Ha, thanks for the tip! Code: AIX core file fulldump 64-bit Hmmm --- Edit: Going to try analyzing the whole file as a coredump with GDB or DBX maybe?
R2R will exist until everybody in the audioprodcution goes back to golden age of recording in tape and Fully OUT OF THE BOX.
Might be false positives,, havent checked these yet, but zsteg finds Little-endian UTF-16 Unicode text using. Also found MPEG layer II and III using the other methods ,... zsteg -b 1 --lsb katze-04.png b1,r,lsb,xy .. file: Little-endian UTF-16 Unicode text, with no line terminators
> "Also found MPEG layer II and III using the other methods" Holy fuck, I don't think I'm of the caliber to play this game. Presumably the MPEG layers need all be found and reconstructed, and probably there's another challenge hidden in the data there that needs A/V stego. Kudos to you and the other folk in this thread. I'm an engineer by trade that has fiddled with taking stuff apart for fun a handful of times. Best I've done was use an existing DAW crack to copy-cat a crack for updated version, this is out of my league I think. It is fun to play though, I think I'm just too low-level for now =P ---- I do hope whoever cracks them all posts the message, unless the message explicitly says not to do that (which I think it might). My guess is that the prize is an invite to the R2R irc or similar. Would make sense why earlier guy that said he'd cracked all but "katze-05.jpg" on Tuesday never came back to the thread. Fun, easy way to run a recruiting campaign, aye? If only I'd more skill ;) Last edited: Sep 6, 2021
First time I am doing stegonagraphy on images. .. Back in the day we did some fun things like this with floppy disks to hide data.. But I am not the caliber either.. I doubt I will make it through either, I got too little time.. Last edited: Sep 6, 2021
~ 誠 I started over to see I could find any hints.... I found two payloads in the katze-01.jpg ... ...but no hints what to do with the payloads yet..
well a screwdriver and a hammer are also both tools but they both have a totally different result when used for the same purpose
The problem with assuming that it's outguess stego is that there are literally *thousands* of "valid" keys just on the first jpeg. Using the Black Friday 2021 epoch was a solid idea, but the UTC +3 makes no sense in that context. R2R is based in Japan, so it would either be +9 or just straight UTC. Aletheia shows a high probability (0.9) that something's hidden in katze-01 with J-UNIWARD and it claims there's hidden data in all three channels with the calibration attack. I don't know what's involved with cracking J-UNIWARD, but it doesn't look trivial. The QR code on the Seagate image gives you a 48-digit string that looks like it's common to all of these Skyhawk drives. That might play a role in solving this, if there's anything to even solve. Edit: you can verify my claim that there are thousands of "valid" outguess keys with some command-line nonsense: mkdir keys; i=1199145600; while [ $i -lt 1637895601 ]; do outguess -k $i -r katze-01.jpg keys/$i; i=$[$i+100];done this starts with an epoch from Jan 1 2008 (UTC-0, Team peace-out started in 2008) and just keeps throwing keys at outguess every hundred seconds (as epoch keys, not like actual seconds of real time) afterward until it gets to Black Friday 2021 (UTC +3, the "valid" key posted last week). You can do it with +1 as well, but it doesn't really matter. There are already too many hits to be legit. While this is running, you can check the results in another terminal. Any file in keys/ larger than 0 bytes is something outguess thought was a valid key. Run this to output information on the files: for i in $(find keys -size +0); do file $i; done Last edited: Sep 7, 2021
I understand nothing lol, but it's definitely an exciting game! Not sure if this is useful, but in image 5, I see braille dots here & there... Just messing with the image in photoshop for ex: also see some here: https://aperisolve.fr/03ee955ea0c9bc2f4242e15d62d9f661 if it IS coded in Braille, note that in English Braille there are three levels of encoding: Grade 1 – a letter-by-letter transcription used for basic literacy; Grade 2 – an addition of abbreviations and contractions; and Grade 3 – various non-standardized personal stenography.
So when you have 15 free screwdrivers you pray to God you get the 16th (also free). And you keep wishing and complaining, making noise day by day. Just to get any that you don't have (but the pricier the better). No matter if the level of your craftsmanship is adequate or not. Only then, you believe you'll be a better 'driver of screwdrivers'. Last edited by a moderator: Sep 7, 2021
Due to the fact that many people here really do suspect a real riddle, I think I need to clarify something. After a superficial/light examination (exif, hex, outguess, photoshop) I had the impression that it is not a puzzle and that the pictures do not contain anything hidden. That's why I joked and said for the second picture: 9999985000. I guessed this value with trial and error. As BufferOverflow says, there are several "valid" keys for outguess....(example for image 2:169978300). But they do not have to be correct. Also, I don't really understand how people come up with the timestamp. I know the blackfriday date from image 3, but if you take into consideration that R2R is in Japan, you'll get another timestamp, which won't work. Plus why should you use the timestamp that you got from image 3 to decrypt image 1.... But since I see that a lot of people here really want to go searching, I thought it was important to inform you so no one gets lured into the wrong direction.
What If the riddle is only what we can see in the pictures? Nothing with hidden stuff or unix timestamps! To eexpand on this: there something like the epoch-time, which started counting on the 1.1.1970 - 00:00:00 UTC - its for all timezones the same, since every Metainformation - timestamps are saved in epoch time and then get reformated/human readible plus fixed timezone. https://en.wikipedia.org/wiki/Unix_time
so is it possible that they are ready to share all his own intern releases? so i think they have a lot of unreleased stuff, and they used only intern in the group. (have already often read that there are releases only for intern members)
You must be right... I thought I found several payloads yesterday (which is possible), but then I could change those passwords by just switching one character and still came out as a "legit" payload.... I just saw that someone in this thread found the original images! That's the way to check for diff's.
To clarify my comment about UTC +3, yes, the epoch is universal and based on UTC-0. The reason I said UTC +3 is because when you have a date but not a time, that date begins on midnight, 0:00:00. @Lepow used the Black Friday 2021 epoch with an offset of + 3 hours, but nothing in the images suggests 3 AM. The epoch for Black Friday 2021 (for countries in UTC-0) begins at 1637884800. In Japan, Black Friday 2021 does not begin until 1637917200.
I can confirm that the original png images for katze-03/katze-04 found on the web, are the EXACT same as the katze-03.png and katze-04.png. Same checksum. So there is nothing there that could be extracted, if they didn't upload the images themselfs in the first place (which I of course highly doubt for several reason). Of course someone could make use of these files to make up a password or a key of some sort, for somethings else, ... but... setting up this CTF would take too much effort instead of actual cracking... I think the team has more fun things to do by "doing things right". The jpg's are a different story, need check metadata and align the resolution, settings and compression to do some sort of a match...
