I was using a Steganography detection software and it flagged the following image as using a steganography method called "jphide": http://i.imgur.com/a3pUmpH.jpg
Now, the thing is that when I try to use Jphide to uncover the data it asks for a password, and the only thing I had to try with was the filename, but because I originally found the image from THIS site http://hollaforums.com/thread/8067477/politics/open-directory-found-from-the-podesta-emails-large.html and on the site the image was called "1477744604436.jpg" (which does not seem to be the original name from the Podesta emails because when I searched for that filename it didn't come up with any results). I therefore need YOUR help in finding the Podesta e-mail from where this photo was taken from, so that we can see if there are any suggestions of a password that we can use to crack the image file. Most probably the password will be the name of the original file, so if ya'll PLEASE can help me locate this photo from the Podesta e-mails we might have a chance to uncover what's hidden in this file!!
For anyone who's interested, this is how it looked when I scanned the photos. You will see that the photo in question is flagged as being encrypted with "jphide" steganography method: http://i.imgur.com/VtlG3My.jpg
God Bless!
view the rest of the comments →
zoltan907 ago
Try the SMTP id: e63csp284426lfb.
zoltan907 ago
Or this one: g68mr68626420yke.23.1417453546962.
Fateswebb ago
As well there could be other clues in the header
Delivered-To: [email protected] Received: by 10.25.80.66 with SMTP id e63csp284426lfb; Mon, 1 Dec 2014 09:05:47 -0800 (PST) Return-Path: meganrouse@gmail.com Received-SPF: pass (google.com: domain of [email protected] designates 10.170.189.71 as permitted sender) client-ip=10.170.189.71 Authentication-Results: mr.google.com; spf=pass (google.com: domain of [email protected] designates 10.170.189.71 as permitted sender) [email protected]; dkim=pass [email protected] X-Received: from mr.google.com ([10.170.189.71]) by 10.170.189.71 with SMTP id g68mr68626420yke.23.1417453546962 (num_hops = 1); Mon, 01 Dec 2014 09:05:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=YwfF42i3GM9DT9GZjh7pueHMlRKqdzPk7BKfnvWiIRw=; b=wmViF0H87Wk++WEOxiAgV2jARiFAWmwWzg1DsHXXxhlKQHruhwZYvXmijwr1afJOle CVGEqpkOAqdPjiTooFoin3q44DFoAva+jDOAZ8VjyAVJkIgJJam0m3meUhh1QXTH6h5c Fe3hIHdqOylKG07JTog45V0ofh8Qa/pUfzIA0kMfR43z2tr7ng87yeDSuE1IXiKRwTV5 sWnfPP4tdNLaFhNtEz3CkGtf8rKvAsKGJFAetZdRwSuxSsGp3ejQ31ANb451Jl4h6S60 6/ujXbCJwyNnpNkG5yrDN9syfHAzA3XCRAOuhoVJE68Dfc7U7myR28dgoeZYY2kNrKiy yPtA== MIME-Version: 1.0 X-Received: by 10.170.189.71 with SMTP id g68mr68626420yke.23.1417453546899; Mon, 01 Dec 2014 09:05:46 -0800 (PST) Received: by 10.170.151.4 with HTTP; Mon, 1 Dec 2014 09:05:46 -0800 (PST) Received: by 10.170.151.4 with HTTP; Mon, 1 Dec 2014 09:05:46 -0800 (PST) Date: Mon, 1 Dec 2014 09:05:46 -0800 Message-ID: CAAVDwMKxTaZ-WA8Jz5zM1ok1+cbEpak3sS53G=yrWP=4+CUojw@mail.gmail.com Subject: Action shot From: Megan Rouse meganrouse@gmail.com To: Mae Podesta mpodesta@gmail.com, Mom podesta.mary@gmail.com, John Podesta john.podesta@gmail.com Content-Type: multipart/mixed; boundary=001a11398856260e4a05092a9fc0
--001a11398856260e4a05092a9fc0 Content-Type: multipart/alternative; boundary=001a11398856260e4505092a9fbe
--001a11398856260e4505092a9fbe Content-Type: text/plain; charset=UTF-8
--001a11398856260e4505092a9fbe Content-Type: text/html; charset=UTF-8
--001a11398856260e4505092a9fbe--
--001a11398856260e4a05092a9fc0
ansipizza ago
Naive question: if the picture was emailed as an attachment, and it was already steganographically altered, then most of the information in the email header didn't exist when the password was selected. Am I missing something?
Fateswebb ago
Exactly, I was thinking that as well, however you could make a stenography program that also has an email client, so while it's a great point I was going off the fact that they has said another pictures password was the smtp ID. But I also had thought he same thing that it seems unlikely.