Steg password attempts

[jacksloststepkid]

Post what passwords have been tried on the Stegosaurus.png file using openstego here:

JLSK

PS what the heck is this in relation to. Over at DarkUFO, some people have dug up a new directory and file here:

www.find815.com/steg/stegosaurus.png

TheBruce there was able to determine positively that the png file uses OpenStego to hide another file within it. It is password protected and that is what is trying to be cracked.

It came off a clue at this page:

www.find815.com/bhf/

When you e-mail the address there.

Dark UFO is down at the moment, but there is a long post there describing the process to get where we are.

While DarkUFO is down, I offered this thread to keep track of passwords already tried by people.

So, welcome DarkUFOers!

JLSK

PPS If you want to help, go to: sourceforge.net/project/showfiles.php?group_id=211815

Download OpenStego

Then go download: www.find815.com/steg/stegosaurus.png

run the .bat file and try to extract from the .png - post any passwords tried here.

[jessislost]

carpe diem
jurassic park
bX-uxu3fu
ianandpam
invitation
anniversary
pamian

[jacksloststepkid]

carpe
diem
carpe diem
README
README.txt
Morse
morse
Carpe Diem

By Damon:

oscar, owen, sam, lost, tracey, sonja, ian, pam, talbot, find815, maxwell, penny, OMF42

[assassin]

Our Mutual Friend
Our Mutual Friend42
OMF
OMF42
4815162342
Silas
Silas Wegg
Charles
richardens
Charles richardens
Lost
README
README.TXT
TXT
Stegasaurus
bali
open
find815
815

[jacksloststepkid]

SOS
Amuses Mr Ole
Ole
Samuel Morse
Sunda
Bali (trying uppercase as well as lower)

[sprocket]

Have tried these words/phrases in all possible combinations.. IE with capital letters/without, spacing when appropriate/without, etc...

020 7946 0893
jurassic
dinosaur
baliholidayfun
battow
dharma
dharmainitiative
hanso
widmore
maxwell
themaxwellgroup

[assassin]

Walt
Lloyd
Aaron
Littleton
Kate
Jack
Extract
John
Locke
Morse
Sam
Sam Morse
Electromagnetism

[assassin]

Well I recieved an email fromthe OpenStego Creator and this is what he said.

OpenStego uses Java Cryptography Extension (JCE) for encrypting data. I have used MD5 with DES algorithm. As the password is first hashed using MD5 (which is one-way function), we cannot get back the password from the file. There is no way to retrieve it, unless brute-force cracking is tried. That too might be difficult, because OpenStego allows any kind of characters (including space) of any length as password. So you might be waiting for years before you can crack it.

For brute-force cracking you can try using OpenStego from command-line (may be from a shell script which generates passwords).


Oh, one more thing - on why "README.txt" is not giving "Invalid Password".

The algorithm for encryption that I have used does not check that password is same as the original password. It is very much possible that some different password gets accepted while decrypting - only issue being that it will generate garbage. Thus there is no way to determine what is the correct password. Even brute-force cracking will return success for large number of passwords (even though only one of those will be the actual password).

So no luck. And I think that's good. It makes cracking the data highly difficult - and that's what we need!




Greeeeeeeeeeeeeeeeeat

[jacksloststepkid]

well given that the Bali site was just released perhaps the password will come tomorrow as a follow on to the Bali clue.

I suspect that TPTB might have been worried it would take too long to get the steg PNG and figure out the program used, so they released it a half day early to the hard core players.

[wesh]

Is it worth looking into my first hunch, which was:
the bali pic might contain the password, in morse code. to make up a morse code I used the periods and dashes in the sentences, which resulted in the following code:
* using only the actual text: ....--..-.
* using the text plus the email: ....--..-..
* using the text plus email plus title: .....--..-..

Ofcourse none of these will give anything usefull if you just enter them like that in a morse converter. But if you split the dots and dashes in groups you create more potential.
Ofcourse, the question is, how should we group them.

This could also be nothing.

[jacksloststepkid]

Consolidated List:

[nothing] (no password entered)
carpe diem
jurassic park
bX-uxu3fu
ianandpam
invitation
anniversary
pamian
oscar
owen
sam
lost
tracey
sonja
ian
pam
talbot,
ind815
maxwell
penny
OMF42
Our Mutual Friend
Our Mutual Friend42
OMF
OMF42
4815162342
Silas
Silas Wegg
Charles
richardens
Charles richardens
Lost
README
README.TXT
TXT
Stegasaurus
bali
open
find815
815
Walt
Lloyd
Aaron
Littleton
Kate
Jack
Extract
John
Locke
Morse
Sam
Sam Morse
Electromagnetism
SOS
Amuses Mr Ole
Ole
Samuel Morse
Sunda
Bali
carpe
diem
carpe diem
README
README.txt
Morse
morse
Carpe Diem



Tried in all combinations:

020 7946 0893
jurassic
dinosaur
baliholidayfun
battow
dharma
dharmainitiative
hanso
widmore
maxwell
themaxwellgroup

[wesh]

here are my tries (tried both all caps and lower case)
abaddon
matthew
adam
eve
test
test123
holden
opensesame
sesame
root
guest
nikki
paulo
powerlines
paulo lies
shiznit
faraday
catch22
black
white
plot
season 4
season4
cloverfield
108
tunis
Tunis
Maria
Aaron
aaron
Aron
aron
room 23
room23
23
bird
birds
animal
animals
smoke
monster
smokemonster
smoke monster
black smoke
blacksmoke
cheyne
cheyenne
meka
mekka
hadj id fix
wdxihadfji
with dxihadfji
WDXIHADFJI
WITH DXIHADFJI
with DXIHADFJI

[jacksloststepkid]

Tropicana
tropicana
BaliHolidayFun
Tropicana fantasy delight
fantasy
delight

[charliegoth]

I've tried all the words found here: java.sun.com/docs/books/tutorial/collections/interfaces/examples/dictionary.txt

that's 80000+ words from an online dictionary.

[wesh]

All in vain, but still nice effort all!
In the end it was just a cryptic bunch of characters: X4x98adf09 (found by vanessa over at find815.blogspot.com)
Leads to that README.txt (who came up with that in the first place? how did they guess the correct hidden file name?), leads to binary code, leads to a poem.

*edit: ah it appears the filename wasnt encrypted, so they were able to find that out.