/comms/ - COMMS

>>3264

Let’s get started

Who has a starter pack of images of interest and known techniques to look for?

Good luck guys

>>3264

>>3266

I came over from /qreseaech/, got the subject rolling in a few breads now. Saw an anon post these:

https://8ch.net/qresearch/res/4837362.html#4837427

https://8ch.net/qresearch/res/4837362.html#4837484

Now I am here. Good for analysis, connecting dots, organization.

>>3267

It’s going to take a consistent and persistent effort. Lots of ground to cover and data to gather.

Timestamps, brackets, spaces, etc.

All posts, videos, and images will need to undergo analysis. Best bet to is to just do one at a time together, starting from the beginning. At least until we get more people together. I’m in it for the long haul though. Looking forward to working with you.

>>3269

>It’s going to take a consistent and persistent effort

I'll be watching and helping where I can

If the anon who posted the images can step forward, would be interested if you have the raw images. Kind of hard to see in the ones provided. Has anyone tried messing with Flynn’s new banner twat update yet?

>>3272

>Apparently the method they used was putting Qs pics into a zip folder then selecting edit on the file

not what I would consider as a viable method of detecting an embedded message

I know a tiny bit about steganography

I've always liked crypto

I'll look to see what tools I have accumulated that are still usuable

one from long ago (XP days) is called

binaryTextScan and does what it says

scans a file for text strings (you get to set parameters such as minimum length and character set limits etc…)

I remember looking into pixelKnot a bit, but as it's an android only program as of now I didn't do much with it

I've seen some others

openPuff

stegDetect

VSL

I'd suggest we gather a set of links to tools for the purpose of detecting and decoding messages hidden in files

https://www.geekdashboard.com/best-steganography-tools/

http://www.jjtc.com/Steganography/tools.html

http://stegano.net/tools

Post at will. This thread was listed in Global Notables on /qresearch/

I'd like to help out if I can but I'm very much a novice at this sort of thing. On the other hand I can find my way around a hex editor and would be willing to work at prying apart image files. At a minimum I could try to help gather up best practices and tools from what people post.

>>3276

So HexAnon:

Compress the image from 3277 in a zip

Open that zip in your favorite text editor

Search for the words "zip"

Open compressed data in hex editor

Copy the ZIP components

(This is where anon got lost.

Between the words? Zip at the end. Have no idea what Hex looks like. Raised geeks, but never properly converted myself.)

Copy the data re: zip

Try to read it? Decompress it? Edit that string again? This is where help is required.

It seems that was where helper anon was leading us. Did not convey zip program, etc., but something was able to read through the compressed and embedded data.

(Also suspect that kids to raise routine was a cover.)

>>3277

Shills are easy to filter. Let’s do this

Billed as full-sized images.

A resource:

https://postimg.cc/gallery/29wdmgyze/

>>3277

>Anyone know 8ch well enough to understand that phenomenon?

yes it has to do with the method of calculating the size

1kb = 1000 bytes or 1024 etc…

>Anon needs help

try reading the wiki page

https://en.wikipedia.org/wiki/Steganography_tools

https://en.wikipedia.org/wiki/Steganography

I'll try to answer any questions that I can

Have played with a lot of steganography detection, etc., but this video took me the furthest.

https://youtu.be/KUZVIBXfoeA

>>3282

>Learning how to create an image which contains additional content will help to learn how to extract content.

Yep. Already came to that conclusion.

>>3281

Ah! That clicked immediately. Thanks.

Been waiting for this board to happen since the very start!

If we get any data of real value

I believe it will come from this and nothing else,

Good luck, it will be hard and lonely.

does qmap.pub pull raw files from Q posts?

https://media.8ch.net/file_store/a7ffb193423f0a5573ceeefe7c2a7863d1fc6d1559e28d93af78f63e36cdceed.png

I cant replicate the original results from freedom.png

>>3264

http://stylesuxx.github.io/steganography/

this might work.

https://postimg.cc/gallery/29wdmgyze/

Archive off all Q images in full rez

>>3287

>does qmap.pub pull raw files from Q posts?

good question, and a crucial one to our task here

>>3289

>Reposting the first round - the flag.

do you have the original file for 'FreedomFlag' ?

the original file is crucial to finding anything as far as I know

>>3291

Thanks! Posted also a few above you in

>3280

>>3293 (we crossed paths)

>archive.4plebs.org/pol/thread/149158110

READ before posting. READ IN TREE VIEW before posting.

Can't afford to waste our efforts.

>>3276

I've worked in software, written machine code, so hex is no biggie, now that the family isn't pestering me nonstop I can take a look. Thanks.

The flag seems to have come from deriving layers in a photo imaging program, not by code.

Different techniques at play.

I have examples of near hits on the Podesta photo with the fish and number using text edit

and

a couple of layered images embedded in the photos of the garbage truck that was used to ram the train with congressional family members on it.

Will dribble those out, but not right now.

(Can't even begin to process what a year has taught me. That train crash seems like a lifetime ago, but less than a year.)

Oh, and then there's the refrigerated truck drops from Asia where /someone/ and I had a great chat in the middle of the night about "staring at those photos forever or finding out what's in them given their size."

This is real. We have to finish it.

>>3290

Alaska Vols Returned this gibberish. Anyone?

===

Û¡–Èd3I$²Hd–É&ÒË$’K-’™$’Óm6É-’_MšI%²Ù$’[$ÒÛm6[-šÛ-¦S’Ùi K%É šI¶Ël–Ûi²I 6Ó 2“

„@D‚Oí2BM¦S!ºHI¤Úm¶“m²M’[I¤Ù$–Ù’BI²où’Ûd’[m´Ë-ÒKm’m°I–“IÙ$’H$·ó­$É-¤™ $ 0m’Ø@M°’`I:ÛM’Ûm”Ù%&Úa'ÿm¦’m´ëi6ÙM¤©¤Ýý¶ÚM¦Ûm¤ŠM¼Ûm6Ûø£icLÏa9‚ù

Bã
Qè[õö5׆WF—âú
H]öÖ
dt͂èq†—/9¯@H‚hö½_ €ÔH¿TWì³Ù.Š}`÷…µsV*óë~!‰Ú˜q¯S–½õ›ì́`aA`ñf¹Tã/ô‚>I×kEô»#Odû¾$óè¹Q%ú¼Á:95C$âÕ"Ø·Ÿ­htJ½Ñ‹îŸ]ËïV¤¬[N4Û

m¼Å½nuðY-dg76ž”8›Ù$ó´§ñ©à¶°Éœ•±‰Ѭ-‰)ËxoÎýùutìgv\(Œû.£16Þõa0

.Ñ%Lc"U!pÁþ=Ælø†ø=¸?­–’ŒX ð)sfÿÁ[?Ô,å¯a玃˜–3I®œ‰ßúº­u¦ä\‰öáÞwg€;T!Vq–týZîÏyÃ.nC©ÆeŸD<ý/ÈȖMŒ ¹»õFÉÜvW`Ð?46Qý|[’¶Ž ™<º¤©QLíU¨Œã¢ü8èî¼´7K‰ØLµt³èɃÁ¤Ž

Fh>r*šÚ!cz÷,êøÿ±(Q¢Ÿp%òôΩs.P“-å8½€Iîélۀ¿¯c9ì“I1µ´»aã »XðåM§ö”IÏ°^60ÎǧÃùÀ]O~Oà?ï3ö¡/ѸµPégó‡÷[+Aÿ‘°ðø& HÊÐ0 ‘ÁIï_({"Üp½¨n©´c̝ÁAd|ÍFWx÷þ=|FÀ•º3ÞqóÌŨÐ}ËðN=!Î;bh¹Ø.|Æ9Ž,>çÉÃdYçm½

Ãî2¾}hcq˜Çß+€f¶óÍêFËD†S™ö5ób‰µß,mrÒñC¶ë[Ešµ¶ {#ÃówÈ)?c:Øtô­)U‰'£Øãf…d!øN*,ÔæïüÀ{¬=ÿhû·ƒY\Kí>ñ²Î%Ëñdp d6ߢßϞj–›

øßó'†Á.™ –R8”¹ØL§!†¼ùÓ~ü†b¨œ–ãR48š+„ˆÁ¿±ÙïçÚì/b¢«+Ú/£Îl²oÜ

Ëï@5H{F«¢ð=?¼URó`MoÜ
2ˆ/|=ò`E²ZÒ¡câÒ½™¡³ÑÃÞüË÷ߚC1ú9Z»Ks)¿S¨9߀àTÎVãCÛêJ};¶0BٝÁ\ÆâÈ@ÊE¸;4µÜpQz¤pcs^JaÀ÷ÿåšvŸ¹áE¾€P¢+
ÉÐÙ

n‡!…

­====

Partial. Too long.

>>3291

thanQ that will be very helpful

>>3295

>archive.4plebs.org/pol/thread/149158110

it's possible, I don't immediately recognize that thread (from Sun 12 Nov 2017) do you have a particular post in mind from that thread? I don't really have the time to search thru it

>>3300

It's a Q post there, anon.

http://archive.4plebs.org/pol/thread/149158110/#q149160361

Anything else I can do? Coffee? Tea?

>>3299

>FËD

>Ëñd

only thing I saw. Several ways (other than steg) to hide info - been decades since I played with this stuff (on dialup)…

might have a marker before data (think like a comma in a csv)

might be in a grid

might be every so many characters every so often

>>3299

maybe also search for keywords/shorthand names like HRC NN etc

>>3278

I don't think you have to compress it before opening it. I opened it in a hex editor (plenty online for free) and could search the data for the word 'zip' in there. It only shows up once as far as I can tell. If it is some kind of bookmark or flag for zip data then you'd need to figure out the extents of it. Where does it stop and start?

I'm going to do a little bit of learning on zip file structure to see if I can get some other clues. Sadly I never had much training in forensics. That isn't to say I don't find the stuff rather interesting.

>>3305

I tend to be a skeptic in that I will take something like this and think, well you know the 'zip' showing up in all that junk _could_ just be stupid random happenstance. What if it isn't even intentional? (But we know there are no coincidences).

SO I had noticed upon looking at a zipped txt file with just one word in it that the zip file had the letters PK showing up in it (beginning and end) and I thought that was interesting.

If you read up on zip file structure (thanks wikipedia):

Most of the signatures end with the short integer 0x4b50, which is stored in little-endian ordering. Viewed as an ASCII string this reads "PK", the initials of the inventor Phil Katz. Thus, when a ZIP file is viewed in a text editor the first two bytes of the file are usually "PK". (DOS, OS/2 and Windows self-extracting ZIPs have an EXE before the ZIP so start with "MZ"; self-extracting ZIPs for other operating systems may similarly be preceded by executable code for extracting the archive's content on that platform.)

So applying that to the original image from 3277

>>3277

If you open it in a hex editor you can absolutely find PKs in there. If that encourages anyone at all… I think that that it is further evidence that there is a zip file hidden in the image. I will pry at this some more and see if I can tease it out but this is my first time trying anything like this.

They took down the Notable from qresearch, hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.

>>3308

>They took down the Notable from qresearch,

not much of a surprise

>hopefully we got enough man power in the meantime. I tried reaching out to another stenographer I ran with during 41818. Encourage others to reunite their teams as well if they had any.

sounds good anon

experienced help would be greatly appreciated

some of the anons here mean well, but are a bit short of actually understanding the mechanics of what we are doing

I'll keep this thread alive for a few months minimum and see if we get any results

I'll also fire up a few of the steg programs to see what works and what doesn't (some of 'em are OLD!) and provide some examples to help bring people up to speed

>>3307

If there is actually a zip file in there, I don't think it was cobbled together with this method. I tried opening it in 7-zip earlier and it didn't find an archive. There are a few tutorials like this online and it is a clever way to combine images with files but I don't think it applies here.

>>3311

I've been studying the file in a hex editor and while I did initially find PK in there and the text string 'zip' easily enough, there is no Central directory file header signature = 0x02014b50

The central directory is a crucial part of the zip file. If there is none, then there can't be a zip file archive.

Since there is no obvious central directory file header signature, I went back to looking at the PNG file format to see if there were any other clues in there.

I was not discounting it just because I couldn't open it in 7zip. I was discounting the method because the author said that using that method it ought to be openable in 7zip (which makes sense based on a number of things). I also discounted it because of the other observations I had made.

Note: there is only one instance of 'zip' and one instance of 'PK' (all caps and case is important) in the file.

You can make these observations on your own with a hex editor just by doing searches for the relevent lines.

I also did go back and look at

>>4837427

What he did is NOT stenography. It looks to me like he was looking at hex code and trying to imagine words out of it. He was including the standard PNG tags like IHDR and IDAT in his supposed coded message. This is not legit. I have not studied forensics but I have done programmed computers professionally and I am sure based on things that I do have experience with that this was not a sensible way to analyze a hex file.

and before someone else pounces on me for it, I did not find the header for a pkzip central directory file header in there either… this would be 504b0102

The test file I created to verify my methods did include a pkzip header in it and I was able to find it effectively with my method.

>>3313

Yep definitely not stenography. And if nothing came of the flag either then it’s back to the drawing board.

>>3314

Not Steganography either heheh

>>3320

> I don't think a couple of hours are enough to grab moar brain power.

I agree

I will attempt to educate those who browse here in an attempt to grow 'moar brain power'

some step-by-step instruction & examples of how to use some of these software packages to hide data in images may help people learn the techniques necessary for detecting and decoding any 'found in the wild'

>>3323

>can you allow video embedding?

done

>>3324

Huzzah!

Other Steg help:

https://medium.com/@FourOctets/ctf-tidbits-part-1-steganography-ea76cc526b40

https://www.kitploit.com/2018/06/stego-toolkit-collection-of.html

>>3328

I remember that. Trying to game Google for page ranking.

>>3329

thanQ

looks good, I'll prolly try the toolkit as it seems to install many of the programs I've already been looking at / test driving.

one question

what is CTF ?

>>3332

Best I can tell? Geek games. Capture the Flag.

https://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/

Race-to-the-finish type challenges.

>>3333 (cheKEKed)

>Capture the Flag.

makes sense.

>>3334

pixelKnot sux

can't get it to decode a test message I just encoded with it

kek

>>3335

Thanks for trying.

Do think this is how we learn: Make and decode our own. Test for techniques.

>>3336

>Make and decode our own. Test for techniques.

I agree

I remember reading somewhere a myth about the origins of stegonography

Seems in Roman times it was common to use a small piece of wood (tabula) covered with wax as a notepad. You could scratch your message or notes onto the surface, then commit it to something more permanent at leisure if needed or simply melt the wax to erase and make the tablet ready for another use. These things were fairly common and the practice well known so of course the military used it for orders and correspondence. Here's where the fun starts, at some point a smart man figured out a method to get a secret message thru to it's intended recipient undetected. Simply scrape off all the wax, sand the surface a bit, write your real message in charcoal onto the bare wooden surface, then re-cover the tablet with wax scratch a cover message into the surface and have the tablet delivered.

Anyone not knowing there was a hidden message or how to extract it would assume the message seen on the surface was the totality of the tablets meaning.

I've wondered about Q's possible use of steganography. There are simple methods and complex methods of encoding, some are easy to detect and some not so easy… IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?

Does this cipher look familiar to anyone?

>%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

>&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Lost our mojo?

Will be around for a couple of days. Working at least one idea.

FIGHT FIGHT FIGHT.

We have to get this done.

>>3359

Very interested in this also .. but need someone to show us a proof of concept ie what works.

Have tried the app suggested in the Q drops but didnt get anywhere - but have been wondering if this is why Q keeps on about needing the keystone … because it unlocks hidden information contained in the graphics.

>>3360

>the app suggested in the Q drops

which Q drops

what app?

>>3360

Today anon will set up to perform hiding a message and then decrypting it. If successful, will post here to see of others can decrypt.

But first, much coffee.

>>3363

Yes, but no.

Going with the hunch that decode is photoshop or decompression (zip) and not app specific.

>>3364

>the hunch that decode is photoshop or decompression (zip) and not app specific

OK…

care to elaborate on the method of embedding the message you'll be using?

a simple bit shift on the color for the text as discussed >>3328

or are you thinking it will be an embedded photoshop layer ?

>>3361

pixelknot

Q1715

>>3368

or do you think that was misdirection from Q ?

>>3370

Its Franklin and Washington in front of Independence Hall.

>>3369

>or do you think that was misdirection from Q ?

I don't know

>>3337

> IF Q did encode messages in the graphics, will they be useful? or decoys? or some combination of both?

I didn't have much luck with pixelKnot

I'm platform limited, the only android machine I have is ancient (lollipop 5.1.1)

I could try installing android in a VM and then trying it again.

currently exploring ghiro

>>3365

Did you watch this?

>>3324

>>3374

I've watched part of it

it seems to be the intimate dissection of a png file, exploring the multiple hiding places within it

It seems there are many, many ways of hiding data in a graphics file. If you do not know the method used, it is almost impossible to determine if any message is hidden or not.

So… is the current thinking to try all known methods, one at a time on each graphic file under question?

>>3375

My current thinking is that there are at least two methods.

1) The original images that Q drops with black headers and footers have zip files embedded. The black provides ample room to hide the data.

2) The other drops - without black - might have layers that can be detected using some of the first methods described in that video.

IMAGE SIZE is important. The black-bordered images that Q uses are generally very large, much larger than is necessary to convey a photo to this board.

>>3376

>much larger than is necessary to convey a photo to this board.

on this we very much agree

>The original images that Q drops with black headers and footers have zip files embedded.

from my understanding the files do not have to be zipped, it can be plain text / cypher text. in the video you reference >>3324 the 'flags' are in various forms & places

>>3381

Sadly, anon is allergic to corn. And cold. Kek.

Ok, so you weren't able to get to the text.

I did, however read your addition beautifully.

Well, we got this far. I guess I'll think on it again.

>>3384

won't load.

So now that we have a method - do we start going through the drops that are png and large with black at top and bottom?

>>3385

I just tried downloading it & renaming it edit7.zip

worked fine

>>3386

(a method?) there is a color shift method discussed above

adding a zip file to a png is only one of several methods, it's a simple one like the color shift can be done without steganography software

I've loaded several of the files into ghiro

>>3378

I'll dig into the results (some of the files show interesting oddities) and share which files might be worth looking at

>>3388

Method:

https://www.hongkiat.com/blog/hide-zip-image-mac/

>>3389

my point was that there are many methods besides the hidden zip file at the end of a PNG

in the video >>3324 seven (7) different areas where data can be hidden inside a PNG file without using a zip file

the color shift technique as demonstrated

>>3366

>>3328 (another demonstration and short explanation)

I see this isn't getting much attention. Crap.

Guess I'll keep going at it alone.

>>3391

you aren't alone

I'm still chugging away with the ghiro results. some of the graphics do have anomalies I'll upload a list in a day or so

IRL calls, and I must answer

this thread will be here

>>3393

Photo is 3kb .. so not much room to hide anything.

Original photo has been located and possible links discussed.

https://voat.co/v/QRV/3009700

https://www.dvidshub.net/image/1565208/airstrikes-syria

Hopefully this may help you guys figure out where best to start searching.

>>3397

Keep trying … I know I have felt that way a 1000 times with tweet decodes .. which then leads to questioning yourself.

It may be that in this case the picture was an identifier .. designed to lead people somewhere .. rather than a carrier packet. Just a thought.

>>3398

the originally posted image

>>>/qresearch/4989823 is the one you want to look at

the

>noisy around the planes

is due to compression from the original (oldest on the interwebz) image according to Tin Eye was from r/MilitaryPorn/ at reddit and is significantly larger at 811KB seen

>>3395

IF Q hid anything in the image it's in the smaller one Q posted and not the earlier ones

>>4048

Yes it is. And there was some done on it, but the anon who claimed to have the most content refused to explain how the content was derived.

Sigh.

>>4115

when they can't explain it, they don't really have anything.

the one interesting thing I'll share from the most recent Q graphic

this pic >>4048

has 260 unique colors

they might all be used for shading… or maybe one of them is used to hide text as in the example

>>3328

>>3331

IF a code anon could make a script that would

1. count and identify the unique colors in a graphic then

2. swap each unique color with a high contrast color one at a time

3. run an OCR (optical character recognition) program on the modified graphic and make note if characters are identified

4. if characters are identified note which unique color

5. swap color back and try the next unique color on the list.

A human could then take this short list of unique colors that are used in characters and read the message(s)

another tool for the arsenal

https://www.incoherency.co.uk/image-steganography/#unhide via DarkPoint

>>>/qrb/37786

>>5646

bump

Posted this in /qresearch/ and got directed here. I was looking at the 2 flags in Q posts 3908 and 3983.

Same dimensions, and imagemagick even reports the same visual "signature" hash for the images, but they have different file sizes and checksums.

What I found was interesting was the SHA256 hash of the most recent image (3983) is the filename of the image in 3908:

sha256sum AMERICA.png

f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920 AMERICA.png

Post 3908 filename: f768deaef22da979abcfb73c9175b54d71fcf891666c5449c1969c07c3cc8920.png

My theory is that the key to decrypt an image is contained in a previous image. But I'm not sure how to take this further.

>>10807

please post the actual files here

>My theory is that the key to decrypt an image is contained in a previous image.

when you have an "original unmodified file" and a "modified file" it makes it much easier to find the changes

Anon is correct we they say the file name for the earlier flag is a sha256 hash however. America does not hash in sha256 to the same file name as the earlier flag. From what I can find out so far sha256 is a one way hash. So when you "decrypt" these hashes on the random websites that do that all they are doing is checking it against their database of collected hashes and checking if they have a match. So one possible method would be to build our own database of likely Q related words converted to sha256 and this would give us the name of the earlier flag picture. These file names could be passwords for pixelknot. Also I did note that file names from original Q posts are different than the file names from q.map.pub but that's to be expected no comms outside these boards right.

Thought this was interdasting r.e. the flag pics do any of the ideas in here correspond to steg data etc.?

>>3266

check out StegoAppDB.

This is a HUUUUGE database of stego & original cover images used to train algorithms to identify steganography.

There are many machine learning stego projects up on github. Clone one of those bitches, import your clean set and your steg set for training… then go grab a bunch of "suspect images" from whatever board you want, and run them against your newly trained algo.

The one I suggest trying is PixelKnot. PixelKnot is an Android app that uses the F5 algorithm to do its thing. There is well over 300gb of PixelKnot pictures to play with on StegoAppDB, free to use & download.

You can obviously create your own sets as well by scripting tools, but this is an easy way to get started with KNOWN images.

#HappyHunting

>>11727

Wouldn't that go back to "Two if by sea"?

>>13401

So someone with an Android device should get busy. #offthehook

>>13457

Yep, that was my thought.

Working with the Easton flag. There's a small row at the top. Using the stego video to get started.