Fandom

Uncovering Cicada Wiki

OutGuess

139pages on
this wiki
Add New Page
Talk0 Share

OutGuess is a steganography application. One of many.

Hint that 3301 is using OutGuess was delivered in 2012. Without it we would probably never figured it out.


Duck
"Woops!

Just decoys this way.
Looks like you can’t guess how
to get the message
out.”


OutGuess is available under a BSD software license. It is completely free for any use including commercial. It was developed in Germany in 1999.

There are an offical executables for windows on internet (Outguess Rebirth). OutGuess Rebirth doesnt work with Cicada 3301s jpgs!

OutGuess is under certain circumstances considered undetectable. Although on the 3301's white text on black background jpgs you can detect artifacts it produces very easily with visual inspection.

Homepage Outguess.org is down. Archive is available.

Here is the mirror from Kent UNI

Links:

Compiled x86 Windows version of Outguess.exe:

http://www.mediafire.com/download/3son7kwd3ox3j44/outguess.exe and

https://linx.li/hiiewsew.exe

Solution to have linux version of Outguess in windows: http://www.cygwin.com/

Source code for Win :Source of Outguess for Windows   file-upload.net mirror

For Mac OS: http://www.rbcafe.com/softwares/outguess


  • During installation of CYGWIN make sure that you check box at OutGuess (already included in CygWin)</li> TUTORIAL HOW TO USE IT http://uncovering-cicada.wikia.com/wiki/Loose_ends#HOW_TO_OUTGUESS

    HOW TO USE OUTGUESS

    If you use windows version make sure you are in command prompt

    Commands:

    outguess -r picwithoutguess.jpg textout.txt              (to outguess msg out)
    
    outguess -d secretmsg.txt sourcepic.jpg encryptedpic.jpg (to outguess message in pic)
    
    or just outguess                                         (for help)
    


    Stegdetect os uselsees. It detectes only outguess up to version 0.13.


    We are using Outguess 0.20 (official site down)

    http://www.outguess.org/detection.php

    http://www.outguess.org/download.php

    (mirror) http://ftp.mirrorservice.org/sites/ftp.wiretapped.net/pub/security/steganography/outguess/


    LOGS FROM 2014 explaining how outguess can be detected by visual inspection:

    [01:48] <NiceLurk> look at this
    [01:48] <NiceLurk> http://prntscr.com/2hzy0s
    [01:48] <NiceLurk> all cicadas outgueees images were easy to detct on calibrated monitor
    [01:48] <NiceLurk> or with help of levels in photoshop
    [01:49] <NiceLurk> but this yyears one is NOT
    [01:49] <NiceLurk> does cicada use newver version of outgues?
    [01:49] <NiceLurk> is cicada creator of outguess?
    [01:49] <NiceLurk> this years one has artefacts only around text
    [01:49] <NiceLurk> more of them that usually
    [01:50] <NiceLurk> and black background is intact
    [01:53] <NiceLurk> http://prntscr.com/2hzzf2  this is where data is hidden i nliber primus
    [01:56] <masso> NiceLurk: you can find some of the dots in liber.jpg, but forget about that
    [01:56] <NiceLurk> http://prntscr.com/2i002i   same in chapter
    [01:56] <masso> <masso> so I guess we can say there is no outguess in it
    [01:56] <masso> ^^^^^^^^^^and forget about that
    [01:56] <NiceLurk> masso: around text right?
    [01:56] <masso> http://prntscr.com/2hzzp5
    [01:56] <NiceLurk> or in white space?
    [01:56] <masso> most likely there is outguess in the server pic
    [01:56] <NiceLurk> yeah
    [01:57] <NiceLurk> now  solve this http://prntscr.com/2hzy0s
    [01:57] <masso> it's because there is i fact way more black (the runes) in it
    [01:57] <NiceLurk> wha this yers start jpg doesnt have that  suares all over the black background?
    [01:58] <masso> and outguess usually lowers only black values, but doesn't increase pure white px
    [01:58] <NiceLurk> ann every single outguees of black backgrounf white text i ahave seen until jan 6 2014 had that squares
    [01:58] <masso> the complete data can be stored in the black values of the runes, in liber there is not enough black, so the rest gets stored in white
    [01:59] <masso> look at the runes. even the same ones have different pixelation, mean it most likely is not from compression or something
    [02:00] <NiceLurk> you are right
    [02:01] <NiceLurk> and this years outguess has black background intact becasue they have relatively  light picture of cicada in it and all data can be stored in ext an d in cicada pic
    [02:01] <NiceLurk> so no need to fuck up with pure black
    [02:01] <masso> can someone try the first short onion stream as keyfile on the pic pls?
    [02:02] <NiceLurk> if anyone interested, here you can see how outguees hides data in black and in white past of text http://prntscr.com/2i01qd

    [02:07] <masso> NiceLurk: ya, I did a lot of things with outguess. It decreases the rgb values of px by max 1 for R and B, 2 for G

    [02:26] <masso> http://prntscr.com/2i073p
    [02:26] <masso> http://prntscr.com/2i073p
    [02:26] <masso> http://prntscr.com/2i0786

    <masso> same runes should have same pixelation
    <masso> but they haven't, so this is where outguess stores the data

    Additional testing

    FOR COMPARISON:

    [02:20] <NiceLurk> http://prntscr.com/2i068t   this is how mozaiq hides data in jpgs
    [02:21] <NiceLurk> http://mozaiq.org/encrypt

    Back to outgues

    [16:43] <masso> http://prntscr.com/2izr9s
    [16:43] <masso> https://infotomb.com/89lzw
    [16:43] <masso> test pic, outguess in it
    [16:44] <masso> wait
    [16:45] <masso> https://infotomb.com/fepey
    [16:45] <masso> https://infotomb.com/89lzw
    [16:45] <masso> 1st one was with keyfile, 2nd one is with password
    [16:45] <masso> http://prntscr.com/2izr9s
    [16:46] <masso> overlay, difference...
    [16:46] <masso> thought it could interest you

    Stego0
  • Ad blocker interference detected!


    Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

    Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.