Jan 18, 2008

OpenStego Password?

UPDATE..... This website was created yesturday, and has only had 28 views when this is posted.
http://openstego.sourceforge.net/. It was found through Samir's Blog at http://syvaidya.blogspot.com/ Check it out - Aparently it was made by the creator of Openstego. He also has another product... the Vapour Liquid Equilibrium :S




After the Openstego programme is downloaded and you try to decode the message embedded in the picture it asks for a password....after all passwords we could think of were tried, we still get the following error message, and then the following text is displayed... Also, thanks to Andrea, who emailed the creator of Openstgo (who has a g-mail email account) we got the following reply with regards to passwords and the GZIP problem...


Date: Fri, 18 Jan 2008 16:46:56 +0530
From: andrea
To: (deleted)
Subject: Re: A strange request


Hi Andrea,I got exactly same request few hours back. Actually, the GZIP problem means that the password is wrong. There is no way to determine whether password is correct or not. But if you get GZIP exception then it is very much wrong. Try some other password. By the way, that "README.txt" is the name of the file that was embedded inside the image. It is not the password. It is just coincidence that it is getting accepted as password. There might be huge number of such strings which would get accepted as password, but actually are not.


Regards,Samir

73 comments:

Gater said...

what if we dunno the password yet?
maybe we find it later like the username and password on the maxwell site.

just another thougt :)

Opium said...

can we see the email from the dude? like... was it along the lines of "i've got no idea what find815 is, read the README file if you need help" kinda thing? :P

Pablo said...

if you try to use "PBEWithMD5AndDES" as password is the same message of Error gives that with "README.txt" as password

croucher1986 said...

Sorry opium, i was waiting on the email to arrive from Andrea, it has been posted now.

Adam
aka Croucher1986

Chris said...

Try Carp Diem

Opium said...

ah cool cheers. weird email. that suggests to me that there is some sort of universal password that samir has coded in to his program, enabling him to have a look at the stego file for us and conclude that "README.txt" is the name of the file embedded inside the image... like surely he wouldnt know that unless he managed to successfully decrypt it right? and you'd think if there WAS a universal password that would be somewhere in the source code. what does everyone reckon?

Victor Hugo said...

there are no universal passwords for encryptation alghoritms. otherwise, the world would be in danger. he just uses a method.

Maqrkk said...

The way I see it, he doesn't know that README.txt is the file inside. I think he concluded that out of the info andrea gave him.

helohe said...

BTW Openstego always uses the same salt and iterations for its keys, so it is possible to guess the password using a brute force technique. OpenStegano is opensource so someone could implement such a functionality.

DES(CBC), PKCS #5(MD5).
Salt: 28 5f 71 c9 1e 35 0a 62
Iterations: 7

zap800 said...

this is an interesting article. I dont have openstego but the names this article has in it could be the password. I hope someone tries some of these historic names and it works.
The word steganography is of Greek origin and means "covered, or hidden writing". Its ancient origins can be traced back to 440 BC. Herodotus mentions two examples of steganography in The Histories of Herodotus [1]. Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surfaces, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. Later, Johannes Trithemius's book Steganographia is a treatise on cryptography and steganography disguised as a grimoire.

Rachel said...

The Bali website has Tropical fantasy delight in quotation marks. A clue? BTW, this password appears to be case sensitive.

Rachel said...
This comment has been removed by the author.
centuryretrotv said...

can someone start a list of all the passwords that have been tried thus far?

shellma said...

Kudos to you guys for running with this!!!!!
I am proved wrong!
Although for some of my peeps at the OC it was kinda spoilerish. :( But that isn't you guys' fault at all! Good Job!

Eric said...
This comment has been removed by the author.
Aardvark said...

OCR-ed text from Bali web site...

Welcome to BaliHolidayFun.com, the
leaders in creative holidays full of
adventures, memories and fun!

Here at BaliHolidayFun, our commitment is
to you and your enjoyment. Nothing is
more important!

We offer a wide range of packages for all
budgets. Holiday styles range from relaxing
beachside getaways to thrill seeking adventures.

Check out the holiday page to have a look
at some of our new packages that include
our award-winning “Tropicana fantasy
delight” which will have you and your loved
ones begging for more!

Included in each package is flights,
accommodation in a 4 star beach-side
luxury villa, a buffet breakfast and 3 course
dinner. As a bonus you will also receive a
bottle of French champagne upon arrival.

Don’t forget to take full advantage of our
optional extras, which this year includes,
our fabulous day-spa.

Children under the age of 3 are free!
Children under the age of 12 can be
booked into our world-class kids club.

Any questions or enquires please don’t
hesitate to email our friendly staff:

baliholidayfun@gmail.com

tvwatcherinvt said...

has anyone tried Find 815, the way it loads on the game? there gotta be a reason for that.

NFID581

croucher1986 said...

Just tried that, seemed to stall, but didnt work... good thought though, Keep it up guys - we have been in chat all day thinkning about it...come join us!!

SpOOky said...

I downloaded openstego-0.3.2
I clicked on the openstego.bat
But nothing happened.

Well A dos window opens then shuts Instantly.

Anyone know what Im doing wrong ?

Cobines said...

@spooky
You need Java VM (from java.sun.com).

For anyone trying the passwords you can run OpenStego from a shell script, so you can check a bunch of passwords in one run. It would be nice to create such a list. I already tried more than a hundred, from this blog too.

About the README.txt filename - it is already decodable from the PNG file, because the name of the embedded file is not encrypted.

Ammar said...

Has anyone been able to figure out the password?
Maybe its on the Bali Holiday site.

rfsbsb said...

I think there's something about Carpe Diem

Jack said...

Well, last night when the DarkUFO site was down, we started a thread on the Jay and Jack Lost forum, where I'm a mod to track passwords tried:

http://lostpodcast.proboards2.com/index.cgi?board=tle&action=display&thread=1200618171&page=1

Here is a list that I've consolodated so far:

Consolidated List:

[nothing] (no password entered)
carpe diem
jurassic park
bX-uxu3fu
ianandpam
invitation
anniversary
pamian
oscar
owen
sam
lost
tracey
sonja
ian
pam
talbot,
ind815
maxwell
penny
OMF42
Our Mutual Friend
Our Mutual Friend42
OMF
OMF42
4815162342
Silas
Silas Wegg
Charles
richardens
Charles richardens
Lost
README
README.TXT
TXT
Stegasaurus
bali
open
find815
815
Walt
Lloyd
Aaron
Littleton
Kate
Jack
Extract
John
Locke
Morse
Sam
Sam Morse
Electromagnetism
SOS
Amuses Mr Ole
Ole
Samuel Morse
Sunda
Bali
carpe
diem
carpe diem
README
README.txt
Morse
morse
Carpe Diem



Tried in all combinations:

020 7946 0893
jurassic
dinosaur
baliholidayfun
battow
dharma
dharmainitiative
hanso
widmore
maxwell
themaxwellgroup
abaddon
matthew
adam
eve
test
test123
holden
opensesame
sesame
root
guest

Ammar said...

nope, its not Carpe Diem.
maybe the password is somewhere in those weird email messages sam keeps getting.

tvwatcherinvt said...

the e-mail about the eguiptment going haywire, some one was working on morse code for that? It must be more important than we thought, if there is e-mmail about it...

Jason said...

I think it might be fair to say that the password hasnt been revealed yet, and if it has then they perhaps hid it a little too well because loads of you guys and myself have been digging all over the place to figure it out :(

Bajappenin said...

It doesn't look like anyone has tried the clue from the clue hunt that looks like a combination, or the word, OpenStego.

Any other thoughts?

SpOOky said...

Suggestion.
Things in this Tresure Hunt tend to be choosen for a reason.

1. The BaliHoliday was to be seen on the Laptop.

2. The Email from the site pointed to Morse Code. (found in the message)

3. The Stegosaurus dinosaur would seem to have hinted at steganography.

Everything seems to have a reason behind it.

This tresure hunt began with 22 skulls
("Skull Bearer" Font)

It stands to reason this font was choosen for a reason, Maybe working out what was the reasoning behind that is the Key to the password ?

tvwatcherinvt said...

in the ofm42 post he said:

Figure this out and you will be rewarded http://farm3.static.flickr.com/2319/2184246397_bcb4a12b01

did ya'll try rewarded as a password?

or words from the bali page like champagne or day spa ?

or from the head of the page BaliHlidayFn.cm (drop the flowers)

did you run the bali page thru your steno program to see if anything is encoded there?

Steff said...

there is nothing hidden in the bali pic

travis said...

Are you guys trying to decode the Steg.png only? Or are you doing the same thing for the Bali.jpg? OpenStego won't let me decode jpg files...so I've been working on the steg pic only.

Also add R7MKCH (the ref # sam uses for the plane tickets to Jakarta) to the passwords failed.

Steff said...

only the steg.png has something hidden in it

sublimesk said...

and the "award winning" 'Tropicana fantasy delight' doesn't work either...

travis said...

I've tried:

tsunami
zeke
magnetite
oceanic
lovely
oceanic815
flight815
jakarta
christmas

Steff said...

maybe the password will be hidden in the 3rd video diary..

nothing said...

what about the numbers on the Bali site?

43312


anyone?

travis said...

also tried:

43312
423CHEYNE
423 CHEYNE Walk

tdciago said...
This comment has been removed by the author.
tdciago said...

Given the connection between steganography and wax, how about:
Marvin Candle
Mark Wickmund
Edgar Halowax

Adam said...

Charlie maybe? he says "Carpe Diem" in the episode "Homecoming." Homecoming maybe? Driveshaft? Tommy? This should not be consuming as much of my time as it is...

Christian said...
This comment has been removed by the author.
Bolivar Baez (2006-5715) said...

christian, try running the char only

mateotl said...

download openstego-0.3.2 to your desktop and unzip. you should have a folder named "openstego-0.3.2" on your desktop.

Open Terminal App and cut and paste:

cd Desktop/DoWnLoDes/openstego-0.3.2

enter then cut and paste:

java -jar ./lib/openstego.jar $*

enter and it should appear.

Christian said...

thanks for the help, it's working now.

rafaelsilva.net said...

I've tried with

Marvin Candle
Mark Wickmund
Edgar Halowax

Nothing.

tvwatcherinvt said...

amelia earhart or black rock been tried?

Global-Trance said...

I tried varitions of Naomi Dorrit (since she was the one that mentioned Bali in Season 3) but no luck here.

elpaw said...

Anyone tried spanners as the password? That was such a wierd search result. for a start "Maxwell Spanners" has no hits in google except for pages about find815.

elpaw said...

^ just to add, all the other results are real, and the top result for that search in google. "Maxwell iowa" exists, so do the wikipedia entries for James C Maxwell & Sir John Maxwell, and Maxwell Field is an AFB.

j03y said...

May be a long shot, but could the password maybe be linked to this "Vapour Liquid Equilibrium" thing the openstego creator has also created? Anyone looked into this?

travis said...

I think we're going to have to get some hints.

nagra16 said...

ermm what about different combanations of the letters/nubers in sams emails??

jsupps1 said...

maybe someone could download the source (it is open source and available from the sourceforge page), put a breakpoint where it compares the real password to what was typed in and see what the real password is.

zap800 said...

ok I got open stego and a hexidecimal editor to try this with everyone and I have tried:
francis baon(creator of modern steg)
shakspeare (thought to have steg hidden in his plays)
Herodotus (first know n use of steg in history)
Demeratus (shaved a mans head to hide a secret message)

zap800 said...

one neat thing I found when you open the pic with irfan and then open as a hex file you will see in the hex it says "ADD and then a music symbol" in the hex code. Does this help I dont know. lol

j03y said...

zap800 i couldnt find this strand of text in the hex file, how far down is it?

Congested said...

jsupps1 said...
maybe someone could download the source (it is open source and available from the sourceforge page), put a breakpoint where it compares the real password to what was typed in and see what the real password is.


The file ends like .png file ends when viewing it in a hex editor. Which has made me skeptical about anything being there (since there is no password string to replace at the end)

SCopperman said...

random thought - I haven't had the time to try it myself yet.

But I notice there are earlier versions of open stego available (search for Open Stego 0.1).

One dl site [ http://www.softwareheadlines.com/modules/planet/view.article.php/249975 ]mentions in the "Changes" for 0.3.2
"Changes:. [blah blah].. Support for masked password entry on the command-line was added."

Does this mean that earlier versions were designed to convert without asking for a password? Perhaps using an old version will work?

Global-Trance said...

It just means earlier versions didn't mask the password when you typed it in. In the current build, whenever you type a password in, it shows up as a bunch of ****** instead.

DarkVVind said...

Not sure if this a real or not but a poster showed up in the livechat as "Ampere" and posted "Reta loe divnie ulcec ne itap" which is reversed for "Patience clue in video later" maybe meaning the 3rd chapter update later on tonight.

http://img138.imageshack.us/my.php?image=amperemessagekp6.jpg]

Global-Trance said...

Ampere... referencing this person?
http://en.wikipedia.org/wiki/Andr%C3%A9-Marie_Amp%C3%A8re

zap800 said...

ok maybe we will get the answer tonight.

DarkVVind said...

Global-Trance said...

Ampere... referencing this person?
http://en.wikipedia.org/wiki/Andr%C3%A9-Marie_Amp%C3%A8re

At first I did not put the name in any context until after I figured out the reversed sentence. Then I thought about the name a little and it made sense with the whole electromagnetism thing. Maybe a hint we are trying too hard to get the password for the stego. We should wait for the next video.

Morgan said...

I put this in a different post, so sorry for the dup, but has anyone tried the season 4 clue from the latest clue hunt? I got 36-15-28 as my answer.

commando_j said...

Anyone try the file size?

524106

Or file width/height:

500376

hanabishirecca said...

Over on http://abc.go.com/primetime/lost/index?pn=mb&cat=73722&nav=search&fromUID=1872556387, someone posted about Stego. First post and his username is TheKeyisTheLocke. As Keys are passwords in encryption, has anyone tried TheLocke yet?

Cobines said...

maybe the key is the lock :)

sublimesk said...

There is a Deputy Lock in the book "Our Mutual Friend"...

thewifelady said...

ok, this is a LONG SHOT! But I think that it may work with someone else doing it...

I figured out the password thing. You go into the embed menu and you follow the prompts, then you enter your own password and confirm. That unlocks the site. Then you can do the extract and use your password successfully.

Now here is the long shot.. I zoomed in on the pictures of the stego, and there seems to be peoples faces in the bushes... so I am wondering if there are two files that we need to put together to be able to see the images clearly... But they are there. If I knew how to take screen shots... damit, not that savvy, but you can check for yourselves.

Please do and get back to me, this is cool, and I want to see what happens.

teskor8 said...

I had a look at the source code, there's no master password or something like that. Since it uses a safe algorithm there's no other way than guessing the passwords. I hacked the code so it would try every line from a file as password, and tried with the opensource english dictionaries I could find. Obviously it's not a simple password...

germabud said...

im searching on stegosaurus and i found this http://www.dinosauria.com/jdp/stolen/stegfoot.htm may be useful

Wrezz said...

Bear with me here...

I've been unknowingly interested in steganography and cryptology for years because of perplexcity, i think some people are getting the wrong idea about steganography, the fundamental idea is concealment of communication and in the context of computers is that ANY media can be imbedded in ANY other, for example a .pdf can be imbedded in an .mp3, a whole film could be imbedded in a .jpeg or an .exe can be imbedded in a cookie downloaded from a website.
Using this principal, i think the stegosaurus image was a white rabbit, leading us into a wider range of stegged media, such as the .jpegs of the websites found on Sam's computer, or even the bali website. The problem with OpenStego is that it only deals with .png, .bmp and .wbmp file types. Maybe we need some other programs similar to OpenStego to find out whethere this hypothesis is true.

Also, the steganography that i am used to is alot more primative than these programs allow. For example, the most simple digital imaging steganography technique is the LSB (Least Significant Bit) technique, at it's simplest it can hide one image within another, look it up on wikipedia. Anyway i was looking to analyse the stegosaurus image using this technique (alas, to no avail.), when i stumbled upon a website giving tutorials on bit depth, and who would show up? The ever-increasingly mysterious Mr James Clerk Maxwell! Even though this was a great surprise to me, apparently he was an incredibly well established photographic scientist who did masses of work pertaining to colour and how colour is shown. (or NOT shown as the case may be) He was also known to send secret messages to people, and did substantial research in developing very early photographic microdots. Oh, i almost forgot, here is the website, it is under bit depth 101, it is a quicktime video:

http://movielibrary.lynda.com/html/modPage.asp?ID=419

This lead me to believe that, just the the image of Sam's girlfriend with the words written in obscure places, maybe we are missing something that is very small or out of place on the website or dino picture. If we can manage to LSB the picture, we may be able to see the faces that some people claim to see, hiding out in the bushes like some sort of legion of ninjas.

I don't know how much help this will be but at least i'm trying to think horizontally.., or is that vertically? Diagonally?
Ah well.

Wrezz

drewsifer said...

that is interessting, but it does seem that the stego pic and the program showed up in such odd was that they have to be directly related. The real mystery than becomes what is the password. I got a theory if you really go on the softwares site, the creator says his wife was a big inspiration. IF we could somehow find out the creators wifes name we may have a password.