Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Thu Nov 14, 2024 2:02 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: MetaCortechs » MetaCortechs: Puzzles
[CLUE?] StegDetect results from Emerson image files
View previous topicView next topic
Page 1 of 2 [20 Posts]   Goto page: 1, 2 Next
Author Message
adrock
Boot

Joined: 07 Nov 2003
Posts: 12
Location: Cincinnati OH

 		[CLUE?] StegDetect results from Emerson image files
Someone noted that there are supposed to be 20 personal documents on the Emerson cd, but we only have a couple. So I checked for steganography on the images. I ran each image through stegdetect with the sensitivity at 5 and got positive results for the following images (confidence is rated 1 to 5 stars):

20011229019(*)
20011229022(*)
20011229025(**)
20011229026(**)
20011229029(***)
ids(**)
jesse(*)
jesse2(*)
jesse3(*)
lk wa house(*)

I ran a test again at the default sensitivity setting of 1 and found that image 20011229029 still returned a positive result for steg. Just a possibility I wanted to throw out since we seem to be missing some files on this cd. I have a hunch they're on there somewhere. Anyone care to speculate on passphrases?

(I'm still really new at this so if I'm way off base, forgive me!)
_________________
Rock music @ www.eightfeet.com

PostPosted: Sun Nov 09, 2003 3:36 am
 View user's profile AIM Address
 Back to top 
ParityBit
Decorated


Joined: 17 Oct 2003
Posts: 168
Location: London Above

 		Re: [CLUE?] StegDetect results from Emerson image files
adrock wrote:
Someone noted that there are supposed to be 20 personal documents on the Emerson cd


Just so I can follow the thread, where was this mentioned?

PostPosted: Sun Nov 09, 2003 8:27 am
 View user's profile
 Back to top 
anima
Boot


Joined: 19 Oct 2003
Posts: 24
Location: bulgaria

 		Re: [CLUE?] StegDetect results from Emerson image files
ParityBit wrote:
adrock wrote:
Someone noted that there are supposed to be 20 personal documents on the Emerson cd


Just so I can follow the thread, where was this mentioned?


A line from this note from Ryan Emerson found in the Cyberia Chicago CD says "Some legal docs in case we need them (about 20)":

http://metacortex.netninja.com/ethan/chicago/note.jpg

PostPosted: Sun Nov 09, 2003 8:42 am
 View user's profile Visit poster's website MSN Messenger
 ICQ Number 
 Back to top 
ParityBit
Decorated


Joined: 17 Oct 2003
Posts: 168
Location: London Above

 		Excellent, thanks for that (I should really pay more attention! Embarassed )

PostPosted: Sun Nov 09, 2003 10:17 am
 View user's profile
 Back to top 
Zimbu
Veteran

Joined: 07 Nov 2003
Posts: 92
Location: Newcastle UK

 		Embarassed Wowzers, I just had a thought... how many cds are there supposed to be, and have the packages been checked for invisible ink? UV writing, etc.
_________________
EEC Directive: ARG's seriously harm you and others around you.

PostPosted: Sun Nov 09, 2003 12:33 pm
 View user's profile Visit poster's website
 Back to top 
Zimbu
Veteran

Joined: 07 Nov 2003
Posts: 92
Location: Newcastle UK

 		Oh, and Adrock, thanx for stegg testing those files. I suspected there was something going on. 20-3=17 missing files.
_________________
EEC Directive: ARG's seriously harm you and others around you.

PostPosted: Sun Nov 09, 2003 12:51 pm
 View user's profile Visit poster's website
 Back to top 
AnthraX101
Entrenched

Joined: 18 Mar 2003
Posts: 797

 		Using stegdetect v0.4 with default sensitivity none of those files are reporting anything.

I would take that with a grain of salt, such a high sensitivity will give you lots of false positives.

AnthraX101

PostPosted: Sun Nov 09, 2003 12:58 pm
 View user's profile
 Back to top 
KaG
Greenhorn

Joined: 19 Oct 2003
Posts: 6
Location: Budapest, Hungary

 		Someone should check the the cd for previous sessions. (The cd-writer programs usually shows the previous sessions if you choose to continue multisession disk)

If the cd is a multisession cd then there could be files which has been removed from the last session but still exists on the cd. Maybe there's a way to access them...

PostPosted: Sun Nov 09, 2003 1:10 pm
 View user's profile
 ICQ Number 
 Back to top 
adrock
Boot

Joined: 07 Nov 2003
Posts: 12
Location: Cincinnati OH
Quote:

Using stegdetect v0.4 with default sensitivity none of those files are reporting anything.

I would take that with a grain of salt, such a high sensitivity will give you lots of false positives.


I ran a test at the default sensitivity and still got a slight positive result for image 20011229029. I thought maybe that one image may be worth investigating. Maybe not... just trying every possibility.
_________________
Rock music @ www.eightfeet.com

PostPosted: Sun Nov 09, 2003 1:25 pm
 View user's profile AIM Address
 Back to top 
enaxor
I Have No Life

Joined: 25 Feb 2003
Posts: 2395
Zimbu wrote:
Embarassed Wowzers, I just had a thought... how many cds are there supposed to be, and have the packages been checked for invisible ink? UV writing, etc.


I checked the cd envelope with a uv light....sorry, nothing there. Good thought though.
_________________
10/05/2007, 04/23/2009, 07/02/2015
The world is a much dimmer place.

PostPosted: Sun Nov 09, 2003 1:40 pm
 View user's profile
 Back to top 
heatha
Veteran


Joined: 04 Nov 2003
Posts: 74

 		I work for a university and handle a lot of transcripts...another doument security feature sometimes involves images that become apparent when you photocopy, and also document security that shows up when you rub the sheet with a bit of bleach - changes colour to brown.

edit - diluted bleach usually works to bring up any chemical safety features in the paper.

PostPosted: Sun Nov 09, 2003 2:43 pm
 View user's profile Visit poster's website AIM Address
 Back to top 
Vargr
Boot


Joined: 09 Nov 2003
Posts: 29
Location: Indianapolis, IN

 		JPEG analysis ad nauseam
Since there seems to be no clear consensus on whether or not these files are stegged, I decided to look into them.

I ran them through stegdetect, and although none were positive for steg, I did get the following few interesting results:

jesse.jpg
Corrupt JPEG data: 35 extraneous bytes before marker 0xd9

lk wa house.jpg
Corrupt JPEG data: 165 extraneous bytes before marker 0xd9

20011229022.jpg
Corrupt JPEG data: premature end of data segment

I was looking at the Chicago copies, so I downloaded the Portland files to verify it wasn't a transfer error. I got the same results.

Every graphics file type has a "magic number" which indicates the file type (see http://www.astro.keele.ac.uk/~rno/Computing/File_magic.html for more on this.) For JPEGS, that number is FF D8 FF E0, which represents the first bytes of the header. Upon examining lk wa house.jpg with the "V" hex viewer, this file does not show this pattern, rather it has FF D8 FF E1. I don't know if this is a failed LSB steg file or not.
It looks like the file has a corrupted header, followed by the normal header.

The header on Jesse.jpg looks ok, but is embedded with 49 repeating DeviceControl4 ASCII flags (0x14).

I have been unable to determine what's wrong with 20011229022.jpg. It has the correct end of file marker (FF D9)

Maybe this is all too retentive, but from what I've seen, it would be well within the scope of the game to embed information here.
_________________
Vargr

Control can never be a means to any practical end. It can never be a means to anything but more control.
- William S. Burroughs

PostPosted: Sat Nov 15, 2003 5:43 pm
 View user's profile Visit poster's website
 Back to top 
bakntime
Unfettered

Joined: 31 Oct 2003
Posts: 462
Location: back in time

 		Re: JPEG analysis ad nauseam
Vargr wrote:
Since there seems to be no clear consensus on whether or not these files are stegged, I decided to look into them.

I ran them through stegdetect, and although none were positive for steg, I did get the following few interesting results:


Hmmm... I'm wondering, is that kind of stuff common in JPG files? I mean, if you take a random sampling of JPGs from different sources, is this pattern of anomalies relatively common or rare? I'm thinking that some of the stuff you've mentioned may be more commonplace today than it used to be due to the incredible variety of image software, and variances in the way JPGs are made.

Clearly the errors you talk about are not "critical" errors, since the JPGs are still viewable by all methods I've used (IE, photoshop, etc). Therefore, I'm wondering how important those parts of the headers are, and if those unusal properties may just be a result of the fact that software creators don't focus on those parts of the JPG standard.

And just so you know, I have no idea what I'm talking about Razz , I'm just putting a possible theory out there.

PostPosted: Sat Nov 15, 2003 5:51 pm
 View user's profile
 Back to top 
Flynn
Decorated


Joined: 11 Nov 2003
Posts: 240
Location: UK

 		At the risk of exposing myself as a complete anal retentive...

[anorak mode]
The FFE0/FFE1 after the FFD8 start of image marker doesn't indicate anything untoward. FFE1 just indicates that the image is an exif jpeg, whereas FFE0 indicates jfif format. The extraneous bytes thing is interesting though - if I get a chance I'll have a look at the files in Winhex and see if I can find anything there.
[/anorak mode]

I seem to remember having a life, but I think I must have mislaid it somewhere!

PostPosted: Sat Nov 15, 2003 6:23 pm
 View user's profile AIM Address MSN Messenger
 Back to top 
joebrent
Unfettered


Joined: 01 Oct 2003
Posts: 640
Location: New York, sometimes

 		For those yanks confused by the term 'anorak', go here.

I had to google it.

PostPosted: Sat Nov 15, 2003 6:34 pm
 View user's profile Visit poster's website AIM Address MSN Messenger
 Back to top 
Display posts from previous:   Sort by:   
Page 1 of 2 [20 Posts]   Goto page: 1, 2 Next
View previous topicView next topic
 Forum index » Archive » Archive: MetaCortechs » MetaCortechs: Puzzles
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group