Yea, I was wondering about that too.
...btw somethings up with the LSBs on katze-04.png

 

Ha, thanks for the tip!

Code:

AIX core file fulldump 64-bit

Hmmm

---

Edit: Going to try analyzing the whole file as a coredump with GDB or DBX maybe?

 

R2R will exist until everybody in the audioprodcution goes back to golden age of recording in tape and Fully OUT OF THE BOX.

 

Might be false positives,, havent checked these yet, but zsteg finds Little-endian UTF-16 Unicode text using. Also found MPEG layer II and III using the other methods ,...

zsteg -b 1 --lsb katze-04.png
b1,r,lsb,xy .. file: Little-endian UTF-16 Unicode text, with no line terminators

 

> "Also found MPEG layer II and III using the other methods"

Holy fuck, I don't think I'm of the caliber to play this game.
Presumably the MPEG layers need all be found and reconstructed, and probably there's another challenge hidden in the data there that needs A/V stego.

Kudos to you and the other folk in this thread.

I'm an engineer by trade that has fiddled with taking stuff apart for fun a handful of times.
Best I've done was use an existing DAW crack to copy-cat a crack for updated version, this is out of my league I think.

It is fun to play though, I think I'm just too low-level for now =P

----

I do hope whoever cracks them all posts the message, unless the message explicitly says not to do that (which I think it might).

My guess is that the prize is an invite to the R2R irc or similar. Would make sense why earlier guy that said he'd cracked all but "katze-05.jpg" on Tuesday never came back to the thread.

Fun, easy way to run a recruiting campaign, aye? If only I'd more skill ;)

 

Last edited: Sep 6, 2021

First time I am doing stegonagraphy on images. .. Back in the day we did some fun things like this with floppy disks to hide data.. But I am not the caliber either..

I doubt I will make it through either, I got too little time..

 

Last edited: Sep 6, 2021

~ 誠

I started over to see I could find any hints.... I found two payloads in the katze-01.jpg ... ...but no hints what to do with the payloads yet..

 

Will these greedy expectations ever stop?
Software is just a tool if you're not a fool.

 

well a screwdriver and a hammer are also both tools but they both have a totally different result when used for the same purpose

 

The problem with assuming that it's outguess stego is that there are literally *thousands* of "valid" keys just on the first jpeg. Using the Black Friday 2021 epoch was a solid idea, but the UTC +3 makes no sense in that context. R2R is based in Japan, so it would either be +9 or just straight UTC. Aletheia shows a high probability (0.9) that something's hidden in katze-01 with J-UNIWARD and it claims there's hidden data in all three channels with the calibration attack. I don't know what's involved with cracking J-UNIWARD, but it doesn't look trivial.

The QR code on the Seagate image gives you a 48-digit string that looks like it's common to all of these Skyhawk drives. That might play a role in solving this, if there's anything to even solve.

Edit: you can verify my claim that there are thousands of "valid" outguess keys with some command-line nonsense:

mkdir keys; i=1199145600; while [ $i -lt 1637895601 ]; do outguess -k $i -r katze-01.jpg keys/$i; i=$[$i+100];done

this starts with an epoch from Jan 1 2008 (UTC-0, Team peace-out started in 2008) and just keeps throwing keys at outguess every hundred seconds (as epoch keys, not like actual seconds of real time) afterward until it gets to Black Friday 2021 (UTC +3, the "valid" key posted last week). You can do it with +1 as well, but it doesn't really matter. There are already too many hits to be legit.

While this is running, you can check the results in another terminal. Any file in keys/ larger than 0 bytes is something outguess thought was a valid key. Run this to output information on the files:

for i in $(find keys -size +0); do file $i; done

 

Last edited: Sep 7, 2021

I understand nothing lol, but it's definitely an exciting game!

Not sure if this is useful, but in image 5, I see braille dots here & there... Just messing with the image in photoshop for ex:


also see some here:
https://aperisolve.fr/03ee955ea0c9bc2f4242e15d62d9f661

if it IS coded in Braille, note that in English Braille there are three levels of encoding: Grade 1 – a letter-by-letter transcription used for basic literacy; Grade 2 – an addition of abbreviations and contractions; and Grade 3 – various non-standardized personal stenography.

 

So when you have 15 free screwdrivers you pray to God you get the 16th (also free). And you keep wishing and complaining, making noise day by day. Just to get any that you don't have (but the pricier the better). No matter if the level of your craftsmanship is adequate or not.
Only then, you believe you'll be a better 'driver of screwdrivers'.

 

Last edited by a moderator: Sep 7, 2021

Due to the fact that many people here really do suspect a real riddle, I think I need to clarify something.

After a superficial/light examination (exif, hex, outguess, photoshop) I had the impression that it is not a puzzle and that the pictures do not contain anything hidden.
That's why I joked and said for the second picture: 9999985000. I guessed this value with trial and error.
As BufferOverflow says, there are several "valid" keys for outguess....(example for image 2:169978300). But they do not have to be correct.

Also, I don't really understand how people come up with the timestamp. I know the blackfriday date from image 3, but if you take into consideration that R2R is in Japan, you'll get another timestamp, which won't work. Plus why should you use the timestamp that you got from image 3 to decrypt image 1....

But since I see that a lot of people here really want to go searching, I thought it was important to inform you so no one gets lured into the wrong direction.

 

@keyone1a as we spoke in the DMs, unix time stamps are unique no matter the timezone....

 

I'm just wondering what's the meaning of "katze" ??

 

so is it possible that they are ready to share all his own intern releases? so i think they have a lot of unreleased stuff, and they used only intern in the group. (have already often read that there are releases only for intern members)

 

You must be right... I thought I found several payloads yesterday (which is possible), but then I could change those passwords by just switching one character and still came out as a "legit" payload....

I just saw that someone in this thread found the original images! That's the way to check for diff's.

 

To clarify my comment about UTC +3, yes, the epoch is universal and based on UTC-0. The reason I said UTC +3 is because when you have a date but not a time, that date begins on midnight, 0:00:00. @Lepow used the Black Friday 2021 epoch with an offset of + 3 hours, but nothing in the images suggests 3 AM. The epoch for Black Friday 2021 (for countries in UTC-0) begins at 1637884800. In Japan, Black Friday 2021 does not begin until 1637917200.

 

I can confirm that the original png images for katze-03/katze-04 found on the web, are the EXACT same as the katze-03.png and katze-04.png. Same checksum. So there is nothing there that could be extracted, if they didn't upload the images themselfs in the first place (which I of course highly doubt for several reason).

Of course someone could make use of these files to make up a password or a key of some sort, for somethings else, ... but... setting up this CTF would take too much effort instead of actual cracking... I think the team has more fun things to do by "doing things right".

The jpg's are a different story, need check metadata and align the resolution, settings and compression to do some sort of a match...