UserPreferences

PossibleSteganography


PossibleSteganography

Definition: steganography: The practice of hiding one piece of information inside of another. The most common example is watermarking.

The stegdetect software has a false positive rate of about 1%, so it's possible that this is a complete false alarm: however, it rated the bee2_margaretphoto.jpg as 3-star likelihood of containing JPHIDE steganography. This is the highest likelihood possible for stegdetect, which makes it even more likely to truly be steganography.


According the figures on http://niels.xtdnet.nl/stego/usenet.php this is most likely a false alarm.

I also did a stegdetect on my girlfriends fotocollection and found out that blurry images have a far higher chance of being marked positive (3stars)

Of the pictures she took with her old camera a staggering 19% got 3 stars from stegdetect. The ones taken with her new camera only have 2% false positives.

Since the bee2_margaretphoto.jpg is extremely fuzzy the chance that this is a false positive is also very large.

Combine this with the fact that nobody has been able to break it with stegbreak (I used a 311MB word/phrase list) and I'm going to write this off as a false lead. --UserKender 06:41, 3 Aug 2004 (PDT)


This piece of MAYDAY text seems to fit exactly with this find, as well:


MAYDAY MAYDAY MAYDAY Getting muddled here. Sick, obviously. Broken inside. Not thinking straight.

Got to go back to first principles.

Survive evade reveal escape.

Survive-well, I'm not dead yet. Evade-don't want to evade. I want to be FOUND.

...unless...

...of course, if I am behind enemy lines, then constantly shouting for help wouldn't be the smartest play in the world, would it?

got to run silent. got to run deep.

hide and go seek


"Hide and go Seek" could be interpreted as a reference to the JPHIDE/JPSEEK steganography package that may have been used here.

If we can come up with the passphrase, we can retrieve whatever information has been hidden in the file using the JPSEEK program. Several posters on the unforums have tried dictionary attacks with no success (using stegbreak, the sister of stegdetect) but it's not unreasonable to think the puppetmasters would have avoided a weak password.


Has anyone tried the various mythological names (which may not be in the standard dictionary for attacks) or the various numerological referents (such as 7*7*7 = 343 (Guilty spark) or (7*7)^7 = 678223072849 (from the "Computer Text"))?


This Wiki is probably the best dictionary to use, as it contains every password suggestion as well as a wealth of story-related terms. --Humanoid


How about "varrao" or "varroa"? "Varrao" was observed in the DiscrepenciesInTheSite as one of few things wrong with the base site. It's varroa mites, not varrao mites.

Another thought: "margaret" or "Margaret". The filename seems a not-entirely-unreasonable guess.

NONE ARE THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)


There was another reference to hide and seek in the phase two text, being the AI's favorite game. We know its doing that by inserting text directly into images, but maybe using stego. Sometime tonight, I'll try to make a wordlist using words from the site. Maybe we can get a distributed effort going. I'll post when I'm farther along.

There are actually 4 (that I've found) different versions of bee2_margaretphoto.jpg. Here's the results of using stegdetect on each: <ul> <li>"normal" file (looks uncorrupted): 3 stars</li> <li>"white" file (almost completely white): skipped (false positive likely)</li> <li>"yellow" file (almost completely yellow): negative</li> <li>"offset" file (blocks of the image are recolored and moved around): 1 star</li> </ul>

We should probably focus our efforts on the "normal" file, but we shouldn't discount the "offset" file, either. Nor should we discount the possibility that they are using a steganography package that stegdetect can't detect on the other images.

So far, no luck cracking the "normal" password. --UserPaulG 18:45, 27 Jul 2004 (PDT)


I took a brief look at the different versions of bee2_margaretphoto.jpg. I'm pretty sure that the corrupted images also include the same steganographic message that stegdetect picks up. If you discount the corrupted sections, the image is the same as the non-corrupted one. The added text is partly inserted into the image and partly overwriting the original data. - UserClamatius 18:14, 27 Jul 2004 (PDT)
Attempting brute force crack using dictionaries found at http://wordlist.sourceforge.net/ Found an even better source of dictionaries for brute force attacks: http://www.outpost9.com/files/WordLists.html

I'll post if I find anything.

Bah, no luck with 3esl.txt<br /> No luck with 2of12inf.txt, the largest dictionary file<br /> --UserPaulG 18:45, 27 Jul 2004 (PDT)

Hmm, password is definitely non-trivial. Dictionary attacks have failed so far, including lists of characters from Greek mythology, and lists of words from the King James bible. There must be a hint elsewhere. Maybe in the "killer" messages? --UserPaulG 19:45, 27 Jul 2004 (PDT)

Anyone tried the processes that SPDR and the Flea use? seek resist reveal behold kill.

So brute-force it with the MAYDAY page, the Captain page, the Killer page, "varroa", "varrao", "Dana", and "Margaret." Also uncapped versions of the last two. I know too little about steno programs- how hard is it to create a wordlist for it to dictionary attack from? --UserWindrider 21:45, 27 Jul 2004 (PDT)

I was building a word list until I saw that all of that has already been tried by the folks on the unforum: http://forums.unfiction.com/forums/viewtopic.php?p=46672 After seeing all of the brute force attempts that they've tried there, I'm 99% sure that brute force/dictionary attacks will not work. The passcode is likely a multi-word phrase or a random alphanumeric string, both being very hard to crack, especially when we don't even know how many chars we're dealing with.

On a different tack, I'm currently waiting to see if I can get an original image file from Dana for comparison. Long shot, but worth a try. Someone else is directly asking ladybee777 for the decryption key, but seriously doubt that that will work.--UserPaulG 21:55, 27 Jul 2004 (PDT)

Was wondering if anyone checked any pages for [WWW]Snow Encryption? I'm not going to bee home until later this evening but I can try and search then if no one else has. I thought I recalled references on our Wikie yesterday to white space in the killer text, but I can't find the references now. Could just be coincidence, but snow in one of the pages would be a great place to hide the passphrase.

--UserEXentric 09:14, 28 Jul 2004 (CST)

After running a few tests, the pieces of text in the killer.jpg's do not appear to have SNOW data in them. However, there are several instances of strange whitespace all over the site. Could be nothing, but we won't know until we try. Of course, if there's a password that's been used to encrypt the SNOW data (assuming there is any), then we're pretty much stuck in the same place as with the bee2_margaretphoto.jpg file

--UserPaulG 08:38, 28 Jul 2004 (PDT)

---

I looked for SNOW data in the page source for each of the main ilovebees pages. All came up empty, except the home page was reported to have "ss<tab>t" hidden in the white space. Probably a false result. --Humanoid

---

Like Paul G said here [WWW]http://bees.netninja.com/wiki/index.php?title=User:Paul_G, and as in the books, the Master Chief used the phrase Olly Olly Oxen Free, and a series of 6 tones to communicate with the other Spartans. Melissa said her favourite game was Hide and Seek, which is where the phrase Olly Olly Oxen Free comes from, so perhaps using that as a Steg code could decode it? or variations of it.

NOT THE PASSWORD (didn't check all variations) --UserEnigmaX 17:02, 9 Aug 2004 (PDT) --UserLukstr 7:35, 28 Jul 2004 (EST)

I don't think this is relevant, but just in case... as well as jphide/jpseek, there's an old [WWW]Hide and Seek steganographic tool that works on GIF images. It's a DOS program, just to make things a little trickier.

--UserClamatius 18:02, 28 Jul 2004 (PDT)

Lukstr, I have tried that in many different combinations with no luck. May be relevant elsewhere, tho. Clamatius, I also came across that program, but could not get it to work. I think it's much too old and probably just coincidence. The connection to JPHIDE/JPSEEK seems much stronger, given that the file scans as highly likely to have JPHIDE steganography in it.

Also, for the record, many tries at using SNOW have come up completely empty, not even a whiff of steno in any of the pages. I'm leaving that angle alone for the forseeable future since it seems to be a dead end.--UserPaulG 21:04, 28 Jul 2004 (PDT)

Paul G: I agree that [WWW]Hide and Seek is probably not relevant, but it's something to keep an eye on given the exact name match. I did get it to work, although I had to run it in [WWW]DOSBox. I wonder if there's a better way to brute-force the message in bee2_margaretphoto.jpg than just dictionary attacks? -UserClamatius 21:08, 28 Jul 2004 (PDT)

I don't have the steg brute-force software, but is there a way to set up the rules so that it makes strings of say.. up to 8 words in all possible combinations from a provided word list? If so, we could create a word list of everything found on the site and brute force with that. Multiple lists could be made containing different sections so that it could be a distributed effort. --UserQuackquack 1:45, 29 Jul 2004 (EST)

Strings of up to eight words in all possible combinations, order dependent? That would be over listlength<sup>8</sup> strings, or Way Too ****ing Many. Because that's just eight-word strings; it doesn't include strings of fewer than eight words.

I could write a Java program to take a wordlist and spit out a new one with all that- it's a simple recursive function- or even split it into several files for easy work distribution, but I think that * it's unlikely to pay off * it's not the right way to solve it * wordlist to the eighth power is probably a heck of a lot bigger than you might expect --UserWindrider 13:14, 29 Jul 2004 (PDT)

This is a long shot, but on the ILB main page this text can only be seen when highlighted. Someone should try this. site aesthetic by aunt margaret

NOT THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)

Has anyone tried unrippedzues7 yet. I remember reading that having something to do with aunt M.

NOT THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)

Another total longshot, but what about the seemingly random word-clues Dana has been leaving, "Tsi Tian" specifically?--UserKlobbermeister 13:36, 29 Jul 2004 (PDT)

NOT THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)

What about a possible anagram of something? ilovebees anagram list maybe should be tried. Think Ill do that. Anagram maker can be found at http://www.ssynth.co.uk/~gay/anagott.html -- Blitzman


I have recently discovered that the only brute force steg-cracking software that I know of (stegbreak) can only crack passwords of 16 characters or shorter. If they have used a longer password than that, we're not going to be able to crack it with stegbreak.

However, during the testing I did to discover this, I ran a lot of other tests to compare results on known files (my own steganographic files). I have come to the conclusion that the stegdetect results on the bee2_margaretphoto.jpg file are a very strong indicator of true steganographic content, a false positive is almost out of the question.

I have also discovered a very useful windows app to extract embedded text from future images: [WWW]Strings

--UserPaulG 14:10, 29 Jul 2004 (PDT)


Taken from guest-not-from-rackspace: The command to release the Master Chief at the beginning of Halo was something like "unseal the hushed casket". Has anyone tried this yet? That seems like a good answer.

--UserVoipme 16:45, 29 Jul 2004 (PDT)

NOT THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)


Could this be the key?

**where you pull noise aside like the flesh of a cooked trout to reveal the gleaming skeleton of signal inside. Very often it's a spill of /// words. Once, for instance, she sunk her probe into my brain and out leaked the word for "loneliness" in three hundred languages.**

NOT THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)


Doesn't it seem likely that the Pious Flea would have provided us with the information hidden in the image? Evidence points to the Flea embedding the information in all the other images, and it has to do so in a covert way in order to remain hidden. Therefore I think we should be looking for pass phrases related to what we know about the Flea and information we have received from it.

--UserFsmelon 05:57, 30 Jul 2004 (PDT)


As mentioned earlier on ilovebees.blogspot.com, one of the links on the fun stuff page provides coordinates to a location in China, near the India/Pakistan border. I only mention this because ... well seems like any thing is worth a shot. Anyone tried "No Mans Land" or "Dahongliutan" as the pass? These are words associated with the coordinates given. Here are the links I'm referencing:

[WWW]http://www.multimap.com/map/browse.cgi?client=public&X=8800000&Y=4265000&width=500&height=300&gride=&gridn=&srec=0&coordsys=mercator&db=w3&addr1=&addr2=&addr3=&pc=&advanced=&local=&localinfosel=&kw=&inmap=&table=&ovtype=&zm=0&scale=200000&multimap.x=231&multimap.y=141

[WWW]http://ilovebees.blogspot.com/2004/07/emergency-exit.html#comments Anything's worth a shot.

EDIT: I messed around with these words/phrases on the anagram site given earlier, but nothing interesting came up; however, I do find it a bit TOO coincidental that both "No Mans Land" and "Dahongliutan" contain the letters d-a-n-a. Thats a stretch I know, but ... thats my 2 cents.

--Ryee 11:33, 30 Jul 2004 (EST)

NONE ARE THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)

I like that "loneliness" in three hundred languages idea. Can anyone who can run the brute-force software make a word list of various translations, namely mandarin and cantonese as those have been used before. On another note, anyone know if the software can be compiled and run on windows in cygwin? If so, can a simple explanation be written up for linux noobs? --UserQuackquack 12:18, 30 Jul 2004 (EST)


In regards to the Pious Flea/steganography link that UserFsmelon brings up, it doesn't seem that there's necessarily a link between the Flea and the steganography message. Remember that it's TheOperator whose favourite game is Hide and Seek, not ThePiousFlea.

-- UserClamatius 10:26, 30 Jul 2004 (PDT)


In regards to 'passwords' for steganographed messages: Has anyone tried 'Sorenson' or 'Greene'?

Sorenson is a digital video codec, probably the one used on the trailer. Greene is the last name of a person involved in the LZ77 compression method.

May be nothing, may be a connection. It will take someone who's into this mystery longer than the short 2 hours I have been reading and pondering.

-- UserRaddishman - 2:00 PM MST, 30 Jul 2004

NONE ARE THE PASSWORD --UserEnigmaX 17:02, 9 Aug 2004 (PDT)


I've only been reading all of this stuff for about 3 hours, but I've found very little referencing the other site that has the same message and countdown... www.ihatebees.com.

I don't have time to check for anagrams yet, but it will definitely yeild new ones. Also, this version has some letters that are bolded... making the words GodISwatCHing... possibly the password you're looking for. I know that it's believed to be a hoax site, but at this point nothing should be overlooked.

I know very little about all of this stuff you guys are doing, but felt I should inject the info I've found that I couldn't find elsewhere. Sorry if it's redundant.

--UserRaziel 02:06, 31 Jul 2004 (PDT) NOT THE PASSWORD --UserEnigmaX 16:50, 9 Aug 2004 (PDT)


re: password [long shot]

OK, looking at all photos of Margaret on the site we see that she is always wearing a red shirt. (Adult Dana is also wearing a lot of red, FWIW.) Margaret drinks red tea so that suggests that red is of signifigance to her. Red tea comes from "Rooibos" plants that only grow in "Cederberg" area of Cape Town, South Africa. "Rooibos" and "Cederberg" seem like unusual words to me, passwords perhaps?

--UserBuzz 12:22, 31 Jul 2004 (PDT) NONE ARE THE PASSWORD --UserEnigmaX 16:50, 9 Aug 2004 (PDT)


Posted this on the board, but after a day nobody had mentioned anything about it or responded at all. Hoping everyone else trying to crack it is coming here. None of our puzzles seem to be working out- people have been working on the bees1.wav and queenpiping.wav, and with Notepad they've found what they think is an unusually high number of actual words in the code. fact, data, bea, cab, life, group, next all are there, along with this: ?mg=Ac̻?sL. It seems even more significant to me that Img=Ace would appear WITH discrepancies like that, so I'm thinking something's going on. ... Well, we're looking for codes. Why don't we slam the codes together, see if some of those words can do anything? I only post here because I have to enter this stuff by hand and was wondering if someone could create some kind of string to combine them in different ways, play around with caps, use 7s and 3s, etc? UserKallelin 11:17, 1 Aug 2004 (PDT)


I was told that a phrase was needed to unlock a coded picture. I have reason to believe that the infamous anagram is _correct_. I found the anagram initially, and I have been in contact with a long-standing figure in the Bungie fan community. He cryptically seemed to be suggesting to me that I had found the right solution in his communications (I'm trying to gather more data on that). Also, the passage '...alliance whispering in a corridor and a quick clasp of hands; the long elegance of a fine decrypt, where you pull noise aside like the flesh of a cooked trout to reveal the gleaming skeleton of signal inside...' seems to be referring to aspects of my search for the anagram, and possibly my job. While this is _unverified_, I think someone should at least give it a try, if no one has yet. INDEX THIS IRONCLAD PREDICTION : HALO TWO SINGLE PLAYER DEMO CD-ROM DISK INCURSION AT AUGUST TWENTY FOUR. EARTH WILL NEVER BE THE SAME. You might have to use the caps and all punctuation. Thanks, sss (ibshimo2)

edit 8/7 - The anagram appears to be officially disconfirmed by Max Hoberman in Bungie's Friday Weekly update.

http://forums.videogames.co.nz/index.php?s=eae32dd8cdcc028de2829abe21453954&showtopic=5126

relevant text : '...Nor will we release a playable demo, anytime soon...' sss(ibshimo2)


It seems stegdetect is broken...

I ran stegdetect on a jpeg file that I had processed with jphide and it reported "negative". However, stegbreak correctly identified "jphide v5" and revealed the password after a bit of attacking.

Although stegdetect reports bee2_margaretphoto.jpg as "jphide(***)", stegbreak reports "negative". It is quite possible that stegdetect is producing incorrect results, and there is no steganographically hidden messages in bee2_margaretphoto.jpg.

UserCynix 11:10, 2 Aug 2004 (PDT)


I don't have the tools (or the talent) to check this, but there's been debate over the way such a simple site sets an encrypted cookie, see the [WWW]unforum topic for more discussion. Could the cookie name y1dt8hx, which is not random and had to be set, be the key you need? --UserAntonPNym 16:57, 3 Aug 2004 (PDT)

NOT THE PASSWORD --UserEnigmaX 16:50, 9 Aug 2004 (PDT)


I have been unsucessful in finding steno tools for Mac OS X (my main OS), but in the meantime, may I suggest a couple of possible leads? First, we should not be timid to look into other image files on the site (or at them... I noticed that one picture on the "honey" page contained an arrow). This could be a multi-stage sub-puzzle to the main puzzle of the game, and we may only be viewing the last stage of said sub-puzzle. Second, looking at the Public PGP key servers might be a good idea. Who knows what a search for Dana's email on those servers might turn up?

UserPericles 20:12, 3 Aug 2004 (PDT)

-Nothing on the main PGP server for ladybee777@hotmail.com or danatwing@gmail.com. --UserEnigmaX 16:50, 9 Aug 2004 (PDT)


While counting the whitespaces on the pages to find a clue about the formating (still in progress at: UserAgnAnalysisFormating I noticed a few lines stand out after a real lot of spaces - could someone try these:<br /> after 32 spaces: each hive has its own personality! My hives are<br /> after 117 spaces: wn<br /> after 122 spaces: God my head hurts.<br /> --UserAgn 13:44, 4 Aug 2004 (PDT)

NONE ARE THE PASSWORD --UserEnigmaX 16:50, 9 Aug 2004 (PDT)


Hmm... got myself some steganography software, earlier today, and downloaded the picture in question. The total file size was 8k. 8k! That's not a whole lot of data with that much color information, and makes me suspect that someone/something updated the image file (decreasing its size) so as to tell us, perhaps, that we're barking down the wrong path. Maybe. --UserPericles 21:49, 4 Aug 2004 (PDT)


I'm not particularly sure if this has been brought up, if so, excuse my error, but it seems we're thinking about this in the wrong way. Instead of thinking that Dana, or the pictures of her aunt have anything to do with the steg password, we should be thinking in game. The AI characters have nothing to do with what Dana says or what pictures Dana put up on her aunt's site. They only have the ability to take new pictures (webcam) and access and add things through/from the internet/themselves (ex. - literary quotes, adding text to the site, incrypting things). The password that an AI from the future in conjunction with the ONI would not necessarily have anything to do with the events that are occuring in the "real life" part of this game world. -UserDarkmoonz


*Someone was on the right track with this earlier...maybe try the title of the new blog entry... Olly Olly Axon Free That might work -UserAzool 11:24, 13 Aug 2004 (PDT)

Hey All, I'm new and not exactly sure how to do some of the more technical stuff but i had an idea. perhaps the password were looking for is hidden inside the sound files. Everyonce in a while, amongst the ilovebees we can hear some sort of foreign sound. I'm gonna run it thorugh a sound editor and see what i can come up with. -Foley

Ok i had another idea, whatabout the chageling-child sound we got when we played it backwards, "connection"? or maybe "weedy" from the operators email.