Thread: Game Hint #1
View Single Post
  #465   Spotlight this post!  
Unread 06-12-2008, 20:38
DMetalKong's Avatar
DMetalKong DMetalKong is offline
Registered User
AKA: David K.
no team
Team Role: College Student
 
Join Date: Jan 2008
Rookie Year: 2006
Location: Bridgewater
Posts: 144
DMetalKong is a jewel in the roughDMetalKong is a jewel in the roughDMetalKong is a jewel in the rough
Send a message via AIM to DMetalKong
Re: Game Hint #1

Quote:
Originally Posted by AustinSchuh View Post
I ran stegdetect on the image. According to the manual, it

Tests if information has been embedded with jsteg.
Tests if information has been embedded with outguess.
Tests if information has been embedded with jphide.
Tests if information has been hidden with invisible secrets.
Tests if information has been hidden with F5.
Tests if information has been added at the end of file, for example by camouflage or appendX.

Here is the output.

Code:
austin[50950] carbon /tmp
$ stegdetect -s 10 clue1.jpg 
clue1.jpg : jphide(***)
austin[50952] carbon /tmp
$ stegbreak -t p clue1.jpg 
Loaded 1 files...
clue1.jpg : negative
Processed 1 files, found 0 embeddings.
Time: 5203 seconds: Cracks: 11266645,   2165.4 c/s
I can verify what EricH said. It looks like there is something hidden inside it with jphide. stegbreak is another command that tries to brute force the password inside the file. I ran that for an hour and a half, and it couldn't find anything. It uses a dictionary attack similar to the one that powers John the Ripper.

Running strings on it didn't yield anything useful other than the XML and some other random looking strings.
As in the strings that JPEG compression uses? Or the kind that FIRST has diabolically hidden inside this image?

Anyways using 5643 as the id on the FIRST website turns up nothing useful.
http://usfirst.org/community/frc/content.aspx?id=5634