745039 No.2371258
PIXELKNOT GENERAL
1_m2TxftKgufz3i_CvdybVJg
/qresearch/
https://archive.is/HchFi
You'd be amazed how much is shared on /pol/
0_PDlwBQSymrdu7_5D[1].jpg
https://archive.4plebs.org/pol/thread/170109703/ Hello I am a reporter from CBS.
1_Wu-LPq1zKK-R5lsT67nRYA.jpg
https://archive.4plebs.org/pol/thread/179461614/#179476204
and on medium.com
1_agrJgMO-s-RsbCy6Eepp8Q.jpeg
https://web.archive.org/web/20180730212802/https://medium.com/@jamesmcavoy09/5-interesting-things-everyone-should-know-about-cigars-6100d6a1a6ac
https://medium.com/@jamesmcavoy09/5-interesting-things-everyone-should-know-about-cigars-6100d6a1a6ac
0_kg8VD6qd0xL1M5-X.jpg
https://web.archive.org/save/https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99
https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99
1-lRz-cOnX2WtHdqwo5BWf-Q.jpg
https://web.archive.org/save/https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8
https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8
1*WkosvaZ2ARJ2hnmXFs02Ow.jpg
https://medium.com/@nathanielhebert/around-the-world-with-phineas-phileas-fogg-11b23048550e
https://web.archive.org/save/https://medium.com/@nathanielhebert/around-the-world-with-phineas-phileas-fogg-11b23048550e
0_xFDd1jWKzAU7BI6v.jpg
https://web.archive.org/save/https://onehallyu.com/topic/690975-%E2%80%98incredibles-2%E2%80%99-smashing-records-with-174m/
https://onehallyu.com/topic/690975-‘incredibles-2’-smashing-records-with-174m/
PIXELKNOT STORY
q drop about pixelknot
>https://8ch.net/qresearch/res/2298164.html#q2298508
>>2298508
anons found pixel knot messages posted on /qresearch/ before Q drop
>>2347619
>https://nofile.io/f/PR5CxvthaYp/jpeg_ffd8_ffdb_0084.zip
sha256 hashes
>https://pastebin.com/4e6Eswvc
>>2350592
pages they were posted
>https://pastebin.com/z4cXBLMv
html files of pages
>https://nofile.io/f/vQUoqymbq79/original_htmls.zip
original filenames of the images
>https://pastebin.com/qnieJg81
original weird filenames
>https://nofile.io/f/czFOXr2wYBF/out.zip
YOU CAN HELP
look at the old posts, at the id of the post and replies
find the originals
figure out clues for the keys
hiding in plain sight?
examples
https://8ch.net/qresearch/res/624511.html#q625298
>>625298
https://8ch.net/qresearch/res/1828419.html#q1829054
>>1829054
https://8ch.net/qresearch/res/1531874.html#q1532685
>>1532685
https://8ch.net/qresearch/res/1508591.html#q1509109
>>1509109
https://8ch.net/qresearch/res/1477025.html#q1477588
>>1477588
https://8ch.net/qresearch/res/2313270.html#q2314068
>>2314068 Exodus Chapter 8
BREAKING THE ENCRYPTION
none of the images have been cracked yet
these methods are confirmed to work on test images
PixelKnot on Bluestacks
>https://www.bluestacks.com/
>https://guardianproject.info/releases/PixelKnot-0.3.2-RC-1.apk
>>2298508
>https://guardianproject.info/apps/pixelknot/
use the last 1/3 of the password to crack first layer of f5 encryption
PixelUnknot
>>2311401
>https://github.com/banona/PixelUnknot
f5.jar
>>2325105
>curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar –output f5.jar
>java -jar f5.jar x -p plan -e out.txt Q4example.jpg
>cat out.txt
745039 No.2371388
>>2371258
>>2365916
>It is possible that somewhere in the world there exist a piece of editing or conversion software that outputs jpeg headers in exactly same way?
great question!
f5Android library was ported in 2012
https://github.com/harlo/F5Android/commits/master
it was modified in 2/10/17 to remove the JFIF header (on line 666)
that change was merged to guardianproject f5Android 2/15/17
https://github.com/guardianproject/F5Android/commits/master
the pixel knot versions on the download page do NOT have the change (all 2015 and earlier)
so ONLY the play store version has the change
AND
the two devs involved in removing that header don't commit very often to the project, it's a strange change to make…
https://github.com/guardianproject/F5Android/commits?author=n8fr8
https://github.com/guardianproject/F5Android/commits?author=harlo
especially by this person
https://freedom.press/people/harlo-holmes/
this is not a popular library
0% CHANCE ANOTHER PIECE OF SOFTWARE IS USING THIS LIBRARY
745039 No.2371551
>>2371258
PixelKnot posted to /pol/
Q predicted this
0_PDlwBQSymrdu7_5D[1].jpg
https://archive.4plebs.org/pol/thread/170109703/ Hello I am a reporter from CBS.
1_Wu-LPq1zKK-R5lsT67nRYA.jpg
https://archive.4plebs.org/pol/thread/179461614/#179476204
745039 No.2371566
>>2371258
pixel knot posted on medium.com
745039 No.2371604
>>2371258
stegdetect thinks these have f5 data, and they all have the PixelKnot signature
0_PDlwBQSymrdu7_5D.jpg : f5[1.687834](***)
1_v3vvVO3DuvEB-osQDcIqlw.jpeg : f5[1.664398](***)
1_Wu-LPq1zKK-R5lsT67nRYA.jpeg : f5[0.652062](***)
1_xv-xqPhM_w3qdIatlg8L9A.jpeg : f5[3.026896](***)
1-0V2r2vC9pJRhMu8E_i0B7A.jpg : f5[1.590077](***)
745039 No.2371636
f5 detected in all of these with the PixelKnot header
00c9c0a7f1e16262b2fc85bda8bf7f35d87777fa4ce17aedf2cb111be3fa8c19.jpg : f5[1.487972](***)
18e535c2558973824cf2f11ea009066d0cd1fe3ac6c8b4bc0d5fa687d89da67a.jpg : f5[1.077547](***)
1b01e2fbd7483fe2167a417ed605269fa0fc8aaf9bbd1859898ea13b22ba4dee.jpg : f5[0.754573](***)
252ff478b5b8fff4c1f21d2a2fc1e7fb7fe63567f97c0d48f8015554c238f95f.jpeg : f5[0.629857](***)
262033564a1203326fea09ce1690e6466d577eb328c2f701a38781041a95f865.jpeg : f5[0.635810](***)
27cbddbc07d9b2e1fd99e4a79027b84f7dfbfc036fc446e216c8c5d79c524f45.jpeg : f5[1.069136](***)
310f67a6d8347ca66d1f9834c57590f0d848599155233ced507339e12dff764f.jpeg : f5[1.430104](***)
3acfcd9010a0c4ac35b0094eba3091edd503c8567e19245bf4439d933783d499.jpg : f5[1.762944](***)
419a76281780faaba70a562eadb3259afa20f110bde50d6b3a59611a1990c63e.jpeg : f5[0.652062](***)
43cade15e74ea33de94fe1e348366276d52b586f3e3cc37aa5c78740730282dd.jpg : f5[0.672636](***)
593888383f3b0cb45830b446e147fb0a63fa2323f2d5cae0fa667f432537ad7f.jpeg : f5[1.720412](***)
595033569a40a6b9371eec9374ee85f5f9f15cb795abcb231d743c632ca8c8e2.jpeg : f5[1.646860](***)
66e906944458a8e86480d8a5a167d8d59d7439f1a50a7606990ecaff2d875d1a.jpg : f5[0.313252](**)
68ccb4146da74068a0d8749ac6bd3dab249e1a6d947c8ee106ef5bfdc0c9cf6e.jpeg : f5[3.026896](***)
8956211e37873f95544dc8411b96cec78ab9015e5ab1bfb32e77dcf7e23efffa.jpg : f5[0.385592](**)
9a63066551a3fb4c3372b0de92d1f2765f5e3282407a9eff8f02bda18abc19f0.jpeg : f5[0.646259](***)
a1677d3d755fabf1c73b1786f5ac39f714c59cf72fc288029c166f9be119b7cf.jpg : f5[1.687834](***)
a5e5c137d0b352d8dbacaf8e2802f62bf59dac5dbd2b6af2d8379ac308b7b3d8.jpg : f5[0.369714](**)
be471d6d62109bc5be47082d1cf9a537777d9f6de5b1d777d4ee113a9c47ab63.jpg : f5[1.220465](***)
c17f5a9d1c3a40b5a866c68c964919f0e9dd29cd22f65d42817e6fb98f9baade.jpeg : f5[0.531815](***)
ce753f2d52183cbfa45b036d424ae516ce052f7b5b199b9f104db4f3b2ebc33d.jpg : f5[1.233975](***)
da6e9b4af508b04b76ec9882d59d6e85477e56f0c099914cf0f28f6a78f4b1c4.jpg : f5[1.661258](***)
db993b32deab77deff84aed2d656da90f820e6e0a86419368c7fddf3a3399557.jpeg : f5[0.540917](***)
e32140dca7b6a613fc23e47d7c7fb80ee953ae905328bff12a63afbade44cddc.jpeg : f5[1.664398](***)
e5393fba4fcca1dab2d66f98e520503ca942e3bf42bae78de2aa08c8576fa024.jpg : f5[1.590077](***)
e6b8db63781c16e82f72a5ed3fea3bfda5913bcd4b8bc881a81641b4b803ba8e.jpg : f5[1.484567](***)
ec1a0995e2b221546988a8e79fd4432f4464bef83a01b625a29b28192f2a083e.jpg : f5[0.366998](**)
ee59b2d2e90904a33d5176302c4982d0496a1536cf16aa73f6029d4ff0734878.jpg : f5[1.828625](***)
f5ee16710b749e2c4dd3e95a1f725723b322f9963010256dc3cffad0eddff752.jpg : f5[1.235872](***)
fb4155bf04f4b1dbe5cd387772dd7b02c33165c5cd8d4f244ff89743e9dfdeb6.jpg : f5[0.626920](***)
745039 No.2371666
>>2371258
focus on the evil eye posted to /pol/ on 01 May 2018 14:22:30
0_PDlwBQSymrdu7_5D.jpg : f5[1.687834](***)
Hello I am a reporter from CBS.
tried every 3 letter combo already
c69a4f No.2371688
The identified pxlknot images I looked at were all 96dpi and 24bit color.
A general approach to decryption is to start with the simplest image, and then encode one character. Examine the resulting image. Do it again with the same characterto see if there is a change.
Then sequentially encode '1','2', '3', etc. and see if there is a predictable pattern.
What you're looking for is a way to brute-force decode the image.
Also try to find the original images before they were subjected to pxlknot.
d09e22 No.2371713
>>2371636
that ring is pedo symbol.
jackson lee wears one.
c69a4f No.2372025
Here is source code for determining entropy of a file. Can be used in connection with brute force decrypter to identify results with significantly different entropies.
https://pastebin.com/raw/Gx34MNZF
f7173a No.2372148
>>2371713
The spiral has many meanings. It is an ancient symbol.
https://en.m.wikipedia.org/wiki/Spiral
35f05f No.2372226
>>2371388
So just so to be sure, are you are saying the app store version is incompatible with the F5 library that is used with say tools built on linux?
I can't seem to extract data on linux that I embeded with the appstore apk (that I built from the source). I can't figure out why, but it mimic's some of the other responses from the previous bread.
Huffman decoding starts
Permutation starts
921600 indices shuffled
Extraction starts
Length of embedded file: 1798344 bytes
(1, 8388607, -9) code used
Incomplete file: only 0 of 1798344 bytes extracted
745039 No.2372349
>>2372226
>are you are saying the app store version is incompatible with the F5 library
no
the change looks compatible, the header is optional
I have decoded the Q4example.jpg with google code f5.jar build in 2011 (where f5Android was ported from) and from the most recent source on windows using sun jdk 1.8
not sure if openjdk or linux would be different
java -jar f5.jar x -p plan Q4example.jpg -e msg.txt; cat msg.txt
Huffman decoding starts
Permutation starts
172800 indices shuffled
Extraction starts
Length of embedded file: 88 bytes
(1, 127, 7) code used
—-* PK v 1.0 REQUIRES PASSWORD —-*X2InRnMHwOY+GdUR
TO35nRz9oRcsyttLFXwY/4eNcONHaSTS
35f05f No.2372815
>>2372349
See if you can decode please.
'qanon'
fa9e7b No.2372909
I ran the pixelknot python detection script that was on here in the last few days on my cache of qresearch image files and found there was a few of them.
Uploaded what i found so far to https://anonfile.com/h8k8Adf3b6/pkfiles.zip as i don't have the computing power to tinker with them.
745039 No.2373016
>>2372815
f5 layer with last 1/3 (non)
java -jar f5.jar x -p non -e msg.txt ../../Downloads/760ba9dfcb03613b2db84902b7dec4c2edba182945542a18456b9a18cda2a857.jpg; cat msg.txt
Huffman decoding starts
Permutation starts
1238400 indices shuffled
Extraction starts
Length of embedded file: 104 bytes
(1, 127, 7) code used
—-* PK v 1.0 REQUIRES PASSWORD —-*vNOvTv6i78CsQvHg
WUnqE8Qmo0GnUuJ/Gj52/pRgCjCkPGuRF00t8+Kd0w+ccVU=
PixelUnknot
CORRECT PASSWORD qanon
==========================
Evil Everywhere …
==========================
757a03 No.2373115
757a03 No.2373154
>>2373115
I just wanted to link this over here from the Silverman password thread in case there's any significance.
I'll bug off now!
745039 No.2373244
>>2372909
great work anon, this image is small enough i can try 2000 passwords/second -
tried all 3 combos (rules out all passwords < 10)
takes 7 hours to go through all 4 char combinations (all password < 13 chars)
if we crack one image it might give us a clue on the passwords for the other
745039 No.2373486
>>2371258
ANOTHER WEBSITE WITH PIXELKNOT
0_SVRAr3qJsZsv1Z4H.jpg
https://web.archive.org/web/20171027003748/https://nyulocal.com/love-and-no-other-drugs-how-big-pharma-is-screwing-us-7d7445db7b38
https://nyulocal.com/love-and-no-other-drugs-how-big-pharma-is-screwing-us-7d7445db7b38
c5ee9d No.2373544
>>2371388
But is it still possible that another, entirely irrelevant piece of software could coincidentally produce images with the same header?
fa9e7b No.2373593
>>2373244
Wish i had a faster computer. Glad someone can make a go of it.
35f05f No.2373814
>>2373544
This is a stretch, but what if they didn't use PixelNot at all? What if they used the JS version of F5?
745039 No.2374639
updated PixelUnknot main with timer
https://pastebin.com/KrbEYrE7
35f05f No.2374860
>>2373016
Thanks for your help. I think I'm missing something, PixelUnknot is needed to decode the output from f5?
After getting bounced around in the 'bouncy castle' I was able to run PixelUnknot, but not sure how to get the message decoded.
8a1878 No.2374887
>>2373244
Honestly, the only way I know of to speed this up would be to do what the bitcoin miners do and find a way to shunt the data into a graphics card to 'render' out the solution.
Not knowledgeable enough on this topic though to even wrap my head around how this gets done on a mathematical level, I just know that a graphics card can pump out hashes like there's no tomorrow.
745039 No.2374957
>>2374860
you need two files, the image and text file with the list of passwords to try
you can run in intellij with this run config (see pic)
or command line
jar -cp "<classpath crap>" q.Main Q4example.txt passwords.txt
>>2374887
i wish, need to have java's secure random and that won't run on a GPU
21c507 No.2374970
>>2373544
Yes. Any software that uses the "james" library to write JPEG images.
745039 No.2375023
>>2373544
it's a stretch, jpeg header can come in any order this is unique. only way to know for sure is to decode one of these or find another piece of software that does the same.
look at the images - they are creepy - and some of them are unique enough to find the sources - different websites images with the same naming convention 1_XXXX_XXXXXX that were posted on qresearch over the last few months
35f05f No.2375031
>>2374957
Huffman decoding starts
non good byte - at 0
non good byte - at 1
non good byte - at 2
non good byte - at 3
!!!!!!!!!!! PARTIAL MATCH - non
!!!!!!!!!!! PARTIAL MATCH - non
!!!!!!!!!!! PARTIAL MATCH - non
!!!!!!!!!!! PARTIAL MATCH - non
I'm not getting the message … Since in my case I just added qanon to the passwords.txt
745039 No.2375089
>>2374970
james is an implementation of f5 jpeg encoder, so if it is another program it'd probably be a f5 steg program too
https://github.com/otuncelli/f5-steganography/blob/master/F5Lib/James/JpegEncoder.cs
e511db No.2375171
>>2371258
Don't know if it was already done, but I ran the python pixelknot detection script in a folder with all of Q's images he posted.
0 pixelknot images…
745039 No.2375174
these look like ports of the original java both write the JFIF header on encoding
java
https://code.google.com/archive/p/f5-steganography/
c#
https://github.com/otuncelli/f5-steganography
python
https://github.com/jackfengji/f5-steganography/
ccc1fa No.2375198
>>2375171
that py script is trash, can't tell its ass from a hole in the ground
21c507 No.2375234
>>2375089
Yes, it's probably used by nothing else than the F5 library, but James JPEG Encoder actually predates F5.
https://web.archive.org/web/20100111121336/https://www.obrador.com/essentialjpeg/jpeg.htm
745039 No.2375351
>>2375234
hmm pretty widespread, still all write JFIF
https://github.com/lxyu/52pai/blob/master/j2me/src/me/zhaoren/JpegEncoder.java
https://github.com/abronte/f5-steganography/blob/master/src/james/JpegEncoder.java
https://www.media.mit.edu/pia/Research/deepview/src/JpegEncoder.java
weird that somebody would move it down to line 666 and comment it out
e511db No.2375386
>>2375198
So how do you detect a pixelknot image?
745039 No.2375392
>>2375234
>>2375351
https://www.google.com/search?q=WriteArray%28JFIF%2C
745039 No.2375402
>>2375392
missing JFIF and signature at 0x88
35f05f No.2375416
Not sure which is more important, trying to decipher hidden messaging/files in Q's posts are PixelKnot comms.
We are going to have to start from scratch if try to extract (if any) hidden data from Q's images.
745039 No.2375458
>>2375416
it's not Q using PixelKnot it's them…
they are trading information over these images posted places, on /pol/ …on /qresearch/… on medium.com
they are using them to identify each other
c5ee9d No.2375498
>>2375458
Anything to back this up, or just guess work?
e511db No.2375569
>>2375402
I used the f5.jar to add a message to a picture, and to extract it again for verification.
That encoded picture does have JFIF in it and does not have that FF C0 00 11 @ 88
35f05f No.2375588
>>2375458
I know this, I'm saying what if Q hid data in PNG's, all this PK work is for not. Some of the PNG's Q uploaded seemed pretty large for what they are..
35f05f No.2375616
>>2375402
I think the C0 is the start of the image, but I could be wrong.
35f05f No.2375683
>>2375616
Marker Identifier 2 bytes 0xff, 0xc0 to identify SOF0 marker.
My hex compare using PixelKnot app, the image with message is 0xff, 0xc0, and the image without is 0xff, 0xc2
e511db No.2375702
This is what I get with a little test.
Hope it helps
745039 No.2375707
>>2375569
exactly - only pixelknot encoded images are missing that - f5 will decode it
>>2375588
pixelknot only does jpg/jpeg
35f05f No.2375762
>>2375707
>pixelknot only does jpg/jpeg
I know :)
Hence why I said start all over …
35f05f No.2375793
>>2375702
If I specify the full password to f5.jar it chokes, if I specify the last 3 digits I get (in out.txt):
—-* PK v 1.0 REQUIRES PASSWORD —-*vNOvTv6i78CsQvHg
WUnqE8Qmo0GnUuJ/Gj52/pRgCjCkPGuRF00t8+Kd0w+ccVU=
35f05f No.2375858
>>2375793
By choke I get this instead:
java -jar f5.jar x -p qanon ~/Downloads/goods.jpg
Huffman decoding starts
Permutation starts
1238400 indices shuffled
Extraction starts
Length of embedded file: 485098 bytes
(1, 67108863, -6) code used
Incomplete file: only 0 of 485098 bytes extracted
ccc1fa No.2375964
>>2375402
This is not a consistent way to find f5 images. In fact, it doesn't even work with the q test image available in this thread. Also, I see the same patterns in images I've created myself. Also if you use a hex editor to examine various images that are implicated as f5 this pattern does not fit. If you want to start comparing I recommend using beyondcompare and renaming the jpg to txt.
ccc1fa No.2376015
>>2375386
Still trying to determine that consistently. I saw someone here using stegdetect but I haven't tried it yet and it looks like based on settings you use can result in a high rate of false positives
757a03 No.2376405
I imagine someone has already caught on to this.
Just in case though, there seems to be a punisher image hidden in the Silverman image brought out with image filters.
Also what looks like a navy seal eagle image on the nose of the punisher skull.
Both images have significant meaning to this group of patriots.
I'll try and get it clearer.
Password may be blackwater, Erik Prince or Frontier Group
745039 No.2376447
>>2375964
>>2375198
>>2376015
this fellow anon is how you recognize them
they want to slide the conversation with arguments that are easy to argue
glad we have your attention
745039 No.2376493
>>2375031
the code is trying to find the last 1/3 of the password
here is a Main.java that decodes the message
https://pastebin.com/YmUkxvBk
35f05f No.2376582
>>2376493
Thanks, I get this when I build with your changes …
java -jar PixelUnknot-1.0-SNAPSHOT.jar ~/Downloads/goods.jpg passwords.txt
Huffman decoding starts
non good byte - at 0
non good byte - at 1
non good byte - at 2
non good byte - at 3
!!!!!!!!!!! PARTIAL MATCH - qanon
!!!!!!!!!!! PARTIAL MATCH - qanon
!!!!!!!!!!! PARTIAL MATCH - qanon
!!!!!!!!!!! PARTIAL MATCH - qanon
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.init(Cipher.java:1393)
at javax.crypto.Cipher.init(Cipher.java:1327)
at q.Main.DecryptWithPassword(Main.java:45)
at q.Main.extract(Main.java:107)
at q.Main.lambda$main$0(Main.java:153)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:291)
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:401)
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734)
at java.util.stream.ForEachOps$ForEachOp.evaluateParallel(ForEachOps.java:160)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateParallel(ForEachOps.java:174)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:583)
at q.Main.main(Main.java:151)
745039 No.2376618
>>2375793
>>2375858
exactly right
pixelknot uses the last 1/3 of the password for the f5 encryption
the rest is for the AES encryption layer after
if we can find the last 1/3 of the password we can PROVE there is a pixelknot message in one of these images
745039 No.2376678
>>2376582
does it work with Q4example.jpg and passwords.txt ? might be that qanon is too short of a password
4d00ef No.2376757
>>2376618
Working on pic related
Have searched this keyspace up to length of 3 chars for the F5 seed
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 .,:;!?()-+*/\[]{}@_><#~=^`'"&%$
space included
No hits - proceeding to length of 4 - will report back in a few days
35f05f No.2376795
>>2376678
I'll check, but someone was able to extract the message in the image I uploaded earlier. So there is some difference with my runtime vs. anon's runtime, or some bug someplace.
I want to make sure that I can verify results from PK app and then extract then on my box, this way I know for sure I have something that's reliable. I'm using 1.8 on mac, I was thinking about switching to VB vm instead (I have a couple different VMs aready setup), but I'm just puzzled why I'm not getting the same results as the other anon.
745039 No.2376809
>>2376757
don't forget single and double quotes
I'm running this on all the images
crunch_win.exe 1 3 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"
and running
crunch_win.exe 4 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"
on evil eye
4d00ef No.2376829
>>2376809
I haz both. I started on the evil eye but I noticed the rate was way low on that image (in comparison to test images)… you may want to check yourself. Much faster against illumipepe
ccc1fa No.2376835
>>2376447
You got the fellow anon part right but sliding, in the same thread?
Yours is the first I've seen that matches that cap (just started working on this today). Do you have other images that fit this pattern? Otherwise, I haven't found any yet and the other version of the q example image had the FF C0 starting at 9E not 88, something isn't fitting here.
As for the python script its looking for files that begin with 'ff d8 ff db 00 84' which I also haven't found any images posted as examples on the board fitting this format.
This is also just one implementation of f5 with the missing jfif header. There are many from my understanding.
The CBS eye everyone keeps posting is 9E not 88 and has a header.
many others are FF C2 around 9E instead of C0.
35f05f No.2376851
>>2376757
Would be nice to have a distributed setup for this, because if we crack one, we have many others that probably won't have the same password.
ed2885 No.2376856
New avenue…the instructions to decode are in the original message. Google, Yandex, iqdb. What do they have in common? Reverse image search. Use the Silverman image to reverse search. Now what pictures? Is it given right in the image number? IMG_382. Third pic Google, eighth pic Yandex, 2nd pic iqdb. What info from these three pics? Hit a wall, run with it.
ed2885 No.2376914
>>23768>>2376856
>Silverman passcode
>New avenue…the instructions to decode are in the original message. Google, Yandex, iqdb. What do they have in common? Reverse image search. Use the Silverman image to reverse search. Now what pictures? Is it given right in the image number? IMG_382. Third pic Google, eighth pic Yandex, 2nd pic iqdb. What info from these three pics? Hit a wall, run with it.
WAIT also stands for what anime is this, and has reverse image search
745039 No.2377012
>>2376809
>>2376829
oh yeah i switch too when the new file bundle came out, i'm trying 4 char combos on the smallest image
progress - count: 30089632 elapsed: 15622s = rate: 1926 pw/s
ccc1fa No.2377022
>>2376887
No it looks like its just how I've been downloading the image to check it.
Thanks for the example and showing me what I was doing wrong, perhaps you'd like to confirm.
Without expanding the image, right-click and save image as. View the hex.
Then expand or use the direct link above the image and you get that header.
745039 No.2377210
>>2377022
download these two batches of files
https://nofile.io/f/PR5CxvthaYp/jpeg_ffd8_ffdb_0084.zip
https://anonfile.com/h8k8Adf3b6/pkfiles.zip
745039 No.2377224
>>2377210
research where they come from
ee4cfa No.2377313
>>2376809
>don't forget single and double quotes
Assuming the password accepts unicode, you may have a much bigger fight ahead of you. Consider other symbols like the pound sign (£) or the euro found on keyboards from other countries.
If it's unicode, you can safely assume UTF-8, given it's a pretty widespread standard.
Also, I recommend avoiding random character generators, but having a pre-computed array/table (for 3 characters).
If you're looking at additional bruteforcing power, a couple of recommendations:
1) Each of you should pick one picture each and specify what image you are trying to decode, and how. That way you're not duplicating each other's work.
2) If failed, specify what you tried and the 'results', if any.
For bringing hardware resources to bear:
1) Consider modded PS3s (some of you might have one or two lurking around), they're ideal for bruteforcing
2) Trial periods on cloud hosting repurposed (or alternately rent out some rackspace)
3) Dust off some old laptops, machines, and set them to work continuously whilst you do other things
4) Get some programmerfags to rewrite the testing code in bare metal (like C++) which would see mild performance improvements
Alternatively, if exhausting the three character space is too much, assign each of yourselves a single first character, and brute force all characters under that character.
So if one of you was to do 'A' (A), the next person would do 'B' (B).
Brute forcing isn't just about power but also efficient allocation of resources.
PS, Bitcoin's algorithm is SHA256. So if you're looking to break SHA256, look no further than your own noses. ; )
745039 No.2377440
>>2377313
>If it's unicode, you can safely assume UTF-8, given it's a pretty widespread standard.
yeah great point … looked at the code and no reason why unicode passwords wouldn't work
745039 No.2377671
>>2377313
>>2377440
WHY NOT EMOJIS???
https://emojipedia.org/google/
1b4548 No.2378143
>>2371388
>the pixel knot versions on the download page do NOT have the change (all 2015 and earlier)
>so ONLY the play store version has the change
Reposting from last bread, possibly relevant.
Are the brute force tools developed here based on the most recent github resources?
>>2348169
>…/PixelKnot/blob/version_2/PixelKnot/
https://play.google.com/store/apps/details?id=info.guardianproject.pixelknot&hl=en_US
>Updated: February 17, 2017
>Current Version:1.0.1
https://github.com/guardianproject/PixelKnot/releases/tag/1.0.1
>n8fr8 released this on Feb 16, 2017 · 0 commits to version_2 since this release
I'm probably tired or a dumbass, maybe both. But is version 2 in github the same as the one on in the play store right now?
1b4548 No.2380484
>>2378143
>>2371258
THERE IS SOMETHING DIFFERENT IN THE APK THAN WHAT'S FOUND ON GITHUB
Took the apk, put it through a decompiler and found an additional file
F5buffers.java
import info.guardianproject.f5android.C0217R;
import info.guardianproject.f5android.plugins.PluginNotificationListener;
C0217R
package info.guardianproject.f5android;
public final class C0217R {
public static final class drawable {
public static final int ic_launcher = 2130837601;
}
public static final class string {
public static final int app_name = 2131165211;
public static final int cleaning_up = 2131165272;
public static final int downsampling_components = 2131165273;
public static final int init_coeffs = 2131165274;
public static final int init_huffman_buffer = 2131165275;
public static final int init_permutation = 2131165276;
public static final int querying_image = 2131165277;
public static final int reading_huffman_buffer = 2131165278;
public static final int setting_huffman_buffer = 2131165279;
}
public static final class style {
public static final int AppBaseTheme = 2131296416;
public static final int AppTheme = 2131296417;
}
}
1eb45a No.2380486
>>2378143
I think so. The test image I created with Pixelknot (from the Play store) is missing the JFIF at the beginning of the file. The "pixelunknot" brute force tool (almost) works on my test image.
I say "almost" because I ended up modifying the loop (pic related). My test image's password was "test", so that's a seed string of "st". The loop wouldn't try it even though I had "test" in the dictionary file. On a side note, I also added a HashSet that keeps track of everything attempted, to avoid re-trying common word endings.
f3fd5b No.2380686
PNG DECODE HERE in bread 3000.
>>2380591
BFD!!!
1b4548 No.2381600
>>2380484
I'm using
https://www.javadecompilers.com/apk
to obtain the source code directly from the android app, not github.
>https://guardianproject.info/releases/PixelKnot-0.3.2-RC-1.apk
Again, even the older version /pol/ shared also has an additional file in the F5 bundle
F5buffers.java
import info.guardianproject.f5android.C0064R;
import info.guardianproject.f5android.plugins.PluginNotificationListener;
C0064R.java
package info.guardianproject.f5android;
public final class C0064R {
public static final class drawable {
public static final int ic_launcher = 2130837631;
}
public static final class string {
public static final int app_name = 2131361805;
public static final int cleaning_up = 2131361806;
public static final int downsampling_components = 2131361813;
public static final int init_coeffs = 2131361809;
public static final int init_huffman_buffer = 2131361808;
public static final int init_permutation = 2131361807;
public static final int querying_image = 2131361810;
public static final int reading_huffman_buffer = 2131361812;
public static final int setting_huffman_buffer = 2131361811;
}
public static final class style {
public static final int AppBaseTheme = 2131427417;
public static final int AppTheme = 2131427418;
}
}
bbb839 No.2382513
>>2371688
I don't understand all the details but F5 stegnography encodes data by altering the DCT coefficients per 8x8 pixel block, those coefficients are stored with Huffman compression. The method of encoding is why the output image is always a JPEG. You would have to do statistical analysis of the JPEG coefficients… (assuming the software wasn't comprimised to leak additional info as well, the absence of JFIF header appears to be such a case)
0016c5 No.2384816
>>2374957
We might be able to put the GPU to some use. The decoding part obviously has too much conditional branching for it to be of any use there. But the Permutation generation step is highly linear. It should be well suited to parallelization. It could be sent perspective passwords and a sizeN and send back an arrays. However, it would be memory bound. And the huge bandwidth requirements to send those arrays back to the main memory might be an issue.
I found the source for all the parts of SecureRandom and plan on making a perfect replica of it in C as a stepping stone to a possible GPU implementation. That is extremely ambitious for someone with my coding skill-level. But I can to it… eventually.
e15c71 No.2384880
Not a code flag, but is it possible code/key/password is John Podesta's password p@ssw0rd ? Q said future/news unlocks past?!?idk maybe iz just a baboon loose on board.
4d00ef No.2385149
>>2384816
https://arxiv. org/pdf/1606.00519.pdf
0016c5 No.2385219
>>2385149
The Huffman decoding part is a non issue. You only need to do that once for an unlimited number of password attempts.
It's calling the SHA-based psudorandom number generator a million times in series (can't be paralleled) to decide which integers to shuffle around that takes most of the work.
4d00ef No.2385265
>>2385219
Can't we just use/modify the existing hashcat code for that?
https://hashcat.net/wiki/doku.php?id=example_hashes
4d00ef No.2385325
>>2385219
Sorry that's for the AES decryption portion… still, I think we could use the existing hashcat code for the SHA portion of PRNG. SHA1/256 on hashcat is stupid fast. Something like 600m hashes/s on my old ass card.
0016c5 No.2385604
>>2385325
Hashcat is doing something totally different. It's trying to find the passwords that produced a set of hashes. It does this by hashing lots for trial passwords once in parallel'. We need to take one password, use it to set the state of the SHA algo, and then cycle the output back in many many times. This is an unavoidably serial process. If I indeed go down this rabbit hole it will probably involved reading the HashCat code as a way of learning how CPU<->GPU coding works. I might even use some parts from it. But beyond that programs like HashCat and John the Ripper are not useful to us.
4d00ef No.2385732
>>2385604
I know. Rather than shooting for one target hash, we try 1k passwords at once and run each serially with however many iterations required, in parallel. I don't see a problem here. I still think it can be modified to our purpose.
0016c5 No.2386063
>>2385732
We are not really looking for one target hash. It would be nice if it were that simple. Here is the annoying chunk of code in question. 'random.getNextValue' calls 'SecureRandom' which was previously seeded using the password under test. Inside 'SecureRandom" there is a SHA hash function at the heart of it. 'size' is typically around a million.[code]public Permutation(int size, F5Random random) {
int i, randomIndex, tmp;
shuffled = new int[size];
// To create the shuffled sequence, we initialise an array
// with the integers 0 … (size-1).
for (i=0; i<size; i++) // initialise with size integers
shuffled[i] = i;
int maxRandom = size; // set number of entries to shuffle
for (i=0; i<size; i++) { // shuffle entries
randomIndex = random.getNextValue(maxRandom–);
tmp = shuffled[randomIndex];
shuffled[randomIndex] = shuffled[maxRandom];
shuffled[maxRandom] = tmp;
}[code] It's serial. And it's memory intensive. But at least there need be little conditional branching (which GPUs suck at). So this would use all of the GPUs RAM long before you got enough processes in parallel to use all of its computing power. It can't hurt to have a few hundred more cores helping the main CPU (as long as there are no memory bandwidth issues). But we're not going to get the same astronomical performance boost that HashCat gets.
0016c5 No.2386109
>>2386063
Oops, for got the /
for (i=0; i<size; i++) { // shuffle entries
randomIndex = random.getNextValue(maxRandom–);
tmp = shuffled[randomIndex];
shuffled[randomIndex] = shuffled[maxRandom];
shuffled[maxRandom] = tmp;
}
4d00ef No.2386525
>>2386063
Is size the size of the decompressed bitmap? Or is it something else?
PS tells me that's about 303K for illumipepe.
Even if it's 1MB as you say, that's still 1500 instances of the image.
With my lame 1.5GB graphics card that's still almost 5K potential instances
0016c5 No.2386742
>>2386525
Its the size of the DCT coefficient list.. which works out to be the same as the number of pixels * channels (RGB). But, practically, yes. Many of the images are larger than that one.
>With my lame 1.5GB graphics card that's still almost 5K potential instances
Indeed. I just need to work out how it will handle all the out of order loading and storing.
4d00ef No.2386850
>>2386742
The DCT coefficient list only gets computed once, correct? If so, we only need to push one copy of the data to the graphics card and we should be able to copy it as many times as we want, no? And if we manage to implement it all on the graphics card, then all we really care about getting back is the rate of attempts and the valid key, if any. And yes, I understand many images are larger but essentially it would work out to max available GPU mem divided by decompressed image size in terms of threads. I'm willing to bet that's still a fuckton more than we've got going currently.
0016c5 No.2386977
>>2386850
Uh-huh. That is why I'm currently reading up on GPU programming.
The stumbling block I foresee is that there is a lot or random accessing going on after very short work segments will very short arrays. This is really not what GPUs are good at.
Disclaimer: I have no experience with this kind of stuff and I'm mostly just talking out my ass. So if anyone who has ever done anything in CUDA or OpenCL would like to weigh in it would be much appreciated.
745039 No.2387120
>>2386977
i've done CUDA and been looking at f5 and no it would not be a good fit… too bad too because i've got some monster gpu power
4d00ef No.2387183
>>2386977
Roger that.If there's one thing I'm certain of though, it's that we drastically need to speed things up. Perhaps a pure-C implementation would be enough. IDK. I'm gonna sleep on it. G'night anon.
bb8fea No.2387734
>>2371388
So the only people stupid enough to use that app are media types. Well, that's interesting. So when we crack this, there is a slightly less chance of finding CP from perverts and more of a chance finding gamer gate type collusion between media personal and/or leaks to the press from stupid gov members. Perfect. I knew there had to be a reason why Q pointed us to such a trash app.
I guess a good project, for those who aren't skilled at writing efficient code for password cracking, would be to work at better detecting PK images and scrapping them from the archives of /pol/, 4/pol/, perhaps QResearch, and all the social media of the various media figures/known government leakers. Perhaps even look at some of the pizza gate dumps for stego. And as always, If you do start finding PK images from journalists on their social media, archive and backup everything before you blow your load, so they don't delete more than they already have once they find out we know.
0016c5 No.2387811
fa9e7b No.2387890
>>2380484
I do android programming and the C0217R code you psoted looks like resource ids compiled by the either android studio or gradle. They must be manually added because usually they are in R.java or sometimes in BuildConfig.java (in the final apk)
fa9e7b No.2387952
I ran the apk version 1.0.1 (last version listed on the playstore) and couldn't find the C0217R class, ran it through two decompilers and neither had it in its output set of files.
1eb45a No.2388029
I wondered if the first 100 bytes of jpeg files we're looking for is not unique to PixelKnot. So I made a "find-pixelknot.sh" shell script to recursively search directories on my computer. I searched a backup from an old hard drive to see if any jpeg files that predate PixelKnot could be found. There were no matches out of 17k jpeg files. I'm leaving it here in case any anons find it useful.
Usage:
./find-pixelknot.sh <path to search recursively from>
#!/bin/bash
PN_HASH_DESIRED_OUTPUT="3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -"
INPUT_PATH=$1
cd "$INPUT_PATH"
# Make sure globstar is enabled to support recursively searching
shopt -s globstar
declare -i FILES_EXAMINED=0
declare -i MATCHES_FOUND=0
echo "Searching for jpeg files to see if it looks like Pixelknot created them."
function exit_output {
echo "";
echo "Terminated. Jpeg files examined: ${FILES_EXAMINED}, matches found: ${MATCHES_FOUND}.";
}
trap exit_output EXIT
for filename in **/*.jp*; do
((FILES_EXAMINED++))
FILE_HEADER_SHASUM_OUTPUT=$(head -c 100 "$filename" | shasum)
if [[ $FILE_HEADER_SHASUM_OUTPUT = $PN_HASH_DESIRED_OUTPUT ]]; then
echo "File $filename looks like a Pixelknot image.";
((MATCHES_FOUND++))
fi;
done
5c991a No.2388161
https://github.com/guardianproject/PixelKnot/issues/6
fa9e7b No.2388204
>>2388161
https://www.ws.binghamton.edu/fridrich/research/f5.pdf
0b8713 No.2389010
Have the pictures Q posted been checked? Perhaps Q has posted some passwords, like his bolded words.
e0b5a0 No.2389880
https://www.rdmag.com/news/2013/03/steganography-hiding-secret-message-plain-sight
1b4548 No.2390679
>>2387890
Thanks for clarifying, I thought I was on to something. Did the same with another decompiler and they were either absent or listed as R.java like you said.
745039 No.2390758
>>2387734
>only people stupid enough to use that app are media types. Well, that's interesting
started in 2012
n8fr8 and harlo are contributors up until 2015
sep/nov 2016 N-Pex starts updating and 2.0 is released 11/20/2016
out of the blue on feb 15 2017, n8fr8 updates the f5Android "update F5 to latest with fix"
but that "FIX" is only the removal of the JFIF header making it possible to easily identify PixelKnot images
without that "FIX" PixelKnot images would not be easy to detect
would look like any other images from software that uses james jpg encoder or f5 encoding
and that change was pushed down to line 666
intentional?
>scrapping them from the archives of /pol/, 4/pol/, perhaps QResearch
THIS
brute forcing encryption is the worst way to figure this out
search for more images
look where they come from
find patterns
fa9e7b No.2390788
>>2390679
Welcome, just glad i spotted it so no one wastes time on that than needs to happen :)
745039 No.2391530
>>2376809
>>2377012
no decode on 2c19435a6c6d0b75661f8bed4269e540bdea162d20426e2865fa99473d164863 (scroll wheel)
with
crunch 4 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"
no decode on any with default passwords
currently running 1 to 3 char combos on all from smallest to largest
imghunt/11dc6ed351634c39a8faee69dc8c85b5a8a83c8f58485d69711a71a68e19783d.jpg
Huffman decoding starts
count: 12378 elapsed: 60s = rate: 206 pw/s
745039 No.2391563
>>2391530
this rules out a lot of passwords anons might dream up
0016c5 No.2391741
>>2391530
I picked a random file and tried generating a 4 letter list using only the characters in a files filename. Nothing.
But occurred to me last night that it was a 13 char filename. If it done by shuffling the filename somehow then I'd be looking for a 5 char key. I don't have the horsepower to attack that in a reasonable time. So when I get home today I'm gonna write a filter that reduces the set to only those that use any single char no more than the number of time it appears in the source filename, unless you want try it first. If you do then let me know so I don't reinvent a bad wheel.
745039 No.2392853
>>2391741
the 13 char filenames are the hashes from qresearch, you have to find the original filenames
>first batch
https://nofile.io/f/PR5CxvthaYp/jpeg_ffd8_ffdb_0084.zip
original filenames of the images
>https://pastebin.com/qnieJg81
we don't have filenames for the second batch
>https://anonfile.com/h8k8Adf3b6/pkfiles.zip
745039 No.2393746
>>2390758
this code change makes NO SENSE
https://github.com/harlo/F5Android/commit/0c2191190a99cd4af2aa8cf540624eda2a8fb8ae
1b4548 No.2393967
Interesting review from Jan 11 2018 from a user called "The45Guy 1776"
The45Guy 1776
January 11, 2018
I tried to send 2 pics thru mms and facebook messenger and niether were hidden they showed just the way they were. Deleted
https://play.google.com/store/apps/details?id=info.guardianproject.pixelknot&hl=en_US&reviewId=gp%3AAOqpTOFaK4o4HlT8qDSRPSzYY-6whXi9qJUR2uAyIPaCeCBh7fFp49zqG2rPX4BcXyNGIkU7qIiz1jl-0e2COOg
745039 No.2394093
>>2393746
Another suspect change on 1/7/17
https://github.com/harlo/F5Android/commit/1f99dcd6cb30c47bf10ab4d6e8358475664d917b#diff-800464caea7ea0476f99b839816c41d5
why add jni c++ buffers for performance?
quietly change the encoded quality from 80 to 90?
were they TRYING to make the PixelKnot images detectable on 1/7?
did it not work so so then they made the change on 2/10 to remove the the JFIF header?
spidey senses are tingly
745039 No.2394128
>>2394093
oh, no that was in 2013… the only change besides the 2017 change
35f05f No.2394381
>>2394093
I was hoping that the quality that the image was encoded with was written to the file, unfortunately that's not the case. I think the header removal change is all we need for now anyways.
The road is steep from here though, something tells me they aren't going to use a complex password, and I have a feeling that the password will unlock many images.
745039 No.2394535
>>2394128
before 2/10/2017 pixelknot f5 encryption layer had a fixed password of abcdefg123
it was ALWAYS possible to detect a pixelknot image, the method just changed on 2/10/17
there might be .jpg with JFIF header out there that can recognized with f5.jar with the password abcdefg123
https://github.com/harlo/F5Android/commit/08ebe47b1a0bba6ccc3fcc5f8f9edc467192d224#diff-97fa33d4b689c96d713de0b334e82b14
745039 No.2394586
>>2394535
can somebody with an archive of images download f5.jar and run
for F in *.jpg *.jpeg; do java -jar ./f5.jar x -p 'abcdefg123' -e $F.msg.txt $F; done
strings *.txt
i do find some images lock up the f5 decrypt, you may need to kill some java processes along the way
745039 No.2395061
>>2391741
the original filenames we have found all start with a number.. the PixelKnot source will append a _1 when it is writing out if the file already exists
are the filenames reversed?
D5_7udrmySQBwlDP_0
v6IB7UAzKWj1dDFx_0
wO20sFXmnh2JRA2ZavsokW*1
Q8ppeE6yCbsR-s-OMgJrga_1
gJVbydvC_i3zfugKtfxT2m_1
wlqIcDQso-BEvuD3OVvv3v_1
AYRn76Tsl5R-KKz1qPL-uW_1
A9L8gltaIdq3w_MhPqx-vx_1
A7B0i_E8uMhRJp9Cv2r2V0-1
g9k2Pll-RU8LzVao0UMvqA-1
Q-fWB5owqdHtW2XnOc-zRl-1
745039 No.2396389
WAIT ANONS AM I CRAZY??
>>2371666
>>2395061
>You'd be amazed how much is shared on /pol/
https://archive.4plebs.org/pol/thread/170109703/
0_PDlwBQSymrdu7_5D[1].jpg
Hello I am a reporter from CBS.
>0_PDlwBQSymrdu7_5D.jpg
think mirror
>D5_7udrmySQBwlDP_0
evil eye posted on 5/1/18
Q drop 1332 about D5 was on 5/10/18
>The snowball has begun rolling
D5 = Checkmate
https://qanon.pub/?q=D5
Q drops about D5 4 time in may
and then again RIGHT AFTER we figure out the f5 layer of PixelKnot
5c991a No.2396481
>>2396389
>>2395061
Very nice finds.
So yes, the filenames are reversed, and perhaps the images are as well.
Try flipping the images horizontally before trying to extract the data from them.
As for what the passwords are.. try the filename without any number appended to the end, both regular and reversed.
Let me know if that works for you… I still haven't found a way to test these out on my own computer.. MacOS.
Anyone know of a way? If so then I can help.
5c991a No.2396504
>>2396481
Actually I'm not sure if flipping the image changes the ability to extract data from it or not - that would be the first thing to test with an image we already know has data and already know the password to.
745039 No.2396613
>>2396481
install java
open terminal
download f5 jar from google code
curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar –output f5.jar
here's how to test a password on the f5 layer (this will only be the last 1/3 of the full password)
java -jar f5.jar x -p plan -e out.txt Q4example.jpg
cat out.txt
>>2396504
scaling, flipping, or modifying in any way will remove the hidden data
5c991a No.2396723
>>2396613
Thank you anon I will set things up in a few hours and try and see if I can get anything out of these images.
I'll report back with any important findings.
745039 No.2396863
BAKER PLEASE NOTABLE
>>2396389 was D5 the CBS PixelKnot Message on /pol/?
1b4548 No.2397152
>>2396863
Mirrored, yes
0_PDlwBQSymrdu7_5D.jpg
gpj.D5_7udrmySQBwlDP_0
>>2371551
>>2371666
1b4548 No.2397240
>>2396863
though nothing extracted with steghide with the whole string D5_7udrmySQBwlDP_0 or just the underscored 7udrmySQBwlDP
745039 No.2397994
>>2396389
PIXELKNOT IMAGE ENDS IN -Q
this was posted to /qresearch/ 07/08/18 during 20 days of silence
1-lRz-cOnX2WtHdqwo5BWf-Q.jpeg
filename ends in -Q (extra group from other filenames)
pixelknot header
same image on
https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8
posted 7/11/18
filename is diffferent
1_FCAsiu79H2b2aUGLdD7mBw
both PixelKnot
not the same files
745039 No.2398004
>>2397994
oops not the same image
745039 No.2398080
>>2398004
all these images on
https://medium.com/@allanishac/body-language-experts-say-trump-often-flashes-triangle-of-satan-hand-gesture-5b592002c1e8
have pixelknot headers
c5ee9d No.2398467
Lmao, you guys are stupid.
All JPEG images uploaded to medium.com meet the criteria set out in the OP (no JFIF, xFF xC0 x00 x11 @ 0x88).
Good job, everyone! You have been collecting and brute-forcing random images originally hosted on medium.com.
745039 No.2398717
>>2398467
yeah
here's an article written before the PixelKnot header change:
Jan 31, 2017
https://medium.com/@lewispants/i-was-fired-from-my-journalism-job-ten-days-into-trump-c3bc014ce51d
missing JFIF and has the second sig
4d00ef No.2398936
>>2398717
K so all we need to do is image search medium.com for an image with that header. If no results found (and the original filename isn't like medium's random naming bullshit) then we probably have a PK image.
745039 No.2398947
>>2398467
not all of these were posted on medium.com
there is (at least) one other piece of software that makes the same header
stegdetect doesn't find any f5 data in medium.com images
1_b3jcMKfQQzl0t56L1kiuZQ.jpeg : negative
1_OF9MABBWU8CN6Dmyu1N32w.jpeg : negative
1_V7KBi6mUHK914qssJEFwfw.jpeg : negative
others do
1_FCAsiu79H2b2aUGLdD7mBw.jpeg : f5[1.949593](***)
1_S72sax0zPtFX7yE-9hlxYg.jpeg : f5[1.565821](***)
1_Wu-LPq1zKK-R5lsT67nRYA.jpeg : f5[0.652062](***)
1-0V2r2vC9pJRhMu8E_i0B7A.jpg : f5[1.590077](***)
CBS evil eye
0_PDlwBQSymrdu7_5D.jpg : f5[1.687834](***)
5c991a No.2398957
Alright I am testing now.
I can confirm that flipping a test image horizontally (or doing anything to it) breaks the stenography. But putting it back in place, or back the right way even after saving makes it work again.
So flipping the images could be the right way to go.
Another thing I found online:
mention of f5 in clinton emails
https://archive.4plebs.org/pol/thread/159001495/
"nf weder 1 noch 3"
its in the source code for huffman
https://github.com/abronte/f5-steganography/blob/master/src/net/f5/ortega/HuffmanDecode.java
This pixelknot stuff might be bigger than we know.
745039 No.2399125
>>2398947
STEGDETECT F5 IMAGES
the missing header is not unique to PixelKnot (doh)
images with the missing header that stegdetect thinks have f5 data
https://nofile.io/f/UCGFkYAMMxN/f5-detected.zip
https://nofile.io/f/UCGFkYAMMxN/f5-detected.zip
https://nofile.io/f/UCGFkYAMMxN/f5-detected.zip
4d00ef No.2399203
>>2399125
Does stegdetect hit false positives?
Here's a medium article with the exact illumipepe image [positive ID by SHA] that's in your list.
https://medium. com/@Freequincy/right-wing-dove-squad-how-trash-dove-became-the-symbol-of-the-alt-right-c7794b84a48d
5c991a No.2399313
Alright guys I played around with it more. I learned that if you get near the actual password with f5.jar, it starts spitting out some bytes of data and extracting some stuff instead of giving nothing.
With this attached image (I flipped it horizontally) and a password of BwlDP I was able to extract some nonsense data. I think it means we are getting close, but I don't have pixelknot in order to try actually getting the real message out.
I'm not able to get a clean file out that says "pixelknot v1.0 password required" etc.
Will update.
5c991a No.2399373
Can someone with pixelknot give me more test images with known passwords to experiment with?
c5ee9d No.2399442
>>2399203
And it is before the header change.
So we have now established that stegdetect gives false positives, and all medium.com JPEGs meet the other criteria.
A new approach is needed. Perhaps focus less on finding PixelKnot images and more on Q's images.
745039 No.2399450
>>2399203
"The results obtained shows that
the ratio of false positive generated by Stegdetect depends highly on setting the sensitivity value, and it
is generally quite high"
https://researchportal.port.ac.uk/portal/files/187568/Microsoft_Word_-_Stegdetect_article_-_Final.pdf
745039 No.2399498
>>2399442
not sure this image is after the change this is right at the same time
when was the build was pushed to the store?
stegdetect really things there is something but with a small image like that who knows
68ccb4146da74068a0d8749ac6bd3dab249e1a6d947c8ee106ef5bfdc0c9cf6e.jpeg : f5[3.026896](***)
4d00ef No.2399532
>>2399373
Either Test or test
>>2399442
>>2399498
I think we just need to gulag image search a candidate image ID'd by stegdetect against medium.com - if you get a result, move on. If no matches, then it's probably highly likely we've got an actual PK'd image.
5c991a No.2399620
>>2399532
Thank you anon, that one works perfectly.
>>2399313
>if you get near the actual password
this theory is bunk.
disregard it.
323ec5 No.2399798
>>2394535
This and several other posts…
The tech literate have always known spy agencies cripple publicly available encryption but good grief! We aren't even experts at this stuff, just code monkeys poking through an open source repo. The whole thing is vulnerable! It's only a matter of time before we crack this.
4d00ef No.2399880
>>2399450
I managed to get stegdetect working myself here…
So I tried adjusting the sensitivity but I don't see any difference in the output. Can you please try anon?
>>2399620
YW
4d00ef No.2400150
The pedo jewelry is the smallest image I can find that has the correct headers, gets a positive from stegdetect, and is not found on medium.com
1b4548 No.2400272
>>2399373
got some more for you. avatar is the original. password is the title. each have the same message except PKcrew.jpg
4d00ef No.2400585
>>2400150
Scratch that - wrong header
4d00ef No.2400699
>>2400637
These bytes don't matter?
323ec5 No.2400732
>>2394381
>>2394093
Use the ImageMagick command "identify" like this:
$ identify -format '%Q\n' yourimage.jpg
5c991a No.2400934
745039 No.2401017
>>2400699
> The DQT header
> 0 is the luminance index and 1 is the chrominance index
4d00ef No.2401150
>>2401017
Thanks anon. Just wanted to confirm I understood that code correctly.
ee4cfa No.2401525
I had posted to this thread, but my post appears to have mysteriously (?) gone missing.
I mentioned to factor in symbols from international keyboards (£, euro sign), dusting off old hardware to assist in brute-forcing, and divying up tasks between yourselves (and let each other know) so you're not all trying to brute force the same issue.
It's curious my suggestions on ways to improve the efficiency of detecting PixelKnot 'magically disappeared', given no other post I've written so far has.
ee4cfa No.2401556
Oh yeah, don't forget to factor in unicode (if the password supports it and isn't just ASCII). Most format common is UTF-8 (non-BOM), and would exponentially increase the number of characters you'd need to check before solving.
But I digress.
4d00ef No.2401673
ROFL Holeee Sheit
https://archive.fo/VdhX8#selection-2949.0-2955.73
b2ea3f No.2401778
I'd like to help out (two 16 core machines) but I don't know any java. A lot of these images run through f5 seem to hang at a German error message from HuffmanDecode.java. Also f5 doesn't seem to take "jpeg" but needs "jpg"
Does this header need to be repaired or is that part of the processing in some other way?
How do I setup the workflow for password brute forcing?
4d00ef No.2402121
>>2401778
https://anonfile.com/EaG3B8fbb8/PKunknot.zip
This is what I'm using anon - single thread per instance though. You'll have to manually split your wordlists. It will automatically generate every permutation for a given charset and exit if a correct solution is found.
Run by calling the following on your command line:
java -cp bcprov-jdk15on-160.jar; q.Main %IMGNAME% %CHARSETFILE% %STARTINGWORD%
745039 No.2402218
>>2401525
>>2401556
is it possible to use emojis for the passwords?
can an anon try?
745039 No.2402331
>>2401150
glad to help anon
good to double check work
11b051 No.2402460
>>2372815
I'm losing my mind, I cannot decode my own image from the app, but another anon could UGH!
What's somewhat strange when I download the image from 8chan, it has the header even though the app removes it.
Also, I thought I saw someplace in the code where there is maximum dimensions for an image, but I can't seem to find it.
4ee9d4 No.2405387
You know how a bunch of qposts have weird codes in them? Any way we could incorporate a line for line, raw text record of all drops as a password list?
I think this would be especially applicable to any knotted images found in the drops themselves, if there are any.
0016c5 No.2406738
>>2402218
Kek! Yeah, I had a flash of terror when I though of that too.
Thankfully, no.
0146c4 No.2407136
>>2405387
It's weird how similar the filenames are to the stringers, no idea if they encoded the passwords this way, but it's possible. How else would DS operators share passwords? and if they could share passwords why not share messages that way? why F5?
0016c5 No.2407861
Wait a second… files that I uploaded yesterday that were encoded with PK are no longer so.
Check 'em. Their sha256 hashes no longer match their sha256 filenames. CodeMonkey must have heard about what we've discovered and not liked that his site is being used for such purposes.
909d2e No.2408393
https://www.rt.com/usa/434891-chinese-engineer-trade-secrets/
Steg in the news
0016c5 No.2408637
>>2407861
How much you wanna bet half-chan is doing the same thing? We shouldn't have announced our finds so publicly. Now we can't scrape pages to find more such images. That spoils all my fun.
I discovered this while testing a python script to scrape and quickly check all the images on a page. It detected 36 images on this page on one test and none on a subsequent test without changing anything in that section of code. They must be checking and reencoding old images when accessed.
Here is my code to scrape and scan a chan and forum type sites (anything without fancy-shmancy frames or JS). Doesn't work on Pinterest, Instagram, Medium, etc.
I don't know what good it will do now that the word is out about how easy it is to find this kind of stenago. Damnit. If we find another way to detect such hidden messages let's swap PGP keys and discuss it privately.
https://pastebin.com/yAFSVY86
0016c5 No.2409560
>>2399125
It's not just the missing header. The first 139 bytes of nearly every file in Medium is identical.
The "James" that wrote the JPEG encoder in f5.jar and PK used to sell/license that same code. It may have found it way into the Medium back end. And it's conceivable that someone annoyed by the default comment that it normally produces got a little over zealous when they went in to shut-up that section and also commented out the JFIF part.
Alternately, Medium is know to be badguy territory. Maybe they either use stegano extensively. Or perhaps they know that PK images are easily recognizable and are intentionally sowing innocuous images with same signature to create cover for people using PK.
11b051 No.2409640
>>2408637
I will verify this myself here soon, I believe this is a huge discovery.
So imageboard must reference the original uploaded file in the database for the site. Likely , someone has written some script to re-encode/change headers of all the jpg files that have been uploaded.
I know when I uploaded my PK image it didn't have the header, and now it does! I believe this is going to be the case for every stego file on 4&8.
This is a potential huge FU to all of us, this is why we archive offline, but it means that we cannot pass jpgs around on here since the headers (at least) have been changed or the files have been re-encoded.
IF this is indeed the case the question is why?
11b051 No.2409668
>>2409640
>So imageboard must reference the original uploaded file in the database for the site.
*file=filename
11b051 No.2409701
>>2409560
I'm not aware of Medium, is it connected to these boards?
0d7643 No.2410424
I'm curious, is thre a PC version of Pixelknot somewhere?
bb8fea No.2411695
>>2410424
have to run it through an emulator.
c25bbb No.2411942
>>2373016
Can you download the jpg from my test again, and compare against your original download from Tuesday? (Sadly I don't have the original)
Also, can you even decode it – once you download the new copy of it?
59cecc No.2412101
Might be nothing, but "Sarah" is posting again over on halfchan. Figured I'd let you pixelfags take a look.
https://boards.4chan.org/pol/thread/180896139
0016c5 No.2412561
>>2409701
Medium.com
One of the spoopy images we found on QResearch was traced back to hear:
https://medium.com/pedophiles-about-pedophilia/you-say-potato-i-say-pedophile-5a9ad0ee0f99
0016c5 No.2412677
0146c4 No.2414691
>>2411942
I get the german huffman error with lime-cat.jpg.
0146c4 No.2414834
>>2412101
>https://boards.4chan.org/pol/thread/180896139
steg detect was positive, these aren't following the filename formats though, i think they are changing password exchange up.
71686a No.2416423
>>2414834
Did you notice the Nazi photo with a squirrel on his shoulder? Look at filename "1_07NuaT7Ds4D5eaufbUMVnA.png".
It is a PNG image instead of a JPEG though, it would not have F5 in it (if anything). The contents could have been scrubbed already but uploaded a ZIP file. https://anonfile.com/c90fCef1b5/img.zip
We don't know if the real SS is involed or just her likeness used again, but the OP's 4 posts do sound like a Jew (they know the talking points). The Nazi-bashing is ridiculous but someone might talk that way… :/
bb8fea No.2416626
>>2416423
from a medium post from 2016 filename on medium is 1*07NuaT7Ds4D5eaufbUMVnA.png
c25bbb No.2417121
>>2414691
There is an image called goods.jpg (pw: qanon) - that was extracted previously (not by me). Something tells me the image that was uploaded then, is no longer the same as it is now.
This refers back to >> 2408637, when I uploaded this other pick and re-downloaded it, it still has the header.
This likely means that some script was run around Tuesday sometime, that altered the images stored here and would have had to be done by someone on the back end. So if anyone was able to decode any images earlier in the bread, and have the source files (before they were uploaded), could verify that there was changes done on the back-end to those files that would be great.
If the files were re-encoded then the stego is gone, and that is a huge blow to finding more images here and on half-chan. (I'm assuming the same was done on half too)
0146c4 No.2417299
>>2417121
I think this is the case. The photos of the letter 'Q' for example only partially worked when I was looking at these last night. avenger.jpg didn't work but GreatAwakening.jpeg still did. maybe it missed the .jpeg extensions..
>>2416423
Interesting, I'm starting to think the filenames are a result of tooling or cache systems rather than being an autokey cipher of sorts. Back to the drawing board I guess. Maybe Q will help us out later with the 'key'.
745039 No.2418536
>>2417299
running 3 char combos on these files
>https://nofile.io/f/UCGFkYAMMxN/f5-detected.zip
'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"
these files done scanning with all 3 char combos and no matche
f5-detected/a5e5c137d0b352d8dbacaf8e2802f62bf59dac5dbd2b6af2d8379ac308b7b3d8.jpg
f5-detected/2c19435a6c6d0b75661f8bed4269e540bdea162d20426e2865fa99473d164863.jpg
f5-detected/51122a1f8b76dbb185dfcece22a900a07165f4f270f414afd4e4eef183863cf8.jpg
f5-detected/a1677d3d755fabf1c73b1786f5ac39f714c59cf72fc288029c166f9be119b7cf.jpg
f5-detected/abbbd389003d0b2b919ac73fcb490239be4570effacacd9c653ebbe2e2940fc8.jpg
f5-detected/11dc6ed351634c39a8faee69dc8c85b5a8a83c8f58485d69711a71a68e19783d.jpg
f5-detected/8b74493ae9233d7ed319efe95b96f9d1e16a3975c3a8d9ab1361b3fe5be4b5a8.jpg
f5-detected/18e535c2558973824cf2f11ea009066d0cd1fe3ac6c8b4bc0d5fa687d89da67a.jpg
f5-detected/1b01e2fbd7483fe2167a417ed605269fa0fc8aaf9bbd1859898ea13b22ba4dee.jpg
f5-detected/b4ffa2fe6ba7c7b732e36af3595e33a38893146d1411be202c3bc259c2d5b2ec.jpg
f5-detected/be471d6d62109bc5be47082d1cf9a537777d9f6de5b1d777d4ee113a9c47ab63.jpg
f5-detected/f5ee16710b749e2c4dd3e95a1f725723b322f9963010256dc3cffad0eddff752.jpg
f5-detected/9d65a2f8806914b900b7e51e3a16500b60b7f48dc3f52cf82958761c8aac3e96.jpg
f5-detected/57139014c39d5726885d566ad5ba134c275f7fd90ac920f7a171a4adb7dcd095.jpg
f5-detected/ef56efafa8857c6bd9f3e80f5fcdc24749ff27a95dfc0f9313cee0f4b0687c79.jpg
f5-detected/e5393fba4fcca1dab2d66f98e520503ca942e3bf42bae78de2aa08c8576fa024.jpg
f5-detected/60162fec45db2cd5f40b130fbf24f8b921748c965d297816850fb3035ca57904.jpg
bb8fea No.2418768
>>2417121
Yeah, all the files that I had earlier, and the ones still in my browser cache, would decode fine. After a hard refresh, and a clearing of the cache, the new images showed. They are indeed re encoded and don't work. tip stego
1b4548 No.2419895
>>2371388
>>2417121
>>2401017
>>2418768
Yup, reencoded to cover their asses. Not only to write in the JFIF in the initial line, but going back to this post
>>2345073
notice that between yesterday's and today's downloads the string after the DQT header is absent
a writeup on an online information security exercise points this out as a clue to get to the next level of the exercise
https://lonewolfzero.wordpress.com/2015/03/12/n00bs-ctf-labs-infosec-institute-teddy-zugana/
>could be contain malware or steganography on line
>()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
>()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
>inside alien picture
>use the application Steghide to extract data from the picture:
>steghide.exe extract -sf aliens.jpg -xf out.txt
example pic
https://ctf.infosecinstitute.com/img/aliens.jpg
745039 No.2424756
I went through the rest of the f5 detected images and did google image searches and ruled out images that I could find somewhere else and was left with 3. The CBS eye I left in because it was posted on /pol/ and has 5D (D5 mirror) in the filename
focusing on these three now
https://nofile.io/f/au6mKPYtznQ/f5-remain-2.zip
0016c5 No.2425587
>>2419895
I think Evil Eye one is a false positive. Steg detection works by finding what should be sharp lines and checking for if they are not. A image like this has no business ever being encode with JPEG. You get too much buzzing around the sharp edges.
I just manufactured a test image as closely as I could to the a1 file using a PNG of the same logo at high rez and GIMP and quality 70. Stegdetect -t F gives me 1.711036. I think it's because if the very similar buzzing you see when you zoom in (use Pix, it doesn't smooth pixels).
0016c5 No.2427826
>>2424756
You
Drop a PGP key. I want to talk to you about something privatively.
Here's mine,
https://pastebin.com/Xx5wmuWP
b95bf4 No.2428579
Remember the Wikileaks that contained Antarctica photos that John Kerry took of the ice? Didn't JA/Wikileaks put a tweet out prior to the dump with a hash code? I always wondered why photos of the ice were of significance. I am looking for the photos and the hash code tweet to see if anything is there now that I am aware of pixelknot. Any assistance would be appreciated.
745039 No.2431674
>>2427826
https://pastebin.com/bem2GEHW
0e2334 No.2431983
>>2431674
Great time for by modem to reset. :/ But that's what signing is for.
https://pastebin.com/WsRmRCJn
745039 No.2432554
>>2431983
WWG1WGA
https://pastebin.com/p4TJ7smz
745039 No.2432888
>>2425587
makes sense… these drops keep coming to mind though
https://qanon.pub/?q=EYE%20OF%20RA
EYE OF RA.
Left eye [marker].
Symbolism.
https://qanon.pub/?q=clear%20sight
How do you hide a message in clear sight?
https://qanon.pub/?q=%2Fpol%2F#1715
You'd be amazed how much is shared on /pol/.
Data exchange.
https://guardianproject.info/apps/pixelknot/
cbb4cd No.2433919
>>2428579
Is this the one
https://www.nytimes.com/2016/11/16/science/antarctica-john-kerry-global-warming.html
cbb4cd No.2433945
>>2428579
Or this
https://mysteriousuniverse.org/2016/11/wikileaks-photos-john-kerry-visit-and-ufos-in-antarctica/
745039 No.2438149
>>2437477
>Huma interviewed by FBI on Jan 6 2017
>Harlo code change on 2/10/17 (gradle build #5)
merge of all harlo's local changes for the last 3 years she pushed to gitlab.. removed the JFIF header then merged into guardian project F5Android, then consumed by PixelKnot and playstore image was updated (but not the .apk on the download page)
>John Podesta joins The Washington Post as a contributing columnist February 23, 2017
https://www.washingtonpost.com/pr/wp/2017/02/23/john-podesta-joins-the-washington-post-as-a-contributing-columnist/?noredirect=on&utm_term=.448a78f09f96
1b4548 No.2438967
>>2438149
>build for all archs
Refers to a make file for the app to compile shared object .so files for the architecture the OS is running on. ARM for phones and tablets x86 for the PC port of android. Not sure if Androidx86 and linux are directly compatible. Open the app's apk as a zip file and it shows libF5Buffers.so for different archs
96faf4 No.2439136
>>2371258
What's taking so long?
They decode top secret passwords in movies in just a few minutes.
Thought that was gonna be easy peasy?
745039 No.2439305
>>2439136
if it was easy it would be your mom
96faf4 No.2439394
>>2439305
Maybe you are just lacking some skillz?
I did the maths - we might see some results in about 100 yrs
What is you ETA for the results?
745039 No.2441444
>>2439394
thank you we needed a bump
96faf4 No.2442019
1b4548 No.2446299
>>2371688
>>2382513
>>2371258
Has anyone tried the experiment to estimate the original/cover image DCT that these two pointed out.
>>2388204
>>2388161
Not going to lie it was way too much post-grad statistical math for me to understand completely. Found a summary paper which made reference to it.
https://www.iosrjournals.org/iosr-jce/papers/Vol16-issue1/Version-3/M016137073.pdf
Steps for the F5 Steganalysis algorithm [3][4][6].
Step 1: Input the stego image for performing Steganalysis. (get steg quantization parameters)
Step 2: Decompressed the stego image.
Step 3: Crop the image by 4ҳ4 column from all sides.
Step 4: Apply blurring operation to remove artifacts.
Step 5: Then re- compressed the image. (using quantization parameters from step 1)
Step 6: Count the different histogram value for the stego image and cover image.
Step 7: Calculate the difference
Difference = stego image value – cover image value.
745039 No.2448557
>>2442019
>>2439394
>>2439136
all this attention for little me?
you're making me blush
745039 No.2448673
>>2446299
good thinking anon
been using stegdetect which does this exact thing for f5
what we know:
* images made by PixelKnot before 2/10/17 were f5 encoded with the password abcdefg123 (these would not be compatible with the latest version of PixelKnot)
* images made by the version after 2/10/17 (on play store) are missing the JFIF header (a few websites like medium.com match the same signature, not sure why) and are decoded with the last 1/3 of the full password
anon with archive of jpg from qresearch or pol
might be worth it to try to decode any jpg with f5.jar using password abcdefg123
for F in *.jp*g; do java -jar f5.jar x -p abcdefg123 -o msg.txt $F; cat msg.txt; done
745039 No.2449002
>>2425587
ruled out 54,700,816 4 letter combos on evil eye
/crunch 4 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"
either false positive or password is longer than 12 chars
found the pedo ring image on walmart.com, looks like they strip the 'JFIF' header too
https://www.walmart.com/ip/14K-White-Gold-amp-Diamond-Triangle-Spiral-Ring-size-5-5/191794612
745039 No.2449226
found the vineyard jpg on medium with the missing header
https://medium.com/@Levi.Smith/did-john-podesta-just-tweet-out-an-admission-to-justice-scalias-murder-69f9ba941a1b
found the evil eye too
https://landonbuford.com/press/0_pdlwbqsymrdu7_5d/#.W2XS4yhKj-g
https://web.archive.org/web/20180804162236/https://landonbuford.com/press/0_pdlwbqsymrdu7_5d/#.W2XS4yhKj-g
745039 No.2449249
>>2449002
crunch string was missing a few chars ~-`
should be
crunch 1 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-+=-`~[]\|}{,./<>?" '"'"
trying all 1-4 combos with those missing chars on the evil eye (8m should take about 6 hours)
745039 No.2449514
>>2449226
landon uploaded the evil eye may 2018, same month it showed up on pol
BUT - the landon photo with the same filename does not have the pixelknot header (and doesn't decode with abcdefg123)
found cbs-logo.jpg that is the same size on from 2018
https://www.neowin.net/news/cbs-launches-ios-app-windows-8-version-coming
it doesn't not have the JFIF string but doesn't match the PixelKnot header
4569e1 No.2449563
>>2433919
>>2433945
The photos were released in one of the Wikileaks drops.
0146c4 No.2449706
>>2449514
Well if anybody wants to study a pixelknot mask we have a source and an encode photo. also bump.
745039 No.2453024
>>2449249
done, none of those
0146c4 No.2457804
Does anybody have more details on the underlying implementation of SecureRandom? Depending on the psuedo random number generator we may be able to reduce the search space to the possible values of the seed (ex, 0 to maxint).
96faf4 No.2457842
>>2371258
Moar results - fewer pictures
0e2334 No.2461532
>>2450617
Beyond 4 chars we are going to have to get a lot smarter with how we pick what passwords to try. It not hard to imaging a 20 char passphrase.
One way to do this is to try the endings of long dictionary world and short words with a space and short random prefix. Then run the same set through 1337 speak substitutions. And then add ending punctuations.
Another idea I had is to score perspective random passwords based on the combinatorial frequency of character pairs. "TH" is more common than "ZD". We could have crunch generate a 100, 000 times as many passwords as we could directly check and then filter them down to the top 99.999th percentile.
Obviously the optimizing it from the start would be better. But I don't think I'm smart enough to work out all of the patterns in how people chooses passwords and phrases or to build a highly optimized generator (I could eventually, but I'm not going to spend the rest of my life on this).
In the short term we could keep a file of all failed password. Diff might get awfully bogged down comparing TB scale sets. But if the archive is kept asciibetically presorted then a custom tool could be it efficiently enough for it to be worthwhile.
0146c4 No.2463119
>>2427826
Did you just realize the same attack vector I did? There a way we can group up outside public space? Here's a quick rundown, use your key.
https://pastebin.com/DP7avPrx
0e2334 No.2463526
>>2463119
>>2457804
SecureRandom basically works by taking the password, hashing it with SHA1 to set the initial state (160 bits, 20 bytes), passing these bytes out as requested, and rehashing the state to create a new state when it runs out of bytes. It does this as many times as needed to create as many psudorandom bytes as requested.
This data is first used to shuffle a list of integers (0 to the number of DCT coefficents, which is also happens to be the number of pixels) which is used as a secret treasure map to scatter bits the message throughout the image. Further output of SecureRandom acts as a simple XOR cypher upon the payload message.
Without the password we don't even know which bit of what pixels and in what order contain the encrypted message. We are not even sure there IS a message. It could just be a wonky JPEG encoder.
Any kind of REAL cryptanalysis, linear or differential, is waayyyyy out of our league. And the password is always going to be the weakest part of the system. Efficient and smart password guessing is really the only option.
If you want to see the exact details you can download it directly from Oracle. https://download.java.net/openjdk/jdk8/
0146c4 No.2463615
>>2463526
Thanks for the reply. I noticed the message byte XOR with a random byte after the fact, so yea I don't think we can reconstruct the first steps of 'the map'. If we are to take the brute force approach tho, I would suggest we patch F5.jar to short circuit if the first message byte doesn't come out as expected. We can also make it retry different passwords without reloading too to save some more time (instead of decompressing the image over and over again, reading disk, etc). Just some ideas.
0e2334 No.2463782
>>2463615
That is exactly what I did immediately.
Lines 147 to 149. I also early abort if the 32bit message length comes out as an unreasonable number. It should never be more then a couple kilobytes.
BruteCrackPK.java. Give it a file and feed it lines through STDIN. I haven't got around to multithreading it. So just run it in four terminals.
https://pastebin.com/hu1nZLLn
When ( if ) I ever stop getting distracted by side projects, I intend to make a C based implementation. There are a lot of steps between the five state integers in the SHA algo and the permutation table could be trimmed down.
0e2334 No.2463803
>>2463782
* Add the above to the F5-steganography files from here. Drop in next to Embed and Extract compile.
https://github.com/matthewgao/F5-steganography
d68afe No.2464928
ANONS
Found an old password used by Robert the Bruce in Aberdeen….
"Bon-Appart" tgry with and without dash. Try capital and lower-case. try backwards.
==Please try for password on all Q pics you can and POTUS tweet pics"
fb35f4 No.2467100
>>2463526
This paper talks about detecting F5 by analyzing the histogram of DCT coefficients. I suspect this may be a more accurate means than stegdetect.
https://ws2.binghamton.edu/fridrich/Research/f5.pdf
fb35f4 No.2467430
>>2467100
After looking at the source for stegdetect, it appears it uses exactly the method in the paper.
1b4548 No.2469199
>>2376493
>>2463526
>>2402121
>>2461532
With PixelUnknot code, is this kind of the workflow it's taking?
get wordlist string ~ "lovely8unch0fcoconut$"
test last third string "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))
if matched, test DecryptWithPassword with string "lovely8unch0fcoconut$"
return secret message
else, get new wordlist string
or ist it doing this?
get wordlist string1 ~ "oconut$"
test string1 "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))
if matched, crunch wordlist string2 with 2x length of string "oconut$" ~ "lovely8unch0fc"
test DecryptWithPassword with string "lovely8unch0fc"+"oconut$"
return secret message
else get new string2
else get new string1
745039 No.2469295
>>2371551
>>2371666
>0_PDlwBQSymrdu7_5D[1].jpg
can't get over this filename…
what software renames files with square brackets [1]?
seems more like a Q post
[1]D5 7udrmySQBwlDP 0
found an automated cryptogram solver https://quipqiup.com/
7udrmySQBwlDP = 7in the COMpaNY
Q says less than 10 can confirm, read somewhere that 3 were non-military, would leave 7 in the company
[1]D5_7in the COMpaNY_0
maybe reading tea leaves here
still brute forcing…
(pic unrelated)
745039 No.2469375
>>2469199
right now the code
https://github.com/banona/PixelUnknot/blob/master/src/q/Main.java
loads the words from the file and tries it (and every substring of the end over 3 chars) to decode the f5 layer. it early exits if the chars don't match the PixelKnot special string '—-*' and if it finds one it will print out the pass and exit. this would be the last 1/3 of the password and we can change the code back to try to decode the rest
this code is a little better, tries the word backward and forward and prints out the progress
https://pastebin.com/ZRUAzEPh
fb35f4 No.2469702
>>2469199
Neither. For detecting F5 it's analyzing the DCT histogram of the image in comparison to the (predicted) histogram of the original image before F5 data was embedded.
745039 No.2469749
>>2463782
anon multithread it like this:
Files.readAllLines(filePath, StandardCharsets.ISO_8859_1)
.parallelStream()
.forEach(line -> {
// your code
});
see https://pastebin.com/ZRUAzEPh
fb35f4 No.2469816
>>2469199
>>2469702
Fuck sorry answering the wrong question… apparently I have two IDs but still getting my (you)s
>get wordlist string ~ "lovely8unch0fcoconut$"
>test last third string "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))
>if matched, test DecryptWithPassword with string "lovely8unch0fcoconut$"
>return secret message
>else, get new wordlist string
What I uploaded is like this, except it is modified to only do the F5 seed portion - the output of the string generator gets passed directly
<e.extract(coeff, ostream, mPassword)
745039 No.2470605
>>2397994
>>2398717
java has supported writing jpeg in imageio since 5
why do medium.com images look like they written by a modified james jpeg encoder?
they didn't always have the same header, changed after 2013
f5 encoding something in the images?
0146c4 No.2472406
>>2469295
The [1] is new actually. When I first pulled the file it was not there. Only after 'scrubpocalypse' last teusday evening did I look again and saw [1] added on the chan archives. Was strange.
d68afe No.2477411
passwordFags
Try Vanguard or vanguard (backwards/mirrored also) on ALL NXIVM or Allison Mack pixelKnot images dealing with them… run it on auto if possible on everything
745039 No.2479397
>>2472406
https://archive.4plebs.org/pol/thread/170109703/
it was [1] on the /pol/ post
HERE is the evil eye on medium
different size same filename
https://medium.com/fgd1-the-archive/cbs-logo-1951-510fe0d2607b
that makes all of the images that anon have found matching the pixelknot header that were originally on medium.com
0146c4 No.2479932
>>2479397
I mean that it wasn't one on the archives before Tuesday. They CHANGED the archives. PixelKnot adds '_#' for conflicting filenames, so it wasn't from that. I literally downloaded a steg'd version from the archive without the [1]. plz no gaslight.
0e2334 No.2481143
>>2479397
That's odd. I found the same image on Medium last week and it had the same hash as the one from /pol/. Now it doesn't. It has indeed been changed. And the archive now has one with yet a different hash.
Someone is cleaning up. Good thing we have offline backups.
0e2334 No.2481502
>>2479397
All of the files from our reduced set all traced back to Medium, Motherboard, or Flipboard. And I spot checked a few of them last week; and the files from there had the same hashes as on their source sites.
9db91f No.2481567
It’s amazing the pushback I get from my own, they think I’m crazy when sharing Q. They give me every reason to prove the Great Awakening false. But I know better than they and push that they might also consider. They don’t believe me when i speak about the gospel either or the covenant our True God made with mankind.
“A prophet is not without honor, except in his own country, and his own kin, and in his own house.”
0146c4 No.2482058
Heads UP, they may be changing the stego in their comms:
https://boards.4chan.org/pol/thread/181352394
https://boards.4chan.org/pol/thread/181366397
Filenames have a funny ~2 at the end, ironically they re-used the photo from a previously identified stego in their 'screenshot'.
745039 No.2482637
Going back to Q Silverman drop
>>2305975
the file in the drop is IMG_382.jpg which didn't have the PixelKnot header or stegdetect didn't find anything… but the next day this post shows up on pol with IMG_0457.jpg and stegdetect thinks it has something (maybe false positive, not pixelknot header)
0146c4 No.2482651
>>2482058
another one:
https://boards.4chan.org/pol/thread/181352041
https://boards.4chan.org/pol/thread/181367598
$ md5sum 1533557639424.png
9f4a2a5c8b07b183e2de8fd4908c77aa 1533557639424.png
$ md5sum 1533557639424~2.png
1831a96086323b3994c9caa924467cb4 1533557639424~2.png
The ~2 may actually be the chan's way of handling duplicate filenames.. odd the md5s are different however. saw something said something.
745039 No.2485093
LOOKS LIKE A TRAP
Reddit post about PixelKnot looks like a honeypot
USE A VPN/PROXY/TOR
CORRECT PASSWORD Red Pill
==========================
Do you have the skills to handle dangerous files? Want to help take down the cabal? Go here - <URL SHORTENED>
==========================
leads to https://pinkbunnies.club/whiterabbit/blog/12/the-final-countdown
picture has the JFIF header so it was made with an older version of PixelKnot (from the download page)
seems like a huge time waste or trap to catch people like us
be aware
aafb4b No.2486032
>>2485093
I'm probably not the first with this, but is this related? https://www.cnet.com/news/qanon-anonymous-launches-attempt-to-debunk-conspiracy-theory/
aafb4b No.2486050
>>2486032
(I tried cntrl-f "anonymous" but on this page I got more hay than needle)
0e2334 No.2490756
>>2482058
CM has been doing that here too, but without changing the filenames. After we found a easy way to spot the products of the weird JPEG encoder used by PixelKnot (hash the first 100 bytes) images posted here with that characteristic started being reencoded behind the scenes. 4Chan has probably heard by now and is doing the same.
0b6cd6 No.2490855
>>2490756
FYI - CM / 8ch is NOT altering originals.
It's CloudFlare. When snagging the originals gotta make sure to bust the caching front ends.
A simple "?13245123" or something random at the end of the filename will help.
Also: curl -H -vvvv is your friend.
Finally: the jpeg header hex signature isn't a 100% guarantee it's PixelKnot. All it says is that the image has been through some sort of image editing tool.
The more you know…
0e2334 No.2491957
>>2490855
I posted this image that I made with PK,
>>2384816
It has been totally reencoded. It's not a case of them appending a few bytes.
8chan uses the SHA256 sums of files when they're uploaded to uniquely identify them. Grab a random file from around here and check it. The SHA256 hash of the above impostor is now
e27a833560d84ee9260920b61f8ec4de287386b2eddd22774c885b929b32b38b
They would never just stick extra bytes onto the end of a file. And they have no reason to "bust the cache" for guaranteed uniquely named static content. It's only files missing their JFIF headers that are mysteriously changing.
0146c4 No.2492592
>>2490855
failed to confirm, avatar.jpg still doesn't extract correctly when fetching uncached with ?blablabla.
>>2491957
did you post the password somewhere for that photo? I can run a test on my end to confirm.
0146c4 No.2492625
>>2491957
steg detect comes back negative on your photo btw.
ea52ce No.2493839
>>2490855
The more you know, you mean? I have confirmed this myself, files were altered on here on last Tuesday sometime. Someone got worried and started re-encoding files on the back-end. AFAIK they only did it in once, on last Tuesday, this was to prevent us from finding more images that were uploaded. So basically we have whatever we have archived, everything beyond that point is likely lost forever.
745039 No.2499435
playing with medium.com images, the URL has the maxfilesize and you can change it to get different size images. all of the results have headers exactly matching the PixelKnot header (only the image size changes)
https://cdn-images-1.medium.com/max/300/1*WkosvaZ2ARJ2hnmXFs02Ow.jpeg
https://cdn-images-1.medium.com/max/1024/1*WkosvaZ2ARJ2hnmXFs02Ow.jpeg
https://cdn-images-1.medium.com/max/4000/1*WkosvaZ2ARJ2hnmXFs02Ow.jpeg
must be a server side transcoder doing the header stripping (or adding f5 steg?)
a little weird that some .png images are actually .jpg
https://cdn-images-1.medium.com/max/2000/1*QbhKIMLavtBdrZI_-DJxtQ.png
https://cdn-images-1.medium.com/max/500/1*QbhKIMLavtBdrZI_-DJxtQ.png
1eb45a No.2521648
>>2490855
I agree. I uploaded a test image last bread. The hash hasn't changed (I checked against my own copy). Downloading the file and running sha256sum returns an identical hash.
>>2346641
Test image I uploaded in this comment still works. sha256sum starts with 3b51fbf. Right clicking on the file link, pasting the link to download with wget works. Use the link on the left side (with a hash). Using the one on the right side (user-friendly filename) resulted in a different sha256sum.
Downloading using the link on the right side had a different hash.
$ cd /tmp
$ wget https:''//''media.8ch.net/file_dl/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg/pixelknot_test_image.jpg
--2018-08-09 00:13:11-- https:''//''media.8ch.net/file_dl/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg/pixelknot_test_image.jpg
Resolving media.8ch.net (media.8ch.net)... 104.20.44.57, 104.20.43.57
Connecting to media.8ch.net (media.8ch.net)|104.20.44.57|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21247 (21K) [image/jpeg]
Saving to: ‘pixelknot_test_image.jpg’
pixelknot_test_image.jpg 100%\[=============================================>\] 20.75K 62.1KB/s in 0.3s
2018-08-09 00:13:13 (62.1 KB/s) - ‘pixelknot_test_image.jpg’ saved [21247/21247]
Downloading using the link on the left side had the correct hash.
$ sha256sum pixelknot_test_image.jpg
b8fb084705fb6301e6313c5207e8a71d39d4bbd850fc568dfd90bf99006c0b01 pixelknot_test_image.jpg
$
$ wget https:''//''media.8ch.net/file_store/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
--2018-08-09 00:14:13-- https:''//''media.8ch.net/file_store/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
Resolving media.8ch.net (media.8ch.net)... 104.20.43.57, 104.20.44.57
Connecting to media.8ch.net (media.8ch.net)|104.20.43.57|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28771 (28K) [image/jpeg]
Saving to: ‘3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg’
3b51fbf8b6a2597e1e31ca33c6b8 100%\[=============================================>\] 28.10K --.-KB/s in 0.1s
2018-08-09 00:14:13 (223 KB/s) - ‘3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg’ saved [28771/28771]
$ sha256sum 3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98 3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
$
1eb45a No.2521685
>>2521648
Oops, I split the terminal output at the wrong spot. The first line in the second section should have been at the end of the previous section. Also, extra characters were added to the beginning of the download urls by the board apparently. So not the best example, but the point is to download using the left link (the one with the hash, not the user-friendly filename).
66c715 No.2525416
>>2521648
Curious. The originals have all been restored.
Anyway, this thing seems to have fizzled. There is a legitimate explanation for all of the spoopyness that we have been examining. It's coming from Medium's weird backend image resizing code. They appear to be using the same funky Java-based encoder library from the late '90s that's only other use was in the F5 stegano demo code, also from the late '90s, which is what PixelKnot is based around.
So I think I might switch teams and instead work on patching all the problems with F5 and PixelKnot. ;)
745039 No.2525792
>>2525416
>this thing seems to have fizzled
in the first thread the shills were full force when we were digging on the silverman photo but after we started brute forcing the images .zip that anon posted with the medium.com images the clowns went away
time to circle back, figure out where we got off course
>>2300468
>>2298335
Put to death, therefore, whatever belongs to your earthly nature: sexual immorality, impurity, lust, evil desires and greed, which is idolatry. 6 Because of these, the wrath of God is coming.
-Colossians 3:5
Your evil has no place in this world.
Q
>>2298388
The author of the post…..
The face is never the author.
Direct comms come in many different forms.
Q
>>2298430
How do you hide a message in clear sight?
Q
>>2298508
You'd be amazed how much is shared on /pol/.
Data exchange.
https://guardianproject.info/apps/pixelknot/
Q
Q didn't say if /pol/ was 8ch or halfchan
the silverman photo in the drop is IMG_182.jpg, i haven't been able to find that one. every one i have found stegdetect comes up negative
the inverted one posted on /pol/ IMG_0457.jpg though does
>>2482637
128651 No.2529049
>>2525416
Very strange indeed. The fuckery occurred on Tuesday July 31st. I believe the following day I uploaded an image here and downloaded it the following day, and it was unchanged from the OG (still had PK header – missing JIFF). The following days I downloaded an image that I had uploaded prior to the 'fuckery', and it had the JIFF header (and wasn't a PK file). I just downloaded the same image now, and it's been restored and is the same as the one I uploaded prior to the 'fuckery' on July 31st.
Hard to know if all the files have returned to the originals, maybe some of the F5 files that had important messages were never restored.
I think we should work on a distributed BF tool, would be great if it could be done is JS, so we can have people just visit a website and have it go. There is a f5 JS stego, but it's not compatible with this one, but perhaps it could be altered to be compatible.
66c715 No.2533601
>>2525792
>time to circle back, figure out where we got off course
Agreed. If we are to continue then we should focus on the SS photo. And we should look beyond PK and F5. Other stegano programs may leave telltale traces on the structure of their output JPEGs that could help narrow the search for the right method.
As far as I know this (pic related) is the original SS file. It was being passed around early and it's size matches the 4Chan screen caps.
SHA1: f1335a1095a3ae15094e0a09e1cb83e5679dda26
>>2529049
We can tell that they are originals if their SHA256 hash matches the links in archived threads (8chan hashes all uploaded files and uses that hash on the back end as a easy way to eliminate redundancy what the same memes keep getting uploaded numerous times). I haven't noticed links to the file_store ever changing, not even what the files stored under a given hash have changed.
71ccb4 No.2534389
>>2371258
>YOU CAN HELP
>look at the old posts, at the id of the post and replies
>find the originals
>figure out clues for the keys
Or, alternately, you could just go to 4chan where Q gets all his info and get it yourself. You're in a messageboard roleplaying game and you don't even know it. But oh well, carry on detectives
5c991a No.2537744
found this while broswing online
dunno if it helps
757a03 No.2544659
8 char password.
So he wanted it hackable or he is fake. why wouldn't an intel person add another char or 2?
That would make it infinitely harder to crack. So either Q is a genius or a complete moron.
Pamphlet is a moron soooooo… who knows?
757a03 No.2544712
>>2541994
I think this was done on purpose by Q's Peeps to give some insight or help with hacking the STEG images. We have been asking for help, maybe this is it!
66c715 No.2567164
>>2525792
I finally quit screwing around and got that C-based cracker I've been talking about to a (unfinished but) usable state. It's a bit faster than the Java code, but not by as much as I had thought. I have newfound respect for the JIT compiler.
(You can probably tell from my folk-code that I'm not a professional programmer. I'm a welder and machinist at a widget factory. All that I know about coding I learned through many late segfault filled evenings. )
https://nofile.io/f/NB4x9EOZYd3/BruteCrackF5.zip
96faf4 No.2567227
>>2537744
The ambitous stego decode here has apparently been silently abandoned (because the approach was ill-defined and doomed to fail)
66c715 No.2567296
>>2567227
…because we don't know what software was used… or if there is even anything there.
Q linked to the PixelKnot app. PK leaves behind a very distinctive signature in the JPEG file that does not exist in the Sarah Silverman pic. So either 1) it's a modified version of PK made to fix its weaknesses, it's and entirely different program, or there is no hidden data and Q was simply citing PK as an example of the sort of thing that is widely uses on the Chans.
If there is an expectation that were are to crack this thing then we are going to need more clues.
745039 No.2570246
>>2567164
>https://nofile.io/f/NB4x9EOZYd3/BruteCrackF5.zip
IMPRESSIVE WORK!
don't have time to try it out right now but looked at the code and awesome job
745039 No.2573936
>>2567164
might be able to easily turn this into CUDA code and run on a GPU
>To do this, all I have to do is add the specifier global to the function, which tells the CUDA C++ compiler that this is a function that runs on the GPU and can be called from CPU code.
>add the specifier global to the function
>The key is in CUDA’s <<<1, 1>>>syntax. >tells the CUDA runtime how many parallel threads to use for the launch on the GPU
https://devblogs.nvidia.com/even-easier-introduction-cuda/
>>2567296
or the silverman pic was a clue to an actual encoded images, or we're going get some images later
until we find find what Q was pointing us to we can keep working on the tools to decode/detect them
>>2567296
>silently abandoned (because the approach was ill-defined and doomed to fail)
still here, still digging
keep calm, clown on
7f2525 No.2576121
>>2573936
it amazes me how dead this thread is, Q gives us an android app the decode messages from images/memes and we only go 270 posts deep digging it? come on guys, wheres the beef?
66c715 No.2580354
>>2573936
In the previous bread you said you were trying RockYou and some others against the SS pic. Did you finish? And was this only with the last third of the password?
745039 No.2622913
had to travel
scary all the airplane/airport goings on
>>2580354
no when i saw the silverman pic wasn't made by pixelknot i stopped
i did all rockyou (suffixes + reverse) on the evil eye
>>2576121
751+250 = 1001 posts into this dig
previous bread >>2300468
and now…
>>2567164
looked closely and I think what you did is perfect for GPU
This Coudl Be A Game Changer
setting up a CUDA dev environment now
my plan:
>rip the guts out of your code
>fill array with coeff and initial scramble
>fill array with passwords to try
>decode<<<>>>()
>returns array with 16 bytes of decode for each pass
>if any decodes start with PKZIP password string then bingo
still need more target images
what if the pixelknot header was changed to help them blend into the medium.com images?
745039 No.2624497
>>2622913
>>2573936
>>2567164
dev environment setup and code is building
need to rework F5_rand_series instead generate the random numbers on demand so we can early exit and save memory
need sleep now
96faf4 No.2624689
>>2576121
They just want to be spoon feed now, liked zoo animals who have lost the talent to hunt and are just bored and lazy.
Then they can still tell all their friends about how they researched and gave it to Q to a take action.
After all do you think Lenin & Trotsky did any street fighting in their revolution?
96faf4 No.2624966
>>2576121
They gave up on guessing the password and didn't even know the length to brute force it
9c0fb3 No.2628550
>>2622913
>looked closely and I think what you did is perfect for GPU
Really? The random series generation is pretty straight forward. But the permutation stage is all out-of-order memory access. And the decrypt stage is very heavy in conditional branching.
>still need more target images
https://pastebin.com/Mj4d1jXM
9c0fb3 No.2643661
It doesn't look like spidering through chan sites looking for PK images is going to work. 8chan has started reencoding again. And I tested halfchan: they don't fully reencode, but do add the missing JFIF header. Game forums are likely going to be the same way.
So until Q points at a image and says, "This pic contains a hidden message and was used by No Name to arrange a weapons sale. Have at it boys!" then I don't think there is anything left for us to do with this.
745039 No.2646329
>>2624497
the initial code port to CUDA can decode a test image!
F5 BRUTE FORCE FOR NVIDIA GPU
F5 BRUTE FORCE FOR NVIDIA GPU
F5 BRUTE FORCE FOR NVIDIA GPU
https://anonfile.com/abW6X6fdb1/F5CUDA.zip
https://anonfile.com/abW6X6fdb1/F5CUDA.zip
https://anonfile.com/abW6X6fdb1/F5CUDA.zip
F5 BRUTE FORCE FOR NVIDIA GPU
F5 BRUTE FORCE FOR NVIDIA GPU
F5 BRUTE FORCE FOR NVIDIA GPU
>>2643661
>they don't fully reencode, but do add the missing JFIF header
did you post a pixelknot image to halfchan and then download the resulting image? could you zip both and post?
745039 No.2646891
F5 BRUTE FORCE IN CUDA FOR NVIDIA GPU
>>2646329
updated: added a timer and removed some debug strings
https://anonfile.com/Yaa4Yaf8bb/F5CUDA.zip
need codefags to help cleanup, compile and distribute so others can use
00201d No.2650867
>>2646891
Nice work. What's the easiest way to compile?
9c0fb3 No.2651955
>>2646329
>could you zip both and post?
https://nofile.io/f/RjoJ4qr4dXX/4chan_transmogrification.zip.zip
Same DQT and DHT chunks. And the image scan is (or at least starts out) identical. They must have some little script that slips in the APP0 chunk if it's missing.
>>2646891
Wow. How does this compare with the CPU alone? I know you have a monster of a system.
3b8834 No.2652801
>>2650867
I hacked together a makefile from the CUDA samples and compiled it, but I'm having issues running CUDA samples so I can't tell if the program works.
I'll post more once I verify it's working.
a24eff No.2652860
>>2371258
Q Said "These people are dumb" a thousand times.
Has anyone looked to see if they openly emailed the password for Pixelnot when trying on the Wikileaks Podesta leaks pictures?
66b620 No.2655048
You have More Than You Know.
Has anyone used Pixelknot on Q Proofs or posts?
I don’t know how or I would.
66b620 No.2655055
>>2646891
Link blocked now.
New drop?
745039 No.2657461
>>2651955
oh wow, not only the header also coeff has been changed at 0x00146200 so the message doesn't decode…
does this rule out halfchan ???
745039 No.2657955
7/26/18
>>2298508
You'd be amazed how much is shared on /pol/.
Data exchange.
https://guardianproject.info/apps/pixelknot/
Q
7/25/18
this infographic has pixelknot header posted in 8ch/pol meta info thread
>>>/pol/11622450
>>>/pol/11910255
https://8ch.net/pol/res/11622450.html#q11910255
63e9b0 No.2658285
Hi anons heres one to check ? the attachments on podesta emails linked in Q1917 just white rectangle or just placeholder for missing data or something?
https://wikileaks.org/podesta-emails/emailid/50428
745039 No.2658485
>>2658285
only empty data, too small to hold any message
745039 No.2658832
>>2657955
found 2 files from 8ch /pol/ with pixelknot header
this zip has jpg and .coeff files to use for CUDA or C brute force
https://anonfiles.com/b3z4acgab4/match.zip
63e9b0 No.2658895
>>2658485
ok thanks thats why i thought they might be just placeholders cause they were small. wonder what image data was there?
7fd60f No.2664366
Some new computer parts arrived (pic related). New case doesn't fit where the old one did, which set off a cascade of furniture rearranging and reorganizing that spread to three rooms. So I've been busy.
>>2657955
>>2657981
F5.jar doesn't support progressive-scan JPEGs and handles them ungracefully. That's probably what it is.
>>2658832
That Raid on is interesting. I found a version of that pic without a JFIF header but a different hash here:
https://www.mantiseyes.com/bug-repellent-for-house.html
And another version with a JFIF header but the same hash-like filename as the above here,
https://www.dollargeneral.com/raid-flying-insect-killer-18-oz.html
The Google reverse image search also weirdly leads to these sketchy links, which bounce of a rotation of domain names an ultimately lead to a porn game:
https://sceneups.com/buy-mosquito-killer-spray-inspired.aspx
https://cancer-treatment.info/cancer/raid-day-and-night-instructions/
7fd60f No.2664402
>>2658832
The notebook one is from here, a Medium satellite site:
https://amandagrimmett.com/keeping-notebooks-organized-915f4488f594
I was able to find it despite 8ch reencodeing it (but the hash of the file from the Medium site matches the 8chan filename.)
I know that I was that first person to open the Raid image link because the file I got, the first time, matched its hash and was without its JFIF header. 8chan's reencoding appears to be triggered after a file is first accessed.
43ad21 No.2667764
>>2373165
Sorry to bother. Seems you're talking about images from elsewhere when you say pixleknot. I think this pic is using stenography. posted twice on research board and noone's picked it up. Look a the the hand. Who would take a selfie of THAT hand? Medallion belong there? What is the appropriate term for a hidden image-in-image when it's directly related to board topics? Thank you.
7fd60f No.2670779
>>2658832
For us to be successful in eavesdropping on the badguys' comms we need three things: Software, Image, and Password.
If we have a password then we can crawl image boards and game forums and try it against a millions of images. If We are given a single image with assurances from on high that it is a target then we can try billions of passwords. But we cannot try billions of passwords against millions of images. That is simply beyond the resources of a few guys with desktops. And we can't do anything if we don't have access to the same software that they are using. Q pointed to PixelKnot. But that could have been merely an example. The C_A would likely have developed their own stego system; and this could have been shared with their civilians cohorts.
But even if we assume on variable we cannot solve for the remaining two with the resources available. It would require an awful lot of luck. If any wizards or warlocks would like to give us a hint, they have my PGP key (they also have the secret key that I use for this. I emailed it to myself knowing there is nothing yummier to the NSA's systems than a PGP secret key packet transmitted in the clear).
The only stone left for me to turn over is this variant of the F5 algo I found on GitHub:
https://desudesutalk.github.io/f5stegojs/
https://github.com/desudesutalk/desudesutalk/wiki/How-to-use-this-script
While testing various stego programs with long and short messages in large and small files in search of clues to how the SS pic might be encoded, F5steg.js stood out. I've never written a line of JavaScript in my life. But perusing the code, it looks like it's doing basically the same thing as the baseline F5 algo. So it's strange that stegdetect can barely catch a whiff of it, even when a image is loaded to max payload capacity. I found that stegdetect can find F5 even with very sort messages in very large files. (passwords "redhead" and "pepe"). I haven't worked out yet what F5steg.js is doing so differently to evade detection. But given that this is specifically designed for image boards and is available as a browser plugin I think we should find a way to detect its handywork and make an efficient cracking program similar to the one for PK/baselineF5.
d36a3b No.2705870
>>2667764
Podesta's left hand seems shopped.
745039 No.2712077
>>2652801
compile like so
>nvcc kernel.cu -o kernel
>>2651955
using a 1080 but it's my main display so it gives me trouble
fired up an aws instance with a Nvidia Tesla M60 with the cuda and it's slower than my i9
waiting for access to a V100
745039 No.2723413
still sifting through 8ch/pol images and found 2 more which led me to figure out where the RAAID image came from - walmart.com - images from walmart.com are false positives for detect.py but when you look closer at the rest of the header doesn't match
https://www.walmart.com/ip/Raid-Flying-Insect-Killer-18-oz/14862629
https://www.walmart.com/ip/Christmas-Lightshow-Projection-Points-of-Light-with-Remote-114-Programs/710904858
745039 No.2723486
it is 1 month after Q posts about pixelknot and /pol/ Data Exchange and we've learned
* pixelknot on jpeg, header has unique signature and only last 1/3 of pass needed break f5 layer
* halfchan re-encodes images, breaks f5 steno and can't be used for data exchange
* false positive images from medium.com (and affiliates) and walmart
* qresearch images found were from medium.com
* 8ch /pol/ images found were from walmart
* sara silverman pictures are not pixelknot
wild goose chase?
745039 No.2734509
>>2664366
>>2646329
>>2646891
>>2624497
>>2622913
>>2573936
>>2570246
>>2567164
f5 cuda brute force using hashcat sha1
realized that hashcat has a faster implementation of sha1
it's in opencl, spent the morning porting to cuda
https://github.com/hashcat/hashcat/blob/master/OpenCL/inc_hash_sha1.cl
this version of the f5-cuda is more than 50% faster, get it while you can
https://anonfile.com/edn9xag8b2/f5-cuda.zip
https://anonfile.com/edn9xag8b2/f5-cuda.zip
https://anonfile.com/edn9xag8b2/f5-cuda.zip
compile with
nvcc kernel.cu -o kernel
looking for more target images, think I've ruled out everything I've seen so far
745039 No.2735242
here's is what i don't get - Q links to halfchan /pol/ image IMG_382.jpg and says data exchange on /pol/ with pixelknot
but half chan re-transcodes images breaking the stego, which is why that image didn't look like a pixelknot image
https://anonfile.com/U137x1g1b9/IMG_382.zip
so okay… MAYBE the silverman picture was made by pixelknot BEFORE it was posted to halfchan but it wouldn't be a way to exchange data
3fc3ff No.2735651
>>2735242
It's possible that {{{they}}} use their own system cooked-up by the C_A for use by their own spies and that PixelKnot was only a generic example of steganography.
745039 No.2746327
>>2735242
played around with halfchan and Q4example.jpg - halfchan does re-encode the image but the message is still decodable
updated the pixelknot detection script to detect pixelknot image uploaded to halfchan along with those not, this will probably hit many false positives
it does detect the silverman picture as pixelknot
https://pastebin.com/Va79YcvC
745039 No.2746706
>>2746327
new pixelknot detection script
>detect pixelknot uploaded to halfchan
>https://pastebin.com/Va79YcvC
https://pastebin.com/Va79YcvC
>https://pastebin.com/Va79YcvC
https://pastebin.com/Va79YcvC
I was expecting more false positives, this is actually a sensible list of images that the script detected
new possible pixelknot images
https://anonfile.com/zaA300g3be/matches.zip
>https://anonfile.com/zaA300g3be/matches.zip
https://anonfile.com/zaA300g3be/matches.zip
>https://anonfile.com/zaA300g3be/matches.zip
745039 No.2746813
check out at the image artifacts in this one….
745039 No.2747276
>>2746706
more matches fresh from halfchan
https://anonfile.com/odFe09g1bc/PixelKnotDetected.zip
bb8fea No.2747975
>>2734509
For reference, I am getting around 3300 pw/s on a 1080ti. As it stands, it would crunch through all four letter combos in about 6 hours.
745039 No.2748092
>>2747975
sweet anon!
here's an updated version, I made a couple memory optimizations and added command line flags
>https://anonfile.com/B6O203gabc/f5-cuda-memopt.zip
coeff files for the new images
>https://anonfile.com/64O106g8b3/PixelKnotDetectCoeff.zip
745039 No.2748657
>>2747975
>>2748092
on the smallest coeff file i'm getting 6600 pass/sec on 1080 ti and 4900 on 1080
using –blocks 32 –threads 64
had to do the tdrdelay thing
https:// www.pugetsystems.com/labs/hpc/Working-around-TDR-in-Windows-for-a-better-GPU-computing-experience-777/
8a5cb0 No.2749064
There is also a Steg tool called Outguess. It is a linux command line tool. Not sure if anyone here has tried to use it to find stuff on pictures here…
3fc3ff No.2749627
>>2746706
Wait a sec… all you are checking for is that they are either missing the normal JFIF header, or have the normal header and are encoded with a 94% quantification table, like the SS pic. Then you check to see that they have the standard Huffman tables from the JPEG spec that is used by 99.9% of all the color JPEGs in existence.
But PK is hardcoded to always encode at 90%. And 4chan's JPEG recombobulator does not change the compression quality.
94% is not a number that a developer would hardcode as a default. That is a number from someone moving a GUI slider when exporting an image from Photoshop or GIMP. So if there is stego in the SS pic then it was done with a program that does not change the quality level.
You are forcing a match on the Sarah Silverman pic without explaining why that DQT is indicative of PixelKnot.
745039 No.2753991
>>2749627
uploaded q4example to halfchan and inspected what was the same, the order and location of the DQT and huffman table along some bytes of the huffman table
waiting on your improved version ;)
745039 No.2754886
>>2749627
just for (You), updated the detect script to be more discriminating - no longer detects the silverman pic though
https://pastebin.com/MTGtP5gM
images that match
https://www.anonfiles.cc/file/7f26cd16e7b1826bd2992e320e6d1492
745039 No.2756444
>>2754886
another updated detection script to rule out more false positives, 63 images from halfchan /pol/ with coeff files
https://www.anonfiles.cc/file/264d484bee72660b10306f55f0fe44f9
745039 No.2756449
>>2756444
starting to see themes here
745039 No.2757678
>>2756467
>>2756449
girls with red or flowers
745039 No.2757806
wget -P 4chan -nd -np -r -l 1 -e robots=off -H -D is2.4chan.org -A jpg,jpeg https://boards.4chan.org/pol/thread/<THREADID>
for F in 4chan/*.jp*g; do python detect.py $F; done
96faf4 No.2757815
>>2756489
Should be banned for incoherent rants.
Personal gratification that has no value for others
"Notice me - I am special"
Simply narcissist vanity
745039 No.2757908
>>2757877
downloaded 1000 jpg from halfchan /pol/ and 5% of them match PK header, probably a bunch of false positives in there
58 more images
https://www.anonfiles.cc/file/5d851d451d0ab1ff888ef21d2f66b7a5
39ebd4 No.2761102
Just wondering about this pixelknot; not sure if anyone looked at the Antarctica
pictures in the wikileaks drop?
745039 No.2764174
>>2761102
post em and i'll take a look
the PK file sign is fairly uncommon, i've only found 178 jpg that match it
all the test images i have have the same DQT table, what i wonder is if pixelknot could have generated a different table like the silverman
745039 No.2764183
this same shade of blue shows up
red
orange
745039 No.2764328
>>2764199
out of a few thousand scanned jpg from halfchan, 178 matches
https://anonfiles.com/Z0ga55gab5/matches-178.zip
https://www.anonfiles.cc/file/a55807d2e7060a1e4e5e444a5c3d9f45
here's how
wget -P 4chan -nd -np -r -l 1 -e robots=off -H -D is2.4chan.org -A jpg,jpeg https://boards.4chan.org/pol/thread/<THREADID>
for F in 4chan/*.jp*g; do python detect.py $F; done
745039 No.2767218
>>2764328
>>2764328
new blue, red and orange today
745039 No.2767849
>>2767294
a few have this weird artifact, a line that doesn't match up
745039 No.2767900
>>2767849
here's the same line artifact on a pixelknot test image
745039 No.2768019
>>2767900
16 images + coeff files that match PK header and have the unaligned square artifact
https://www.anonfiles.cc/file/4f3a6581ce98cf2176de46acc46a2aa7
745039 No.2768354
of the jpg with matching PK headers with line artifacts i've found, half are of women in red
745039 No.2768915
>>2768354
only the shitty windows photo viewer is showing the artifact… maybe it is only a bug with that?
3fc3ff No.2779614
>>2767900
Pic of the mouse is a test image I posted there.
>>2764246
Same for middle Pepe.
745039 No.2783440
>>2779614
>>2779614
new match from pol and the original
f5 does not encode data in 0s
here is diff, contrast and brightness turned way upp
does that look like encoded data to you?
745039 No.2786451
>>2783440
another diff
https://imgur.com/t/vault_boy/JpIef
these two look identical, turn up the contrast on the difference and see small changes all over
3fc3ff No.2792806
>>2786451
>>2783440
We can't tell with the naked eye. Re-encoding for whatever reason would do that. Have you checked that ONLY the non-zero AC coefficients have changed? If any DC coeff is different or if any AC coeff was was zero is non-zero, or vise versa, then you are looking at a false positive.
745039 No.2817954
>>2371258
GOING OFF DUTY
can another codeanon take the ball?
need to care for self and family
updated pixelunknot github with my code changes
added gather.sh, detect.py, BruteCrackF5 and F5CUDA
https://github.com/banona/PixelUnknot
>https://github.com/banona/PixelUnknot
https://github.com/banona/PixelUnknot
>https://github.com/banona/PixelUnknot
GOING OFF DUTY
3fc3ff No.2826539
>>2817954
I'd take up the torch if I still believed this was feasible. But we have too many unknowns to solve for.
We can test a known password against millions of pics from image boards. Or we can try a billion passwords against a (confidently) known target image. But when trying to solve both unknowns the problem size increases beyond what is feasible for two guys with high-end desktops.
745039 No.2859316
>>2826539
maebe this will help?
>>2858984
The cult color codes are
Green Forrest = "I am your plant"
Yellow Sunshine= "Gold/Reward"
Blue Ocean= "Info/Surveillance"
Red Fire= "Anger/Smear"
Orange Sunset= "End this now"
9969c2 No.2981121
Tried this too.
4767 5774 6a7a 4d6c 6330 666b 314a 3453 0000 0907 84b4 f787 7616 86f7 a737 5707 5736
https://www.rt.com/viral/363016-wikileaks-codes-assange-death/
e1c5f2 No.3101607
745039 No.3138967
>>3055048
welp
that image does load into pixelunknot
if there is a message in it, not bruteforcing anytime soon
4c3284 No.3252291
>>3252084
Posted this in main bread. Very close to a pixelknot header.
f6d946 No.3291536
This sucks, that this hasn’t gotten anywhere… Did anyone ever try passwords that anons without androids, have suggested? If breaking the code isn’t possible, then there must be clues. I was gonna try to get the app, but the day I decided to charge an old android, I met a stray, who needed a phone. Too cosmic, couldn’t resist.
c3c0f7 No.3291607
>>3291536
maybe it's noy so much about steg - maybe it's about the connections - Guardian Project >PK> Haven > Freedom of Press Foun -
c3c0f7 No.3291646
>>3291607
and securedrop
Maybe JPB stood for something different than the cabal
The doc of SecureDrop assumes the Organization Hosting SecureDrop (in
this case FPF)
• The organization wants to preserve the anonymity of its sources.
• The organization acts in the interest of allowing sources to submit documents, regardless of the contents of these documents.
• The users of the system, and those with physical access to the servers, can be trusted to uphold the previous assumptions unless the entire organization has been compromised.
• The organization is prepared to push back on any and all requests to compromise the integrity of the system and its users, including requests to deanonymize sources, block document submissions, or hand over encrypted or decrypted submissions.
What if the above is assumed, but the assumption's incorrect?
Sauce https://docs.securedrop.org/en/latest/threat_model/threat_model.html
179bd7 No.3301018
>>3291536
Long-time lurker, first time poster. No android, or stenanography exp but one "keystone" that sticks in my head is the masonic keystone.
>>>2336488 (pb)
Has HTWSSTKS been tried?
Ty for the work anons. Back to lurking…
cbacdb No.3348866
When Washington and his troops crossed the Delaware and landed, the sentry troops we're told not to let anyone through that didn't have the password. The password was Victory or Death. Don't know if anyone has tried it yet.
18a7f3 No.3377680
>>2859316
>>2826539
>>2826539
Thought this interesting with Q's post today of Nanci Peosi talking about smear tactics
https://www.c-span.org/video/?c4674689/wrap-smear
5fb619 No.3379774
This thread is still upsetting me. Q made it seem kinda easy, right? I gotta get my hands on this thing. For the pics, we have to find the original? Posting here changes it?
448d1b No.3381423
>>2767849
I"m still thinking that's a normal occurrence in jpgs. I've seen it long before all this PK stuff.
18a7f3 No.3384298
>>3379774
Maybe it's here!
84723a No.3389253
I have an android, but no idea what to do :(
42f321 No.3395995
>>3384298
I was thinking someone said reposting images here, changes the file, so then I thought we had to go outside the Chans to find the original… But if /pol is the point of data exchange, none of that makes sense. The only thing us new fags can offer you, is fresh perspective: brand new eyes. An eye for an eye is fine, if you give me yours and I give you mine.
Anyhoo… this whole thing is worth a read, but things start heating up in July (Coincidence? Pic related): https://8ch.net/pol/res/11847601.html#12010876
7/12: Syrian Electric Army
7/13: Coincidence pic: a sign? ID: adad33, def chosen.
7/15: Someone complaining about “gigantic pics about nothing”, says please stop in /crypto posts too. Did anyone find a correlation between file size?
7/22: “…most corrupt images have steg” = Good to know, anymore helpful tidbits floating around?
9/7: Post re: steg, poster ID: 000000, def chosen. Clearly someone with knowledge, lurking and checking images. Follow them? There are few real humans, choices limited. Also, this exchange almost seems scripted, dropping hints? The whole thread could be a set up, but who’s the trap set for? Us or them?
We’re trying to intercept black hat comms, right? They hang where it’s easy to mix with bots. Spot the difference, people are jaded and quick to dismiss. “How do you hide a message in clear sight?” Amongst other random images, possibly on a thread dedicated to such. These people are stupid, right? How do they get the password to each other? Always the same? I’d say try: JEWS, but that’s too easy. What’s one step up from “too stupid”? PW is file name?
Or else we’re being led to pol, to get the answers on HOW to crack the code/spot the images. Q doesn’t have to be “Q”, white hats have to have a way of being known too. Dark/Light, Mirror, blah blah blah… Haven’t gotten ahold of PK yet, handing off until then. If this is repeat info, super duper my bad. Am phonefag, hard to scroll. Using “find on page” tool to dig = annoying to the maxxxxx.
42f321 No.3396244
>>3291646
I thought this was a good line of thinking too. But not sure where it leads. Good guys or bad guys? Did you get murdered as you were writing this? On the bright side, at least that means you’re over target.
42f321 No.3396366
>>3389253
Step 1: Get pixel knot at App Store/Google Play?
Step 2: Try that buddah image I posted, with the pw as the image file name. (Save from the original, within the thread that I linked below)
Step 3: Go through /pol yourself and see if you find any images/ideas OR scroll through everybody else’s ideas.
Step 4: Throw anything, see what sticks. Much appreciated.
09f21a No.3437327
Non code fag here, apologize in advance if this is retarded. With the CBS logo. It should be pretty simple black and white. Can you overlay a "good" one and compare to the messaged one? Wouldn't there be differences in pixels from the "original" picture to the messaged picture? Can you test it by making a picture, putting in a simple message and comparing both.
09f21a No.3437561
>>3437327
yup kinda retarded. Did find this though.
http://www.ws.binghamton.edu/fridrich/research/f5.pdf
5e2135 No.3447338
Hello pixelfag anon steganon fresh out the psych ward ( that ntv world order post got me sonically targetted) bantz
09f21a No.3468757
Been thinking about the pixel knot thing for a while. Non
code monkey/crypto fag.I am not sure you would need a
password to decrypt. I don't know alot of the language so it
may be rough in translation, I am more of a visual type.
Experiment: take a picture and run it through pixelknot.
Create new picture with the changes between the original and
the new pixelknot photo. This will create a template of the
changes to work with on the experiment. This may not be
necessary in the future, but it is a starting point. Run it
through an algorythm/formula and create a new pic. Do this
with 10K-100K algorythms.
It is my hypothesis that the static overlay will behave
slightly different than the hardcoded message. Maybe less
than 1/10th%. Create a program that looks for anomalies. A
couple of pixels in a straight line or curve. Overlay the
pics, all 10-100K and look for letters based on anomalies
that form possible letters in a stacked formation in the top
50% (or whatever).
I would liken it to creating waves in the picture and much
like looking for subs as the Chinese satelites are purported
to do with wave photographs. Or, like tuning into UHF, there
is alot of static, but you can see the words or image even
though it is not crystal clear. After doing this a few
hundred times, you may be able to analyze which algorythms
are more successful.
I don't know how much computing power that would take or if
anyone has that much. If this is viable, there is no need
to send anyone to knock on my door, I am just working on a
puzzle.
c3c0f7 No.3534063
>>3396244
Thanks. Leads to the bad guys (some of them, anyway)
I think you are correct in >>3395995 re: hiding in plain sight where "people are jaded and quick to dismiss" and that the password is a simple one.
Admire you persistent Anons trying to crack the code.
162c77 No.3588616
Dunno if anybody has suggested fotoforensic.com yet. Not necessarily helpful for the PK problem, but good for checking if images have been altered in general. The tutorials/challenges page was super helpful, if you don’t know much about what to look for/what the data tells you.
I haven’t found any other threads on /pol that look promising besides “lost content”, which is pretty dead now. There was mention of “crypto posts”, but haven’t looked beyond /pol. Cryptofags, where y’all hang out?
Do you think after all is said and done, if we haven’t gotten it by then, Q will throw us a bone?!?! This feels like a puzzle, when your dog eats half the pieces.
e54a40 No.3663002
>>3588616
did you find anything yet?
b9f4ed No.3863005
can anyone dissect this image? probably benign. maybe not. came from a cryptic /disclosure/ #4 post. Thank you.
6ce197 No.4113200
a32688 No.4167702
f75b53 No.4169365
>>3863005
>>3863005
The grip is weird…?
Free Mason thing? Jesuit thing?