Transmission #02

A project log for Lets Solve!

I figured I would start a project to crack the mystery that is

EmericaEmerica 04/10/2014 at 01:061 Comment

Transmission #2 - Solving the video

Transmission #2 - Server Contents

Transmission #2 - Completing Decryption.

I had spent most of my evening watching Apollo Navigation Computer videos, preparing for possible use of DSKY. 
It seemed most people were still stuck on trying to find data in the images and video expecting more, and I was starting to think that it was all just a ploy to side track.
All the video is, in my opinion, is an attempt to gain more attention for the event, and to expose the IP and the AUTH clues.
It was on the site all day/night, bringing much more attention to those who many have missed it. 
More help is always good :) 
I don't think you can really expect any visual stenography to make it through Youtube's encoding process, with reliability.
Audio is another story, but too complicated in my opinion to try and have the public find it 'easily enough'
Transmission #1 was pretty simple, there is little reason that  this challenge should be magnitudes harder.

Many of us have thought these images have hidden data in one way or another.
How are we going to decode stenography it we can't verify what was used to encode it, without the algo(s) and the key(s), it seemed like a moot point to me. So I focused more on the AGC app.
When Ben mentioned the email about the decryption not being complete, I knew that we had to take another look at the transmission 2 image.

I opened it with a hex editor, this gave me  a header with Ducky in it, some googling returned this to be an Adobe save for web file. Ok onto the metadata,

<br><span><?xml version="1.0" encoding="UTF-8"?><br></span><span><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"><br></span><span><rdf:RDF xmlns:rdf=""><br></span><span><rdf:Description rdf:about="" </span><span>xmlns:xmp="" </span><span>xmlns:xmpMM="" </span><span>xmlns:stRef="" </span><span>xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" </span><span>xmpMM:InstanceID="xmp.iid:CF0B160FBE6B11E38995D5ABC046E8AD" </span><span>xmpMM:DocumentID="xmp.did:CF0B1610BE6B11E38995D5ABC046E8AD"> <br></span><span><xmpMM:DerivedFrom </span><span>stRef:instanceID="xmp.iid:CF0B160DBE6B11E38995D5ABC046E8AD" </span><span>stRef:documentID="xmp.did:CF0B160EBE6B11E38995D5ABC046E8AD"/> <br></span><span></rdf:Description> <br></span><span></rdf:RDF><br></span><span></x:xmpmeta></span>

Not much here of use.....that I can gather anyway.
I remembered the other image being a png. This being a jpg, other tools might work.
Well back to google,  "xmp jpg stenography"

first result: 

OpenPuff - Steganography & Watermarking -

I should have clicked I'm feeling lucky.
I went back to IRC at this point and the chat log basically explains the rest.

nope, currently trying to use the keyfile keys on the image in the transmission 2 page
not sure which steno tool to use though
any idea where that image came from?
I tried reverse image search but it didn't turn up anything
hmm, maybe original then?
someone at HaD is not a bad artist then
yeah its nice, but i'm growing tired of staring at it ;-)
huh! looks like we're on the right track
got an email from ground control
Communication with Major Tom was initiated at 00:00 on 08/04/2014, transmission archive available here:
The following image was received from Major Tom at 00:01hrs this morning. Decryption is not yet complete. Please assist.
followed by the image from the transmission 2 page
just got the same
I got the same email
of course knowing that ii'm working on the right thing doesn't necessarily make it any easier for me to decode! :-)
and the wife is calling, good luck guys.
* Ben___ has quit animated version of the book
so I don't get something about keyfile
those keys are all 29 hex chars long
shouldn't they be 28 or 30?
otherwise you have half a byte at the end

one last shot at coincidences tonight....
puff the magic dragon
"insert 3 uncorrelated paswords 8...32 chars" - keyfile contains something like this
i thought i saw multiple images or soething too
tired, it's bed time for me
it doesn't seem to like those keys as passwords
never mind that did it!
Current Status
Inclination 52.3
Altitude 439km
O2 76.2%
Could do with a lift guys.


Everything fit's at that moment, puff was an extra clue or confirmation.

Download Openpuff. It runs in wine, lenient linux folks. I believe lib sources are available as well.
Use the 3 keys from the keyfile  as keys A, B, and C
Password check should turn green.
Add status.jpg as your carrier.
Make sure to set Openpuff to 1/2 50% Maximum for Jpeg.

Other images were not successful in decoding....yet?
Nice work team.


Sy Bernot wrote 04/10/2014 at 01:32 point
I poked a but at major toms profile pic I do not believe this to be encoded with any data. Looks like a simple color layer shift is all. One thing that still bothers me about it is that it doesn't seem to be a flat out shift but rather some sort of texture applied to the shifted regions. I fiddled with it some but got no where.

  Are you sure? yes | no