You’re full of shit. Your screen shot shows Copia.exe which is malware, not the JPEG file. There’s no pdf file in the image.
Fuck off.
He’s full of shit.
Your image of Ghidra…There is no function in the main window, how are you seeing that in the decompiler? The address in the decompile image doesn’t match the listing window.
Which Q post is that in?
>>Especially since showing us where the link was, and how concealed, would hint at methods for finding others, elsewhere.
Except there is no link hidden in that file, the screenshot is not a representation of the jpeg file but is of a completely different file that is a malware executable.
It is a slide, but not a concealment of knowledge. That person only knows photoshop, not Ghidra or reverse engineering.
>>There's two valid png blocks of which the first is the image. The second I have no idea what is.
That’s a zlib-encoded stream, PNG files use zlib to compress the image. It’s not anything.
For the 8051 CPU, the PC memory register has RAM pointers: R0, R1, etc. What you’re seeing is simply the memory map for these register arrays (banks).
In the Ghidra code you can see these register arrays mapped to specific addresses (BANK_R0 maps to INTMEM:00). So INTMEM:00 thru INTMEM:07 are assigned to register bank 1.
The result you got by Googling "INTMEM:00-INTMEM:07" was not because of any secret code you found in the image.
Test this:
Download any random jpg from the Internet and open it in Ghidra using the language 8051 Archimedes 16 bit Big and you will see the same thing.
The way you’d go about incorporating Ghidra into Steganalysis is by first using the various tools to inspect the image for hidden files. Binwalk is good for this.
If you find a hidden file you have to extract it using binwalk. Then you open that file in Ghidra to see what it does. You’ll have to figure out which CPU language it needs but you can try various platforms, or hopefully we’ll be given some direction.
Reverse engineering is not for the faint of heart.
Thus far I have not found any hidden files or text in the more recent images as of yet.
What language/cpu did you use? What was the SHA256 string?
I ran some of the House pdf’s through various pdf forensic tools and even Ghidra (and ran the embedded jpgs through forensic tools) and got nothing revealing. I did not see a way to view redacted data.
I also haven’t found anything in the flag or skull images, but I haven’t looked at the most recent red skull, it’s on my todo list. These are better suited for image forensic tools but also threw them into Ghidra but saw nothing.
I’m guessing Ghidra is meant for the Star Wars game or a future file or app.
“Toolkits can be helpful.”
Ghidra is just one of many tools for digital forensics. You are right that we need to be thinking beyond just one tool.