[ / / / / / / / / / / / / / ] [ dir / deltach / flutter / frz / gurps / s8s / travis2k / tricking / tulpa ]

/qresearch/ - Q Research

Research and discussion about Q's crumbs
Comment *
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
(replaces files and can be used instead)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 5 per post.

Welcome Page | Index | Archive | Voat Subverse | Q Posts | Notables | Q Proofs
Q's Board: /PatriotsFight/ | SFW Research: /PatriotsAwoken/ | Bakers Board: /Comms/ | Legacy Boards: /CBTS/ /TheStorm/ /GreatAwakening/ /pol/ | Backup: /QRB/

File: 1e300b27a3826fd⋯.png (143.15 KB, 707x831, 707:831, pixelknot-info.PNG)

File: f620d7d09fc0bc5⋯.png (100.4 KB, 1149x513, 383:171, find-pixelknot.PNG)

745039  No.2371258





You'd be amazed how much is shared on /pol/


https://archive.4plebs.org/pol/thread/170109703/ Hello I am a reporter from CBS.



and on medium.com

















q drop about pixelknot



anons found pixel knot messages posted on /qresearch/ before Q drop



sha256 hashes



pages they were posted


html files of pages


original filenames of the images


original weird filenames



look at the old posts, at the id of the post and replies

find the originals

figure out clues for the keys

hiding in plain sight?













>>2314068 Exodus Chapter 8


none of the images have been cracked yet

these methods are confirmed to work on test images

PixelKnot on Bluestacks





use the last 1/3 of the password to crack first layer of f5 encryption






>curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar –output f5.jar

>java -jar f5.jar x -p plan -e out.txt Q4example.jpg

>cat out.txt

745039  No.2371388

File: c526b58cef4f502⋯.png (14.11 KB, 851x91, 851:91, ClipboardImage.png)

File: 3a69618ecc3f292⋯.png (128.9 KB, 1211x313, 1211:313, ClipboardImage.png)



>It is possible that somewhere in the world there exist a piece of editing or conversion software that outputs jpeg headers in exactly same way?

great question!

f5Android library was ported in 2012


it was modified in 2/10/17 to remove the JFIF header (on line 666)

that change was merged to guardianproject f5Android 2/15/17


the pixel knot versions on the download page do NOT have the change (all 2015 and earlier)

so ONLY the play store version has the change


the two devs involved in removing that header don't commit very often to the project, it's a strange change to make…



especially by this person


this is not a popular library


745039  No.2371551

File: a1677d3d755fabf⋯.jpg (16.1 KB, 640x360, 16:9, 0_PDlwBQSymrdu7_5D.jpg)

File: 419a76281780faa⋯.jpeg (208.99 KB, 1280x848, 80:53, 1_Wu-LPq1zKK-R5lsT67nRYA.jpeg)


PixelKnot posted to /pol/

Q predicted this


https://archive.4plebs.org/pol/thread/170109703/ Hello I am a reporter from CBS.



745039  No.2371566

File: 1002d04c080ad3a⋯.jpeg (258.65 KB, 2000x1333, 2000:1333, 1_agrJgMO-s-RsbCy6Eepp8Q.jpeg)

File: 4a1c560bc205a1f⋯.jpeg (519.97 KB, 1600x1129, 1600:1129, 1WkosvaZ2ARJ2hnmXFs02Ow.jpeg)

File: 6fc344db1638967⋯.jpg (11.81 KB, 400x243, 400:243, 6fc344db1638967fc546931b52….jpg)

File: c982c0559e47b8c⋯.jpeg (95.29 KB, 780x438, 130:73, 1-AqvMU0oaVzL8UR-llP2k9g.jpeg)


pixel knot posted on medium.com

745039  No.2371604

File: a5691381e37dca5⋯.png (9.54 KB, 350x78, 175:39, ClipboardImage.png)


stegdetect thinks these have f5 data, and they all have the PixelKnot signature

0_PDlwBQSymrdu7_5D.jpg : f5[1.687834](***)

1_v3vvVO3DuvEB-osQDcIqlw.jpeg : f5[1.664398](***)

1_Wu-LPq1zKK-R5lsT67nRYA.jpeg : f5[0.652062](***)

1_xv-xqPhM_w3qdIatlg8L9A.jpeg : f5[3.026896](***)

1-0V2r2vC9pJRhMu8E_i0B7A.jpg : f5[1.590077](***)

745039  No.2371636

File: fde37abc7515137⋯.png (96.9 KB, 623x425, 623:425, ClipboardImage.png)

File: 1b01e2fbd7483fe⋯.jpg (48.36 KB, 700x546, 50:39, 1b01e2fbd7483fe2167a417ed6….jpg)

File: 18e535c25589738⋯.jpg (45.05 KB, 640x480, 4:3, 18e535c2558973824cf2f11ea0….jpg)

File: 252ff478b5b8fff⋯.jpeg (31.57 KB, 450x450, 1:1, 252ff478b5b8fff4c1f21d2a2….jpeg)

f5 detected in all of these with the PixelKnot header

00c9c0a7f1e16262b2fc85bda8bf7f35d87777fa4ce17aedf2cb111be3fa8c19.jpg : f5[1.487972](***)

18e535c2558973824cf2f11ea009066d0cd1fe3ac6c8b4bc0d5fa687d89da67a.jpg : f5[1.077547](***)

1b01e2fbd7483fe2167a417ed605269fa0fc8aaf9bbd1859898ea13b22ba4dee.jpg : f5[0.754573](***)

252ff478b5b8fff4c1f21d2a2fc1e7fb7fe63567f97c0d48f8015554c238f95f.jpeg : f5[0.629857](***)

262033564a1203326fea09ce1690e6466d577eb328c2f701a38781041a95f865.jpeg : f5[0.635810](***)

27cbddbc07d9b2e1fd99e4a79027b84f7dfbfc036fc446e216c8c5d79c524f45.jpeg : f5[1.069136](***)

310f67a6d8347ca66d1f9834c57590f0d848599155233ced507339e12dff764f.jpeg : f5[1.430104](***)

3acfcd9010a0c4ac35b0094eba3091edd503c8567e19245bf4439d933783d499.jpg : f5[1.762944](***)

419a76281780faaba70a562eadb3259afa20f110bde50d6b3a59611a1990c63e.jpeg : f5[0.652062](***)

43cade15e74ea33de94fe1e348366276d52b586f3e3cc37aa5c78740730282dd.jpg : f5[0.672636](***)

593888383f3b0cb45830b446e147fb0a63fa2323f2d5cae0fa667f432537ad7f.jpeg : f5[1.720412](***)

595033569a40a6b9371eec9374ee85f5f9f15cb795abcb231d743c632ca8c8e2.jpeg : f5[1.646860](***)

66e906944458a8e86480d8a5a167d8d59d7439f1a50a7606990ecaff2d875d1a.jpg : f5[0.313252](**)

68ccb4146da74068a0d8749ac6bd3dab249e1a6d947c8ee106ef5bfdc0c9cf6e.jpeg : f5[3.026896](***)

8956211e37873f95544dc8411b96cec78ab9015e5ab1bfb32e77dcf7e23efffa.jpg : f5[0.385592](**)

9a63066551a3fb4c3372b0de92d1f2765f5e3282407a9eff8f02bda18abc19f0.jpeg : f5[0.646259](***)

a1677d3d755fabf1c73b1786f5ac39f714c59cf72fc288029c166f9be119b7cf.jpg : f5[1.687834](***)

a5e5c137d0b352d8dbacaf8e2802f62bf59dac5dbd2b6af2d8379ac308b7b3d8.jpg : f5[0.369714](**)

be471d6d62109bc5be47082d1cf9a537777d9f6de5b1d777d4ee113a9c47ab63.jpg : f5[1.220465](***)

c17f5a9d1c3a40b5a866c68c964919f0e9dd29cd22f65d42817e6fb98f9baade.jpeg : f5[0.531815](***)

ce753f2d52183cbfa45b036d424ae516ce052f7b5b199b9f104db4f3b2ebc33d.jpg : f5[1.233975](***)

da6e9b4af508b04b76ec9882d59d6e85477e56f0c099914cf0f28f6a78f4b1c4.jpg : f5[1.661258](***)

db993b32deab77deff84aed2d656da90f820e6e0a86419368c7fddf3a3399557.jpeg : f5[0.540917](***)

e32140dca7b6a613fc23e47d7c7fb80ee953ae905328bff12a63afbade44cddc.jpeg : f5[1.664398](***)

e5393fba4fcca1dab2d66f98e520503ca942e3bf42bae78de2aa08c8576fa024.jpg : f5[1.590077](***)

e6b8db63781c16e82f72a5ed3fea3bfda5913bcd4b8bc881a81641b4b803ba8e.jpg : f5[1.484567](***)

ec1a0995e2b221546988a8e79fd4432f4464bef83a01b625a29b28192f2a083e.jpg : f5[0.366998](**)

ee59b2d2e90904a33d5176302c4982d0496a1536cf16aa73f6029d4ff0734878.jpg : f5[1.828625](***)

f5ee16710b749e2c4dd3e95a1f725723b322f9963010256dc3cffad0eddff752.jpg : f5[1.235872](***)

fb4155bf04f4b1dbe5cd387772dd7b02c33165c5cd8d4f244ff89743e9dfdeb6.jpg : f5[0.626920](***)

745039  No.2371666

File: a1677d3d755fabf⋯.jpg (16.1 KB, 640x360, 16:9, 0_PDlwBQSymrdu7_5D.jpg)

File: dac330afc394f98⋯.png (60.17 KB, 708x333, 236:111, ClipboardImage.png)


focus on the evil eye posted to /pol/ on 01 May 2018 14:22:30

0_PDlwBQSymrdu7_5D.jpg : f5[1.687834](***)

Hello I am a reporter from CBS.

tried every 3 letter combo already

c69a4f  No.2371688

The identified pxlknot images I looked at were all 96dpi and 24bit color.

A general approach to decryption is to start with the simplest image, and then encode one character. Examine the resulting image. Do it again with the same characterto see if there is a change.

Then sequentially encode '1','2', '3', etc. and see if there is a predictable pattern.

What you're looking for is a way to brute-force decode the image.

Also try to find the original images before they were subjected to pxlknot.

d09e22  No.2371713

File: 6338310af3411f1⋯.jpg (372.88 KB, 1024x701, 1024:701, jacksonlee.jpg)


that ring is pedo symbol.

jackson lee wears one.

c69a4f  No.2372025

Here is source code for determining entropy of a file. Can be used in connection with brute force decrypter to identify results with significantly different entropies.


f7173a  No.2372148


The spiral has many meanings. It is an ancient symbol.


35f05f  No.2372226


So just so to be sure, are you are saying the app store version is incompatible with the F5 library that is used with say tools built on linux?

I can't seem to extract data on linux that I embeded with the appstore apk (that I built from the source). I can't figure out why, but it mimic's some of the other responses from the previous bread.

Huffman decoding starts

Permutation starts

921600 indices shuffled

Extraction starts

Length of embedded file: 1798344 bytes

(1, 8388607, -9) code used

Incomplete file: only 0 of 1798344 bytes extracted

745039  No.2372349

File: 082f141f04a096f⋯.jpg (19.23 KB, 288x394, 144:197, Q4example.jpg)


>are you are saying the app store version is incompatible with the F5 library


the change looks compatible, the header is optional

I have decoded the Q4example.jpg with google code f5.jar build in 2011 (where f5Android was ported from) and from the most recent source on windows using sun jdk 1.8

not sure if openjdk or linux would be different

java -jar f5.jar x -p plan Q4example.jpg -e msg.txt; cat msg.txt

Huffman decoding starts

Permutation starts

172800 indices shuffled

Extraction starts

Length of embedded file: 88 bytes

(1, 127, 7) code used



35f05f  No.2372815

File: 760ba9dfcb03613⋯.jpg (69.84 KB, 675x1199, 675:1199, goods.jpg)


See if you can decode please.


fa9e7b  No.2372909

I ran the pixelknot python detection script that was on here in the last few days on my cache of qresearch image files and found there was a few of them.

Uploaded what i found so far to https://anonfile.com/h8k8Adf3b6/pkfiles.zip as i don't have the computing power to tinker with them.

745039  No.2373016

File: 3aa22db5bd7d379⋯.jpg (33.96 KB, 600x510, 20:17, lime-cat.jpg)


f5 layer with last 1/3 (non)

java -jar f5.jar x -p non -e msg.txt ../../Downloads/760ba9dfcb03613b2db84902b7dec4c2edba182945542a18456b9a18cda2a857.jpg; cat msg.txt

Huffman decoding starts

Permutation starts

1238400 indices shuffled

Extraction starts

Length of embedded file: 104 bytes

(1, 127, 7) code used

—-* PK v 1.0 REQUIRES PASSWORD —-*vNOvTv6i78CsQvHg





Evil Everywhere …


757a03  No.2373115

757a03  No.2373154

File: 9ccadfe79d3f9d9⋯.png (484.2 KB, 776x1044, 194:261, Missle 9_char_code.png)


I just wanted to link this over here from the Silverman password thread in case there's any significance.

I'll bug off now!

745039  No.2373165

File: 099c8e2c56aebe6⋯.png (872.37 KB, 1168x933, 1168:933, ClipboardImage.png)

File: 1371f6c539b3601⋯.png (793.45 KB, 1173x859, 1173:859, ClipboardImage.png)





745039  No.2373244

File: 2c19435a6c6d0b7⋯.jpg (6.7 KB, 253x199, 253:199, 2c19435a6c6d0b75661f8bed42….jpg)


great work anon, this image is small enough i can try 2000 passwords/second -

tried all 3 combos (rules out all passwords < 10)

takes 7 hours to go through all 4 char combinations (all password < 13 chars)

if we crack one image it might give us a clue on the passwords for the other

745039  No.2373486

File: 7847ca957e6b83c⋯.jpeg (31.99 KB, 355x386, 355:386, 0_SVRAr3qJsZsv1Z4H.jpeg)






c5ee9d  No.2373544


But is it still possible that another, entirely irrelevant piece of software could coincidentally produce images with the same header?

fa9e7b  No.2373593


Wish i had a faster computer. Glad someone can make a go of it.

35f05f  No.2373814


This is a stretch, but what if they didn't use PixelNot at all? What if they used the JS version of F5?

745039  No.2374639

updated PixelUnknot main with timer


35f05f  No.2374860


Thanks for your help. I think I'm missing something, PixelUnknot is needed to decode the output from f5?

After getting bounced around in the 'bouncy castle' I was able to run PixelUnknot, but not sure how to get the message decoded.

8a1878  No.2374887


Honestly, the only way I know of to speed this up would be to do what the bitcoin miners do and find a way to shunt the data into a graphics card to 'render' out the solution.

Not knowledgeable enough on this topic though to even wrap my head around how this gets done on a mathematical level, I just know that a graphics card can pump out hashes like there's no tomorrow.

745039  No.2374957

File: 6f91ddcf462e495⋯.png (6.18 KB, 361x108, 361:108, ClipboardImage.png)


you need two files, the image and text file with the list of passwords to try

you can run in intellij with this run config (see pic)

or command line

jar -cp "<classpath crap>" q.Main Q4example.txt passwords.txt


i wish, need to have java's secure random and that won't run on a GPU

21c507  No.2374970


Yes. Any software that uses the "james" library to write JPEG images.

745039  No.2375023

File: 1dffcc11a9167cd⋯.jpeg (231.24 KB, 1176x922, 588:461, 1dffcc11a9167cd1ce530ea4f….jpeg)

File: 1fb392cffd4a9eb⋯.png (76.91 KB, 577x300, 577:300, 1fb392cffd4a9eb3df695d1635….png)

File: 9bfaf4959fc0532⋯.jpeg (363.12 KB, 1372x1819, 1372:1819, 9bfaf4959fc0532126d57f858….jpeg)


it's a stretch, jpeg header can come in any order this is unique. only way to know for sure is to decode one of these or find another piece of software that does the same.

look at the images - they are creepy - and some of them are unique enough to find the sources - different websites images with the same naming convention 1_XXXX_XXXXXX that were posted on qresearch over the last few months

35f05f  No.2375031


Huffman decoding starts

non good byte - at 0

non good byte - at 1

non good byte - at 2

non good byte - at 3

!!!!!!!!!!! PARTIAL MATCH - non

!!!!!!!!!!! PARTIAL MATCH - non

!!!!!!!!!!! PARTIAL MATCH - non

!!!!!!!!!!! PARTIAL MATCH - non

I'm not getting the message … Since in my case I just added qanon to the passwords.txt

745039  No.2375089

File: 0f19db506742f95⋯.png (7.93 KB, 280x142, 140:71, ClipboardImage.png)


james is an implementation of f5 jpeg encoder, so if it is another program it'd probably be a f5 steg program too


e511db  No.2375171


Don't know if it was already done, but I ran the python pixelknot detection script in a folder with all of Q's images he posted.

0 pixelknot images…

745039  No.2375174

File: e471b835a1a341f⋯.png (6.36 KB, 295x82, 295:82, ClipboardImage.png)

these look like ports of the original java both write the JFIF header on encoding







ccc1fa  No.2375198


that py script is trash, can't tell its ass from a hole in the ground

21c507  No.2375234


Yes, it's probably used by nothing else than the F5 library, but James JPEG Encoder actually predates F5.


745039  No.2375351


hmm pretty widespread, still all write JFIF




weird that somebody would move it down to line 666 and comment it out

e511db  No.2375386


So how do you detect a pixelknot image?

745039  No.2375392




745039  No.2375402

File: f620d7d09fc0bc5⋯.png (100.4 KB, 1149x513, 383:171, find-pixelknot.PNG)


missing JFIF and signature at 0x88

35f05f  No.2375416

Not sure which is more important, trying to decipher hidden messaging/files in Q's posts are PixelKnot comms.

We are going to have to start from scratch if try to extract (if any) hidden data from Q's images.

745039  No.2375458

File: b32826f432e2d30⋯.png (35.85 KB, 700x121, 700:121, found-1_Wu-LPq1zKK-R5lsT67….PNG)

File: f29f6e1d068a4dd⋯.png (25.32 KB, 911x214, 911:214, creepy-af-not-eye.PNG)


it's not Q using PixelKnot it's them…

they are trading information over these images posted places, on /pol/ …on /qresearch/… on medium.com

they are using them to identify each other

c5ee9d  No.2375498


Anything to back this up, or just guess work?

e511db  No.2375569


I used the f5.jar to add a message to a picture, and to extract it again for verification.

That encoded picture does have JFIF in it and does not have that FF C0 00 11 @ 88

35f05f  No.2375588


I know this, I'm saying what if Q hid data in PNG's, all this PK work is for not. Some of the PNG's Q uploaded seemed pretty large for what they are..

35f05f  No.2375616


I think the C0 is the start of the image, but I could be wrong.

35f05f  No.2375683


Marker Identifier 2 bytes 0xff, 0xc0 to identify SOF0 marker.

My hex compare using PixelKnot app, the image with message is 0xff, 0xc0, and the image without is 0xff, 0xc2

e511db  No.2375702

File: 5d901c266c2bbe7⋯.png (187.96 KB, 950x288, 475:144, console.png)

File: ed71c80d359e0d6⋯.png (149.69 KB, 2062x626, 1031:313, hexes.png)

This is what I get with a little test.

Hope it helps

745039  No.2375707

File: 9d65a2f8806914b⋯.jpg (70.19 KB, 1744x1080, 218:135, 9d65a2f8806914b900b7e51e3a….jpg)

File: 85e2aa60861e3a4⋯.jpeg (109.69 KB, 638x960, 319:480, 85e2aa60861e3a4d1836d40a1….jpeg)

File: b8e3cbba4816381⋯.jpg (162.77 KB, 1000x752, 125:94, b8e3cbba481638166ce78d8703….jpg)


exactly - only pixelknot encoded images are missing that - f5 will decode it


pixelknot only does jpg/jpeg

35f05f  No.2375762


>pixelknot only does jpg/jpeg

I know :)

Hence why I said start all over …

35f05f  No.2375793


If I specify the full password to f5.jar it chokes, if I specify the last 3 digits I get (in out.txt):

—-* PK v 1.0 REQUIRES PASSWORD —-*vNOvTv6i78CsQvHg


35f05f  No.2375858


By choke I get this instead:

java -jar f5.jar x -p qanon ~/Downloads/goods.jpg

Huffman decoding starts

Permutation starts

1238400 indices shuffled

Extraction starts

Length of embedded file: 485098 bytes

(1, 67108863, -6) code used

Incomplete file: only 0 of 485098 bytes extracted

ccc1fa  No.2375964


This is not a consistent way to find f5 images. In fact, it doesn't even work with the q test image available in this thread. Also, I see the same patterns in images I've created myself. Also if you use a hex editor to examine various images that are implicated as f5 this pattern does not fit. If you want to start comparing I recommend using beyondcompare and renaming the jpg to txt.

ccc1fa  No.2376015


Still trying to determine that consistently. I saw someone here using stegdetect but I haven't tried it yet and it looks like based on settings you use can result in a high rate of false positives

757a03  No.2376405

File: 6fd5cd3a354ea0e⋯.png (995.97 KB, 1930x1042, 965:521, punisher logo.png)

I imagine someone has already caught on to this.

Just in case though, there seems to be a punisher image hidden in the Silverman image brought out with image filters.

Also what looks like a navy seal eagle image on the nose of the punisher skull.

Both images have significant meaning to this group of patriots.

I'll try and get it clearer.

Password may be blackwater, Erik Prince or Frontier Group

745039  No.2376447

File: 082f141f04a096f⋯.jpg (19.23 KB, 288x394, 144:197, Q4example.jpg)

File: 509264703ff8ecf⋯.png (22.83 KB, 617x200, 617:200, ClipboardImage.png)




this fellow anon is how you recognize them

they want to slide the conversation with arguments that are easy to argue

glad we have your attention

745039  No.2376493

File: 167379897582902⋯.jpeg (75.64 KB, 612x440, 153:110, 167379897582902f75f757f04….jpeg)

File: b4ffa2fe6ba7c7b⋯.jpg (59.1 KB, 1008x720, 7:5, b4ffa2fe6ba7c7b732e36af359….jpg)

File: eb631d0dda12c5d⋯.jpeg (22.43 KB, 450x450, 1:1, eb631d0dda12c5d2b70c627be….jpeg)


the code is trying to find the last 1/3 of the password

here is a Main.java that decodes the message


35f05f  No.2376582


Thanks, I get this when I build with your changes …

java -jar PixelUnknot-1.0-SNAPSHOT.jar ~/Downloads/goods.jpg passwords.txt

Huffman decoding starts

non good byte - at 0

non good byte - at 1

non good byte - at 2

non good byte - at 3

!!!!!!!!!!! PARTIAL MATCH - qanon

!!!!!!!!!!! PARTIAL MATCH - qanon

!!!!!!!!!!! PARTIAL MATCH - qanon

!!!!!!!!!!! PARTIAL MATCH - qanon

java.security.InvalidKeyException: Illegal key size

at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)

at javax.crypto.Cipher.init(Cipher.java:1393)

at javax.crypto.Cipher.init(Cipher.java:1327)

at q.Main.DecryptWithPassword(Main.java:45)

at q.Main.extract(Main.java:107)

at q.Main.lambda$main$0(Main.java:153)

at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)

at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)

at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)

at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:291)

at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)

at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)

at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:401)

at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734)

at java.util.stream.ForEachOps$ForEachOp.evaluateParallel(ForEachOps.java:160)

at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateParallel(ForEachOps.java:174)

at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)

at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)

at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:583)

at q.Main.main(Main.java:151)

745039  No.2376618

File: 5b7086756513a6b⋯.png (5.07 KB, 476x63, 68:9, ClipboardImage.png)

File: 03f097c8ee9785a⋯.jpeg (289.77 KB, 1600x866, 800:433, 03f097c8ee9785ab4d177585d….jpeg)



exactly right

pixelknot uses the last 1/3 of the password for the f5 encryption

the rest is for the AES encryption layer after

if we can find the last 1/3 of the password we can PROVE there is a pixelknot message in one of these images

745039  No.2376678

File: a3513a1a861b175⋯.jpg (279.22 KB, 1105x514, 1105:514, a3513a1a861b1754c31b52f272….jpg)


does it work with Q4example.jpg and passwords.txt ? might be that qanon is too short of a password

4d00ef  No.2376757

File: 68ccb4146da7406⋯.jpeg (17.54 KB, 321x323, 321:323, 68ccb4146da74068a0d8749ac….jpeg)


Working on pic related

Have searched this keyspace up to length of 3 chars for the F5 seed

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 .,:;!?()-+*/\[]{}@_><#~=^`'"&%$

space included

No hits - proceeding to length of 4 - will report back in a few days

35f05f  No.2376795


I'll check, but someone was able to extract the message in the image I uploaded earlier. So there is some difference with my runtime vs. anon's runtime, or some bug someplace.

I want to make sure that I can verify results from PK app and then extract then on my box, this way I know for sure I have something that's reliable. I'm using 1.8 on mac, I was thinking about switching to VB vm instead (I have a couple different VMs aready setup), but I'm just puzzled why I'm not getting the same results as the other anon.

745039  No.2376809

File: a1677d3d755fabf⋯.jpg (16.1 KB, 640x360, 16:9, 0_PDlwBQSymrdu7_5D.jpg)


don't forget single and double quotes

I'm running this on all the images

crunch_win.exe 1 3 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"

and running

crunch_win.exe 4 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"

on evil eye

4d00ef  No.2376829


I haz both. I started on the evil eye but I noticed the rate was way low on that image (in comparison to test images)… you may want to check yourself. Much faster against illumipepe

ccc1fa  No.2376835


You got the fellow anon part right but sliding, in the same thread?

Yours is the first I've seen that matches that cap (just started working on this today). Do you have other images that fit this pattern? Otherwise, I haven't found any yet and the other version of the q example image had the FF C0 starting at 9E not 88, something isn't fitting here.

As for the python script its looking for files that begin with 'ff d8 ff db 00 84' which I also haven't found any images posted as examples on the board fitting this format.

This is also just one implementation of f5 with the missing jfif header. There are many from my understanding.

The CBS eye everyone keeps posting is 9E not 88 and has a header.

many others are FF C2 around 9E instead of C0.

35f05f  No.2376851


Would be nice to have a distributed setup for this, because if we crack one, we have many others that probably won't have the same password.

ed2885  No.2376856

New avenue…the instructions to decode are in the original message. Google, Yandex, iqdb. What do they have in common? Reverse image search. Use the Silverman image to reverse search. Now what pictures? Is it given right in the image number? IMG_382. Third pic Google, eighth pic Yandex, 2nd pic iqdb. What info from these three pics? Hit a wall, run with it.

745039  No.2376887

File: 237259d046ff087⋯.png (64.73 KB, 1026x238, 513:119, ClipboardImage.png)

File: a1677d3d755fabf⋯.jpg (16.1 KB, 640x360, 16:9, 0_PDlwBQSymrdu7_5D.jpg)

File: 192249c6e48b001⋯.png (3.56 KB, 344x39, 344:39, ClipboardImage.png)


see you glowing

ed2885  No.2376914


>Silverman passcode

>New avenue…the instructions to decode are in the original message. Google, Yandex, iqdb. What do they have in common? Reverse image search. Use the Silverman image to reverse search. Now what pictures? Is it given right in the image number? IMG_382. Third pic Google, eighth pic Yandex, 2nd pic iqdb. What info from these three pics? Hit a wall, run with it.

WAIT also stands for what anime is this, and has reverse image search

745039  No.2377012

File: 6860084cf852dd0⋯.png (149.33 KB, 568x354, 284:177, ClipboardImage.png)



oh yeah i switch too when the new file bundle came out, i'm trying 4 char combos on the smallest image

progress - count: 30089632 elapsed: 15622s = rate: 1926 pw/s

ccc1fa  No.2377022


No it looks like its just how I've been downloading the image to check it.

Thanks for the example and showing me what I was doing wrong, perhaps you'd like to confirm.

Without expanding the image, right-click and save image as. View the hex.

Then expand or use the direct link above the image and you get that header.

745039  No.2377210

File: 93b6b013476679a⋯.jpg (157.7 KB, 1280x720, 16:9, 93b6b013476679a509d3632a21….jpg)

File: 674326345ec73f2⋯.jpg (13.81 KB, 301x346, 301:346, 674326345ec73f215b9b28972d….jpg)

File: ce753f2d52183cb⋯.jpg (140.65 KB, 715x433, 715:433, ce753f2d52183cbfa45b036d42….jpg)


download these two batches of files



745039  No.2377224

File: 7ec3b1dac2aea3d⋯.jpg (35.42 KB, 620x325, 124:65, 7ec3b1dac2aea3dc40b74745ae….jpg)

File: 83e2066739b3926⋯.jpg (186.52 KB, 806x886, 403:443, 83e2066739b3926356a48bc9df….jpg)

File: abbbd389003d0b2⋯.jpg (24.4 KB, 400x300, 4:3, abbbd389003d0b2b919ac73fcb….jpg)


research where they come from

745039  No.2377229

File: d81e8b45dabedb9⋯.jpeg (65.72 KB, 1920x1080, 16:9, d81e8b45dabedb9a5f699fa35….jpeg)

File: cbf4b660df565b8⋯.jpeg (21.15 KB, 520x320, 13:8, cbf4b660df565b89c712b542e….jpeg)

File: e47784ef976c039⋯.jpg (86.7 KB, 500x663, 500:663, e47784ef976c039946ff0cf213….jpg)

File: f6f0b49f8aa3e00⋯.jpeg (165.53 KB, 1200x630, 40:21, f6f0b49f8aa3e0049bed9c574….jpeg)

745039  No.2377235

File: 1bd08bbdbd08994⋯.jpg (750.65 KB, 1920x1080, 16:9, 1bd08bbdbd089942e582d87820….jpg)

File: e51115ae4e2837d⋯.jpg (339.9 KB, 2000x1336, 250:167, e51115ae4e2837d2f0e7d82bb0….jpg)

File: 8d447fd44092b38⋯.jpeg (44.45 KB, 1000x541, 1000:541, 8d447fd44092b387650c8eee5….jpeg)

File: 38c2d21f3c19ef3⋯.jpg (23.83 KB, 400x400, 1:1, 38c2d21f3c19ef3f5dcbf6c223….jpg)

ee4cfa  No.2377313


>don't forget single and double quotes

Assuming the password accepts unicode, you may have a much bigger fight ahead of you. Consider other symbols like the pound sign (£) or the euro found on keyboards from other countries.

If it's unicode, you can safely assume UTF-8, given it's a pretty widespread standard.

Also, I recommend avoiding random character generators, but having a pre-computed array/table (for 3 characters).

If you're looking at additional bruteforcing power, a couple of recommendations:

1) Each of you should pick one picture each and specify what image you are trying to decode, and how. That way you're not duplicating each other's work.

2) If failed, specify what you tried and the 'results', if any.

For bringing hardware resources to bear:

1) Consider modded PS3s (some of you might have one or two lurking around), they're ideal for bruteforcing

2) Trial periods on cloud hosting repurposed (or alternately rent out some rackspace)

3) Dust off some old laptops, machines, and set them to work continuously whilst you do other things

4) Get some programmerfags to rewrite the testing code in bare metal (like C++) which would see mild performance improvements

Alternatively, if exhausting the three character space is too much, assign each of yourselves a single first character, and brute force all characters under that character.

So if one of you was to do 'A' (A), the next person would do 'B' (B).

Brute forcing isn't just about power but also efficient allocation of resources.

PS, Bitcoin's algorithm is SHA256. So if you're looking to break SHA256, look no further than your own noses. ; )

745039  No.2377440

File: 7a59392f290b0b6⋯.jpg (118.06 KB, 1200x800, 3:2, 7a59392f290b0b6cd6a27e246a….jpg)

File: 8e350c342684ff2⋯.jpeg (339.9 KB, 1600x1066, 800:533, 8e350c342684ff2b3d2640535….jpeg)


>If it's unicode, you can safely assume UTF-8, given it's a pretty widespread standard.

yeah great point … looked at the code and no reason why unicode passwords wouldn't work

745039  No.2377671





b10bfd  No.2378123

File: 50adb74cb34eb10⋯.jpg (17.43 KB, 255x191, 255:191, sample-1-a.jpg)

File: 52063772eb7fc9d⋯.jpg (27.32 KB, 255x191, 255:191, sample-1-b.jpg)

File: 2564284324619fd⋯.jpg (20.58 KB, 255x199, 255:199, sample-2-a.jpg)

File: 6be90e769a77d59⋯.jpg (25.66 KB, 255x199, 255:199, sample-2-b.jpg)

just having some fun…

1b4548  No.2378143

File: 7c6fdb12b4d13bd⋯.png (68.56 KB, 1349x685, 1349:685, PkV1.0.1src.png)


>the pixel knot versions on the download page do NOT have the change (all 2015 and earlier)

>so ONLY the play store version has the change

Reposting from last bread, possibly relevant.

Are the brute force tools developed here based on the most recent github resources?




>Updated: February 17, 2017

>Current Version:1.0.1


>n8fr8 released this on Feb 16, 2017 · 0 commits to version_2 since this release

I'm probably tired or a dumbass, maybe both. But is version 2 in github the same as the one on in the play store right now?

1b4548  No.2380484

File: 61b72bfb296c4cb⋯.png (89.11 KB, 1360x728, 170:91, F5buffersGithub.png)

File: 3681d8a54d2c912⋯.png (85.21 KB, 1360x728, 170:91, F5buffersAPKDecompile.png)

File: 94d0e7cd8a16e8d⋯.png (72.89 KB, 1360x728, 170:91, C0217Rjavainit.png)




Took the apk, put it through a decompiler and found an additional file


import info.guardianproject.f5android.C0217R;

import info.guardianproject.f5android.plugins.PluginNotificationListener;


package info.guardianproject.f5android;

public final class C0217R {

public static final class drawable {

public static final int ic_launcher = 2130837601;


public static final class string {

public static final int app_name = 2131165211;

public static final int cleaning_up = 2131165272;

public static final int downsampling_components = 2131165273;

public static final int init_coeffs = 2131165274;

public static final int init_huffman_buffer = 2131165275;

public static final int init_permutation = 2131165276;

public static final int querying_image = 2131165277;

public static final int reading_huffman_buffer = 2131165278;

public static final int setting_huffman_buffer = 2131165279;


public static final class style {

public static final int AppBaseTheme = 2131296416;

public static final int AppTheme = 2131296417;



1eb45a  No.2380486

File: c4ec6d6b44b6955⋯.png (10.76 KB, 597x93, 199:31, modified loop to support 2….png)


I think so. The test image I created with Pixelknot (from the Play store) is missing the JFIF at the beginning of the file. The "pixelunknot" brute force tool (almost) works on my test image.

I say "almost" because I ended up modifying the loop (pic related). My test image's password was "test", so that's a seed string of "st". The loop wouldn't try it even though I had "test" in the dictionary file. On a side note, I also added a HashSet that keeps track of everything attempted, to avoid re-trying common word endings.

f3fd5b  No.2380686

PNG DECODE HERE in bread 3000.



1b4548  No.2381600

File: fc02fa21e27e78c⋯.png (105.29 KB, 1360x728, 170:91, C00064Rjavainit.png)


I'm using


to obtain the source code directly from the android app, not github.


Again, even the older version /pol/ shared also has an additional file in the F5 bundle


import info.guardianproject.f5android.C0064R;

import info.guardianproject.f5android.plugins.PluginNotificationListener;


package info.guardianproject.f5android;

public final class C0064R {

public static final class drawable {

public static final int ic_launcher = 2130837631;


public static final class string {

public static final int app_name = 2131361805;

public static final int cleaning_up = 2131361806;

public static final int downsampling_components = 2131361813;

public static final int init_coeffs = 2131361809;

public static final int init_huffman_buffer = 2131361808;

public static final int init_permutation = 2131361807;

public static final int querying_image = 2131361810;

public static final int reading_huffman_buffer = 2131361812;

public static final int setting_huffman_buffer = 2131361811;


public static final class style {

public static final int AppBaseTheme = 2131427417;

public static final int AppTheme = 2131427418;



bbb839  No.2382513


I don't understand all the details but F5 stegnography encodes data by altering the DCT coefficients per 8x8 pixel block, those coefficients are stored with Huffman compression. The method of encoding is why the output image is always a JPEG. You would have to do statistical analysis of the JPEG coefficients… (assuming the software wasn't comprimised to leak additional info as well, the absence of JFIF header appears to be such a case)

0016c5  No.2384816

File: 218c28cd66e2515⋯.jpg (126.6 KB, 720x1280, 9:16, 20180731_232800.jpg)


We might be able to put the GPU to some use. The decoding part obviously has too much conditional branching for it to be of any use there. But the Permutation generation step is highly linear. It should be well suited to parallelization. It could be sent perspective passwords and a sizeN and send back an arrays. However, it would be memory bound. And the huge bandwidth requirements to send those arrays back to the main memory might be an issue.

I found the source for all the parts of SecureRandom and plan on making a perfect replica of it in C as a stepping stone to a possible GPU implementation. That is extremely ambitious for someone with my coding skill-level. But I can to it… eventually.

e15c71  No.2384880

Not a code flag, but is it possible code/key/password is John Podesta's password p@ssw0rd ? Q said future/news unlocks past?!?idk maybe iz just a baboon loose on board.

4d00ef  No.2385149

File: 2fef86fb4df2f72⋯.png (62.34 KB, 357x294, 17:14, Hmm.png)


https://arxiv. org/pdf/1606.00519.pdf

0016c5  No.2385219


The Huffman decoding part is a non issue. You only need to do that once for an unlimited number of password attempts.

It's calling the SHA-based psudorandom number generator a million times in series (can't be paralleled) to decide which integers to shuffle around that takes most of the work.

4d00ef  No.2385265

File: 1db52d212f8ca14⋯.png (50.13 KB, 922x351, 922:351, PKBDF2-SHA1.png)


Can't we just use/modify the existing hashcat code for that?


4d00ef  No.2385325


Sorry that's for the AES decryption portion… still, I think we could use the existing hashcat code for the SHA portion of PRNG. SHA1/256 on hashcat is stupid fast. Something like 600m hashes/s on my old ass card.

0016c5  No.2385604


Hashcat is doing something totally different. It's trying to find the passwords that produced a set of hashes. It does this by hashing lots for trial passwords once in parallel'. We need to take one password, use it to set the state of the SHA algo, and then cycle the output back in many many times. This is an unavoidably serial process. If I indeed go down this rabbit hole it will probably involved reading the HashCat code as a way of learning how CPU<->GPU coding works. I might even use some parts from it. But beyond that programs like HashCat and John the Ripper are not useful to us.

4d00ef  No.2385732


I know. Rather than shooting for one target hash, we try 1k passwords at once and run each serially with however many iterations required, in parallel. I don't see a problem here. I still think it can be modified to our purpose.

0016c5  No.2386063


We are not really looking for one target hash. It would be nice if it were that simple. Here is the annoying chunk of code in question. 'random.getNextValue' calls 'SecureRandom' which was previously seeded using the password under test. Inside 'SecureRandom" there is a SHA hash function at the heart of it. 'size' is typically around a million.[code]public Permutation(int size, F5Random random) {

int i, randomIndex, tmp;

shuffled = new int[size];

// To create the shuffled sequence, we initialise an array

// with the integers 0 … (size-1).

for (i=0; i<size; i++) // initialise with size integers

shuffled[i] = i;

int maxRandom = size; // set number of entries to shuffle

for (i=0; i<size; i++) { // shuffle entries

randomIndex = random.getNextValue(maxRandom–);

tmp = shuffled[randomIndex];

shuffled[randomIndex] = shuffled[maxRandom];

shuffled[maxRandom] = tmp;

}[code] It's serial. And it's memory intensive. But at least there need be little conditional branching (which GPUs suck at). So this would use all of the GPUs RAM long before you got enough processes in parallel to use all of its computing power. It can't hurt to have a few hundred more cores helping the main CPU (as long as there are no memory bandwidth issues). But we're not going to get the same astronomical performance boost that HashCat gets.

0016c5  No.2386109


Oops, for got the /

	for (i=0; i<size; i++) {	// shuffle entries

randomIndex = random.getNextValue(maxRandom–);

tmp = shuffled[randomIndex];

shuffled[randomIndex] = shuffled[maxRandom];

shuffled[maxRandom] = tmp;


4d00ef  No.2386525


Is size the size of the decompressed bitmap? Or is it something else?

PS tells me that's about 303K for illumipepe.

Even if it's 1MB as you say, that's still 1500 instances of the image.

With my lame 1.5GB graphics card that's still almost 5K potential instances

0016c5  No.2386742


Its the size of the DCT coefficient list.. which works out to be the same as the number of pixels * channels (RGB). But, practically, yes. Many of the images are larger than that one.

>With my lame 1.5GB graphics card that's still almost 5K potential instances

Indeed. I just need to work out how it will handle all the out of order loading and storing.

4d00ef  No.2386850


The DCT coefficient list only gets computed once, correct? If so, we only need to push one copy of the data to the graphics card and we should be able to copy it as many times as we want, no? And if we manage to implement it all on the graphics card, then all we really care about getting back is the rate of attempts and the valid key, if any. And yes, I understand many images are larger but essentially it would work out to max available GPU mem divided by decompressed image size in terms of threads. I'm willing to bet that's still a fuckton more than we've got going currently.

0016c5  No.2386977


Uh-huh. That is why I'm currently reading up on GPU programming.

The stumbling block I foresee is that there is a lot or random accessing going on after very short work segments will very short arrays. This is really not what GPUs are good at.

Disclaimer: I have no experience with this kind of stuff and I'm mostly just talking out my ass. So if anyone who has ever done anything in CUDA or OpenCL would like to weigh in it would be much appreciated.

745039  No.2387120


i've done CUDA and been looking at f5 and no it would not be a good fit… too bad too because i've got some monster gpu power

4d00ef  No.2387183


Roger that.If there's one thing I'm certain of though, it's that we drastically need to speed things up. Perhaps a pure-C implementation would be enough. IDK. I'm gonna sleep on it. G'night anon.

bb8fea  No.2387734


So the only people stupid enough to use that app are media types. Well, that's interesting. So when we crack this, there is a slightly less chance of finding CP from perverts and more of a chance finding gamer gate type collusion between media personal and/or leaks to the press from stupid gov members. Perfect. I knew there had to be a reason why Q pointed us to such a trash app.

I guess a good project, for those who aren't skilled at writing efficient code for password cracking, would be to work at better detecting PK images and scrapping them from the archives of /pol/, 4/pol/, perhaps QResearch, and all the social media of the various media figures/known government leakers. Perhaps even look at some of the pizza gate dumps for stego. And as always, If you do start finding PK images from journalists on their social media, archive and backup everything before you blow your load, so they don't delete more than they already have once they find out we know.

0016c5  No.2387811

fa9e7b  No.2387890


I do android programming and the C0217R code you psoted looks like resource ids compiled by the either android studio or gradle. They must be manually added because usually they are in R.java or sometimes in BuildConfig.java (in the final apk)

fa9e7b  No.2387952

I ran the apk version 1.0.1 (last version listed on the playstore) and couldn't find the C0217R class, ran it through two decompilers and neither had it in its output set of files.

1eb45a  No.2388029

I wondered if the first 100 bytes of jpeg files we're looking for is not unique to PixelKnot. So I made a "find-pixelknot.sh" shell script to recursively search directories on my computer. I searched a backup from an old hard drive to see if any jpeg files that predate PixelKnot could be found. There were no matches out of 17k jpeg files. I'm leaving it here in case any anons find it useful.


./find-pixelknot.sh <path to search recursively from>


PN_HASH_DESIRED_OUTPUT="3f3078870bf5ddc7c4d0e6e5941805b7a062c45d -"



# Make sure globstar is enabled to support recursively searching
shopt -s globstar

declare -i FILES_EXAMINED=0
declare -i MATCHES_FOUND=0

echo "Searching for jpeg files to see if it looks like Pixelknot created them."

function exit_output {
echo "";
echo "Terminated. Jpeg files examined: ${FILES_EXAMINED}, matches found: ${MATCHES_FOUND}.";

trap exit_output EXIT

for filename in **/*.jp*; do
FILE_HEADER_SHASUM_OUTPUT=$(head -c 100 "$filename" | shasum)
echo "File $filename looks like a Pixelknot image.";

5c991a  No.2388161

File: 8bf32eda12050be⋯.png (220.12 KB, 1104x716, 276:179, Screen Shot 2018-08-01 at ….png)

File: 48e35a0911f3ef4⋯.png (292.83 KB, 757x621, 757:621, Screen Shot 2018-08-01 at ….png)


fa9e7b  No.2388204

File: 6ce904d4fd1b630⋯.pdf (370.33 KB, f5.pdf)



0b8713  No.2389010

Have the pictures Q posted been checked? Perhaps Q has posted some passwords, like his bolded words.

e0b5a0  No.2389880


1b4548  No.2390679


Thanks for clarifying, I thought I was on to something. Did the same with another decompiler and they were either absent or listed as R.java like you said.

745039  No.2390758

File: 54b687526aeff5a⋯.png (33.61 KB, 434x351, 434:351, ClipboardImage.png)

File: e1183783438ec2b⋯.png (29.82 KB, 593x286, 593:286, ClipboardImage.png)

File: e1183783438ec2b⋯.png (29.82 KB, 593x286, 593:286, ClipboardImage.png)

File: 111c24334526156⋯.png (81.95 KB, 765x541, 765:541, ClipboardImage.png)


>only people stupid enough to use that app are media types. Well, that's interesting

started in 2012

n8fr8 and harlo are contributors up until 2015

sep/nov 2016 N-Pex starts updating and 2.0 is released 11/20/2016

out of the blue on feb 15 2017, n8fr8 updates the f5Android "update F5 to latest with fix"

but that "FIX" is only the removal of the JFIF header making it possible to easily identify PixelKnot images

without that "FIX" PixelKnot images would not be easy to detect

would look like any other images from software that uses james jpg encoder or f5 encoding

and that change was pushed down to line 666


>scrapping them from the archives of /pol/, 4/pol/, perhaps QResearch


brute forcing encryption is the worst way to figure this out

search for more images

look where they come from

find patterns

fa9e7b  No.2390788


Welcome, just glad i spotted it so no one wastes time on that than needs to happen :)

745039  No.2391530

File: 6392af05e9b06f8⋯.jpg (52.75 KB, 514x485, 514:485, 6392af05e9b06f8f06d5c8dfdf….jpg)

File: 141f55638e0ccb1⋯.jpeg (49.72 KB, 450x450, 1:1, 141f55638e0ccb14b1f5a368c….jpeg)



no decode on 2c19435a6c6d0b75661f8bed4269e540bdea162d20426e2865fa99473d164863 (scroll wheel)


crunch 4 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"

no decode on any with default passwords

currently running 1 to 3 char combos on all from smallest to largest


Huffman decoding starts

count: 12378 elapsed: 60s = rate: 206 pw/s

745039  No.2391563

File: 953263e0bd0af20⋯.jpg (58.53 KB, 640x480, 4:3, 953263e0bd0af207525836fcaf….jpg)

File: c017588861c8ee2⋯.jpg (91.47 KB, 763x1000, 763:1000, c017588861c8ee2d14231e52cb….jpg)


this rules out a lot of passwords anons might dream up

0016c5  No.2391741


I picked a random file and tried generating a 4 letter list using only the characters in a files filename. Nothing.

But occurred to me last night that it was a 13 char filename. If it done by shuffling the filename somehow then I'd be looking for a 5 char key. I don't have the horsepower to attack that in a reasonable time. So when I get home today I'm gonna write a filter that reduces the set to only those that use any single char no more than the number of time it appears in the source filename, unless you want try it first. If you do then let me know so I don't reinvent a bad wheel.

745039  No.2392853

File: 60162fec45db2cd⋯.jpg (115.36 KB, 1280x720, 16:9, 60162fec45db2cd5f40b130fbf….jpg)


the 13 char filenames are the hashes from qresearch, you have to find the original filenames

>first batch


original filenames of the images


we don't have filenames for the second batch


745039  No.2393746

File: c1311c514892143⋯.png (67.35 KB, 659x703, 659:703, ClipboardImage.png)


this code change makes NO SENSE


1b4548  No.2393967

File: d1911966c715a20⋯.png (48.71 KB, 708x382, 354:191, The45Guy1776.png)

Interesting review from Jan 11 2018 from a user called "The45Guy 1776"

The45Guy 1776

January 11, 2018

I tried to send 2 pics thru mms and facebook messenger and niether were hidden they showed just the way they were. Deleted


745039  No.2394093

File: efa5f3e89bad667⋯.png (23.01 KB, 708x292, 177:73, ClipboardImage.png)


Another suspect change on 1/7/17


why add jni c++ buffers for performance?

quietly change the encoded quality from 80 to 90?

were they TRYING to make the PixelKnot images detectable on 1/7?

did it not work so so then they made the change on 2/10 to remove the the JFIF header?

spidey senses are tingly

745039  No.2394128


oh, no that was in 2013… the only change besides the 2017 change

35f05f  No.2394381


I was hoping that the quality that the image was encoded with was written to the file, unfortunately that's not the case. I think the header removal change is all we need for now anyways.

The road is steep from here though, something tells me they aren't going to use a complex password, and I have a feeling that the password will unlock many images.

745039  No.2394535

File: 58e067dd04cea14⋯.png (23.93 KB, 640x238, 320:119, ClipboardImage.png)


before 2/10/2017 pixelknot f5 encryption layer had a fixed password of abcdefg123

it was ALWAYS possible to detect a pixelknot image, the method just changed on 2/10/17

there might be .jpg with JFIF header out there that can recognized with f5.jar with the password abcdefg123


745039  No.2394586

File: e9a78009e95e38b⋯.png (94 KB, 378x271, 378:271, img00071460.png)


can somebody with an archive of images download f5.jar and run

for F in *.jpg *.jpeg; do java -jar ./f5.jar x -p 'abcdefg123' -e $F.msg.txt $F; done

strings *.txt

i do find some images lock up the f5 decrypt, you may need to kill some java processes along the way

745039  No.2395061

File: 49626f365d16429⋯.png (11.04 KB, 877x133, 877:133, ClipboardImage.png)


the original filenames we have found all start with a number.. the PixelKnot source will append a _1 when it is writing out if the file already exists

are the filenames reversed?












745039  No.2396389

File: 1b0f0f86eb1a305⋯.png (226.66 KB, 478x343, 478:343, q1332.PNG)

File: 2eeba1bc96033d2⋯.png (231.17 KB, 1288x681, 1288:681, ClipboardImage.png)




>You'd be amazed how much is shared on /pol/



Hello I am a reporter from CBS.


think mirror


evil eye posted on 5/1/18

Q drop 1332 about D5 was on 5/10/18

>The snowball has begun rolling

D5 = Checkmate


Q drops about D5 4 time in may

and then again RIGHT AFTER we figure out the f5 layer of PixelKnot

5c991a  No.2396481



Very nice finds.

So yes, the filenames are reversed, and perhaps the images are as well.

Try flipping the images horizontally before trying to extract the data from them.

As for what the passwords are.. try the filename without any number appended to the end, both regular and reversed.

Let me know if that works for you… I still haven't found a way to test these out on my own computer.. MacOS.

Anyone know of a way? If so then I can help.

5c991a  No.2396504


Actually I'm not sure if flipping the image changes the ability to extract data from it or not - that would be the first thing to test with an image we already know has data and already know the password to.

745039  No.2396613

File: ef56efafa8857c6⋯.jpg (81.29 KB, 652x808, 163:202, ef56efafa8857c6bd9f3e80f5f….jpg)

File: ef9beed85450d8c⋯.jpg (181.88 KB, 634x631, 634:631, ef9beed85450d8c5a26ba5b88d….jpg)


install java

open terminal

download f5 jar from google code

curl https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/f5-steganography/f5.jar –output f5.jar

here's how to test a password on the f5 layer (this will only be the last 1/3 of the full password)

java -jar f5.jar x -p plan -e out.txt Q4example.jpg

cat out.txt


scaling, flipping, or modifying in any way will remove the hidden data

5c991a  No.2396723


Thank you anon I will set things up in a few hours and try and see if I can get anything out of these images.

I'll report back with any important findings.

745039  No.2396863

File: f4c5065c0604b33⋯.png (139.81 KB, 284x348, 71:87, img00095400.png)


>>2396389 was D5 the CBS PixelKnot Message on /pol/?

1b4548  No.2397152


Mirrored, yes





1b4548  No.2397240


though nothing extracted with steghide with the whole string D5_7udrmySQBwlDP_0 or just the underscored 7udrmySQBwlDP

745039  No.2397994

File: 271d450c887c701⋯.jpeg (52.18 KB, 715x457, 715:457, 1_FCAsiu79H2b2aUGLdD7mBw.jpeg)

File: 69c39d2ea71d4b1⋯.jpeg (140.46 KB, 972x608, 243:152, 1-lRz-cOnX2WtHdqwo5BWf-Q.jpeg)

File: 5fc258a6eff3aff⋯.png (107.08 KB, 677x281, 677:281, ClipboardImage.png)



this was posted to /qresearch/ 07/08/18 during 20 days of silence


filename ends in -Q (extra group from other filenames)

pixelknot header

same image on


posted 7/11/18

filename is diffferent


both PixelKnot

not the same files

745039  No.2398004


oops not the same image

745039  No.2398080

File: c6aa2c2871372e3⋯.jpeg (122.1 KB, 800x533, 800:533, 1_OF9MABBWU8CN6Dmyu1N32w.jpeg)

File: 5d14f62f6921bfe⋯.jpeg (99.29 KB, 710x473, 710:473, 1_V7KBi6mUHK914qssJEFwfw.jpeg)

File: 7a14c2f8c98228a⋯.jpeg (68 KB, 800x420, 40:21, 1_yvx9Foa91xrXiS7LeXpiTQ.jpeg)


all these images on


have pixelknot headers

c5ee9d  No.2398467

File: 3c7639f37ed1045⋯.jpg (97.62 KB, 1462x2046, 731:1023, TSTBaQ7.jpg)

Lmao, you guys are stupid.

All JPEG images uploaded to medium.com meet the criteria set out in the OP (no JFIF, xFF xC0 x00 x11 @ 0x88).

Good job, everyone! You have been collecting and brute-forcing random images originally hosted on medium.com.

745039  No.2398717

File: 20924e5cd8f557a⋯.jpeg (117.53 KB, 800x600, 4:3, 1_b3jcMKfQQzl0t56L1kiuZQ.jpeg)

File: a038f866ad0ddef⋯.png (22.53 KB, 615x199, 615:199, ClipboardImage.png)



here's an article written before the PixelKnot header change:

Jan 31, 2017


missing JFIF and has the second sig

4d00ef  No.2398936


K so all we need to do is image search medium.com for an image with that header. If no results found (and the original filename isn't like medium's random naming bullshit) then we probably have a PK image.

745039  No.2398947

File: 4b4b0d334e392a3⋯.png (17.65 KB, 404x131, 404:131, ClipboardImage.png)


not all of these were posted on medium.com

there is (at least) one other piece of software that makes the same header

stegdetect doesn't find any f5 data in medium.com images

1_b3jcMKfQQzl0t56L1kiuZQ.jpeg : negative

1_OF9MABBWU8CN6Dmyu1N32w.jpeg : negative

1_V7KBi6mUHK914qssJEFwfw.jpeg : negative

others do

1_FCAsiu79H2b2aUGLdD7mBw.jpeg : f5[1.949593](***)

1_S72sax0zPtFX7yE-9hlxYg.jpeg : f5[1.565821](***)

1_Wu-LPq1zKK-R5lsT67nRYA.jpeg : f5[0.652062](***)

1-0V2r2vC9pJRhMu8E_i0B7A.jpg : f5[1.590077](***)

CBS evil eye

0_PDlwBQSymrdu7_5D.jpg : f5[1.687834](***)

5c991a  No.2398957

File: 3aa8c7737dd22f1⋯.png (138.03 KB, 1281x394, 1281:394, Screen Shot 2018-08-01 at ….png)

Alright I am testing now.

I can confirm that flipping a test image horizontally (or doing anything to it) breaks the stenography. But putting it back in place, or back the right way even after saving makes it work again.

So flipping the images could be the right way to go.

Another thing I found online:

mention of f5 in clinton emails


"nf weder 1 noch 3"

its in the source code for huffman


This pixelknot stuff might be bigger than we know.

745039  No.2399125

File: 2bebb0f0a30db6f⋯.png (726.31 KB, 1249x944, 1249:944, ClipboardImage.png)



the missing header is not unique to PixelKnot (doh)

images with the missing header that stegdetect thinks have f5 data




4d00ef  No.2399203


Does stegdetect hit false positives?

Here's a medium article with the exact illumipepe image [positive ID by SHA] that's in your list.

https://medium. com/@Freequincy/right-wing-dove-squad-how-trash-dove-became-the-symbol-of-the-alt-right-c7794b84a48d

5c991a  No.2399313

File: df337d452b18c8e⋯.jpg (17.26 KB, 640x360, 16:9, 0_PDlwBQSymrdu7_5D.jpg)

Alright guys I played around with it more. I learned that if you get near the actual password with f5.jar, it starts spitting out some bytes of data and extracting some stuff instead of giving nothing.

With this attached image (I flipped it horizontally) and a password of BwlDP I was able to extract some nonsense data. I think it means we are getting close, but I don't have pixelknot in order to try actually getting the real message out.

I'm not able to get a clean file out that says "pixelknot v1.0 password required" etc.

Will update.

5c991a  No.2399373

Can someone with pixelknot give me more test images with known passwords to experiment with?

c5ee9d  No.2399442


And it is before the header change.

So we have now established that stegdetect gives false positives, and all medium.com JPEGs meet the other criteria.

A new approach is needed. Perhaps focus less on finding PixelKnot images and more on Q's images.

745039  No.2399450

File: 3993de13d564e7e⋯.png (85.25 KB, 652x358, 326:179, ClipboardImage.png)


"The results obtained shows that

the ratio of false positive generated by Stegdetect depends highly on setting the sensitivity value, and it

is generally quite high"


745039  No.2399498

File: b25d2f8d8177c50⋯.png (11.55 KB, 611x102, 611:102, ClipboardImage.png)

File: 9648522e4baf136⋯.png (24.31 KB, 723x185, 723:185, ClipboardImage.png)


not sure this image is after the change this is right at the same time

when was the build was pushed to the store?

stegdetect really things there is something but with a small image like that who knows

68ccb4146da74068a0d8749ac6bd3dab249e1a6d947c8ee106ef5bfdc0c9cf6e.jpeg : f5[3.026896](***)

4d00ef  No.2399532

File: d12bc2a5fe6d1ab⋯.jpg (12.58 KB, 250x242, 125:121, 1511079693863 (2).jpg)


Either Test or test



I think we just need to gulag image search a candidate image ID'd by stegdetect against medium.com - if you get a result, move on. If no matches, then it's probably highly likely we've got an actual PK'd image.

5c991a  No.2399620


Thank you anon, that one works perfectly.


>if you get near the actual password

this theory is bunk.

disregard it.

323ec5  No.2399798


This and several other posts…

The tech literate have always known spy agencies cripple publicly available encryption but good grief! We aren't even experts at this stuff, just code monkeys poking through an open source repo. The whole thing is vulnerable! It's only a matter of time before we crack this.

4d00ef  No.2399880

File: 968176da7f820cb⋯.png (63.81 KB, 1110x629, 30:17, stegdetect.png)

File: b0f84f0c34a0c79⋯.png (50.9 KB, 1401x780, 467:260, stegdetect2.png)


I managed to get stegdetect working myself here…

So I tried adjusting the sensitivity but I don't see any difference in the output. Can you please try anon?



4d00ef  No.2400150

File: ec685bb0c04a930⋯.png (250.29 KB, 1621x786, 1621:786, pedojewelry.png)

The pedo jewelry is the smallest image I can find that has the correct headers, gets a positive from stegdetect, and is not found on medium.com

1b4548  No.2400272

File: c2ae0c9b08b27c3⋯.jpg (23.81 KB, 256x256, 1:1, avatar.jpg)

File: 73cc8dbf36bd20b⋯.jpg (23.3 KB, 256x256, 1:1, no-password.jpg)

File: 5e8a5fa249d2936⋯.jpeg (23.29 KB, 256x256, 1:1, GreatAwakening.jpeg)

File: ebe9bd4cc212ecd⋯.jpg (23.28 KB, 256x256, 1:1, WwG1wGa.jpg)

File: 76a1a775258abb4⋯.jpg (23.29 KB, 256x256, 1:1, PKcrew.jpg)


got some more for you. avatar is the original. password is the title. each have the same message except PKcrew.jpg

4d00ef  No.2400585


Scratch that - wrong header

745039  No.2400637

File: 252ff478b5b8fff⋯.jpeg (31.57 KB, 450x450, 1:1, 252ff478b5b8fff4c1f21d2a2….jpeg)

File: b2803d5f64f4b13⋯.png (23.68 KB, 622x202, 311:101, ClipboardImage.png)

right header

4d00ef  No.2400699

File: 2c0969fa2b5a551⋯.png (20.99 KB, 622x202, 311:101, b2803d5f64f4b1371a3a4f1bb4….png)


These bytes don't matter?

323ec5  No.2400732



Use the ImageMagick command "identify" like this:

$ identify -format '%Q\n' yourimage.jpg

5c991a  No.2400934


Thank you anon.

745039  No.2401017

File: 88910accebcf2cb⋯.png (209.65 KB, 1308x430, 654:215, ClipboardImage.png)


> The DQT header

> 0 is the luminance index and 1 is the chrominance index

4d00ef  No.2401150


Thanks anon. Just wanted to confirm I understood that code correctly.

ee4cfa  No.2401525

I had posted to this thread, but my post appears to have mysteriously (?) gone missing.

I mentioned to factor in symbols from international keyboards (£, euro sign), dusting off old hardware to assist in brute-forcing, and divying up tasks between yourselves (and let each other know) so you're not all trying to brute force the same issue.

It's curious my suggestions on ways to improve the efficiency of detecting PixelKnot 'magically disappeared', given no other post I've written so far has.

ee4cfa  No.2401556

Oh yeah, don't forget to factor in unicode (if the password supports it and isn't just ASCII). Most format common is UTF-8 (non-BOM), and would exponentially increase the number of characters you'd need to check before solving.

But I digress.

4d00ef  No.2401673

File: 604cc9eab660a1f⋯.png (55.23 KB, 766x329, 766:329, Steno.png)

ROFL Holeee Sheit


b2ea3f  No.2401778

File: 08455b81c5adb2b⋯.png (80.78 KB, 678x1110, 113:185, f5_huffman_issues.png)

I'd like to help out (two 16 core machines) but I don't know any java. A lot of these images run through f5 seem to hang at a German error message from HuffmanDecode.java. Also f5 doesn't seem to take "jpeg" but needs "jpg"

Does this header need to be repaired or is that part of the processing in some other way?

How do I setup the workflow for password brute forcing?

4d00ef  No.2402121



This is what I'm using anon - single thread per instance though. You'll have to manually split your wordlists. It will automatically generate every permutation for a given charset and exit if a correct solution is found.

Run by calling the following on your command line:

java -cp bcprov-jdk15on-160.jar; q.Main %IMGNAME% %CHARSETFILE% %STARTINGWORD%

745039  No.2402218

File: b4ffa2fe6ba7c7b⋯.jpg (59.1 KB, 1008x720, 7:5, b4ffa2fe6ba7c7b732e36af359….jpg)



is it possible to use emojis for the passwords?

can an anon try?

745039  No.2402331

File: d50eb992e3bde23⋯.png (99.83 KB, 396x291, 132:97, img00029860.png)


glad to help anon

good to double check work

11b051  No.2402460


I'm losing my mind, I cannot decode my own image from the app, but another anon could UGH!

What's somewhat strange when I download the image from 8chan, it has the header even though the app removes it.

Also, I thought I saw someplace in the code where there is maximum dimensions for an image, but I can't seem to find it.

4ee9d4  No.2405387

You know how a bunch of qposts have weird codes in them? Any way we could incorporate a line for line, raw text record of all drops as a password list?

I think this would be especially applicable to any knotted images found in the drops themselves, if there are any.

0016c5  No.2406738


Kek! Yeah, I had a flash of terror when I though of that too.

Thankfully, no.

0146c4  No.2407136


It's weird how similar the filenames are to the stringers, no idea if they encoded the passwords this way, but it's possible. How else would DS operators share passwords? and if they could share passwords why not share messages that way? why F5?

0016c5  No.2407861

Wait a second… files that I uploaded yesterday that were encoded with PK are no longer so.

Check 'em. Their sha256 hashes no longer match their sha256 filenames. CodeMonkey must have heard about what we've discovered and not liked that his site is being used for such purposes.

909d2e  No.2408393


Steg in the news

0016c5  No.2408637


How much you wanna bet half-chan is doing the same thing? We shouldn't have announced our finds so publicly. Now we can't scrape pages to find more such images. That spoils all my fun.

I discovered this while testing a python script to scrape and quickly check all the images on a page. It detected 36 images on this page on one test and none on a subsequent test without changing anything in that section of code. They must be checking and reencoding old images when accessed.

Here is my code to scrape and scan a chan and forum type sites (anything without fancy-shmancy frames or JS). Doesn't work on Pinterest, Instagram, Medium, etc.

I don't know what good it will do now that the word is out about how easy it is to find this kind of stenago. Damnit. If we find another way to detect such hidden messages let's swap PGP keys and discuss it privately.


0016c5  No.2409560


It's not just the missing header. The first 139 bytes of nearly every file in Medium is identical.

The "James" that wrote the JPEG encoder in f5.jar and PK used to sell/license that same code. It may have found it way into the Medium back end. And it's conceivable that someone annoyed by the default comment that it normally produces got a little over zealous when they went in to shut-up that section and also commented out the JFIF part.

Alternately, Medium is know to be badguy territory. Maybe they either use stegano extensively. Or perhaps they know that PK images are easily recognizable and are intentionally sowing innocuous images with same signature to create cover for people using PK.

11b051  No.2409640


I will verify this myself here soon, I believe this is a huge discovery.

So imageboard must reference the original uploaded file in the database for the site. Likely , someone has written some script to re-encode/change headers of all the jpg files that have been uploaded.

I know when I uploaded my PK image it didn't have the header, and now it does! I believe this is going to be the case for every stego file on 4&8.

This is a potential huge FU to all of us, this is why we archive offline, but it means that we cannot pass jpgs around on here since the headers (at least) have been changed or the files have been re-encoded.

IF this is indeed the case the question is why?

11b051  No.2409668


>So imageboard must reference the original uploaded file in the database for the site.


11b051  No.2409701


I'm not aware of Medium, is it connected to these boards?

0d7643  No.2410424

I'm curious, is thre a PC version of Pixelknot somewhere?

bb8fea  No.2411695


have to run it through an emulator.

c25bbb  No.2411831

File: 41b99dce1682a7b⋯.jpg (167.28 KB, 640x400, 8:5, matrix.jpg)

Testing PK

c25bbb  No.2411942


Can you download the jpg from my test again, and compare against your original download from Tuesday? (Sadly I don't have the original)

Also, can you even decode it – once you download the new copy of it?

59cecc  No.2412101

Might be nothing, but "Sarah" is posting again over on halfchan. Figured I'd let you pixelfags take a look.


0016c5  No.2412561



One of the spoopy images we found on QResearch was traced back to hear:


0016c5  No.2412677

0146c4  No.2414691


I get the german huffman error with lime-cat.jpg.

0146c4  No.2414834



steg detect was positive, these aren't following the filename formats though, i think they are changing password exchange up.

71686a  No.2416423

File: 2b20e8bd9ea98a5⋯.png (476.98 KB, 742x476, 53:34, 1_07NuaT7Ds4D5eaufbUMVnA.png)


Did you notice the Nazi photo with a squirrel on his shoulder? Look at filename "1_07NuaT7Ds4D5eaufbUMVnA.png".

It is a PNG image instead of a JPEG though, it would not have F5 in it (if anything). The contents could have been scrubbed already but uploaded a ZIP file. https://anonfile.com/c90fCef1b5/img.zip

We don't know if the real SS is involed or just her likeness used again, but the OP's 4 posts do sound like a Jew (they know the talking points). The Nazi-bashing is ridiculous but someone might talk that way… :/

bb8fea  No.2416626


from a medium post from 2016 filename on medium is 1*07NuaT7Ds4D5eaufbUMVnA.png

c25bbb  No.2417121


There is an image called goods.jpg (pw: qanon) - that was extracted previously (not by me). Something tells me the image that was uploaded then, is no longer the same as it is now.

This refers back to >> 2408637, when I uploaded this other pick and re-downloaded it, it still has the header.

This likely means that some script was run around Tuesday sometime, that altered the images stored here and would have had to be done by someone on the back end. So if anyone was able to decode any images earlier in the bread, and have the source files (before they were uploaded), could verify that there was changes done on the back-end to those files that would be great.

If the files were re-encoded then the stego is gone, and that is a huge blow to finding more images here and on half-chan. (I'm assuming the same was done on half too)

0146c4  No.2417299


I think this is the case. The photos of the letter 'Q' for example only partially worked when I was looking at these last night. avenger.jpg didn't work but GreatAwakening.jpeg still did. maybe it missed the .jpeg extensions..


Interesting, I'm starting to think the filenames are a result of tooling or cache systems rather than being an autokey cipher of sorts. Back to the drawing board I guess. Maybe Q will help us out later with the 'key'.

745039  No.2418536


running 3 char combos on these files


'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"

these files done scanning with all 3 char combos and no matche


















bb8fea  No.2418768


Yeah, all the files that I had earlier, and the ones still in my browser cache, would decode fine. After a hard refresh, and a clearing of the cache, the new images showed. They are indeed re encoded and don't work. tip stego

1b4548  No.2419895

File: d98e3a9c1520a38⋯.png (106.13 KB, 1190x525, 34:15, Stegstring.png)





Yup, reencoded to cover their asses. Not only to write in the JFIF in the initial line, but going back to this post


notice that between yesterday's and today's downloads the string after the DQT header is absent

a writeup on an online information security exercise points this out as a clue to get to the next level of the exercise


>could be contain malware or steganography on line



>inside alien picture

>use the application Steghide to extract data from the picture:

>steghide.exe extract -sf aliens.jpg -xf out.txt

example pic


745039  No.2424756

I went through the rest of the f5 detected images and did google image searches and ruled out images that I could find somewhere else and was left with 3. The CBS eye I left in because it was posted on /pol/ and has 5D (D5 mirror) in the filename

focusing on these three now


0016c5  No.2425587

File: 43fbff6b56ab23a⋯.jpg (10.88 KB, 640x360, 16:9, no_steg_test.jpg)

File: a1677d3d755fabf⋯.jpg (16.1 KB, 640x360, 16:9, a1677d3d755fabf1c73b1786f5….jpg)


I think Evil Eye one is a false positive. Steg detection works by finding what should be sharp lines and checking for if they are not. A image like this has no business ever being encode with JPEG. You get too much buzzing around the sharp edges.

I just manufactured a test image as closely as I could to the a1 file using a PNG of the same logo at high rez and GIMP and quality 70. Stegdetect -t F gives me 1.711036. I think it's because if the very similar buzzing you see when you zoom in (use Pix, it doesn't smooth pixels).

0016c5  No.2427826



Drop a PGP key. I want to talk to you about something privatively.

Here's mine,


b95bf4  No.2428579

Remember the Wikileaks that contained Antarctica photos that John Kerry took of the ice? Didn't JA/Wikileaks put a tweet out prior to the dump with a hash code? I always wondered why photos of the ice were of significance. I am looking for the photos and the hash code tweet to see if anything is there now that I am aware of pixelknot. Any assistance would be appreciated.

745039  No.2431674



0e2334  No.2431983


Great time for by modem to reset. :/ But that's what signing is for.


745039  No.2432554




745039  No.2432888

File: 447f80e668bb407⋯.png (353 KB, 497x457, 497:457, ClipboardImage.png)


makes sense… these drops keep coming to mind though



Left eye [marker].



How do you hide a message in clear sight?


You'd be amazed how much is shared on /pol/.

Data exchange.


cbb4cd  No.2433919


Is this the one


cbb4cd  No.2433945


Or this


745039  No.2438149

File: ea4d8a2606cc9ed⋯.png (159.96 KB, 1491x551, 1491:551, ClipboardImage.png)


>Huma interviewed by FBI on Jan 6 2017

>Harlo code change on 2/10/17 (gradle build #5)

merge of all harlo's local changes for the last 3 years she pushed to gitlab.. removed the JFIF header then merged into guardian project F5Android, then consumed by PixelKnot and playstore image was updated (but not the .apk on the download page)

>John Podesta joins The Washington Post as a contributing columnist February 23, 2017


1b4548  No.2438967

File: e06b79498364c6a⋯.png (42.67 KB, 1005x556, 1005:556, ArchBuild.png)


>build for all archs

Refers to a make file for the app to compile shared object .so files for the architecture the OS is running on. ARM for phones and tablets x86 for the PC port of android. Not sure if Androidx86 and linux are directly compatible. Open the app's apk as a zip file and it shows libF5Buffers.so for different archs

96faf4  No.2439136


What's taking so long?

They decode top secret passwords in movies in just a few minutes.

Thought that was gonna be easy peasy?

745039  No.2439305

File: eef658d490f5ea9⋯.png (117.83 KB, 390x329, 390:329, img00041630.png)


if it was easy it would be your mom

96faf4  No.2439394


Maybe you are just lacking some skillz?

I did the maths - we might see some results in about 100 yrs

What is you ETA for the results?

745039  No.2441444

File: 3394216783b4671⋯.png (85.29 KB, 437x299, 19:13, ClipboardImage.png)


thank you we needed a bump

96faf4  No.2442019


Tick tock

1b4548  No.2446299

File: a56be8e801d5528⋯.pdf (165.41 KB, M016137073.pdf)




Has anyone tried the experiment to estimate the original/cover image DCT that these two pointed out.



Not going to lie it was way too much post-grad statistical math for me to understand completely. Found a summary paper which made reference to it.


Steps for the F5 Steganalysis algorithm [3][4][6].

Step 1: Input the stego image for performing Steganalysis. (get steg quantization parameters)

Step 2: Decompressed the stego image.

Step 3: Crop the image by 4ҳ4 column from all sides.

Step 4: Apply blurring operation to remove artifacts.

Step 5: Then re- compressed the image. (using quantization parameters from step 1)

Step 6: Count the different histogram value for the stego image and cover image.

Step 7: Calculate the difference

Difference = stego image value – cover image value.

745039  No.2448557

File: d005c66df4f1782⋯.png (233.84 KB, 476x384, 119:96, ClipboardImage.png)




all this attention for little me?

you're making me blush

745039  No.2448673

File: 244bda29c60fca4⋯.png (68.96 KB, 510x884, 15:26, ClipboardImage.png)


good thinking anon

been using stegdetect which does this exact thing for f5

what we know:

* images made by PixelKnot before 2/10/17 were f5 encoded with the password abcdefg123 (these would not be compatible with the latest version of PixelKnot)

* images made by the version after 2/10/17 (on play store) are missing the JFIF header (a few websites like medium.com match the same signature, not sure why) and are decoded with the last 1/3 of the full password

anon with archive of jpg from qresearch or pol

might be worth it to try to decode any jpg with f5.jar using password abcdefg123

for F in *.jp*g; do java -jar f5.jar x -p abcdefg123 -o msg.txt $F; cat msg.txt; done

745039  No.2449002

File: ab3c22f6f54a502⋯.jpeg (32.1 KB, 450x450, 1:1, 94ff5ed6-9581-4cd3-999b-4….jpeg)

File: 2ac6f2500496b74⋯.jpeg (16.98 KB, 450x450, 1:1, c4623ead-ffcc-4458-b9cb-b….jpeg)


ruled out 54,700,816 4 letter combos on evil eye

/crunch 4 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-[]\|}{,./<>?" '"'"

either false positive or password is longer than 12 chars

found the pedo ring image on walmart.com, looks like they strip the 'JFIF' header too


745039  No.2449226

File: 138f3e726240a8c⋯.png (37.25 KB, 469x354, 469:354, ClipboardImage.png)

found the vineyard jpg on medium with the missing header


found the evil eye too



745039  No.2449249

File: 0641809d4425565⋯.png (265.04 KB, 568x374, 284:187, img00022870.png)


crunch string was missing a few chars ~-`

should be

crunch 1 4 'abcdefghijklmnopqrstuvABCDFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-+=-`~[]\|}{,./<>?" '"'"

trying all 1-4 combos with those missing chars on the evil eye (8m should take about 6 hours)

745039  No.2449514

File: fb463d33cbc65ea⋯.png (79.8 KB, 577x256, 577:256, ClipboardImage.png)

File: 5d2001ab59697ea⋯.png (78.8 KB, 644x576, 161:144, ClipboardImage.png)


landon uploaded the evil eye may 2018, same month it showed up on pol

BUT - the landon photo with the same filename does not have the pixelknot header (and doesn't decode with abcdefg123)

found cbs-logo.jpg that is the same size on from 2018


it doesn't not have the JFIF string but doesn't match the PixelKnot header

4569e1  No.2449563



The photos were released in one of the Wikileaks drops.

0146c4  No.2449706


Well if anybody wants to study a pixelknot mask we have a source and an encode photo. also bump.

745039  No.2450617

File: 3309d5b7435467a⋯.jpg (12.02 KB, 640x360, 16:9, 0_PDlwBQSymrdu7_5D-found.jpg)

745039  No.2453024


done, none of those

0146c4  No.2457804

Does anybody have more details on the underlying implementation of SecureRandom? Depending on the psuedo random number generator we may be able to reduce the search space to the possible values of the seed (ex, 0 to maxint).

96faf4  No.2457842


Moar results - fewer pictures

0e2334  No.2461532


Beyond 4 chars we are going to have to get a lot smarter with how we pick what passwords to try. It not hard to imaging a 20 char passphrase.

One way to do this is to try the endings of long dictionary world and short words with a space and short random prefix. Then run the same set through 1337 speak substitutions. And then add ending punctuations.

Another idea I had is to score perspective random passwords based on the combinatorial frequency of character pairs. "TH" is more common than "ZD". We could have crunch generate a 100, 000 times as many passwords as we could directly check and then filter them down to the top 99.999th percentile.

Obviously the optimizing it from the start would be better. But I don't think I'm smart enough to work out all of the patterns in how people chooses passwords and phrases or to build a highly optimized generator (I could eventually, but I'm not going to spend the rest of my life on this).

In the short term we could keep a file of all failed password. Diff might get awfully bogged down comparing TB scale sets. But if the archive is kept asciibetically presorted then a custom tool could be it efficiently enough for it to be worthwhile.

0146c4  No.2463119


Did you just realize the same attack vector I did? There a way we can group up outside public space? Here's a quick rundown, use your key.


0e2334  No.2463526



SecureRandom basically works by taking the password, hashing it with SHA1 to set the initial state (160 bits, 20 bytes), passing these bytes out as requested, and rehashing the state to create a new state when it runs out of bytes. It does this as many times as needed to create as many psudorandom bytes as requested.

This data is first used to shuffle a list of integers (0 to the number of DCT coefficents, which is also happens to be the number of pixels) which is used as a secret treasure map to scatter bits the message throughout the image. Further output of SecureRandom acts as a simple XOR cypher upon the payload message.

Without the password we don't even know which bit of what pixels and in what order contain the encrypted message. We are not even sure there IS a message. It could just be a wonky JPEG encoder.

Any kind of REAL cryptanalysis, linear or differential, is waayyyyy out of our league. And the password is always going to be the weakest part of the system. Efficient and smart password guessing is really the only option.

If you want to see the exact details you can download it directly from Oracle. https://download.java.net/openjdk/jdk8/

0146c4  No.2463615


Thanks for the reply. I noticed the message byte XOR with a random byte after the fact, so yea I don't think we can reconstruct the first steps of 'the map'. If we are to take the brute force approach tho, I would suggest we patch F5.jar to short circuit if the first message byte doesn't come out as expected. We can also make it retry different passwords without reloading too to save some more time (instead of decompressing the image over and over again, reading disk, etc). Just some ideas.

0e2334  No.2463782


That is exactly what I did immediately.

Lines 147 to 149. I also early abort if the 32bit message length comes out as an unreasonable number. It should never be more then a couple kilobytes.

BruteCrackPK.java. Give it a file and feed it lines through STDIN. I haven't got around to multithreading it. So just run it in four terminals.


When ( if ) I ever stop getting distracted by side projects, I intend to make a C based implementation. There are a lot of steps between the five state integers in the SHA algo and the permutation table could be trimmed down.

0e2334  No.2463803


* Add the above to the F5-steganography files from here. Drop in next to Embed and Extract compile.


d68afe  No.2464928


Found an old password used by Robert the Bruce in Aberdeen….

"Bon-Appart" tgry with and without dash. Try capital and lower-case. try backwards.

==Please try for password on all Q pics you can and POTUS tweet pics"

fb35f4  No.2467100


This paper talks about detecting F5 by analyzing the histogram of DCT coefficients. I suspect this may be a more accurate means than stegdetect.


fb35f4  No.2467430


After looking at the source for stegdetect, it appears it uses exactly the method in the paper.

1b4548  No.2469199





With PixelUnknot code, is this kind of the workflow it's taking?

get wordlist string ~ "lovely8unch0fcoconut$"

test last third string "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))

if matched, test DecryptWithPassword with string "lovely8unch0fcoconut$"

return secret message

else, get new wordlist string

or ist it doing this?

get wordlist string1 ~ "oconut$"

test string1 "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))

if matched, crunch wordlist string2 with 2x length of string "oconut$" ~ "lovely8unch0fc"

test DecryptWithPassword with string "lovely8unch0fc"+"oconut$"

return secret message

else get new string2

else get new string1

745039  No.2469295

File: 02d3cb330b859fa⋯.png (99.85 KB, 387x281, 387:281, img00120470.png)




can't get over this filename…

what software renames files with square brackets [1]?

seems more like a Q post

[1]D5 7udrmySQBwlDP 0

found an automated cryptogram solver https://quipqiup.com/

7udrmySQBwlDP = 7in the COMpaNY

Q says less than 10 can confirm, read somewhere that 3 were non-military, would leave 7 in the company

[1]D5_7in the COMpaNY_0

maybe reading tea leaves here

still brute forcing…

(pic unrelated)

745039  No.2469375


right now the code


loads the words from the file and tries it (and every substring of the end over 3 chars) to decode the f5 layer. it early exits if the chars don't match the PixelKnot special string '—-*' and if it finds one it will print out the pass and exit. this would be the last 1/3 of the password and we can change the code back to try to decode the rest

this code is a little better, tries the word backward and forward and prints out the progress


fb35f4  No.2469702


Neither. For detecting F5 it's analyzing the DCT histogram of the image in comparison to the (predicted) histogram of the original image before F5 data was embedded.

745039  No.2469749


anon multithread it like this:

Files.readAllLines(filePath, StandardCharsets.ISO_8859_1)


.forEach(line -> {

// your code


see https://pastebin.com/ZRUAzEPh

fb35f4  No.2469816



Fuck sorry answering the wrong question… apparently I have two IDs but still getting my (you)s

>get wordlist string ~ "lovely8unch0fcoconut$"

>test last third string "oconut$" in e.extract(coeff, ostream, extractF5Seed(mPassword))

>if matched, test DecryptWithPassword with string "lovely8unch0fcoconut$"

>return secret message

>else, get new wordlist string

What I uploaded is like this, except it is modified to only do the F5 seed portion - the output of the string generator gets passed directly

<e.extract(coeff, ostream, mPassword)

745039  No.2470605

File: bb157cb9e210e6b⋯.jpeg (124.68 KB, 700x525, 4:3, 0_hblpkVQu1n76DDy7.jpeg)

File: 16f9a48b48c6c4b⋯.jpeg (60.1 KB, 800x500, 8:5, 1_XfeIqNrfW36R5CadJ7bJAg.jpeg)



java has supported writing jpeg in imageio since 5

why do medium.com images look like they written by a modified james jpeg encoder?

they didn't always have the same header, changed after 2013

f5 encoding something in the images?

0146c4  No.2472406


The [1] is new actually. When I first pulled the file it was not there. Only after 'scrubpocalypse' last teusday evening did I look again and saw [1] added on the chan archives. Was strange.

d68afe  No.2477411

File: 66651ec009a2b36⋯.jpeg (648.03 KB, 1242x2017, 1242:2017, Vanguard.jpeg)


Try Vanguard or vanguard (backwards/mirrored also) on ALL NXIVM or Allison Mack pixelKnot images dealing with them… run it on auto if possible on everything

745039  No.2479397

File: 828a8386f7a1853⋯.png (97.27 KB, 769x668, 769:668, ClipboardImage.png)



it was [1] on the /pol/ post

HERE is the evil eye on medium

different size same filename


that makes all of the images that anon have found matching the pixelknot header that were originally on medium.com

0146c4  No.2479932


I mean that it wasn't one on the archives before Tuesday. They CHANGED the archives. PixelKnot adds '_#' for conflicting filenames, so it wasn't from that. I literally downloaded a steg'd version from the archive without the [1]. plz no gaslight.

0e2334  No.2481143


That's odd. I found the same image on Medium last week and it had the same hash as the one from /pol/. Now it doesn't. It has indeed been changed. And the archive now has one with yet a different hash.

Someone is cleaning up. Good thing we have offline backups.

0e2334  No.2481502


All of the files from our reduced set all traced back to Medium, Motherboard, or Flipboard. And I spot checked a few of them last week; and the files from there had the same hashes as on their source sites.

9db91f  No.2481567

It’s amazing the pushback I get from my own, they think I’m crazy when sharing Q. They give me every reason to prove the Great Awakening false. But I know better than they and push that they might also consider. They don’t believe me when i speak about the gospel either or the covenant our True God made with mankind.

“A prophet is not without honor, except in his own country, and his own kin, and in his own house.”

0146c4  No.2482058

File: 46991f533deeb0c⋯.png (394.36 KB, 913x1180, 913:1180, Screenshot_20180806-130910….png)

Heads UP, they may be changing the stego in their comms:



Filenames have a funny ~2 at the end, ironically they re-used the photo from a previously identified stego in their 'screenshot'.

745039  No.2482637

File: 15c4dcc62229ab5⋯.png (33.21 KB, 715x160, 143:32, regret.PNG)

File: bae92d714d12693⋯.png (3.21 KB, 235x37, 235:37, ClipboardImage.png)

File: ea49f7f248d3712⋯.jpg (82.57 KB, 794x762, 397:381, IMG_0457.jpg)

File: 5a7f006bc6398e6⋯.jpg (68.91 KB, 794x762, 397:381, IMG_382.jpg)

Going back to Q Silverman drop


the file in the drop is IMG_382.jpg which didn't have the PixelKnot header or stegdetect didn't find anything… but the next day this post shows up on pol with IMG_0457.jpg and stegdetect thinks it has something (maybe false positive, not pixelknot header)

0146c4  No.2482651


another one:



$ md5sum 1533557639424.png

9f4a2a5c8b07b183e2de8fd4908c77aa 1533557639424.png

$ md5sum 1533557639424~2.png

1831a96086323b3994c9caa924467cb4 1533557639424~2.png

The ~2 may actually be the chan's way of handling duplicate filenames.. odd the md5s are different however. saw something said something.

745039  No.2485093

File: 12ba8ec3bbdc076⋯.png (205.76 KB, 648x623, 648:623, ClipboardImage.png)

File: 641cd18837b4712⋯.jpg (356.75 KB, 1680x978, 280:163, Drop Logic Chart.jpg)

File: d852f2788e4700e⋯.png (65.95 KB, 538x379, 538:379, final-white-rabbit.PNG)

File: 8560ccd58b36b85⋯.png (48.2 KB, 479x566, 479:566, april-fools.PNG)


Reddit post about PixelKnot looks like a honeypot




Do you have the skills to handle dangerous files? Want to help take down the cabal? Go here - <URL SHORTENED>


leads to https://pinkbunnies.club/whiterabbit/blog/12/the-final-countdown

picture has the JFIF header so it was made with an older version of PixelKnot (from the download page)

seems like a huge time waste or trap to catch people like us

be aware

aafb4b  No.2486032


I'm probably not the first with this, but is this related? https://www.cnet.com/news/qanon-anonymous-launches-attempt-to-debunk-conspiracy-theory/

aafb4b  No.2486050


(I tried cntrl-f "anonymous" but on this page I got more hay than needle)

0e2334  No.2490756


CM has been doing that here too, but without changing the filenames. After we found a easy way to spot the products of the weird JPEG encoder used by PixelKnot (hash the first 100 bytes) images posted here with that characteristic started being reencoded behind the scenes. 4Chan has probably heard by now and is doing the same.

0b6cd6  No.2490855


FYI - CM / 8ch is NOT altering originals.

It's CloudFlare. When snagging the originals gotta make sure to bust the caching front ends.

A simple "?13245123" or something random at the end of the filename will help.

Also: curl -H -vvvv is your friend.

Finally: the jpeg header hex signature isn't a 100% guarantee it's PixelKnot. All it says is that the image has been through some sort of image editing tool.

The more you know…

0e2334  No.2491957


I posted this image that I made with PK,


It has been totally reencoded. It's not a case of them appending a few bytes.

8chan uses the SHA256 sums of files when they're uploaded to uniquely identify them. Grab a random file from around here and check it. The SHA256 hash of the above impostor is now


They would never just stick extra bytes onto the end of a file. And they have no reason to "bust the cache" for guaranteed uniquely named static content. It's only files missing their JFIF headers that are mysteriously changing.

0146c4  No.2492592


failed to confirm, avatar.jpg still doesn't extract correctly when fetching uncached with ?blablabla.


did you post the password somewhere for that photo? I can run a test on my end to confirm.

0146c4  No.2492625


steg detect comes back negative on your photo btw.

ea52ce  No.2493839


The more you know, you mean? I have confirmed this myself, files were altered on here on last Tuesday sometime. Someone got worried and started re-encoding files on the back-end. AFAIK they only did it in once, on last Tuesday, this was to prevent us from finding more images that were uploaded. So basically we have whatever we have archived, everything beyond that point is likely lost forever.

745039  No.2499435

File: 3462fed169288b7⋯.png (26.98 KB, 619x218, 619:218, ClipboardImage.png)

playing with medium.com images, the URL has the maxfilesize and you can change it to get different size images. all of the results have headers exactly matching the PixelKnot header (only the image size changes)




must be a server side transcoder doing the header stripping (or adding f5 steg?)

a little weird that some .png images are actually .jpg



1eb45a  No.2521648


I agree. I uploaded a test image last bread. The hash hasn't changed (I checked against my own copy). Downloading the file and running sha256sum returns an identical hash.


Test image I uploaded in this comment still works. sha256sum starts with 3b51fbf. Right clicking on the file link, pasting the link to download with wget works. Use the link on the left side (with a hash). Using the one on the right side (user-friendly filename) resulted in a different sha256sum.

Downloading using the link on the right side had a different hash.

$ cd /tmp
$ wget https:''//''media.8ch.net/file_dl/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg/pixelknot_test_image.jpg
--2018-08-09 00:13:11-- https:''//''media.8ch.net/file_dl/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg/pixelknot_test_image.jpg
Resolving media.8ch.net (media.8ch.net)...,
Connecting to media.8ch.net (media.8ch.net)||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21247 (21K) [image/jpeg]
Saving to: ‘pixelknot_test_image.jpg’

pixelknot_test_image.jpg 100%\[=============================================>\] 20.75K 62.1KB/s in 0.3s

2018-08-09 00:13:13 (62.1 KB/s) - ‘pixelknot_test_image.jpg’ saved [21247/21247]

Downloading using the link on the left side had the correct hash.

$ sha256sum pixelknot_test_image.jpg
b8fb084705fb6301e6313c5207e8a71d39d4bbd850fc568dfd90bf99006c0b01 pixelknot_test_image.jpg
$ wget https:''//''media.8ch.net/file_store/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
--2018-08-09 00:14:13-- https:''//''media.8ch.net/file_store/3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
Resolving media.8ch.net (media.8ch.net)...,
Connecting to media.8ch.net (media.8ch.net)||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28771 (28K) [image/jpeg]
Saving to: ‘3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg’

3b51fbf8b6a2597e1e31ca33c6b8 100%\[=============================================>\] 28.10K --.-KB/s in 0.1s

2018-08-09 00:14:13 (223 KB/s) - ‘3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg’ saved [28771/28771]

$ sha256sum 3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg
3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98 3b51fbf8b6a2597e1e31ca33c6b836af6d70054ca14155461381ff67118aaf98.jpg

1eb45a  No.2521685


Oops, I split the terminal output at the wrong spot. The first line in the second section should have been at the end of the previous section. Also, extra characters were added to the beginning of the download urls by the board apparently. So not the best example, but the point is to download using the left link (the one with the hash, not the user-friendly filename).

66c715  No.2525416


Curious. The originals have all been restored.

Anyway, this thing seems to have fizzled. There is a legitimate explanation for all of the spoopyness that we have been examining. It's coming from Medium's weird backend image resizing code. They appear to be using the same funky Java-based encoder library from the late '90s that's only other use was in the F5 stegano demo code, also from the late '90s, which is what PixelKnot is based around.

So I think I might switch teams and instead work on patching all the problems with F5 and PixelKnot. ;)

745039  No.2525792

File: 08756dd17f7dc44⋯.png (94.25 KB, 482x435, 482:435, ClipboardImage.png)


>this thing seems to have fizzled

in the first thread the shills were full force when we were digging on the silverman photo but after we started brute forcing the images .zip that anon posted with the medium.com images the clowns went away

time to circle back, figure out where we got off course



Put to death, therefore, whatever belongs to your earthly nature: sexual immorality, impurity, lust, evil desires and greed, which is idolatry. 6 Because of these, the wrath of God is coming.

-Colossians 3:5

Your evil has no place in this world.



The author of the post…..

The face is never the author.

Direct comms come in many different forms.



How do you hide a message in clear sight?



You'd be amazed how much is shared on /pol/.

Data exchange.



Q didn't say if /pol/ was 8ch or halfchan

the silverman photo in the drop is IMG_182.jpg, i haven't been able to find that one. every one i have found stegdetect comes up negative

the inverted one posted on /pol/ IMG_0457.jpg though does


128651  No.2529049


Very strange indeed. The fuckery occurred on Tuesday July 31st. I believe the following day I uploaded an image here and downloaded it the following day, and it was unchanged from the OG (still had PK header – missing JIFF). The following days I downloaded an image that I had uploaded prior to the 'fuckery', and it had the JIFF header (and wasn't a PK file). I just downloaded the same image now, and it's been restored and is the same as the one I uploaded prior to the 'fuckery' on July 31st.

Hard to know if all the files have returned to the originals, maybe some of the F5 files that had important messages were never restored.

I think we should work on a distributed BF tool, would be great if it could be done is JS, so we can have people just visit a website and have it go. There is a f5 JS stego, but it's not compatible with this one, but perhaps it could be altered to be compatible.

66c715  No.2533601

File: 5a7f006bc6398e6⋯.jpg (68.91 KB, 794x762, 397:381, 5a7f006bc6398e644ec960d83a….jpg)


>time to circle back, figure out where we got off course

Agreed. If we are to continue then we should focus on the SS photo. And we should look beyond PK and F5. Other stegano programs may leave telltale traces on the structure of their output JPEGs that could help narrow the search for the right method.

As far as I know this (pic related) is the original SS file. It was being passed around early and it's size matches the 4Chan screen caps.

SHA1: f1335a1095a3ae15094e0a09e1cb83e5679dda26


We can tell that they are originals if their SHA256 hash matches the links in archived threads (8chan hashes all uploaded files and uses that hash on the back end as a easy way to eliminate redundancy what the same memes keep getting uploaded numerous times). I haven't noticed links to the file_store ever changing, not even what the files stored under a given hash have changed.

71ccb4  No.2534389



>look at the old posts, at the id of the post and replies

>find the originals

>figure out clues for the keys

Or, alternately, you could just go to 4chan where Q gets all his info and get it yourself. You're in a messageboard roleplaying game and you don't even know it. But oh well, carry on detectives

5c991a  No.2537744

File: aa46339b051ef25⋯.png (672.59 KB, 527x818, 527:818, 1.png)

File: a8bd1076aa3f628⋯.png (694.54 KB, 504x807, 168:269, 2.png)

File: 31945210e7e287b⋯.png (218.68 KB, 501x301, 501:301, 3.png)

found this while broswing online

dunno if it helps

757a03  No.2544659

8 char password.

So he wanted it hackable or he is fake. why wouldn't an intel person add another char or 2?

That would make it infinitely harder to crack. So either Q is a genius or a complete moron.

Pamphlet is a moron soooooo… who knows?

757a03  No.2544712


I think this was done on purpose by Q's Peeps to give some insight or help with hacking the STEG images. We have been asking for help, maybe this is it!

66c715  No.2567164


I finally quit screwing around and got that C-based cracker I've been talking about to a (unfinished but) usable state. It's a bit faster than the Java code, but not by as much as I had thought. I have newfound respect for the JIT compiler.

(You can probably tell from my folk-code that I'm not a professional programmer. I'm a welder and machinist at a widget factory. All that I know about coding I learned through many late segfault filled evenings. )


96faf4  No.2567227


The ambitous stego decode here has apparently been silently abandoned (because the approach was ill-defined and doomed to fail)

66c715  No.2567296


…because we don't know what software was used… or if there is even anything there.

Q linked to the PixelKnot app. PK leaves behind a very distinctive signature in the JPEG file that does not exist in the Sarah Silverman pic. So either 1) it's a modified version of PK made to fix its weaknesses, it's and entirely different program, or there is no hidden data and Q was simply citing PK as an example of the sort of thing that is widely uses on the Chans.

If there is an expectation that were are to crack this thing then we are going to need more clues.

745039  No.2570246

File: ecb7a49a059cac5⋯.png (211.58 KB, 454x399, 454:399, img00017920.png)




don't have time to try it out right now but looked at the code and awesome job

745039  No.2573936

File: 2973396fd44ef3e⋯.png (315.97 KB, 621x384, 207:128, img00041820.png)

File: 9c18d6fcf63eeb7⋯.png (126.89 KB, 499x294, 499:294, img00145340.png)


might be able to easily turn this into CUDA code and run on a GPU

>To do this, all I have to do is add the specifier global to the function, which tells the CUDA C++ compiler that this is a function that runs on the GPU and can be called from CPU code.

>add the specifier global to the function

>The key is in CUDA’s <<<1, 1>>>syntax. >tells the CUDA runtime how many parallel threads to use for the launch on the GPU



or the silverman pic was a clue to an actual encoded images, or we're going get some images later

until we find find what Q was pointing us to we can keep working on the tools to decode/detect them


>silently abandoned (because the approach was ill-defined and doomed to fail)

still here, still digging

keep calm, clown on

7f2525  No.2576121


it amazes me how dead this thread is, Q gives us an android app the decode messages from images/memes and we only go 270 posts deep digging it? come on guys, wheres the beef?

66c715  No.2580354


In the previous bread you said you were trying RockYou and some others against the SS pic. Did you finish? And was this only with the last third of the password?

745039  No.2622913

File: 5cd650335af34cc⋯.png (123.82 KB, 485x260, 97:52, img00051690.png)

had to travel

scary all the airplane/airport goings on


no when i saw the silverman pic wasn't made by pixelknot i stopped

i did all rockyou (suffixes + reverse) on the evil eye


751+250 = 1001 posts into this dig

previous bread >>2300468

and now…


looked closely and I think what you did is perfect for GPU

This Coudl Be A Game Changer

setting up a CUDA dev environment now

my plan:

>rip the guts out of your code

>fill array with coeff and initial scramble

>fill array with passwords to try


>returns array with 16 bytes of decode for each pass

>if any decodes start with PKZIP password string then bingo

still need more target images

what if the pixelknot header was changed to help them blend into the medium.com images?

745039  No.2624497

File: 6016e316f32fab5⋯.png (6.09 KB, 547x72, 547:72, ClipboardImage.png)

File: 7110f7b78db31bd⋯.png (235.11 KB, 408x381, 136:127, img00030370.png)




dev environment setup and code is building

need to rework F5_rand_series instead generate the random numbers on demand so we can early exit and save memory

need sleep now

96faf4  No.2624689


They just want to be spoon feed now, liked zoo animals who have lost the talent to hunt and are just bored and lazy.

Then they can still tell all their friends about how they researched and gave it to Q to a take action.

After all do you think Lenin & Trotsky did any street fighting in their revolution?

96faf4  No.2624966


They gave up on guessing the password and didn't even know the length to brute force it

9c0fb3  No.2628550


>looked closely and I think what you did is perfect for GPU

Really? The random series generation is pretty straight forward. But the permutation stage is all out-of-order memory access. And the decrypt stage is very heavy in conditional branching.

>still need more target images


9c0fb3  No.2643661

It doesn't look like spidering through chan sites looking for PK images is going to work. 8chan has started reencoding again. And I tested halfchan: they don't fully reencode, but do add the missing JFIF header. Game forums are likely going to be the same way.

So until Q points at a image and says, "This pic contains a hidden message and was used by No Name to arrange a weapons sale. Have at it boys!" then I don't think there is anything left for us to do with this.

745039  No.2646329

File: 569a0dc23a27fd1⋯.png (18.61 KB, 485x242, 485:242, ClipboardImage.png)


the initial code port to CUDA can decode a test image!











>they don't fully reencode, but do add the missing JFIF header

did you post a pixelknot image to halfchan and then download the resulting image? could you zip both and post?

745039  No.2646891

File: 2cd2635e7d7e6e3⋯.png (12.38 KB, 474x157, 474:157, ClipboardImage.png)



updated: added a timer and removed some debug strings


need codefags to help cleanup, compile and distribute so others can use

00201d  No.2650867


Nice work. What's the easiest way to compile?

9c0fb3  No.2651955


>could you zip both and post?


Same DQT and DHT chunks. And the image scan is (or at least starts out) identical. They must have some little script that slips in the APP0 chunk if it's missing.


Wow. How does this compare with the CPU alone? I know you have a monster of a system.

3b8834  No.2652801


I hacked together a makefile from the CUDA samples and compiled it, but I'm having issues running CUDA samples so I can't tell if the program works.

I'll post more once I verify it's working.

a24eff  No.2652860


Q Said "These people are dumb" a thousand times.

Has anyone looked to see if they openly emailed the password for Pixelnot when trying on the Wikileaks Podesta leaks pictures?

66b620  No.2655048

You have More Than You Know.

Has anyone used Pixelknot on Q Proofs or posts?

I don’t know how or I would.

66b620  No.2655055


Link blocked now.

New drop?

745039  No.2657461

File: 3a61ae89db2dbec⋯.png (40.95 KB, 589x316, 589:316, ClipboardImage.png)


oh wow, not only the header also coeff has been changed at 0x00146200 so the message doesn't decode…

does this rule out halfchan ???

745039  No.2657591

File: 9f3bf476df1fe36⋯.png (128.3 KB, 443x271, 443:271, img00017801.png)

File: a292c2712fddbfb⋯.png (31.5 KB, 535x208, 535:208, ClipboardImage.png)



745039  No.2657955

File: a27cc4f81f3343b⋯.jpg (1.62 MB, 4920x4161, 1640:1387, Chstity.jpg)



You'd be amazed how much is shared on /pol/.

Data exchange.




this infographic has pixelknot header posted in 8ch/pol meta info thread




745039  No.2657981

File: 5c517519e09c552⋯.png (4.01 KB, 358x100, 179:50, ClipboardImage.png)


maebe knot

63e9b0  No.2658285

File: c451ba14f575299⋯.jpg (386 B, 70x59, 70:59, image001(2).jpg)

File: c451ba14f575299⋯.jpg (386 B, 70x59, 70:59, image001(1).jpg)

Hi anons heres one to check ? the attachments on podesta emails linked in Q1917 just white rectangle or just placeholder for missing data or something?


745039  No.2658485

File: 9f04d8da1d522c1⋯.png (30.82 KB, 634x247, 634:247, ClipboardImage.png)


only empty data, too small to hold any message

745039  No.2658832

File: 73dbe152b7d91d3⋯.jpg (21.1 KB, 450x450, 1:1, RAAAID.jpg)

File: a21f4e069c6609e⋯.jpeg (239.68 KB, 1200x900, 4:3, notes.jpeg)


found 2 files from 8ch /pol/ with pixelknot header

this zip has jpg and .coeff files to use for CUDA or C brute force


63e9b0  No.2658895


ok thanks thats why i thought they might be just placeholders cause they were small. wonder what image data was there?

7fd60f  No.2664366

File: 9b843c471cab80b⋯.png (1.04 MB, 1920x1080, 16:9, Screenshot from 2018-08-19….png)

Some new computer parts arrived (pic related). New case doesn't fit where the old one did, which set off a cascade of furniture rearranging and reorganizing that spread to three rooms. So I've been busy.



F5.jar doesn't support progressive-scan JPEGs and handles them ungracefully. That's probably what it is.


That Raid on is interesting. I found a version of that pic without a JFIF header but a different hash here:


And another version with a JFIF header but the same hash-like filename as the above here,


The Google reverse image search also weirdly leads to these sketchy links, which bounce of a rotation of domain names an ultimately lead to a porn game:



7fd60f  No.2664402


The notebook one is from here, a Medium satellite site:


I was able to find it despite 8ch reencodeing it (but the hash of the file from the Medium site matches the 8chan filename.)

I know that I was that first person to open the Raid image link because the file I got, the first time, matched its hash and was without its JFIF header. 8chan's reencoding appears to be triggered after a file is first accessed.

43ad21  No.2667764

File: f8736f7dbdb5a89⋯.jpg (1.53 MB, 3096x1741, 3096:1741, 20151025_191141_resized (1….jpg)

File: 05cddfe6baf0e2f⋯.jpg (62.39 KB, 841x658, 841:658, altered1.jpg)

File: 576af43f8be7fa1⋯.jpg (33.98 KB, 478x440, 239:220, medallion1.jpg)


Sorry to bother. Seems you're talking about images from elsewhere when you say pixleknot. I think this pic is using stenography. posted twice on research board and noone's picked it up. Look a the the hand. Who would take a selfie of THAT hand? Medallion belong there? What is the appropriate term for a hidden image-in-image when it's directly related to board topics? Thank you.

7fd60f  No.2670779

File: 1b1c51d3e40152b⋯.jpg (444.28 KB, 1920x1920, 1:1, none_redhead.jpg)

File: ae566b1de611466⋯.jpg (461.42 KB, 1920x1920, 1:1, f5base_redhead_short.jpg)

File: 4a52e72f3cba008⋯.jpg (455.87 KB, 1920x1920, 1:1, f5stegjs_redhead_long.jpg)

File: 8fd559d73d610f4⋯.jpg (52.78 KB, 748x600, 187:150, none_pepe.jpg)

File: 27de036074c5e8f⋯.jpg (49.39 KB, 748x600, 187:150, f5stegjs_pepe_medium.jpg)


For us to be successful in eavesdropping on the badguys' comms we need three things: Software, Image, and Password.

If we have a password then we can crawl image boards and game forums and try it against a millions of images. If We are given a single image with assurances from on high that it is a target then we can try billions of passwords. But we cannot try billions of passwords against millions of images. That is simply beyond the resources of a few guys with desktops. And we can't do anything if we don't have access to the same software that they are using. Q pointed to PixelKnot. But that could have been merely an example. The C_A would likely have developed their own stego system; and this could have been shared with their civilians cohorts.

But even if we assume on variable we cannot solve for the remaining two with the resources available. It would require an awful lot of luck. If any wizards or warlocks would like to give us a hint, they have my PGP key (they also have the secret key that I use for this. I emailed it to myself knowing there is nothing yummier to the NSA's systems than a PGP secret key packet transmitted in the clear).

The only stone left for me to turn over is this variant of the F5 algo I found on GitHub:



While testing various stego programs with long and short messages in large and small files in search of clues to how the SS pic might be encoded, F5steg.js stood out. I've never written a line of JavaScript in my life. But perusing the code, it looks like it's doing basically the same thing as the baseline F5 algo. So it's strange that stegdetect can barely catch a whiff of it, even when a image is loaded to max payload capacity. I found that stegdetect can find F5 even with very sort messages in very large files. (passwords "redhead" and "pepe"). I haven't worked out yet what F5steg.js is doing so differently to evade detection. But given that this is specifically designed for image boards and is available as a browser plugin I think we should find a way to detect its handywork and make an efficient cracking program similar to the one for PK/baselineF5.

745039  No.2705654

File: 25169c3c996670b⋯.png (21.39 KB, 648x167, 648:167, ClipboardImage.png)

the 8ch image reencoding is this


d36a3b  No.2705870


Podesta's left hand seems shopped.

745039  No.2712077

File: 91b3cd936ad22fd⋯.png (12.64 KB, 691x136, 691:136, f5_tesla_m60.PNG)

File: db10039fbe3a1fb⋯.png (7.21 KB, 453x160, 453:160, f5_i9.PNG)

File: 9c47c86ce7be208⋯.png (111.63 KB, 436x222, 218:111, img00006850.png)


compile like so

>nvcc kernel.cu -o kernel


using a 1080 but it's my main display so it gives me trouble

fired up an aws instance with a Nvidia Tesla M60 with the cuda and it's slower than my i9

waiting for access to a V100

745039  No.2723413

File: 8121d4b71d1c455⋯.jpeg (35.96 KB, 450x450, 1:1, 868a59b9-5916-4f6c-9ee2-6….jpeg)

File: bed625bbb94e3ab⋯.jpeg (25.06 KB, 450x450, 1:1, 4fc80bf1-a078-433d-a61f-0….jpeg)

File: 73dbe152b7d91d3⋯.jpeg (21.1 KB, 450x450, 1:1, 0f7d7101-5eaf-4a5e-b1d9-a….jpeg)

still sifting through 8ch/pol images and found 2 more which led me to figure out where the RAAID image came from - walmart.com - images from walmart.com are false positives for detect.py but when you look closer at the rest of the header doesn't match



745039  No.2723486

File: ce4d3f017bdc299⋯.png (113.26 KB, 330x274, 165:137, img00056260.png)

File: 22f42bfdbe71154⋯.png (83.76 KB, 343x195, 343:195, img00056270.png)

it is 1 month after Q posts about pixelknot and /pol/ Data Exchange and we've learned

* pixelknot on jpeg, header has unique signature and only last 1/3 of pass needed break f5 layer

* halfchan re-encodes images, breaks f5 steno and can't be used for data exchange

* false positive images from medium.com (and affiliates) and walmart

* qresearch images found were from medium.com

* 8ch /pol/ images found were from walmart

* sara silverman pictures are not pixelknot

wild goose chase?

745039  No.2734509

File: eb22d8dd389a4c9⋯.png (30.13 KB, 413x369, 413:369, sha1_hashcat.PNG)

File: 6130fd257d1b0ac⋯.jpg (41.01 KB, 274x277, 274:277, img702018.jpg)









f5 cuda brute force using hashcat sha1

realized that hashcat has a faster implementation of sha1

it's in opencl, spent the morning porting to cuda


this version of the f5-cuda is more than 50% faster, get it while you can




compile with

nvcc kernel.cu -o kernel

looking for more target images, think I've ruled out everything I've seen so far

745039  No.2735242

here's is what i don't get - Q links to halfchan /pol/ image IMG_382.jpg and says data exchange on /pol/ with pixelknot

but half chan re-transcodes images breaking the stego, which is why that image didn't look like a pixelknot image


so okay… MAYBE the silverman picture was made by pixelknot BEFORE it was posted to halfchan but it wouldn't be a way to exchange data

3fc3ff  No.2735651


It's possible that {{{they}}} use their own system cooked-up by the C_A for use by their own spies and that PixelKnot was only a generic example of steganography.

745039  No.2746327

File: 500caca7f24a273⋯.jpg (19.26 KB, 288x394, 144:197, Q4Example-4chan.jpg)

File: 40ee565c6e996ef⋯.png (7.99 KB, 820x62, 410:31, ClipboardImage.png)


played around with halfchan and Q4example.jpg - halfchan does re-encode the image but the message is still decodable

updated the pixelknot detection script to detect pixelknot image uploaded to halfchan along with those not, this will probably hit many false positives

it does detect the silverman picture as pixelknot


745039  No.2746706

File: 3cc427f84176604⋯.png (513.36 KB, 890x720, 89:72, ClipboardImage.png)

File: 6aff95993715edb⋯.jpg (51.93 KB, 400x533, 400:533, tumblr_nslnlvIRja1tb40lbo2….jpg)


new pixelknot detection script

>detect pixelknot uploaded to halfchan





I was expecting more false positives, this is actually a sensible list of images that the script detected

new possible pixelknot images





745039  No.2746813

File: 9bda0b548957731⋯.png (60.34 KB, 265x313, 265:313, ClipboardImage.png)

File: f5cb201aba8bba1⋯.jpg (38.48 KB, 434x319, 434:319, apu_mommy_copy.jpg)

check out at the image artifacts in this one….

745039  No.2747276

File: f2f3cbfc592082a⋯.png (661.71 KB, 850x742, 425:371, ClipboardImage.png)


more matches fresh from halfchan


745039  No.2747302

File: 346f45b5c30df17⋯.png (45.03 KB, 272x311, 272:311, ClipboardImage.png)

turn up the contrast

bb8fea  No.2747975


For reference, I am getting around 3300 pw/s on a 1080ti. As it stands, it would crunch through all four letter combos in about 6 hours.

745039  No.2748092

File: 9160caa3637f094⋯.jpg (96.92 KB, 786x786, 1:1, 1533009581.jpg)

File: 235d50aa55635f6⋯.jpg (36.29 KB, 390x406, 195:203, 1535308543866.jpg)


sweet anon!

here's an updated version, I made a couple memory optimizations and added command line flags


coeff files for the new images


745039  No.2748657



on the smallest coeff file i'm getting 6600 pass/sec on 1080 ti and 4900 on 1080

using –blocks 32 –threads 64

had to do the tdrdelay thing

https:// www.pugetsystems.com/labs/hpc/Working-around-TDR-in-Windows-for-a-better-GPU-computing-experience-777/

8a5cb0  No.2749064

There is also a Steg tool called Outguess. It is a linux command line tool. Not sure if anyone here has tried to use it to find stuff on pictures here…

3fc3ff  No.2749627


Wait a sec… all you are checking for is that they are either missing the normal JFIF header, or have the normal header and are encoded with a 94% quantification table, like the SS pic. Then you check to see that they have the standard Huffman tables from the JPEG spec that is used by 99.9% of all the color JPEGs in existence.

But PK is hardcoded to always encode at 90%. And 4chan's JPEG recombobulator does not change the compression quality.

94% is not a number that a developer would hardcode as a default. That is a number from someone moving a GUI slider when exporting an image from Photoshop or GIMP. So if there is stego in the SS pic then it was done with a program that does not change the quality level.

You are forcing a match on the Sarah Silverman pic without explaining why that DQT is indicative of PixelKnot.

745039  No.2753991


uploaded q4example to halfchan and inspected what was the same, the order and location of the DQT and huffman table along some bytes of the huffman table

waiting on your improved version ;)

745039  No.2754886

File: 2c0811f1a70f4d1⋯.jpg (71.07 KB, 382x569, 382:569, Botto_00237_FLYNS.jpg)

File: 00fd4c294e15460⋯.jpg (138.58 KB, 650x650, 1:1, 1535316356699.jpg)


just for (You), updated the detect script to be more discriminating - no longer detects the silverman pic though


images that match


745039  No.2756444

File: 491e9a9676013ac⋯.jpg (96.12 KB, 593x680, 593:680, 1535378516535.jpg)

File: f93cfee772d1fa8⋯.jpg (111.13 KB, 600x945, 40:63, 1535371392203.jpg)


another updated detection script to rule out more false positives, 63 images from halfchan /pol/ with coeff files


745039  No.2756449

File: 3a94d8196116669⋯.jpg (110.12 KB, 800x600, 4:3, 1534707518.jpg)

File: 8dd3515f915d76d⋯.jpg (53.76 KB, 500x375, 4:3, 1535300113278.jpg)

File: 6d1e2ca96ac85e3⋯.jpg (78.83 KB, 530x960, 53:96, 1535394411237.jpg)

File: a7ac2c1247a3ce4⋯.jpg (334.05 KB, 899x1599, 899:1599, 1535394991080.jpg)


starting to see themes here

745039  No.2756467

File: c63e06cc42b46ac⋯.jpg (134.6 KB, 1280x1240, 32:31, 1535362492313.jpg)

File: f2e98dbb021981a⋯.jpg (114.37 KB, 1200x675, 16:9, 1535379036081.jpg)

File: fbb05afef25d3aa⋯.jpg (64.78 KB, 1280x720, 16:9, 1535313673897.jpg)

File: c471a081b3747ac⋯.jpg (49.9 KB, 660x715, 12:13, 1535385801833.jpg)

745039  No.2756480

File: c9676cf0d4267b5⋯.jpg (191.61 KB, 1080x1270, 108:127, 1535389769343.jpg)

File: a7d827f0e32c6f5⋯.jpg (53.65 KB, 541x541, 1:1, 1535391082884.jpg)

File: 7cf02064f11a9fc⋯.jpg (131.54 KB, 1280x720, 16:9, 1535376955004.jpg)

File: 4cb11455583a38b⋯.jpg (225.58 KB, 1920x1080, 16:9, 1535357746592.jpg)

745039  No.2756489

File: 87494393f2c2679⋯.jpg (54.43 KB, 1080x232, 135:29, 1535315068734.jpg)

File: 426d32028622cb0⋯.jpg (32.41 KB, 560x299, 560:299, 1519851377.jpg)

File: e24e09ba11a6ce5⋯.jpg (59.71 KB, 550x517, 50:47, 1519851377-1.jpg)

745039  No.2756545

File: 491413e9847d778⋯.png (47.13 KB, 172x138, 86:69, ClipboardImage.png)

File: 9d519a3eb059128⋯.png (88.49 KB, 250x218, 125:109, spiral.PNG)

File: e982f80ca357594⋯.png (15.61 KB, 69x81, 23:27, spiral-ear.PNG)



745039  No.2757678

File: 9555b3b95047ca9⋯.jpg (113.11 KB, 850x596, 425:298, 1535371534161.jpg)

File: 67674d32474e27c⋯.jpg (132.97 KB, 720x1127, 720:1127, 1535397728664.jpg)

File: c33da635a0763ee⋯.jpg (87.61 KB, 720x682, 360:341, 1535397885954.jpg)

File: 2fc72018554e1fc⋯.jpg (173.4 KB, 662x993, 2:3, 1535405856573.jpg)



girls with red or flowers

745039  No.2757686

File: 2ef65768904d453⋯.jpg (65.81 KB, 618x800, 309:400, 1535405865713.jpg)

File: 89920c419b0429d⋯.jpg (491.21 KB, 1080x1679, 1080:1679, 1535400124769.jpg)

File: a7a5ead258f553e⋯.jpg (272.82 KB, 1080x1267, 1080:1267, 1535400451031.jpg)

745039  No.2757787

File: aba36bba71de397⋯.jpg (33.2 KB, 600x338, 300:169, 1535400906374.jpg)

File: 6c595efd9b14d21⋯.jpg (88.21 KB, 1024x1280, 4:5, 1535380920780.jpg)

File: 0487ebf5275142e⋯.jpg (294.31 KB, 960x986, 480:493, 1535401967906.jpg)

745039  No.2757806

File: ee66f62ef6237dc⋯.jpg (23.72 KB, 206x305, 206:305, 1535387868569.jpg)

File: 1895a296a0aa230⋯.jpg (61.75 KB, 637x799, 637:799, 1535398336598.jpg)

File: 3f09c46f423f993⋯.jpg (46.28 KB, 332x500, 83:125, 1535391292263.jpg)

wget -P 4chan -nd -np -r -l 1 -e robots=off -H -D is2.4chan.org -A jpg,jpeg https://boards.4chan.org/pol/thread/<THREADID>

for F in 4chan/*.jp*g; do python detect.py $F; done

96faf4  No.2757815


Should be banned for incoherent rants.

Personal gratification that has no value for others

"Notice me - I am special"

Simply narcissist vanity

745039  No.2757852

File: 3a9dcc0990795ce⋯.jpg (177.89 KB, 1080x818, 540:409, 1535400983726.jpg)

File: a9ebc944954a804⋯.jpg (395.51 KB, 1080x1518, 180:253, 1535400798903.jpg)

File: a7a5ead258f553e⋯.jpg (272.82 KB, 1080x1267, 1080:1267, 1535400451031.jpg)

File: 8430c6e42015c33⋯.jpg (334.23 KB, 1080x1699, 1080:1699, 1535389632849.jpg)

File: 4754394748200b8⋯.jpg (169.02 KB, 1080x1194, 180:199, 1535390462803.jpg)

745039  No.2757868

File: bdcac27791a75f4⋯.jpg (237.34 KB, 1080x1095, 72:73, 1535402303917.jpg)

File: 314ddaafbbbf535⋯.jpg (38.7 KB, 657x387, 73:43, 1535404743795.jpg)

File: a15d9aec586bcf9⋯.jpg (35.7 KB, 1080x324, 10:3, 1535405528181.jpg)

File: 0ba74bef4ee0aa3⋯.jpg (112.58 KB, 1080x900, 6:5, 1535405828978.jpg)

745039  No.2757871

File: ccab6f75d673aac⋯.jpg (75.8 KB, 1028x675, 1028:675, 1535401759261.jpg)

File: 0883ded487beed9⋯.jpg (37.57 KB, 576x576, 1:1, 1535404910834.jpg)

File: 004ea78a48517f9⋯.jpg (95.59 KB, 664x573, 664:573, 1535406518228.jpg)

745039  No.2757877

File: 0fe98098a7b32a1⋯.jpg (63.74 KB, 758x502, 379:251, 1535399536303.jpg)

File: 6963995e69fa548⋯.jpg (40.16 KB, 417x461, 417:461, 1535405580107.jpg)

File: 62a6edd31ced21d⋯.jpg (131.41 KB, 720x1127, 720:1127, 1535372367960.jpg)

745039  No.2757908


downloaded 1000 jpg from halfchan /pol/ and 5% of them match PK header, probably a bunch of false positives in there

58 more images


745039  No.2758088

File: 8bf30d34da0b7b1⋯.jpg (1.16 MB, 2322x4128, 9:16, 1535407165678.jpg)

File: 592c006dfa2e404⋯.jpg (43.56 KB, 460x720, 23:36, 1535407191734.jpg)

File: 56b78b1f8bb7f91⋯.jpg (67.26 KB, 660x440, 3:2, 1535407287911.jpg)

File: a7a984b42110685⋯.jpg (32.72 KB, 480x355, 96:71, 1535405775062.jpg)

39ebd4  No.2761102

Just wondering about this pixelknot; not sure if anyone looked at the Antarctica

pictures in the wikileaks drop?

745039  No.2764174

File: 18b9d95b870b29c⋯.jpg (798.26 KB, 3443x2864, 3443:2864, 1534962089806.jpg)

File: 2c8c51ae8f422ac⋯.jpg (112.83 KB, 502x640, 251:320, 1535245940492.jpg)

File: 80915943ea3d22a⋯.jpg (823.05 KB, 1920x1440, 4:3, 1535434394610.jpg)

File: becdea50eeeefc4⋯.jpg (111.97 KB, 650x400, 13:8, 1535437793212.jpg)


post em and i'll take a look

the PK file sign is fairly uncommon, i've only found 178 jpg that match it

all the test images i have have the same DQT table, what i wonder is if pixelknot could have generated a different table like the silverman

745039  No.2764183

File: e41f6d0c151e259⋯.jpg (737.59 KB, 1920x1080, 16:9, 1535414391953.jpg)

File: 7c2b75cf8283a74⋯.jpg (185.45 KB, 850x1212, 425:606, 1535426315437.jpg)

File: cd0eea2a8b24546⋯.jpg (157.23 KB, 760x943, 760:943, 1535388952657.jpg)

File: 27a3939e4537c95⋯.jpg (2.84 MB, 4608x3456, 4:3, 1535263003058.jpg)

File: ef655acb3d742e6⋯.jpg (41.47 KB, 859x495, 859:495, 1535409576169.jpg)

this same shade of blue shows up



745039  No.2764199

File: e01672eff46298b⋯.jpg (295.39 KB, 1025x1280, 205:256, 1535437415456.jpg)

File: c5aceff6c089d61⋯.jpg (78.85 KB, 800x800, 1:1, 1535423299257.jpg)

File: b6211ef4556cc87⋯.jpg (119.79 KB, 982x904, 491:452, 1535380150960.jpg)

red shoes…

745039  No.2764217

File: 8ae55c6026d5352⋯.jpg (143.66 KB, 1456x749, 208:107, 1533454966162.jpg)

File: af6d9cc0b09196a⋯.jpg (753.58 KB, 1920x1080, 16:9, 1535429193747.jpg)

File: f187ff52b050e7c⋯.jpg (31.9 KB, 1024x1024, 1:1, 1535409664601.jpg)

File: 7e0d992b88525d5⋯.jpg (1.28 MB, 3024x4032, 3:4, 1535409955468.jpg)


745039  No.2764224

File: 60ef4a6af30dcd9⋯.jpg (93 KB, 800x600, 4:3, 1533085160501.jpg)

File: 8762c5f44290e17⋯.jpg (65.42 KB, 1024x405, 1024:405, 1535303425719.jpg)

File: 6bef8e39b5e0e0e⋯.jpg (27.1 KB, 360x300, 6:5, 1535381265109.jpg)

File: eb562a728fabca6⋯.jpg (223.91 KB, 1920x1080, 16:9, 1535420916826.jpg)

File: 9dc9284b15c1702⋯.jpg (33.79 KB, 500x312, 125:78, 1535408041547.jpg)


745039  No.2764239

File: 586bf76bbed2b78⋯.jpg (1.38 MB, 1700x2338, 850:1169, 1535403304639.jpg)

File: 0eaa88703d0a0a0⋯.jpg (103.15 KB, 1024x768, 4:3, 1535409966372.jpg)

File: 4754394748200b8⋯.jpg (169.02 KB, 1080x1194, 180:199, 1535390462803.jpg)

File: d17d8e7433630d5⋯.jpg (481.3 KB, 2506x1795, 2506:1795, 1525910981471.jpg)

File: a4fdbcce3feda38⋯.jpg (145.69 KB, 1280x766, 640:383, 1535431891435.jpg)

745039  No.2764243

File: 850c14e9eec42fb⋯.jpg (491.28 KB, 1920x1080, 16:9, 1535433945515.jpg)

File: 18e9b2cc6f7db4a⋯.jpg (1.92 MB, 2702x2952, 1351:1476, 1535437742337.jpg)

File: 102f98e79e63e07⋯.jpg (197.22 KB, 1000x1300, 10:13, 1534896896166.jpg)

745039  No.2764246

File: ea8b67f0430d91d⋯.jpg (278.09 KB, 1080x1350, 4:5, 1532327260034.jpg)

File: 552974961f7a3ad⋯.jpg (17.74 KB, 230x249, 230:249, 1532064158115.jpg)

File: 57d9bbe81a9e3d4⋯.jpg (52.43 KB, 748x600, 187:150, 1534517345723.jpg)

File: f3e04f87342bb2c⋯.jpg (35.09 KB, 528x362, 264:181, 1535355348760.jpg)

File: a864f5fe66800b0⋯.jpg (9.79 KB, 179x170, 179:170, 1535401830599.jpg)


745039  No.2764253

File: aa09f5da3e36cc1⋯.jpg (306.29 KB, 1052x1384, 263:346, 1535435605971.jpg)

File: 5cc0e4faddf7bcc⋯.jpg (232.67 KB, 1080x1839, 360:613, 1535433795120.jpg)

File: 001294983c4aa67⋯.jpg (114.34 KB, 562x583, 562:583, 1535431497815.jpg)

745039  No.2764262

File: 08db3a999c0b0ee⋯.jpg (969.34 KB, 1824x2736, 2:3, 1535236126406.jpg)

File: 5d22f50f5ac6908⋯.jpg (239.86 KB, 850x1194, 425:597, 1533953330961.jpg)

File: 2f9dd98f84dfa9e⋯.jpg (176.61 KB, 961x1280, 961:1280, 1535381617891.jpg)


745039  No.2764328

File: 275f7eeac02ddc3⋯.jpg (75.19 KB, 650x650, 1:1, 1535316197247.jpg)

File: b4f38f41464ffbf⋯.jpg (266.48 KB, 1366x768, 683:384, 1535348797088.jpg)

File: ef34e3659f3e611⋯.jpg (42.03 KB, 575x398, 575:398, 1535382638236.jpg)

File: 062dbac5e0b8d89⋯.jpg (924.9 KB, 3260x2445, 4:3, 1535437246147.jpg)

File: 738b7e92e7d86e3⋯.jpg (83.67 KB, 630x356, 315:178, 1535437845011.jpg)


out of a few thousand scanned jpg from halfchan, 178 matches



here's how

wget -P 4chan -nd -np -r -l 1 -e robots=off -H -D is2.4chan.org -A jpg,jpeg https://boards.4chan.org/pol/thread/<THREADID>

for F in 4chan/*.jp*g; do python detect.py $F; done

745039  No.2767218

File: e68c7e8b579f8ce⋯.jpg (940.66 KB, 2443x1872, 2443:1872, 1535473878436.jpg)

File: 20d0066a7c2861b⋯.jpg (83.96 KB, 640x480, 4:3, 1535459270268.jpg)

File: e545ea9a2ad9fb8⋯.jpg (139.5 KB, 768x1024, 3:4, 1535451465071.jpg)



new blue, red and orange today

745039  No.2767232

File: e2ef8b25d5fbc5a⋯.jpg (21.18 KB, 320x320, 1:1, 1535450619025.jpg)

File: 0372774bc93079d⋯.jpg (46.03 KB, 950x534, 475:267, 1535467840171.jpg)

File: 6b0bad7c56538d2⋯.jpg (162.26 KB, 1220x978, 610:489, 1535470514134.jpg)

File: 73e4d0c7db94b55⋯.jpg (442.2 KB, 1767x1936, 1767:1936, 1535470743372.jpg)

745039  No.2767294

File: 59a624aac13b93c⋯.jpg (70.59 KB, 618x667, 618:667, 1535405378830.jpg)

File: ee7fcec9740b375⋯.jpg (151.44 KB, 720x1024, 45:64, 1532399522823.jpg)

File: aafe3f43d87b3bc⋯.jpg (864.91 KB, 2987x1536, 2987:1536, 1535435416292.jpg)

745039  No.2767849

File: 3c998438855a538⋯.png (120.41 KB, 263x298, 263:298, ClipboardImage.png)

File: 97193f9645d86fc⋯.jpg (132.53 KB, 640x640, 1:1, 1535466762059 - Copy.jpg)

File: 24466007e942b68⋯.png (197.76 KB, 217x316, 217:316, fire.PNG)

File: a172de36b62c4e6⋯.png (119.32 KB, 214x297, 214:297, map.PNG)

File: 224a1f9e2422181⋯.png (95.16 KB, 183x276, 61:92, purple.PNG)


a few have this weird artifact, a line that doesn't match up

745039  No.2767900

File: ea5feadc5b868ee⋯.png (109.58 KB, 701x160, 701:160, ClipboardImage.png)

File: 479d3f7dee0a4bd⋯.jpg (125.95 KB, 720x1280, 9:16, testtesttest.jpg)

File: 58566d2449557cc⋯.png (20.74 KB, 193x129, 193:129, line.PNG)


here's the same line artifact on a pixelknot test image

745039  No.2768019

File: 86c6af464efb56c⋯.png (260.5 KB, 593x401, 593:401, ClipboardImage.png)


16 images + coeff files that match PK header and have the unaligned square artifact


745039  No.2768255

File: 73180a519eb0a28⋯.png (42.81 KB, 501x103, 501:103, ClipboardImage.png)

File: 4ccf5754ef3cfa1⋯.jpg (72.84 KB, 635x945, 127:189, 1535382042572.jpg)


this one too

745039  No.2768269

File: 681eb9daf3a55b1⋯.jpg (171.62 KB, 1024x683, 1024:683, 1535343308313.jpg)

File: cc5e08c21036e41⋯.png (49.93 KB, 114x338, 57:169, ClipboardImage.png)

cccp girl too

745039  No.2768327

File: e01672eff46298b⋯.jpg (295.39 KB, 1025x1280, 205:256, 1535437415456.jpg)

File: bd77596d374f91b⋯.png (63.84 KB, 130x363, 130:363, ClipboardImage.png)

red shoe cammo woman too

745039  No.2768354

File: d48e51f29ce89e2⋯.png (988.84 KB, 854x774, 427:387, women-in-red.PNG)

of the jpg with matching PK headers with line artifacts i've found, half are of women in red

745039  No.2768915

File: 69e7877567693c1⋯.png (180.47 KB, 597x317, 597:317, ClipboardImage.png)


only the shitty windows photo viewer is showing the artifact… maybe it is only a bug with that?

3fc3ff  No.2779614


Pic of the mouse is a test image I posted there.


Same for middle Pepe.

745039  No.2783440

File: 2fcd8ce9087ae7e⋯.jpg (78.62 KB, 503x504, 503:504, 1535531287257.jpg)

File: c02363969fdfe72⋯.jpg (85.91 KB, 503x504, 503:504, ad6df596888a451899bedf3883….jpg)

File: 09d41e3efe22e0d⋯.png (159.13 KB, 503x504, 503:504, diff.png)



new match from pol and the original

f5 does not encode data in 0s

here is diff, contrast and brightness turned way upp

does that look like encoded data to you?

745039  No.2786451

File: bf85f7ac8f6fc60⋯.jpg (35.78 KB, 700x389, 700:389, 1535404782901.jpg)

File: 5fe47a15210d89e⋯.jpg (31.92 KB, 700x389, 700:389, MM2K0iF.jpg)

File: 4552c9d42b39a15⋯.png (194.15 KB, 700x389, 700:389, fallout-diff.png)


another diff


these two look identical, turn up the contrast on the difference and see small changes all over

3fc3ff  No.2792806



We can't tell with the naked eye. Re-encoding for whatever reason would do that. Have you checked that ONLY the non-zero AC coefficients have changed? If any DC coeff is different or if any AC coeff was was zero is non-zero, or vise versa, then you are looking at a false positive.

745039  No.2817954

File: 3b3fe95dcf5d45b⋯.jpg (20.39 KB, 204x240, 17:20, 1531929698113.jpg)

File: 07b94e87bc98e75⋯.jpg (46.43 KB, 387x503, 387:503, 1535307911761.jpg)



can another codeanon take the ball?

need to care for self and family

updated pixelunknot github with my code changes

added gather.sh, detect.py, BruteCrackF5 and F5CUDA






745039  No.2818057

File: f21752c3ea52c72⋯.png (174.57 KB, 451x272, 451:272, ClipboardImage.png)


3fc3ff  No.2826539


I'd take up the torch if I still believed this was feasible. But we have too many unknowns to solve for.

We can test a known password against millions of pics from image boards. Or we can try a billion passwords against a (confidently) known target image. But when trying to solve both unknowns the problem size increases beyond what is feasible for two guys with high-end desktops.

745039  No.2859316

File: 0487ebf5275142e⋯.jpg (294.31 KB, 960x986, 480:493, 1535401967906.jpg)

File: 001294983c4aa67⋯.jpg (114.34 KB, 562x583, 562:583, 1535431497815.jpg)

File: 9c07aea1cfb7947⋯.jpg (129.83 KB, 1280x720, 16:9, 1535521912484.jpg)


maebe this will help?


The cult color codes are

Green Forrest = "I am your plant"

Yellow Sunshine= "Gold/Reward"

Blue Ocean= "Info/Surveillance"

Red Fire= "Anger/Smear"

Orange Sunset= "End this now"

9969c2  No.2981121

Tried this too.

4767 5774 6a7a 4d6c 6330 666b 314a 3453 0000 0907 84b4 f787 7616 86f7 a737 5707 5736


e1c5f2  No.3055048

File: f6a2ab6bb73c9b3⋯.jpg (410.63 KB, 2000x2476, 500:619, f6a2ab6bb73c9b3574e93a7b87….jpg)

e1c5f2  No.3101607


745039  No.3138967

File: bd45c121b1f9361⋯.png (10.14 KB, 287x169, 287:169, ClipboardImage.png)



that image does load into pixelunknot

if there is a message in it, not bruteforcing anytime soon

4c3284  No.3252291


Posted this in main bread. Very close to a pixelknot header.

f6d946  No.3291536

This sucks, that this hasn’t gotten anywhere… Did anyone ever try passwords that anons without androids, have suggested? If breaking the code isn’t possible, then there must be clues. I was gonna try to get the app, but the day I decided to charge an old android, I met a stray, who needed a phone. Too cosmic, couldn’t resist.

c3c0f7  No.3291607


maybe it's noy so much about steg - maybe it's about the connections - Guardian Project >PK> Haven > Freedom of Press Foun -

c3c0f7  No.3291646


and securedrop

Maybe JPB stood for something different than the cabal

The doc of SecureDrop assumes the Organization Hosting SecureDrop (in

this case FPF)

• The organization wants to preserve the anonymity of its sources.

• The organization acts in the interest of allowing sources to submit documents, regardless of the contents of these documents.

• The users of the system, and those with physical access to the servers, can be trusted to uphold the previous assumptions unless the entire organization has been compromised.

• The organization is prepared to push back on any and all requests to compromise the integrity of the system and its users, including requests to deanonymize sources, block document submissions, or hand over encrypted or decrypted submissions.

What if the above is assumed, but the assumption's incorrect?

Sauce https://docs.securedrop.org/en/latest/threat_model/threat_model.html

179bd7  No.3301018


Long-time lurker, first time poster. No android, or stenanography exp but one "keystone" that sticks in my head is the masonic keystone.

>>>2336488 (pb)

Has HTWSSTKS been tried?

Ty for the work anons. Back to lurking…

cbacdb  No.3348866

File: 260dd35f61e5db6⋯.jpg (641.3 KB, 1435x2038, 1435:2038, 1538757426902.jpg)

File: d310ac9fe8a9c76⋯.jpg (220.67 KB, 1200x769, 1200:769, 52d29c33e34e8ce94ad5f613de….jpg)

When Washington and his troops crossed the Delaware and landed, the sentry troops we're told not to let anyone through that didn't have the password. The password was Victory or Death. Don't know if anyone has tried it yet.

18a7f3  No.3377680

File: cd544e5790bb6de⋯.png (1.22 KB, 326x29, 326:29, 151.png)




Thought this interesting with Q's post today of Nanci Peosi talking about smear tactics


5fb619  No.3379774

This thread is still upsetting me. Q made it seem kinda easy, right? I gotta get my hands on this thing. For the pics, we have to find the original? Posting here changes it?

448d1b  No.3381423


I"m still thinking that's a normal occurrence in jpgs. I've seen it long before all this PK stuff.

18a7f3  No.3384298

File: af71d65a18f1ecc⋯.png (9.69 KB, 443x259, 443:259, 158.png)


Maybe it's here!

84723a  No.3389253

I have an android, but no idea what to do :(

42f321  No.3395995

File: ae5eba207a0ad82⋯.png (847.61 KB, 640x1136, 40:71, 7B7C3F54-AFAF-4F7F-B533-82….png)


I was thinking someone said reposting images here, changes the file, so then I thought we had to go outside the Chans to find the original… But if /pol is the point of data exchange, none of that makes sense. The only thing us new fags can offer you, is fresh perspective: brand new eyes. An eye for an eye is fine, if you give me yours and I give you mine.

Anyhoo… this whole thing is worth a read, but things start heating up in July (Coincidence? Pic related): https://8ch.net/pol/res/11847601.html#12010876

7/12: Syrian Electric Army

7/13: Coincidence pic: a sign? ID: adad33, def chosen.

7/15: Someone complaining about “gigantic pics about nothing”, says please stop in /crypto posts too. Did anyone find a correlation between file size?

7/22: “…most corrupt images have steg” = Good to know, anymore helpful tidbits floating around?

9/7: Post re: steg, poster ID: 000000, def chosen. Clearly someone with knowledge, lurking and checking images. Follow them? There are few real humans, choices limited. Also, this exchange almost seems scripted, dropping hints? The whole thread could be a set up, but who’s the trap set for? Us or them?

We’re trying to intercept black hat comms, right? They hang where it’s easy to mix with bots. Spot the difference, people are jaded and quick to dismiss. “How do you hide a message in clear sight?” Amongst other random images, possibly on a thread dedicated to such. These people are stupid, right? How do they get the password to each other? Always the same? I’d say try: JEWS, but that’s too easy. What’s one step up from “too stupid”? PW is file name?

Or else we’re being led to pol, to get the answers on HOW to crack the code/spot the images. Q doesn’t have to be “Q”, white hats have to have a way of being known too. Dark/Light, Mirror, blah blah blah… Haven’t gotten ahold of PK yet, handing off until then. If this is repeat info, super duper my bad. Am phonefag, hard to scroll. Using “find on page” tool to dig = annoying to the maxxxxx.

42f321  No.3396244


I thought this was a good line of thinking too. But not sure where it leads. Good guys or bad guys? Did you get murdered as you were writing this? On the bright side, at least that means you’re over target.

42f321  No.3396366


Step 1: Get pixel knot at App Store/Google Play?

Step 2: Try that buddah image I posted, with the pw as the image file name. (Save from the original, within the thread that I linked below)

Step 3: Go through /pol yourself and see if you find any images/ideas OR scroll through everybody else’s ideas.

Step 4: Throw anything, see what sticks. Much appreciated.

09f21a  No.3437327

Non code fag here, apologize in advance if this is retarded. With the CBS logo. It should be pretty simple black and white. Can you overlay a "good" one and compare to the messaged one? Wouldn't there be differences in pixels from the "original" picture to the messaged picture? Can you test it by making a picture, putting in a simple message and comparing both.

09f21a  No.3437561


yup kinda retarded. Did find this though.


5e2135  No.3447338

File: 3ace75587671e8f⋯.jpg (177.06 KB, 1280x960, 4:3, IMG_20181011_225319.jpg)

Hello pixelfag anon steganon fresh out the psych ward ( that ntv world order post got me sonically targetted) bantz

09f21a  No.3468757

Been thinking about the pixel knot thing for a while. Non

code monkey/crypto fag.I am not sure you would need a

password to decrypt. I don't know alot of the language so it

may be rough in translation, I am more of a visual type.

Experiment: take a picture and run it through pixelknot.

Create new picture with the changes between the original and

the new pixelknot photo. This will create a template of the

changes to work with on the experiment. This may not be

necessary in the future, but it is a starting point. Run it

through an algorythm/formula and create a new pic. Do this

with 10K-100K algorythms.

It is my hypothesis that the static overlay will behave

slightly different than the hardcoded message. Maybe less

than 1/10th%. Create a program that looks for anomalies. A

couple of pixels in a straight line or curve. Overlay the

pics, all 10-100K and look for letters based on anomalies

that form possible letters in a stacked formation in the top

50% (or whatever).

I would liken it to creating waves in the picture and much

like looking for subs as the Chinese satelites are purported

to do with wave photographs. Or, like tuning into UHF, there

is alot of static, but you can see the words or image even

though it is not crystal clear. After doing this a few

hundred times, you may be able to analyze which algorythms

are more successful.

I don't know how much computing power that would take or if

anyone has that much. If this is viable, there is no need

to send anyone to knock on my door, I am just working on a


c3c0f7  No.3534063


Thanks. Leads to the bad guys (some of them, anyway)

I think you are correct in >>3395995 re: hiding in plain sight where "people are jaded and quick to dismiss" and that the password is a simple one.

Admire you persistent Anons trying to crack the code.

162c77  No.3588616

Dunno if anybody has suggested fotoforensic.com yet. Not necessarily helpful for the PK problem, but good for checking if images have been altered in general. The tutorials/challenges page was super helpful, if you don’t know much about what to look for/what the data tells you.

I haven’t found any other threads on /pol that look promising besides “lost content”, which is pretty dead now. There was mention of “crypto posts”, but haven’t looked beyond /pol. Cryptofags, where y’all hang out?

Do you think after all is said and done, if we haven’t gotten it by then, Q will throw us a bone?!?! This feels like a puzzle, when your dog eats half the pieces.

e54a40  No.3663002


did you find anything yet?

b9f4ed  No.3863005

File: aac1e6f8991461e⋯.png (191.79 KB, 500x610, 50:61, pixelknow.png)

can anyone dissect this image? probably benign. maybe not. came from a cryptic /disclosure/ #4 post. Thank you.

6ce197  No.4113200


a32688  No.4167702

sorry test

= test =


f75b53  No.4169365



The grip is weird…?

Free Mason thing? Jesuit thing?

[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / deltach / flutter / frz / gurps / s8s / travis2k / tricking / tulpa ]