not image file formats?

Hiding something as LSBs (etc.) does not make sense (that I understand … yet), except for image files. What are the (most frequently found in the wild) stegano methods that are based on other file formats?

For one thing, it is now public lore (thought not "knowledge") that you can hide things in image files. Therefore, people who want to avoid random scrutiny comping their stegano at the hands of script-kiddies (such as myself) probably would have shifted to other file formats.

Throw me a friggin' rope, here (no noose jokes, please: no noose is good noose).

– An anon.

https:// www.researchgate. net/post/Which_is_the_best_steganalysis_tool

>>9069792

http://bugtraq-apps.com/ supposedly has a few good stegananalysis tools in it, but I am not running around with penguins and so I cannot DLstall it, so cannot say.

http://dde.binghamton.edu/download/

… more steganalysis tools

>>9069848

See esp. http://dde.binghamton.edu/download/feature_extractors/

https://en.wikipedia.org/wiki/Steganalysis

>>9069881

Key paragraph:

"The steganalyst is usually something of a forensic statistician, and must start by reducing this set of data files (which is often quite large; in many cases, it may be the entire set of files on a computer) to the subset most likely to have been altered. "

>>9069881

See also: https://en.wikipedia.org/wiki/Steganography_tools … although the author uses "encrypt" to mean "conceal steganographically", even though it isn't a synonym.

>>9069923

The meat of the article (for the purposes of Anons working on this board) is: https://en.wikipedia.org/wiki/Steganography_tools#Tools_comparison

More tools:

Digital Invisible Ink Toolkit – http://diit.sourceforge.net/

"StegSecret. A simple steganalysis tool" – http://stegsecret.sourceforge.net/

"Virtual Steganographic Laboratory for Digital Images (VSL) - Free tool for steganography and steganalysis" – http://vsl.sourceforge.net/

>>9070001

DLs:

DIIT: https://sourceforge.net/projects/diit/files/diit/1.5/diit-1.5.jar/download?use_mirror=gigenet … from:

https://sourceforge.net/projects/diit/

<Documentation (incl. FAQs):

http://diit.sourceforge.net/doco.html

StegSecret: http://stegsecret.sourceforge.net/

http://stegsecret.sourceforge.net/XStegSecret.Beta.v0.1.zip

<Documentation & examples:

http://stegsecret.sourceforge.net/SpanishManual.pdf … sorry, no habla Inglez

http://stegsecret.sourceforge.net/imagenesEjemplo.zip

VSL: - https://sourceforge.net/projects/vsl/files/vsl/vsl-1.1/vsl-1.1.zip/download

<Documentation:

Forczmański, P., and Węgrzyn, M. Open Virtual Steganographic Laboratory, International Conference on Advanced Computer Systems, ACS-AISBIS 2009.

Forczmański, P., and Węgrzyn, M. Virtual Steganographic Laboratory for Digital Images. In Information Systems Architecture and Technology:

Information Systems and Computer Communication Networks (Wrocław, Polska, 2008), pp. 163–174.

https://www.google.ca/search?as_q=Forczmański+steganographic

https://www.google.ca/search?as_q=Forczma%C5%84ski+steganographic&as_filetype=pdf

>>9070231

That's not quite true.

Here's the returned URL for a Goolag search for "whatever", which is so effing long I have parsed it at every ampersand, as &amp; seems to be the field delimiter:

This is their domain: https://www.google.com/search?source=hp&

This is basically an in-link cookie: ei=CYe0XveWHoyStQXJ4JToBg&

This is my search string: q=whatever&

This is my original search string, so they can track refinements I make(*): oq=whatever&

This is, I think their attempt to geolocate my ass(**): gs_lcp=CgZwc3ktYWIQAzICCAAyAggAMgIIADICCAAyAggAMgIIADICCAAyAggAMgUIABCDATICCABQpw1YnxVg2x5oAHAAeACAAZgBiAHfB5IBAzMuNpgBAKABAaoBB2d3cy13aXqwAQA&

I haven't a fucking clue: sclient=psy-ab&

Who the fuck knows: ved=0ahUKEwi3v4KM4qLpAhUMSa0KHUkwBW0Q4dUDCAg&

No fucking idea: uact=5

(*): This is one of the ways they train their neural networks, for free – your work (our work, collectively), but "their" IP.

Terms of Service, my ass.

(**): It can only go to Internet nodes of a certain rank – the building in your neighborhood that houses your ISP's boxes.

>>9070428

>>9070452

>>9070498

Sorry – mousefart.

GitHub - https://github.com/ragibson/Steganography

Sales pitch: Least Significant Bit Steganography for bitmap images (.bmp and .png), WAV sound files,

and byte sequences. Simple LSB Steganalysis (LSB extraction) for bitmap images.

https://en.wikipedia.org/wiki/File_carving

https://www.coursehero.com/file/p2ksksp/Another-simple-and-effective-way-to-hide-a-message-is-to-use-white-text-on-a/

https://en.wikipedia.org/wiki/List_of_file_signatures

OK, so … I was reading various things about how to identify candidate files for steganalysis,

and some of what I read said, good luck: no algorithm, no key, no can-do.

But other things said: well, what are your candidate files? Don't you have traffic analysis or

other hints that there might be steganography in play? Get a bunch of these files, and do a

statistical analysis of the data and metadata, and see what you find – maybe that will give

you clues about who, how, and what key, blah, blah, blah.

So – here's the deal: Q & Q+ are obviously operating under all kinds of hard legal, constitutional,

strategic, tactical and other constraints – but, if I thought they were just fucking with us and

nothing else, I wouldn't be here at all. So, I made the guess that they would hide things (plausible

deniability, parallel construction, blah, blah), but not bury them so deep that we couldn't find them.

Which means, therewillbe clues. Like what? Anon thinks and thinks and realizes: recurring files.

So, I went back through a bunch of Q Drops that had "the same" image files – here are some attached;

Why should the flag from #3908 be a smaller file-size than the others, when they "are the same image",

and all have "the same dimensions".

This hinted that, yes, there is something there. So I did the laziest of steganalysis possible: you open

the supposed image file as a .txt file (use a simple text editor like MSFT's notepad.exe), and just look.

So I did. The internal 1s & 0s of these files are completely different from each other! Go look yourselves.

"Same image file", my @$$.

If there isn't stegano in there, then I don't know what else could explain this. So, fellow anons: please

look inside these, and suggest steganalytic lines of attack based on what you see, or think you see.

How do we identify and extract?

There are other "recurring" image file series also: I am looking at some of them and will report back.

This is either garbage or gold – let's dig & find out!

>>9072636

There's a sixth one @ QDrop #4140 – I tried to post it here, but was told it was already in the thread (where?)

Note that #2790 has smaller dimensions – it's the other ones (incl. #4140) that have "the same dimensions", but different binary guts.

Surface: all six are the same.

Guts: totally different.

Take a look at each in notepad.exe and compare – now what?

>>9072714

Ghidra, as other anons here have suggested, may be intended for us to use

to "out" spyware embedded in, say, Coronavirus-tracking "public health" apps

for smart phones, and other "gifts" from Bill Gates, WHO, and others.

I doubt Q intended us to use it for steganalysis – but I am also sure that we

are supposed to do steganalysis, …

which is why I posted all those links to misc. steganalytic tools, … not a single

one of which I know how to use … yet.

So, if steganalysis of images in Q Drops interests you – check out some of the other

posts here (above) for possible tools, and dig in.

>>9073921

No they aren't:

(1) See >>9072636

(2) The data could be something as simple as a single, short sentence that tells us where to dig for something bigger – think bootstrapping.