Year Zero Research/Weak Leads
Steganogrophy: the process of hiding data inside other data. For example, a text file could be hidden "inside" an image or a sound file. By looking at the image, or listening to the sound, you would not know that there is extra information present.
- Stegdetect / Stegbreak
- jpseek-crack A modified version of jphide for extracting data hidden with the normal jphide.
- Dictionary Dictionary containing all words from currently confirmed active Year Zero websites.
Currently, there is some conjecture (With backup provided by stegdetect) that there may be data hidden inside pictures on various government and resistance sites.
The following files have been flagged by Stegdetect as possibly being steg'd with jphide: (The number of stars indicate the level of certainty that hidden data exists, as reported by stegdetect)
105th Airborne Brigade
- memories_05.jpg : "***"
- memories_06.jpg : "***"
- air_03.jpg : "**"
- home_06.jpg : "**"
- home_05.jpg : "*"
- memoriam_03.jpg : "*"
- memories_03.jpg : "*"
- air_04.jpg : "*"
Church Of Plano
- church_07.jpg : "**"
Be The Hammer
I am trying to Believe
- menu_02.jpg : "***"
- whatis_05.jpg : "***"
- howdoes_08.jpg : "**"
- menuBkgd3.jpg : "**"
- whatis_07.jpg : "*"
- menu_04.jpg : "*"
- menuBkgd4.jpg : "*"
- menuBkgd6.jpg : "*"
- menuBkgd.jpg : "*"
- content_03.jpg : "*"
Consolidated Mail Systems
Another Version of the Truth
Through brute force URL testing, 17 images have been discovered that are not referenced in the html source of the website.
They are all similar to images linked in the pages, but have small differences - which may or may not be clues.
There is currently a theory that this image may contain data: http://yearzero.nin.com/00000.gif
Close inspection of this image will reveal that it contains exactly 18 colors, most of which are in a pattern to the left. This pattern is reminiscent of how ASCII text, which has been converted to binary data, looks when drawn as a bitmap. Unfortunately, there are more color codes than just 2(1 & 0), and the rectangular boundaries are not all multiples of 8. It is believed, however, that there is data there. One would not post such a unique background image as a .gif unless it is necessary that the color values stayed clean.
Another interesting detail when looking at the color codes is that some of them correspond to the numbers of the images hidden on the yearzero minisite. Below is a list of the color codes used in the 00000.gif image, followed by a list of the image numbers.
Color Codes in decimal:
The image numbers that are used in the color codes are: 07, 12, 14, 22, 25, 39 The image numbers that are not used in the color codes are: 03, 10, 19, 28, 31 (and 86)
The color code elements that are not in the list of images are: 0, 1, 2, 4, 5, 6, 9, 13, 24, 29, 33, 35, 37, 50, 51, 52, 60, 223, 224, 255
While this may be a somewhat weak correlation, the color codes that correlate and the ones that do not are split exactly 50/50. It seems highly unlikely that this is merely coincidental.
It is possible that this image does not use standard steganography, so the chance of it needing a password is low. It is believed that any data may be hidden in plain sight, and is probably a plaintext message of some sort. Photoshop and a working knowledge of number systems are probably the best tools in this instance.
Strange ._0X Jpeg's
Recently I Downloaded the Year Zero desktop wallpapers and found 8 odd jpegs that seem to be not jpegs they are called: ._01, ._02, ._03, ._04, ._05, ._06, ._07, and ._08 so at least knowing some odd things i opened them with notepad, 1-7 have identical info but #8 is different It is full of code and such and has Adobe Photoshop cs3 written near the top. im not sure how much of a lead it is but I found this strange to include files that are not in a wallpaper package. link to wallpapers http://yearzero.nin.com/wallpaper/index.html
There is likely nothing hidden in these files, nor is there anything strange about them. On the Macintosh, there is additional data that may be stored with a file beyond what a Windows PC stores. When the file is transported across systems non-natively, the additional bits need to be preserved in some way. The convention is to create files of the same name, but prefixed with ._ to make them hidden, to hold the extra data. The apparently extra files in the zip are just these files from a Mac. This should not be surprising as it is well known Trent does most of his work on a Mac. When the archive is unzipped on a Mac, the data in the extra files is merged back transparently and only 8 regular files appear as a result. The purpose of the extra data becomes obvious when the files are looked at in Finder. All 8 files are shown as being created by Photoshop and set to open with Photoshop (if available) rather than with the default handler for files of .jpg type. 08.jpg has a larger ._08.jpg because it also has a thumbnail rather than the default icon.