[9:53 PM] Danger: ok thx
[9:53 PM] Danger: will add shortly
[9:56 PM] Kraya ☿: @jeanseberg really need ot head off now, but I assume none of those keys worked cause they arent what keys look like o.O I'm surprised someone with the coding skill to write that script tried that but either way yeah thats most likely a failed attemt at decoding the 2013 insurance files
[9:56 PM] Kraya ☿: but yeah DM me specific questions and I'll read sometime when I wake up  xD
[10:01 PM] jeanseberg: @Kraya The key does not have to follow any pattern, I just created a file with aes256, used 'hello' as the password and decrypted it.
[10:01 PM] jeanseberg: openssl enc -aes-256-cbc -salt -in text.txt -out test.enc
[10:01 PM] jeanseberg: To make the file, and then:
[10:02 PM] jeanseberg: openssl enc -aes-256-cbc -d -in test.enc -out file.txt
[10:02 PM] jeanseberg: To get it back.
[10:08 PM] sakulfromspace: passphrase is not the same as the key
[10:08 PM] sakulfromspace: your computer saves the key in a file and uses a passphrase to retreive it, but its really using the full key
[10:15 PM] lupdike: when the passwords do get released, how will we open the files....are they most likely truecrypt containers or what?
[10:15 PM] Danger: no one knows how they will get released
[10:16 PM] Danger: files are aes encrypted and available via torrent
[10:16 PM] Danger: hang on and ill get you some links
[10:16 PM] Danger: wikileaks insurance files:
https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
[10:16 PM] lupdike: i've got the latest one....the 88gig one
Danger pinned a message to this channel. See all the pins.10/23/2016
[10:16 PM] Danger: if you have space you should download the rest
[10:16 PM] Danger: just in case
[10:16 PM] Danger: it's possible keys will be released in chronological order
[10:17 PM] jeanseberg: @lupdike Can you try the passwords posted in https://www.reddit.com/r/WhereIsAssange/comments/58vdsy/insurance_file_testing/d94ydme/
reddit
Insurance file testing • /r/WhereIsAssange
Found the original pastebin: http://pastebin.com/evFHJ61L Ongoing 8chan thread: https://8ch.net/pol/res/7946506.html Posts on...

[10:18 PM] jeanseberg: @cooldude The post explains how to do it.
[10:20 PM] jeanseberg: @lupdike Please post a comment with the passwords you tried (along with for which file) on the thread.
[10:29 PM] lupdike: @jeanseberg  I'm probably not competent to do this
October 24, 2016
[12:47 AM] Danger: just saw this linked on 8chan: https://twitter.com/9CB9D65F54ED858
Twitter
[12:50 AM] Elmyr: Looks like nonsense?
[12:50 AM] Danger: not sure
[12:50 AM] Danger: just wanted to post it here for posterity
[12:50 AM] Danger: just in case
[12:50 AM] Danger: i am too tired to dig in right now
[12:50 AM] Danger: about toh ead to bed
[12:51 AM] Danger: but i wanted to finish reading this 8chan thread
[12:52 AM] ElectronSpinor: Which 8ch thread?
[12:53 AM] jeanseberg: @Danger Where did you find this Twitter account?
[12:54 AM] Dinghy: 8chan
[12:55 AM] jeanseberg: @Dinghy Do you have a link?
[12:55 AM] Dinghy: no, that's just what he said when he linked it
[12:56 AM] Dinghy: I could look and see if i can find it
[12:56 AM] Danger: https://8ch.net/pol/res/7952632.html
THE SILENCE BREAKSPRAISE IThttps://twitter.com/wikileaks/status/...
THE SILENCE BREAKSPRAISE IThttps://twitter.com/wikileaks/status/790074503472746496No claims of video proof of course but I'll take something over nothing.
[12:56 AM] Danger: probably nothing guys
[12:56 AM] Danger: don't get excited
[12:57 AM] Danger: just wanted to post it here for tomorrow
[12:57 AM] Dinghy: GO TO SLEEP ALREADY
[12:57 AM] Danger: but if y'all will be up for a bit and want to try, by all means please do so!
[12:57 AM] Danger: if you don't have the insurance files they are pinned to this chat
[12:57 AM] Danger: i know, i know
[12:57 AM] Danger: i am addicted to this shit man
[12:57 AM] Danger: it is consuming my life
[12:57 AM] Dinghy: We need to have a party while the mods are gone
[12:57 AM] Danger: morning noon and night
[12:57 AM] Danger: hey now i'm down to party
[12:57 AM] Danger: does lame old white man dance
[1:04 AM] Danger: one more thought before i REALLY go to bed this time (lol)
[1:04 AM] Danger: if wikileaks is compromised
[1:04 AM] Danger: and begins released data that is proven flase
[1:05 AM] Danger: false*
[1:05 AM] Danger: finding the keys to unlock these files is the only way to potentially salvage their reputation
[1:05 AM] Danger: hopefully the june dump contains the full podesta email cache
[1:05 AM] Danger: and it can be compared to any that were altered by these possible bad actors
[1:05 AM] Danger: with that, i'm truly off now (until I'm back on)
[1:08 AM] Mosh: later
[1:12 AM] jeanseberg: https://www.reddit.com/r/WhereIsAssange/comments/58vdsy/insurance_file_testing/d9574vw/
reddit
Insurance file testing • /r/WhereIsAssange
lol. I was looking for more people working on the code itself. A little surprised to see mine pop up. I've actually decided to scratch the code...

[1:26 AM] jeanseberg: New potential key: http://pastebin.com/Aa5YxXsR
[2:02 AM] jeanseberg: Is someone willing to post a thread on 4chan/pol about this? I'm not able to do it for some reason.
[5:05 AM] Mosh: Where is that from
[9:07 AM] jeanseberg: @Mosh What?
[9:08 AM] Mosh: the new potential key. I Dont know mucha bout encryption but interstedin helping
[9:20 AM] jeanseberg: The new potential key has been posted on reddit, 4chan, 8chan, etc.
[9:26 AM] Mosh: Oh okay. I thought maybe you were working on a process or theory putting them together
[9:33 AM] Mosh: If we assume that the subreddit, the twitter, and the website are compromised: If releasing the keys happens, where would they come from
[9:36 AM] Tyrone.Keklord: probably email distro to trusted affiliates for them to release
[9:37 AM] Tyrone.Keklord: Not sure who they'd be and if they'd have the right sphere of influence to get them out, but I'd assume that'd have been planned
[9:37 AM] Tyrone.Keklord: Issue is, if they physically got Assange, it'd only be a matter of time before they learned the contingencies and were able to disrupt them
[9:38 AM] jeanseberg: It seems like the some potential keys were posted a few hours and keep getting deleted. Example: https://8ch.net/pol/res/7962287.html
Insurance keys may actually have been released
I'm seeing snippets of info around suggesting the insurance keys actually DID get posted, and the DDOS was an attempt to stop them, but it wasn't 100% successful.Apparently the keys were divided into separate parts and given to a variety of people. Nobody had the whole key themselves, but they all had parts of a key.Which means the keys we've been seeing around that haven't worked, may simply need to be combined with other keys to unlock the files.That's what this thread is for: Posting anything you suspect...
[12:28 PM] jeanseberg: This is what I have:
[12:28 PM] jeanseberg: ENCRYPTION KEY SET 1/4:
+7[CX=\MJ8)TF{V,w+UMhIc'i]y<Y[)$v>Z^DDXct>88Mb0.=hJ;.C6RBgPOu@U.U“v'7]xKu)Tux2f~{w&Tqy1c^(/YrslZL?W},nt"U#:=D39!;1x#J6uNr

ENCRYPTION KEY SET 2/4:
:|Ag$s<oOH'D%}Nb23rV9V"Yzz1$N]8%BuJJFguUc'p:7>m![PkHWYGYd}T:Ojo5UeXm,CvWII={~d~y.q)<Z!|Fj~YC!Q\1D<H(HrIX9>p!l3e2M8\;pw<N:YR$o8

[12:30 PM] Elmyr: @jeanseberg
[12:31 PM] Elmyr: Use backticks to show keys.
[12:31 PM] Elmyr: Like this: 
 ... 
[12:31 PM] Elmyr: (three ` before and after)
[12:31 PM] Elmyr: You're losing characters.
[12:31 PM] Elmyr: You need to quote.
[12:31 PM] Elmyr: That looks like a troll though.
[12:32 PM] Elmyr: Just saying.
[12:37 PM] Danger: yes i am pretty sure those are 4chan poster IDs
[3:41 PM] ElectronSpinor: Has anyone here ACTUALLY tried any keys?
[3:41 PM] Danger: yes
[3:41 PM] Danger: nothing so far
[3:41 PM] Danger: you are welcome to try them too though
[3:41 PM] Danger: trust, but verify ya know?
[3:42 PM] ElectronSpinor: Just checking, because I don't exactly know how to open them even if I had a key; the AES security commands are a bit confusing. Then you have to label the outward file to have a file type, but of what? Presumably a zip? Or rar?
[4:09 PM] Danger: decrypted file should contain a plaintext signature
[4:09 PM] Danger: https://en.wikipedia.org/wiki/List_of_file_signatures
List of file signatures
This is a list of file signatures, data used to identify or verify the content of a file. Such signatures are also known as magic numbers. Many binary file formats are not intended to be read as text. If such a file is accidentally viewed as a text file, its contents will be unintelligible. However, sometimes the file signature can be recognizable when interpreted as text. The column ISO 8859-1 shows how the file signature appears when interpreted as text in the common ISO 8859-1 encoding.
[4:09 PM] Danger: knowing wikileaks' preference for linux, it will probably be a tarball or something like that
[4:09 PM] jeanseberg: @ElectronSpinor I have been trying keys for days.
[4:10 PM] jeanseberg: @ElectronSpinor There is one key that has been posted many times on 8chan and gets deleted immediately. I'm trying to find a screenshot of it.
[4:11 PM] jeanseberg: @Danger Which one do you think are IDs? This one? http://pastebin.com/Aa5YxXsR
Pastebin
+hTPwbyt 4eqfZ7H0 biD9vzQ6 xDFTNina Hs4Y/P6e AHfMIwr2 /JFUer5w m...

[4:14 PM] ElectronSpinor: Out of curiosity, could somoene upload an image of the background to Wikileaks' twitter account? The one with all the text on top of it; has there been an analysis of the portion behind the profile image box? Steganographic analysis?
[4:15 PM] jeanseberg: @ElectronSpinor There's a steganography channel.
[4:17 PM] ElectronSpinor: Posted it there.
[4:19 PM] Danger: yeah that one is almost certainly 4chan IDs @jeanseberg
[4:19 PM] Danger: go to 4chan and compare
[4:30 PM] jeanseberg: @Danger Someone on one of the threads said it was a list of CTR IDs, but if you google any chunk of the key you get some strange results.
[4:35 PM] Danger: hey it's not a bad idea to try
[4:35 PM] Danger: nothing hurts to try
[4:35 PM] Danger: worst case they do not work
[4:38 PM] jeanseberg: I don't have the latest file (the 88GB one). When the CTR IDs key was posted, the person said it would work on the latest one.
[4:45 PM] Danger: i have tried them on the current one
[4:45 PM] Danger: first of all as a whole they are too long as a key
[4:51 PM] Danger: just tried it anyway
[4:51 PM] Danger: because why not
[4:51 PM] Danger: bad magic number
[5:17 PM] jeanseberg: Did you use " "
[5:18 PM] jeanseberg: @Danger Like this 
 openssl enc -d -aes-256-cbc -in wlinsurance-20130815-A.aes256 -out out -k "passwordhere" 
[5:18 PM] Danger: i actually dropped that into a file
[5:18 PM] Danger: the whole string
[5:19 PM] Danger: and referenced it with -kfile /path/to/file
[5:19 PM] Danger: but except with the actual path :wink:
[6:39 PM] Danger: btw guys... if someone does find the keys, we need to make sure they are posted in a way that is difficult/impossible to remove. Someone on reddit had the idea of posting them as a comment to a bitcoin transaction. https://www.reddit.com/r/WhereIsAssange/comments/594h7f/reports_of_insurance_torrents_disappearing_xpost/d96a7kk/

If you need any help with that, hit me up.
reddit
Reports of Insurance torrents disappearing! (X-post /r/WikiLeaks...
1 points and 5 comments so far on reddit

Danger pinned a message to this channel. See all the pins.10/24/2016
[6:41 PM] cointelpro: damn that is some well thought out shit
[6:48 PM] Elmyr: No1 that's a brilliant idea
[6:48 PM] Elmyr: Bake them into the ledger haha
[6:49 PM] Elmyr: That would also be a great way to distribute the keys...
[6:49 PM] Elmyr: Decentralized, nearly impossible to change or block after transactions clear
[6:49 PM] Elmyr: Someone would have to force a fork, they'd need the collusion of the major miners
[6:51 PM] Danger: yeah i can't take credit for it... kind of annoyed at myself i didnt' think of it first :stuck_out_tongue:
[6:51 PM] Danger: yep
[6:51 PM] Danger: i wonder if... holy shit do you think that might be one of the DMSs?
[6:52 PM] Danger: if it DID fire
[6:52 PM] Danger: or something to look out for if it might
October 25, 2016
[2:00 AM] jeanseberg: Regarding bitcoin transactions: https://www.reddit.com/r/WhereIsAssange/comments/594h7f/reports_of_insurance_torrents_disappearing_xpost/d96qs1t/
reddit
Reports of Insurance torrents disappearing! (X-post /r/WikiLeaks...
2 points and 7 comments so far on reddit

[2:01 AM] jeanseberg: Someone should look into doing this with the new Wikileaks tweets as well as Snowden's. If anyone has any suggestions of potential keys from the blockchain, I can try them and report.
[2:14 AM] street1510: okay guys I figured out a pattern between I may be awhile but i'll link my post
[2:15 AM] street1510: i think
[2:16 AM] jeanseberg: Let us know or post it somewhere.
[2:34 AM] Danger: AND DONT GO TO THE GYM UNTIL AFTER YOU POST IT!
[2:34 AM] Danger: :wink:
[3:15 AM] jeanseberg: I've tried so many keys... I could really use a workout right now...
[3:44 AM] |FA| Pintu: what is going on on this subreddit? https://www.reddit.com/r/OPTheList/
reddit
TheList • /r/OPTheList
For peddling fictions and subverting the will of the American People... For your crimes against the American people, and blatant parasitic acts of...

[3:45 AM] Dinghy: looks like a list of lying politicians and media people?
[3:46 AM] |FA| Pintu: all comments seem to be encrypted
[3:47 AM] |FA| Pintu: And this: https://www.reddit.com/r/OPTheList/comments/592zi2/reminder/
reddit
REMINDER • /r/OPTheList
1 points and 3 comments so far on reddit

[3:47 AM] tachyon: https://www.reddit.com/user/TheListCompiler
reddit: the front page of the internet
[3:47 AM] tachyon: look at his history
[3:48 AM] tachyon: https://www.reddit.com/user/qqtrx
reddit: the front page of the internet
[3:48 AM] tachyon: and this one
[3:52 AM] Dinghy: bizarre
[3:52 AM] Dinghy: There is some PGP, but also some other kind of messaging going on
[3:53 AM] Dinghy: [ΘξβΨ]ωμδδΞ
[3:54 AM] tachyon: so weird
[3:54 AM] tachyon: and the twitter acct they link to is suspended
[3:55 AM] Dinghy: yeah, noticed that
[3:55 AM] |FA| Pintu: thier youtube is still up: https://www.youtube.com/watch?v=Ow4ibO2qchc
YouTube
Counter Globalist
Paris by Day / Paris By Night - The Invasion of Europe is Coming...


[3:55 AM] |FA| Pintu: nice guys....
[3:56 AM] |FA| Pintu: Looks like they are preparing a race war. wtf
[3:56 AM] tachyon: yeah, there is something weird about this whole thing
[3:57 AM] Dinghy: https://en.wikipedia.org/wiki/RSA_SecurID
RSA SecurID
RSA SecurID, formerly referred to as SecurID, is a mechanism developed by Security Dynamics (later RSA Security and now RSA, The Security Division of EMC) for performing two-factor authentication for a user to a network resource.
[3:57 AM] tachyon: yeah, we use those to authenticate at work
[3:59 AM] Dinghy: they're being extra secure for w/e reason
[3:59 AM] Dinghy: that vid is weird though
[4:00 AM] |FA| Pintu: might be some 4chan people LARPing
[4:00 AM] Dinghy: yeah
[4:00 AM] tachyon: hopefully
[4:00 AM] Dinghy: role playing race war
[4:00 AM] Dinghy: https://www.youtube.com/watch?v=VYy77IGsBFc
YouTube
The Whitest Kids U'Know
WKUK Race War!


[4:01 AM] |FA| Pintu: :joy:
[4:31 AM] jeanseberg: I wrote a script that test multiple keys at once.
[4:31 AM] jeanseberg: If a list of keys to try is made I can leave it running and trying for a while.
[7:23 AM] street1510: I just moved from 50% sure I found the pattern to 80. I put it in the wrong order however and have to go back
[8:38 AM] Lux: Can someone with more knowledge than I review the validity of this post? It is being dismissed as a troll post in #whereisassange , but I think it deserves a closer look, just in case.  http://www.reddit.com/r/whereisassange/comments/59aedv/_/
reddit
darling wagtail junkie prize • /r/WhereIsAssange
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Assume assange has been captured. We said NEVER AGAIN. I am second link in chain. Primary venue...

[8:51 AM] bellum: Going to try the IRC chat
[8:51 AM] bellum: Doubt we could ever find it though
[8:55 AM] bellum: I'm gonna comb through r/OPthelist but it is probably held close
[8:56 AM] bellum: Or it's just a troll haha
[8:58 AM] Lux: What is that subreddit for?
[9:08 AM] bellum: It was posted here earlier by Pintu - unsure of validity,
[9:09 AM] bellum: If it were legitimate, it appears to be a list of journalists that may be targeted?
[2:04 PM] Elmyr: Did someone try that post using known public keys?
[2:04 PM] Elmyr: Like, verifying that signature?
[2:05 PM] Danger: i did not
[2:05 PM] Danger: good idea thoug
[2:05 PM] Danger: h
[2:06 PM] Danger: hmmm i am not sure how to verify using gpg tools on Mac
[2:08 PM] Danger: sorry, kind of a noob in that area
[2:10 PM] sakulfromspace: use the command line
[2:10 PM] sakulfromspace: command + space and type terminal
[2:10 PM] Danger: yeah i am not that much of a noob
[2:10 PM] Danger: :wink:
[2:10 PM] Danger: i am familiar with command line, just not gpg
[2:10 PM] sakulfromspace: :smiley:
[2:10 PM] Danger: just to save you the typing haha
[2:10 PM] Danger: i know we're all coming from different skill levels though!
[2:11 PM] Danger: i have the key saved as a text file on my desktop
[2:11 PM] Danger: assuming there's some way to reference that with gpg in terminal?
[2:12 PM] sakulfromspace: what are you trying to do
[2:12 PM] sakulfromspace: im familiar with the command line but not so much with gpg
[2:12 PM] sakulfromspace: but im reading about it right now
[2:13 PM] Danger: ah there was a weird post in /r/whereisassange
[2:13 PM] Danger: if you sort by new you should see it near the top
[2:13 PM] Danger: has a public pgp key
[2:13 PM] Danger: is there some way to look that up and see if it's in a directory anywhere?
[2:14 PM] sakulfromspace: you want to search if you have a file with that content?
[2:14 PM] sakulfromspace: not sure i understood you
[2:14 PM] sakulfromspace: i saw the thread
[2:14 PM] Elmyr: What are these hashes?
[2:15 PM] Elmyr: What are these hashes?
[2:15 PM] Elmyr: They're 24-16-16-16-24 bit
[2:15 PM] Elmyr: They look like blockchain IDs.
[2:16 PM] Dinghy: Was it you that was talking about hiding messages in bitcoin exchange comments?
[2:16 PM] Elmyr: Ah no
[2:16 PM] Elmyr: They're mongo object ID
[2:16 PM] Elmyr: I recognize them
[2:16 PM] Dinghy: huh
[2:16 PM] Elmyr: It uses 96 bit hashes for object IDs
[2:16 PM] Elmyr: They're referencing documents in a store
[2:17 PM] Danger: interesting
[2:17 PM] Danger: and yeah @Dinghy i was talking about keys potentially attached to transactions in the blockchain
[2:17 PM] Danger: wasn't my idea though, saw it in a comment somewhere
[2:17 PM] Elmyr: They could be other things too
[2:17 PM] Elmyr: But blockchain hashes are longer
[2:17 PM] Elmyr: They could also be IDs in some other system
[2:18 PM] Elmyr: Maybe a web service or Cassandra or couch
[2:20 PM] Dinghy: I remember one of the early potential leaked key posts referencing an archive called fall of cassandra
[2:21 PM] Dinghy: it was a chan post though
https://conservativedailypost.com/the-fall-of-cassandra-their-master-plan-to-secure-3rd-term-and-disqualify-trump/
[2:37 PM] Danger: there... that's better... definitely something weird off with edges
[2:37 PM] Danger: and it's not just the color of her clothes either
[2:37 PM] Danger: they all had that weird clipping effect every time they moved
[2:37 PM] Dinghy: yeah, not sure wtf is going on there
[2:38 PM] Dinghy: beyond being blurry, the background looked like it was lower res than the foreground, too
[2:38 PM] Danger: i also noticed that
[2:38 PM] Danger: and it's not a focus issue
[2:39 PM] Danger: look at how much blurrier the stronger together sign is in the far left
[2:39 PM] Danger: opposed to the one right behind hillary's shoulder directly to the left
[2:39 PM] Danger: (her right)
[2:39 PM] Dinghy: yeah
[2:39 PM] Dinghy: weird stuff
[2:39 PM] Danger: so those are the same distance from the camera
[2:39 PM] Danger: it is bizarre
[2:40 PM] Danger: something fucky there for sure
[2:40 PM] Danger: i hope some day the full details of all this stuff comes out
[2:40 PM] Danger: like if there's ever an investigation
[2:40 PM] Danger: i'm sure there's so much shit that people didn't even catch
[2:40 PM] Dinghy: no doubt
[2:40 PM] Dinghy: considering they got caught paying people to dress up like donald duck
[2:40 PM] Dinghy: and incite violence at trump rallies
[2:43 PM] Danger: yeah
[2:43 PM] Danger: i am a writer
[2:43 PM] Danger: if i had written all this down as a story a year ago
[2:43 PM] Danger: i would have been mocked mercilessly
[2:43 PM] Danger: and called a hack
[2:43 PM] Dinghy: yeah, but then you'd be a soothesayer now
[2:43 PM] Danger: haha true
[2:45 PM] sakulfromspace: move that to random chat i think
[2:45 PM] sakulfromspace: but yes it looks weird
[2:45 PM] sakulfromspace: lol now that is ee it large
[2:45 PM] sakulfromspace: thats some blue screen shenanigans
[2:46 PM] Danger: yes you are right this should be in #random
[2:46 PM] Danger: apologies for the clutter
[2:54 PM] jeanseberg: I'm assuming you guys already tried this, but about the reddit post with the signature, I get this: gpg: Signature made Tue 25 Oct 2016 06:49:45 AM EDT using RSA key ID 3E4FF188
gpg: Can't check signature: public key not found
[2:58 PM] jeanseberg: @Danger You think it's a greenscreen?
[3:00 PM] jeanseberg: @Danger Looks like the key is legit and was created this morning. Haven't been able to find it on any database.
[3:02 PM] Danger: Yeah we're taking about green screen in #random
[3:02 PM] Danger: I posted about it here by mistake
[3:02 PM] Danger: And good to know about the key.
[3:02 PM] Danger: I am guessing it's fake... I'd think any key would have been created in advance?
[3:02 PM] Danger: How did you find that out? Just curious.
[3:03 PM] sakulfromspace: i mean, what is the point of a signature if he is not claiming to be anyone/no public key
[3:04 PM] Danger: Yeah I have no idea
[3:04 PM] jeanseberg: Copy the message into a text file and fix the spacing, so that it looks like this:
[3:05 PM] jeanseberg: http://pastebin.com/JuJmQycr
Pastebin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Assume assange has...

[3:05 PM] jeanseberg: Then, do this on the command line:
[3:05 PM] jeanseberg: pgp --verify text.txt
[3:06 PM] jeanseberg: That will tell you when the key was made and it's RSA key.
[3:06 PM] jeanseberg: 
gpg: Signature made Tue 25 Oct 2016 06:49:45 AM EDT using RSA key ID 3E4FF188
[3:06 PM] jeanseberg: Then you can search the ID
[3:06 PM] jeanseberg: 
gpg --keyserver pool.sks-keyservers.net --search 3E4FF188
gpg: searching for "3E4FF188" from hkp server pool.sks-keyservers.net
gpg: key "3E4FF188" not found on keyserver
[3:08 PM] jeanseberg: @Danger See above.
[3:10 PM] Danger: perfect thank you!
[3:12 PM] jeanseberg: @Danger The message is real and people usually make new public keys if they want to be extra secure. At the very least, the person faked the message correctly.
[3:12 PM] Danger: true
[3:27 PM] street1510: alright Im still working on that code really obvious pattern now.
[3:29 PM] Danger: @street1510 which code?
[3:29 PM] Danger: I may have missed it
[4:12 PM] jeanseberg: More info on the message 
:signature packet: algo 1, keyid 885FA2173E4FF188
    version 4, created 1477392585, md5len 0, sigclass 0x01
    digest algo 2, begin of digest 92 ba
    hashed subpkt 2 len 4 (sig created 2016-10-25)
    subpkt 16 len 8 (issuer key ID 885FA2173E4FF188)
    data: [4094 bits]
[4:13 PM] street1510: https://www.reddit.com/r/WhereIsAssange/comments/59dlr8/street1510s_key_theory/
reddit
Street1510's Key Theory • /r/WhereIsAssange
If you want to skip the massive wall of text just click the last two links, the pattern should be clear....

[4:13 PM] street1510: here is
[4:14 PM] Danger: very interesting
[4:14 PM] Danger: updooted
[4:14 PM] Danger: would love to have a few more people look into this? I am not smart enough in this arena to know if there's anything there. @everyone
[4:16 PM] street1510: Well I would love to get some more people who like code breaking to chime in that's why I came here.  Everyone was so focused on brute forcing the hashes they didn't stop to ask if it was even deciphered yet.
[4:17 PM] street1510: jeez I'm going to take a break. I spent way too long on this.
[4:18 PM] tachyon: Really interesting. I wish i knew anything about this stuff so I could help cause it looks plausible
[4:20 PM] immute: @street1510 i have no idea what that was. Sorry i couldnt help. Go look at the sunshine or something haha
[4:21 PM] Danger: well give it an updoot at least if you have a reddit account!
[4:21 PM] Danger: :stuck_out_tongue:
[4:27 PM] jeanseberg: If someone gives me a a list of passwords to try and can leave my computer trying them without having to sit there.
[4:27 PM] jeanseberg: We should compile a giant list of potential passes.
[4:31 PM] immute: Passwords for the insurance file?
[4:31 PM] jeanseberg: I could really use some help writing down these keys https://i.sli.mg/GW6jFo.jpg I know it's a crazy post but I want to try it just in case
[4:31 PM] jeanseberg: @immute Yeah.
[4:32 PM] Elmyr: Ok, what evidence do we have to suggest that isnt a rabbit hole?
[4:32 PM] Elmyr: Make sure you're not falling for someone's trick to waste your time.
[4:33 PM] immute: because that is gonna be a lot of cycles spent trying to guess passwords
[4:47 PM] Elmyr: You're not going to guess it haha.
[4:47 PM] Elmyr: Let's say it's ONLY a 4096 bit key.
[4:47 PM] Elmyr: And each attempt is 1s.
[4:48 PM] Elmyr: That's 1/2 * 2^4096 seconds (2^4095)
[4:48 PM] Elmyr: Average time to find the key, brute forcing the whole keyspace.
[4:49 PM] Elmyr: The universe hasn't been around that many seconds yet.
[4:51 PM] immute: like i said, a lot of cycles :wink:
[4:55 PM] Elmyr: Yo
[4:55 PM] Elmyr: can I get the IDs for the newest batch?
[4:56 PM] immute: email ids? I believe 30500-31818
[5:20 PM] Spaztucky: Ok so I downloaded the latest insurance file from the wikileaks.org torrent file. I was wondering if it would be possible to try to guess the key.  I know extremely unlikely but they said the encryption key that was accidentally released years ago on the diplomatic wire files was "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#" why couldn't the password for this insurance file be something like "ACollectionOfPodestaEmailsSince_2008_ToThe_PresentDay#" Anything can be used as the password to encrypt the file isn't that correct? For all we know the word password could have been used lol. Thoughts?
[5:25 PM] immute: Thoughts.... If you came up with all the correct words... There are still so many possibilities and from my knowledge it has to try to decrypt the whole file to see if it worked right? wouldnt that take time? Seems like it would take a very very very long time
[5:29 PM] Mosh: The chance of brute forcing aes 256 is thousands of years of time I believe
[5:30 PM] Mosh: It's military grade encryption . Just not a chance at that
[5:30 PM] Mosh: Computers suck at factoring
[5:32 PM] tachyon: yeah, if brute forcing it was possible people would already have been doing it the second those files dropped
[5:34 PM] immute: But im sure the us government has been doing it
[5:35 PM] tachyon: haha yes
[5:37 PM] Mosh: Don't beleive so
[5:37 PM] Mosh: Much more efficient to socia engineer the password or just silence the key holders
[5:38 PM] Mosh: I have a friend in crypto, dinner with him last night. Basically said it's an absolute waste of time to guess or try to factor it out.
[5:38 PM] Mosh: And also the gov already knows what's in it
[5:38 PM] Mosh: They don't care about opening it
[5:38 PM] immute: fair enough... it was stolen from them most likely
[5:38 PM] Mosh: They want to take away the ability to open it
[5:41 PM] sakulfromspace: the key wont be a password
[5:41 PM] sakulfromspace: its a very very long key
[5:41 PM] sakulfromspace: you cant bruteforce it
[5:43 PM] Spaztucky: Well but the last insurance file didn't have a crazy key it was literally: "ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#" but still long enough where if the new key is similar it would be very hard to break. I don't believe it has to attempt to decrypt the entire file it will know right away if it doesn't work...
[5:44 PM] sakulfromspace: It will be something like this -----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1

lQPGBFbgYqYBCADayz82LcApgD3FitHe95k89hHlbjVZszH0CPDWPNVDAOUwGmFp
s3kWCaGPM3s34JBK1l5kN9/FVzd5XTTNHPiDFT6VWm1QwFj/H7Qrbz1LuWPwoQ5e
M+EwV8s65A0WAU08ywKbOooNJyp0bO4CahNnVXhb3I+AAS6gE/Zw6UaBAbgvaK3E
PldhTTFJYBYuBxBWGGkp7b/ME ... (continue for 200 lines)
[5:44 PM] Spaztucky: PGP key and the password used for the insurance file are not necessarily similar.
[5:45 PM] bellum: Has anyone tried any of the posts on r/OPthelist?
[5:47 PM] Spaztucky: AES is a block cipher, a cryptographic primitive that is meant to be used in a larger framework. Its sole purview is encrypting a single block of data given a certain-sized key. In the case of AES-256, the key size is 256 bits.

Notably, there is no password involved in AES. So, there is no password length to discuss. AES itself just uses keys.

If you are using a service which claims it uses AES-256, and you are forced to enter a password, what is likely happening is that your password is used to derive a key. This is often done using a key derivation function, like PBKDF2, which stands for "password-based key derivation function 2". (Some KDFs are meant to expand real, uniformly-random keys, while others are intended to have "human"-like passwords for inputs.)

So, in this hypothetical scenario, the direct key used for AES-256 is likely the output of the KDF given your password as an input. If this is the case, then your password can be whatever length you so desire, although longer passwords are more difficult to guess (i.e., stronger). The job of a KDF is take the input and produce a "good" key from it.
[5:48 PM] Spaztucky: So I take this as the file itself has the 256 bit key and the correct password unlocks the key.
[5:48 PM] sakulfromspace: If you are using a service which claims it uses AES-256, and you are forced to enter a password, what is likely happening is that your password is used to derive a key.
[5:48 PM] sakulfromspace: in other words, the key is how you decrypt it
[5:48 PM] sakulfromspace: some services offer you a shortcut for the key by using a password
[5:48 PM] sakulfromspace: but there is no service involved here
[5:52 PM] Spaztucky: But since his previous password for a previous insurance file was not a 256bit key but instead an actual password why would the assumption be that the deadman's switch would give out a key and not a password? Actually I was thinking what if the password was already released and we didn't realize it yet
[5:57 PM] jeanseberg: Update. It looks like a key was indeed posted on the blockchain during cablegate. http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html
Hidden surprises in the Bitcoin blockchain and how they are stor...
Every Bitcoin transaction is stored in the distributed database known as the Bitcoin blockchain. However, people have found ways to hack ...

[6:02 PM] immute: interesting.... nicefind
[6:04 PM] Spaztucky: Yeah incredible
[6:06 PM] Danger: http://twitter.com/whereisassange
Twitter
[6:07 PM] bellum: What does it mean if the hexadecimal postings on r/OPthelist convert to Unicode?
[6:07 PM] bellum: I'm not the best at this but I did notice that it converted after reading that article
[6:10 PM] sakulfromspace: hexadecimals are just numbers
[6:11 PM] sakulfromspace: hexadecimals are just numbers
[6:11 PM] sakulfromspace: hexadecimals are just numbers
[6:11 PM] sakulfromspace: unicode is a standard to asign letters to certain numbers
[6:11 PM] bellum: Okay...
[6:11 PM] sakulfromspace: whoops
[6:11 PM] sakulfromspace: did i send that msg 3 times?
[6:11 PM] bellum: Yes
[6:11 PM] sakulfromspace: discord doesnt handle disconncetions too well apparently
[6:12 PM] bellum: Thanks for the info
[6:12 PM] bellum: What about UTF-8?
[6:12 PM] bellum: This 392D8A3EEA2527D6AD8B1EBBAB6AD D6C4C5CC97F9CB8849D9914E516F9 847D8D6EA4EDD8583D4A7DC3DEEAE 831CF9C1C534ECDAE63E2C8783EB9 2B6DAE482AEDE5BAC99B7D47ABDB3
[6:12 PM] bellum: went to this
[6:12 PM] bellum: 44 45 45 41 45 20 38 33 31 43 46 39 43 31 43 35 33 34 45 43 44 41 45 36 33 45 32 43 38 37 38 33 45 42 39 20 32 42 36 44 41 45 34 38 32 41 45 44 45 35 42 41 43 39 39 42 37 44 34 37 41 42 44 42 33\
[6:12 PM] bellum: W/o the backslash
[6:14 PM] sakulfromspace: utf-8 is how to encode it. in other words, how to efficiently grab the information and put it into one long number so that it can later be decoded
[6:15 PM] sakulfromspace: for example, you could say "every letter uses 3 numbers" and then to encode "hello" you would need 3 numbers for each letter. UTF-8 does this more efficiently by using variable lengths
[6:19 PM] bellum: Ah, thank you very much for explaining
[6:21 PM] Spaztucky: http://www.cryptograffiti.info/
Read the messages that have been stored in the Bitcoin's blockchain or write them yourself.
[6:22 PM] Spaztucky: If someone posts something in bitcoin this would be an easy way to spot it...
[6:22 PM] immute: not sure if this should be here of in #datascience or in #random but have you guys checked dkim keys for the original dnc  email leaks? Get failures on the first 5 or so....
[6:22 PM] Danger: i would go in #datascience
[6:22 PM] Danger: i have not checked them
[6:23 PM] Danger: i know some keys have changed
[6:23 PM] immute: @Danger thanks
[6:23 PM] Danger: np!
[6:26 PM] jeanseberg: Wikileaks address that was used to send the cablegate info https://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v?offset=0&filter=2
Transactions sent and received from bitcoin address 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v.
[6:27 PM] bellum: They recieved one on the 25th
[6:28 PM] bellum: No value listed
[6:28 PM] bellum: Well today
[6:29 PM] jeanseberg: This is the transaction where they posted the cablegate info https://blockchain.info/tx/691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a?show_adv=true
View information about a bitcoin transaction 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
[6:30 PM] bellum: SO if you post that
[6:30 PM] bellum: You get this
[6:31 PM] bellum: 010000000110fb00acdb841e67ba32ad6c7bae7d5625be798ad2e4220dc8f1f02cc1a43efc010000006b48304502210088aa0d09f28223e8f8f0f583c78bcce66957329559b3e1159ff4918ba455f70402200dd92792e958db9ecdf8155329e71974ffde88edc59fed59169fda83653926fb0121027d0179e30cff2e196c76bcfe19d39978e055a091fa4390718783e7397601649fffffffff01cded0000000000001976a914b169f2b0b866db05900b93a5d76345f18d3afb2488ac00000000
[6:33 PM] bellum: Ah they recieve quite a bit through there
[6:38 PM] Danger: @bellum might be worth checking timeframe when internet was cut?
[6:38 PM] Danger: and during ddos
[6:38 PM] Danger: since there's speculation ddos might have been attempt to stop DMS from firing
[6:40 PM] bellum: I've tried a few of the transactions that aren;t verified
[6:40 PM] bellum: Then I tried one, and got this
[6:58 PM] Mike: this one?
[7:00 PM] cointelpro: yes
[7:01 PM] Mike: ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0
[7:01 PM] cointelpro: blockexplorer.com is also good
[7:01 PM] Mike: Double check - but nothing came up for me
[7:01 PM] bellum: Using currently
[7:01 PM] bellum: Not found either, confirm
[7:01 PM] cointelpro: i cant remember for sure but i think hash has to be searched differently
[7:02 PM] cointelpro: it isnt an address
[7:02 PM] cointelpro: fuck im too tired
[7:03 PM] Mike: the length matches a bitcoin transaction number
[7:03 PM] bellum: So you have to use the address
[7:03 PM] bellum: To get a hexadecimal readout from blockexchange, then convert to unicode?
[7:04 PM] jeanseberg: You have to get the address by using the hash as the private key.
[7:04 PM] jeanseberg: I just did it to the John Kerry hash and got this address: 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
[7:04 PM] jeanseberg: Which is real
[7:05 PM] jeanseberg: https://blockchain.info/address/1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
Transactions sent and received from bitcoin address 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf.
[7:12 PM] Danger: yes
[7:12 PM] Danger: there's a #reddit channel now too
[7:12 PM] Danger: :stuck_out_tongue:
[7:13 PM] Danger: we've been making lots of new ones as new projects come up
[7:13 PM] immute: home simpson, "WOOHOO!" :wink:
[7:44 PM] Danger: interesting @jeanseberg
[7:44 PM] Danger: how are you turning the hash into that?
[7:44 PM] Danger: using it as the private key for a BTC wallet creation?
[7:47 PM] bellum: I would certainly be digging more if I knew how
[7:50 PM] Danger: We are going to start moving information to the subreddit (https://www.reddit.com/r/whereisassange), since Discord has no search feature. We are going to sticky a megathread post at the top of the sub and I've also opened the wiki to approved posters. If you want to adit the wiki, PM me your reddit name and I will add you as an approved poster.
Danger pinned a message to this channel. See all the pins.10/25/2016
[8:05 PM] jeanseberg: @Danger Pretty much. 
from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0', compressed=True)
pk.public_key().address()
1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
[8:09 PM] Danger: guessing i need python installed for that?
[8:12 PM] ElectronSpinor: Python is free and easy to use. You'll want to familiarise yourself with some basics; some good books by NoStarchPress.
[8:13 PM] ElectronSpinor: https://www.python.org/downloads/
[8:14 PM] Danger: nice i'll check it out
[8:14 PM] Danger: thanks
[8:14 PM] ElectronSpinor: Although surely less robust, even iOS has Python ista, a pretty good mobile alternative, but likely unhelpful here.
[8:14 PM] bellum: I think trying street's codes might be worth a shot
[8:14 PM] bellum: Seeing if we get any transaction addresses
[8:15 PM] bellum: That address does come up
[8:17 PM] jeanseberg: I was finally able to decode to original cablegate message.
[8:17 PM] bellum: The transaction amounts are equal both ways
[8:17 PM] jeanseberg: Here's how to do it:
[8:17 PM] jeanseberg: Go here: https://blockchain.info/tx/691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
View information about a bitcoin transaction 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
[8:17 PM] jeanseberg: It shows the transaction with the hidden message.
[8:18 PM] jeanseberg: Then, just copy paste the entire part of the 'Output Scripts'
[8:18 PM] jeanseberg: 
f = open('outscripts.txt','r')
from binascii import unhexlify

for ff in f.readlines():
    chunks = ff.split(' ')
    for c in chunks[1:-3]:
        unhexlify(c.encode('utf8'))
[8:19 PM] jeanseberg: This is the output:
[8:19 PM] jeanseberg: 
"sSEXWikileaks Cablegate Backup

cablegate-201012041811.7z

Do
wnload the following transactions with Satoshi Nakamoto's downloa
d tool which
can be found in transaction 6c53cd987119ef797d5adccd
76241247988a0a5ef783572a9972e7371c5fb0cc

Free speech and free en
terprise! Thank you Satoshi!
[8:21 PM] bellum: Awesome, thank you Jean
[8:22 PM] bellum: Now to see if there is anything in the output scripts of the transaction you found with the kerry hash
[8:27 PM] jeanseberg: I think I have to change the code a bit so that it can work on any transaction.
[8:28 PM] jeanseberg: I'll update it in a second.
[8:28 PM] bellum: Okay
[8:28 PM] bellum: You just copied and pasted the output scripts into a .txt file and read that in ?
[8:55 PM] jeanseberg: @bellum Yes.
[8:56 PM] bellum: Thanks again Jean. Also noticed that isn't Kerry hash, but Snowden
[9:04 PM] jeanseberg: Yeah it works for all. They all make addresses.
[2:13 AM] bellum: Thank you
[2:15 AM] monicavitti: @bellum Let me know if it works.
[2:16 AM] damiana9: Kind it com reminds of the kid in the numa numa video
[2:16 AM] damiana9: Kimdotcom
[6:21 AM] monicavitti: A 7zip file was found inside one of these transactions but I can't open it.
[6:22 AM] monicavitti: This is the transaction: https://blockchain.info/tx/5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5
View information about a bitcoin transaction 5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5
[6:24 AM] monicavitti: IF you do 
python script.py > out
file -b out
7-zip archive data, version 0.3
[3:18 PM] Elmyr: @monicavitti Where did you find the 7z?
[3:18 PM] Elmyr: The script in that transaction is similar to yours.
[3:24 PM] monicavitti: @Elmyr It's on the transaction above, which came from Snowden's tweet.
[3:26 PM] Elmyr: Can you make a list of important transactions?
[3:26 PM] Elmyr: I'm getting mixed up on who sent what.
[3:26 PM] monicavitti: There is a list and stuff has been found but I don't think it's very safe to post it here.
[3:27 PM] monicavitti: Are you familiar with blockchains and decrypting files?
[3:27 PM] Elmyr: Yes.
[3:27 PM] Danger: yeah @monicavitti , @Elmyr was busy working on a DKIM analysis tool for the released podesta emails
[3:27 PM] Danger: but i think that's done so he's now able to redirect his efforts
[3:28 PM] Danger: (or close to done)
[3:28 PM] Elmyr: That was just to check
[3:28 PM] Elmyr: to get an idea of how many DKIMs would be broken
[3:28 PM] Elmyr: I assumed most, which it was.
[3:28 PM] Elmyr: It's somewhat even.
[4:01 PM] sin_topper_equals_pi_over_2: D6C4C5CC97F9CB8849D9914E516F9
[9:50 PM] Knickerbockers: curious if any of these keys work on any files
[9:51 PM] Knickerbockers: [ '3243F6A8885A308D313198A2E03707344A4D6C4C5CC97F9CB8849D9914E516F9',
  '243F6A8885A308D313198A2E03707344A40D6C4C5CC97F9CB8849D9914E516F9',
  '1921FB54442D18469898CC51701B839A252D6C4C5CC97F9CB8849D9914E516F9',
  '921FB54442D18469898CC51701B839A2520D6C4C5CC97F9CB8849D9914E516F9' ]
[9:51 PM] Danger: so each line is a separate key, right?
[9:51 PM] Knickerbockers: right
[9:51 PM] Knickerbockers: so the person above said "sin topper = pi/2"
[9:51 PM] Knickerbockers: which is clever because x=pi/2 is the first local maximum of sin(x)
[9:52 PM] Danger: we just figured he was trolling :stuck_out_tongue:
[9:52 PM] Danger: he dropped that in like 4 channels at once and then bounced
[9:52 PM] Knickerbockers: yeah could be, half of the stuff around this is trolling and the other half is misguided people trying to use aescrypt when they should be using openssl
[10:02 PM] bellum: There was a supposedly a damaged 7zip file recovered from the address that was uncompressed from Snowden's hash
[10:05 PM] Knickerbockers: that isn't snowden's hash
[10:05 PM] Knickerbockers: where did you get that?
[10:06 PM] bellum: I know it's not the hash
[10:06 PM] bellum: It's the address uncompressed with a pythonsfriot
[10:06 PM] Knickerbockers: that's the original wikileaks cable dump
[10:06 PM] bellum: Script*
[10:06 PM] Knickerbockers: http://www.righto.com/2014_02_01_archive.html
[10:06 PM] bellum: Ah
[10:07 PM] bellum: Wrong link sorry
[10:10 PM] Knickerbockers: the snowden hash was ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0
[10:10 PM] bellum: Sin topper was put out with eta numeris, fall of Cassandra, etc(edited)
[10:11 PM] bellum: Wow my grammar is bad tonight
[10:12 PM] bellum: Oops
[10:12 PM] Knickerbockers: the notion that "sin topper" is a clue for pi/2 is noteworthy though
[10:15 PM] Knickerbockers: huh
[10:15 PM] Knickerbockers: D6C4C5CC97F9CB8849D9914E516F9 is 116 bits
[10:15 PM] Knickerbockers: but it could be the end of a RIPEMD-160 bitcoin hash
[10:17 PM] bellum: I honestly am not that well versed with cryptography, much less coding, but I still have a feeling this could -possibly- mean something.
[10:17 PM] bellum: Especially considering cablegate
[10:34 PM] monicavitti: 
# How to get address from hash
# Run the following on bitcoin
from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
pk.public_key().address()
# Compressed address will be returned
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
pk.public_key().address()
# Uncompressed address will be returned
[10:37 PM] monicavitti: 
1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg

1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
Kerry
1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU

1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
Ecuardor
1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta

16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
UKCFO
1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf

1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
[10:38 PM] monicavitti: The address that come after Snowden's tweet were quickly after the tweet was posted.
[10:39 PM] Knickerbockers: @monicavitti - or just go here: https://gobittest.appspot.com/Address
TP
Bitcoin Go Unit Tester
[10:39 PM] Knickerbockers: seriously, where are all of the crypto people
[10:40 PM] Dinghy: preparing to go into hiding when it's declared illegal after queen hillary is coronated
[11:04 PM] monicavitti: Everyone's trying to hide because as soon as people started discussing certain things weird things started happening.
[11:04 PM] Dinghy: I think the key is that Obama is involved
[11:04 PM] Dinghy: that's when the weird stuff started happening
[11:05 PM] monicavitti: New code to get messages from transactions:
[11:05 PM] monicavitti: 
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2

transaction = str(sys.argv[1])
data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")

dataout = b''
atoutput = False
for line in data:
        if 'Output Scripts' in line:
            atoutput = True
        if '</table>' in line:
            atoutput = False
        if atoutput:
            if len(line) > 100:
                chunks = line.split(' ')
                for c in chunks:
                    if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                        dataout += unhexlify(c.encode('utf8'))

length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
print dataout
[11:06 PM] monicavitti: Usage, 
python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
[11:06 PM] monicavitti: Returns, 
Wikileaks Cablegate Backup

cablegate-201012041811.7z

Download the following transactions with Satoshi Nakamoto's download tool which
can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc

Free speech and free enterprise! Thank you Satoshi!
[11:09 PM] Knickerbockers: yeah, this has been around for a while
[11:10 PM] monicavitti: @Knickerbockers what has?
[11:11 PM] monicavitti: Obviously the message has been there for a while, it was posted in 2013.
[11:11 PM] monicavitti: Satoshi's code was posted on 2013 too but it didn't work anymore.
[11:11 PM] monicavitti: There is are a lot more messages in transactions. Some have been found already, some were found for the first time in the past couple of days.
[11:34 PM] Knickerbockers: there's plenty of stuff hidden in the blockchain
[11:34 PM] Knickerbockers: @monicavitti the question is, which of it is relevant here
[11:36 PM] monicavitti: There are similar transactions involving wikileaks that are similar to this one.
[11:36 PM] monicavitti: That took place during the DDoS.
[11:48 PM] Knickerbockers: where is this being discussed?
October 27, 2016
[12:03 AM] monicavitti: @Knickerbockers Do you have a background in cryptography?
[12:21 AM] Knickerbockers: @monicavitti: yes
[12:22 AM] Knickerbockers: but i'm not seeing where anybody else that has a background in crypto is
[12:22 AM] Knickerbockers: maybe people are on IRC
[1:53 AM] anakarina: First insurance file unlocked.
[1:54 AM] anakarina: Download here https://web.archive.org/web/20100901195032/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
[1:54 AM] anakarina: 
openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "ONION"
[2:00 AM] ausbitbank: did you just work this out yourself now  ? I dont have access to my copy of the files atm, anything juicy you can share ?
[2:00 AM] anakarina: I'm trying to figure out what's in it.
[2:00 AM] anakarina: When I do 
file -b output
 it just says 
data
[2:09 AM] ausbitbank: damn..
[2:10 AM] ausbitbank: I'm guessing from the onion reference its all going to be encrypted
[2:10 AM] ausbitbank: another layer of the onion
[2:10 AM] ausbitbank: you could check for ascii readable stuff with strings outhello > outascii
[2:10 AM] ausbitbank: and pray something unique gives away the format
[2:11 AM] ausbitbank: wd anyway
[2:31 AM] iDanoo: Good job
[2:32 AM] ausbitbank: when you say insurance file 1 , is this the same as https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
[2:34 AM] iDanoo: I need to chuck those on my seedbox
[2:34 AM] iDanoo: Does anyone have all the links?
[2:36 AM] ausbitbank: https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent 
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
[2:36 AM] ausbitbank: https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent 
https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent
[2:37 AM] anakarina: @ausbitbank https://web.archive.org/web/20100901195032/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
[2:38 AM] ausbitbank: so its a unique file different to the insurance file A I posted up there ? I'm just not on my main machine with the files atm
[2:42 AM] iDanoo: Awesome. Thanks
[2:45 AM] iDanoo: Oh wow C is huge
[2:46 AM] iDanoo: Need to clear some space :/
[2:48 AM] anakarina: @ausbitbank That file was the first insurance ever, posted on 2010.
[2:48 AM] ausbitbank: aah
[2:48 AM] anakarina: But we can probably learn from it.
[2:48 AM] anakarina: Also, we haven't figured out what's in it yet.
[2:59 AM] tachyon: Just catching up with the chat in here and wow, so that sin topper person maybe wasnt trolling? Can someone ELI5?
[3:09 AM] iDanoo: Okay seeding the torrents now.
[3:09 AM] iDanoo: Hey @tachyon
[3:15 AM] tachyon: Hey @iDanoo
[3:15 AM] anakarina: @tachyon There's definitely something in that post. It gets deleted from everywhere pretty fast.
[3:16 AM] anakarina: @tachyon And there's too many clever things in it.
[3:16 AM] tachyon: Interesting
[3:23 AM] iDanoo: Do we have a copy of it?
[3:23 AM] iDanoo: I'll have some time this weekend to look into this more
[4:39 AM] Mosh: So "unlocked" for the insurance files or no?
[4:44 AM] anakarina: Just one but things are getting weird. I don't recommend anyone do it. It would be great if we can delete these posts somehow.
[4:48 AM] Mike: What do you mean weird
[4:51 AM] anakarina: I will need to post from another location. I can't use this computer anymore.
[4:53 AM] anakarina: Be careful. We don't know what's in that file.
[4:54 AM] anakarina: Try to not let your phone connect to wifi.
[4:54 AM] anakarina: I suggest you unlock on computers not connected to the internet.
[4:54 AM] anakarina: Let the record show that most of the effort to get us this far was done mainly by girls.
[8:16 AM] immute: If anyone was looking for a copy of the sin topper comment, it's in the stenography text thread at the end
[10:50 AM] ElectronSpinor: If you unlocked them, why would you not recommend us all do it? The more that have it, the more we can spread the knowledge. The Insurance is intended to be shared with the world once deciphered.
[2:03 PM] tachyon: So did this person ever return? Was there any proof to their claims?
[2:03 PM] Danger: i don't think so
[2:03 PM] Danger: i haven't tried it myself
[2:03 PM] Danger: been busy with other stuff
[2:07 PM] immute: what was he claiming the password was? didnt see and couldn't really follow what it was
[2:09 PM] Danger: ONION
[2:09 PM] Danger: which seems unlikely
[2:10 PM] Danger: but i haven't tried it so who knows
[2:10 PM] Danger: if you scroll up it was discussed last night
[2:10 PM] immute: the last password was like 60 characters.... hell onion would be guess by now by people trying it for fun
[3:12 PM] anakarina: I'm back.
[3:12 PM] anakarina: ONION works, but the file has to be modified to read the contents.
[3:13 PM] Danger: interesting... modified in what way? Hex editor?
[3:13 PM] anakarina: I've done it with multiple versions of the file, downloaded from different locations, the resulting file is decrypted and different than the original.
[3:13 PM] Danger: weird
[3:13 PM] Danger: any usable data?
[3:13 PM] anakarina: Yeah, let me go get it.
[3:14 PM] anakarina: I don't think it's a very good idea to keep playing with this file though. The people working on this yesterday are pretty spooked. I'll post some of the leads here in case anyone wants to try though.
[3:16 PM] Danger: thank you
[3:16 PM] Danger: i would appreciate that
[3:17 PM] bellum: Yes thank you
[3:17 PM] anakarina: Ok, so quick primer on everything so far regarding insurance.aes256. Remember, discussing this online or even googling certain things have made a couple of people get their internet connections severed.
[3:18 PM] anakarina: The file was posted here originally: https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
[3:18 PM] bellum: Are anonymizing services such as duck duck go affecting people?
[3:18 PM] anakarina: (duck duck go doesn't make much difference but it's better than using google
[3:19 PM] bellum: Thats what I thought, thank you
[3:19 PM] anakarina: Finding a copy of the file itself is pretty hard, but there's still one here: https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
[3:19 PM] bellum: Not going to do it nonetheless
[3:19 PM] anakarina: Googling for the torrents raises a red flag apparently.
[3:19 PM] anakarina: Most of the torrent links are blocked at the moment.
[3:20 PM] anakarina: This is how you unlock the file 
openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "password"
[3:20 PM] anakarina: Then, a file called 'outhello' will be made. You can check by doing 'diff insurance.aes256 outhello' to check that they are different.
[3:21 PM] anakarina: No comes the crazy parts.
[3:21 PM] anakarina: The file seems to have been made in a very strange way, there are either layers of it, or the file is purposely made for a dictionary attack to reveal a message.
[3:22 PM] anakarina: The first key found came from a tip out of nowhere that lead us to look into the original SHA1s for the files and find a potential key.
[3:22 PM] anakarina: It was "ONION", so
[3:22 PM] anakarina: 
openssl enc -d -aes-256-cbc -in insurance.aes256 -out outhello -k "ONION"
[3:22 PM] anakarina: unlocks the file.
[3:23 PM] anakarina: However, we have since found that there are multiple keys that work, and they all produce different files.
[3:24 PM] anakarina: For example, 
openssl enc -d -bf -in insurance.aes256 -out rout -k "ROUTER" 
[3:24 PM] anakarina: Produces a different file successfully.
[3:24 PM] anakarina: And, 
openssl enc -d -cast -in insurance.aes256 -out outt -k "Tor"
[3:24 PM] anakarina: Also produces a file successfully.
[3:25 PM] anakarina: Here's where it starts to get tricky.
[3:25 PM] anakarina: Tor is a 'Tor ONION ROUTER'
[3:26 PM] Danger: yes some of this stuff is above me... but I am good at following directions so thanks for laying it out.
[3:26 PM] anakarina: In other words, you could recursively decrypt Tor, into Tor ONION ROUTER, Tor ONION ROUTER ONION ROUTER, and so on.
[3:27 PM] bellum: Several layers
[3:27 PM] bellum: Just how many
[3:27 PM] anakarina: There are two main theories regarding this. 1. The file does not have any contents and instead tells the user what to do with the combination of passes that work. For example, "Use a Tor Onion Router and go here".
[3:27 PM] anakarina: 2. The file is unlocked already and we simply have to figure out how to read the contents.
[3:28 PM] anakarina: With 1. someone could very easily write a dictionary attack script that finds all the words that work.
[3:28 PM] anakarina: We will try to do this today.
[3:28 PM] anakarina: For 2. we got another random tip.
[3:28 PM] anakarina: The strange thing is that these 'tips' that people are getting seem to be from alphabet agencies.
[3:28 PM] anakarina: It's not clear why they are trying to push people in certain directions.
[3:29 PM] anakarina: Anyway, it's this 
Try taking the last 32 or so bytes in the file, flipping them and saving it as a new file then running "file -b" on it.
[3:29 PM] bellum: Distraction and Diversion, or a freedom fighter
[3:30 PM] anakarina: Finally, people are trying to use forensics tools on the resulting files. We will probably be able to see what's in it soon.
[3:30 PM] bellum: Do you think there is anything to the random drop in we got last night?
[3:30 PM] bellum: Sin topper = pi/2
[3:31 PM] bellum: Followed by a tweeted hash
[3:31 PM] anakarina: People are a bit scared about what happened yesterday, so they are planning on pushing all the information we have so far into the blockchain to keep there forever in case we get cut off.
[3:31 PM] immute: (which insurance file is this? im sorry. i missed if that was clarified?0
[3:31 PM] anakarina: @bellum There's definitely something to the topper post.
[3:31 PM] anakarina: @bellum But it's a really complicated puzzle as well.
[3:32 PM] bellum: It is
[3:32 PM] anakarina: In any case, the other main lead that is getting good attention is decoded messages put into the blockchain.
[3:32 PM] bellum: @immute, it isn't too far above
[3:32 PM] anakarina: We've made some progress there as well, including finding a key we don't know what to use on.
[3:32 PM] Danger: anakarina where else is this being discussed? I don't know how much I can help but I'd love to stay abreast as things develop.
[3:33 PM] anakarina: We're trying to layer the discussion for safety. The very sensitive details are discussed on safer channels.
[3:33 PM] anakarina: For now we want to keep most of that stuff there, but we are working on teaching everyone how to do certain things.
[3:34 PM] anakarina: Right now a primer for reading blockchain messages has been posted on an onion link.
[3:34 PM] Danger: ok
[3:34 PM] anakarina: I can copy-paste it here.
[3:34 PM] Danger: yes ty would be great
[3:34 PM] Danger: also i have tox now
[3:34 PM] Danger: i have had some shit go down within the past 24 hours that has me a bit spooked
[3:34 PM] anakarina: But we should probably have a channel for that separately.
[3:34 PM] Danger: so i am trying to tigthen things up a bit
[3:34 PM] anakarina: However, the blockchain stuff is definitely the most sensitive thing out there right now.
[3:34 PM] Danger: i will PM you my tox id
[3:35 PM] anakarina: So I don't know if it's safe to get people involved. It's up to you guys.
[3:35 PM] Danger: please add me there if you use it
[3:35 PM] Danger: @anakarina i am fully doxxed at this point and have been from the beginning
[3:35 PM] bellum: Anakarina, I am also on Tox
[3:35 PM] Danger: which was good for building trust but honestly i am regretting it a bit now
[3:35 PM] Danger: too late to change though
[3:35 PM] Danger: so i am doing my best to roll with the punches
[3:35 PM] anakarina: @Danger It's too late but you're safe. You haven't done anything to get sensitive data.
[3:36 PM] anakarina: The people getting spooked are the people actively writing code and finding certain things.
[3:36 PM] Danger: yes well on the plus side since my ID is out there if i disappaer you'll know they are clamping down
[3:36 PM] Danger: well, i have done a few things that aren't public at this time
[3:36 PM] Danger: things that may have drawn some attention to me
[3:36 PM] Danger: that's all i can say
[3:36 PM] Danger: like i said a few things have happened within the past day that have me on high alert
[3:37 PM] Danger: but i don't feel endangered at this point
[3:38 PM] immute: hopefully you're seeing ghosts as opposed to real things.... but i hope nothing happens to you
[3:41 PM] anakarina: message just posted to someone 
Its not paranoid. It is reality. That is what happened.

Why would criminals leave evidence or give you the information required to form an unambiguous picture of reality.

Study disinformation and counter intelligence operations and phychological operations. Secrecy is a weapon and is used in very specific ways for very specific reasons.

Some people cannot talk because they are under threat. They wont compromise their safety and there is no longer any uncensored channel for communication. Any informatiom is taken down or muddied with doubt and strategic uncertainty.

There were hundreds of people in embassy live streaming on twitter after internet was cut. It only takes five minutes for any of them to verify Assanges status. Yet verification was denied.

Assange has fiber optic ground line as well as 3G and shortwave communications.

Go ask the wikileaks people directly. People are too lazy and stupid to get primarily source material.

The wikileaks twitter after being taken over released a cut video that was four years old, to "prove" Assange was still alive. They did a hasty and poorly executed disinformation operation after Assange was captured, to delay the dead drop.

They would also use SIGINT and bribery and threats. To identify and rapidly capture or eliminate the key holders. To prevent required number of key holders from publishing the key parts.

Assange was not the only one whose internet was cut. This was a well orchestrated international operation. Internet was cut to over twelve wikileaks associated people. They presumably have been captured also.

Why is everyone focused on Assange and has not contacted the parents and spouses of the wikileaks members whose communications were cut.

Enumerate all possibilities. Evaluate all evidence. Weigh the evidence for each state of reality. Contradictions do not exist in reality.

[4:48 PM] beachinmom: You would assume these other members if missing would have friends and family looking for them? I just have to say... I'm thankful for you all, thankful for your intelligence and dedication.
[4:49 PM] Danger: i am assuming nothing at this point
[4:50 PM] Danger: unfortunately the named individuals related to WL are dark
[4:50 PM] Danger: and i don't even know where to begin looking for their fam and friends :frowning:
[4:53 PM] claudiacardinale: AP reported on the missing members but it was taken down after a day.
[4:53 PM] claudiacardinale: Also, the video of the call to the embassy was AP and was included in the story.
[4:53 PM] beachinmom: Didn't know that, I have t searched for info onthe members listed on the site at all.
[4:54 PM] claudiacardinale: We all have to remember that almost everyone involved is missing or dead at this point.
[4:54 PM] claudiacardinale: This includes both of Assanges lawyers, the director of Wikileaks, and the DNC leaker.
[5:07 PM] immute: why assume the dnc leaker is dead? unless we are assuming it was seth
[5:09 PM] claudiacardinale: @immute The important thing is that they thought it was him and he was killed.
[5:12 PM] immute: @claudiacardinale true. it was implied by JA it was seth after he was killed right? But I supposed the people in power knew before that
[5:13 PM] claudiacardinale: @immute He was making the same point I'm making. The important thing is that they suspect him of it and he got killed.
[5:15 PM] immute: oh. I think he did leak but was just trying to get my timeline right. Sad world we live in :neutral_face:
[5:17 PM] tachyon: welp, that ws a thoroughly spooky read
[5:18 PM] Danger: @tachyon how goes it
[5:18 PM] Danger: i'd love to see if we can track down some of these people mentioned
[5:18 PM] Danger: Sarah Harrison relatives/friends
[5:18 PM] immute: yeah... i tried the first 2 commands and it worked. i get a bad decrypt on the 3rd
[5:18 PM] Danger: she's a ghost online though
[5:19 PM] immute: I was thinking about reaching out to her former colleges etc. probably cant say anything though
[5:22 PM] Danger: there are a few others as well
[5:22 PM] Danger: give me a second
[6:16 PM] Thorium: No one's managed to learn anything else out about /r/OPTheList have they?
[6:22 PM] ElectronSpinor: @anakarina Using Täîłś and Tör; where are safer channels? What else can we do to help?
[6:23 PM] ElectronSpinor: Is there evidence of other Wikileaks members being compromised? I want to believe everything you're writing, but I don't want it all to be true, because it's so terribly bad and wrong.
[6:35 PM] ElectronSpinor: @anakarina I think the onion link is vital to be shared with as many people as possible to ensure that the information isn't easily suppressed. The way you type this certainly seems truly concerning.
[6:50 PM] macarana: whats the .onion address
[6:56 PM] claudiacardinale: Please stop asking for the onion address.
[6:57 PM] claudiacardinale: A lot of people's safety depends on that not getting out.
[6:58 PM] ElectronSpinor: I agree. If this is big, it should not be announced.
[6:58 PM] Thorium: I'd be pretty skeptical of those posts @ElectronSpinor

If they really were in danger as that 'things are getting weird' quote implied, why would they think that it's safe to post some bullshit cryptic message about the information, but not the actual information itself?

We're a really easy target for trolls at the moment, so remember to question everything you read here.
[6:58 PM] ElectronSpinor: Asking for it seems a bit impetuous of me, with reflection.
[6:59 PM] Danger: i think in general everyone is on edge
[6:59 PM] Danger: and rightly so
[6:59 PM] ElectronSpinor: I suppose we could be getting trolled very well.
[6:59 PM] Danger: i wasn't until today, but i have had some stuff happen within the past 24 hours that has spooked me
[6:59 PM] ElectronSpinor: If so, well done.
[6:59 PM] Danger: yes there are many trolls and LARPers too
[6:59 PM] Thorium: Spooked you?
[7:00 PM] Danger: i can't really go into much detail but an email address i created specifically for this research--less than 5 days old--was compromised
[7:00 PM] Danger: only a small handful of people even know about it
[7:00 PM] Danger: and it's a very random address with a very strong password
[7:00 PM] Thorium: Compromised as in, someone gained access to it? :/
[7:00 PM] Danger: potentially
[7:00 PM] Thorium: What makes you think that?
[7:00 PM] Danger: someone at least tried
[7:01 PM] Danger: because that's specifically what the message said
[7:02 PM] Danger: "someone else may have accessed your account"
[7:02 PM] claudiacardinale: We are posting this information on a public channel. People are naturally willing to fight against corruption and will want to get involved. It is not fair for a young person reading this to get involved and get in trouble just because they want to do the right thing.
[7:04 PM] claudiacardinale: Worse things have happened to others in the past few days. You can believe me if you want but at least consider that the people working on this are in the mentality that they are risking their lives to stop a giant war.
[7:05 PM] Danger: agreed
[7:05 PM] Danger: i want everyone to stay as safe as possible
[7:05 PM] Danger: but ultimately we are probably all putting ourselves in some degree of risk just by being here
[7:05 PM] ElectronSpinor: That escalated quickly.
[7:05 PM] Thorium: Like what Claudia? (genuine question, not stirring the pot)
[7:05 PM] Danger: i've heard rumors of some people being vanned
[7:05 PM] Danger: and just plain going dark
[7:05 PM] Danger: i am guessing that is what claudia means
[7:06 PM] Thorium: :/
[7:06 PM] ElectronSpinor: That's what's concerning; just discussing obtaining the truth makes us feel at danger. That alone is wrong.
[7:06 PM] Danger: i know
[7:06 PM] Danger: land of the free, eh?
[7:06 PM] claudiacardinale: People are getting vanned. This is real.
[7:06 PM] claudiacardinale: Other people are just missing.
[7:07 PM] claudiacardinale: Most people lose internet connection.
[7:07 PM] Thorium: I would like some form of evidence of that before I'm willing to beleive it
[7:07 PM] claudiacardinale: If they keep trying after that happens things get worse.
[7:07 PM] claudiacardinale: You don't have to believe it.
[7:07 PM] claudiacardinale: The only reason I'm mentioning it is for people to be catious.
[7:07 PM] Thorium: If it's true I WANT to beleive it
[7:07 PM] claudiacardinale: You can do whatever you want with the information.
[7:07 PM] claudiacardinale: Any evidence will put more people in danger.

10/28

[2:40 AM] claudiacardinale: 
IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW

IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES

import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2

transaction = str(sys.argv[1])
data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")

dataout = b''
atoutput = False
for line in data:
        if 'Output Scripts' in line:
            atoutput = True
        if '</table>' in line:
            atoutput = False
        if atoutput:
            if len(line) > 100:
                chunks = line.split(' ')
                for c in chunks:
                    if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                        dataout += unhexlify(c.encode('utf8'))

length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
print dataout

usage

python script.py transaction_number

returns all the data in the output scripts

example

python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

Returns, 

Wikileaks Cablegate Backup

cablegate-201012041811.7z

Download the following transactions with Satoshi Nakamoto's download tool which
can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc

Free speech and free enterprise! Thank you Satoshi!
[2:41 AM] Bobb: I am not an expert but I know many of them and can get answers on questions fast
[2:41 AM] iDanoo: ah python
[2:41 AM] claudiacardinale: 
HOW TO FIND MESSAGES ON THE BLOCKCHAIN

I'll be helping you with a few initial examples. Remember that if you feel like you've been compromised, switch over to codec communication. 

I'm assuming you already did the example on Jean's latest code dump >>24140 Let's try to do a few more.

First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713. 

Use Jean's script and do 

'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf'

Once it is done you will be able to see a pdf was generated in that directory.

Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used. 
[2:41 AM] claudiacardinale: 
For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

If you do

python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

You will get a key that was leaked. 

Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again. 

Using this method we've found several transactions that involve Wikileaks that we don't quite understand. 


One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.

For example, the Bitcoin paper transaction. 

If you do 

'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output'

and then do,

'file -b output'

You will get:

'PDF document, version 1.4'

For

'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output'

'file -b output'

you should get

'GPG encrypted data'
[2:42 AM] claudiacardinale: 
MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS

import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2  

# usage, python script.py transactionlist.txt > file

txlist = str(sys.argv[1])

def txdecode(transaction):
    data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true") 

    dataout = b''
    atoutput = False
    for line in data:
            if 'Output Scripts' in line:
                atoutput = True
            if '</table>' in line:
                atoutput = False
            if atoutput:
                if len(line) > 100:
                    chunks = line.split(' ')
                    for c in chunks:
                        if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                            dataout += unhexlify(c.encode('utf8'))
                            
    length = struct.unpack('<L', dataout[0:4])[0]
    checksum = struct.unpack('<L', dataout[4:8])[0]
    dataout = dataout[8:8+length]
    return dataout

f = open(txlist, 'r')

alldata = b''
for l in f.readlines():
    l = l.rstrip('\n')
    alldata += txdecode(str(l))

print alldata

example:

python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

save the 130 transactions to trans.txt

then use the script above and do

python newscript.py trans.txt > cables

you will get a zipfile with the cables
[2:42 AM] iDanoo: woah
[2:42 AM] claudiacardinale: 
GETTING ADDRESSES FROM HASHES

# How to get address from hash
# Run the following on bitcoin
from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
pk.public_key().address()
# Compressed address will be returned
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
pk.public_key().address()
# Uncompressed address will be returned

snowden
1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg

1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj

kerry
1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU

1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e

ecuador
1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta

16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB

ukfco
1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf

1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
[2:42 AM] claudiacardinale: 
Analysis threads (heavily deleted and slid):

https://8ch.net/pol/res/7946506.html

https://8ch.net/pol/res/7962287.html

Post where a 'key' was posted and deletions started taking place:

https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html

https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
[2:42 AM] claudiacardinale: 
Link to original insurance file in case anyone wants to test that one:

https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010

https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent

https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent

https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent

https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent

openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER" 
openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"
the passwords seem to be telling us that there might be multiple files
coming out of this, or it could be telling us a message like "Use a Tor Onion Router and do this". It might be that the file has to be unlocked over and over. 

also someone suggested, "take the last 32 or so bytes in the file, flip them, save it and then run 'file -b' on it."

UNCRACKED TRANSACTIONS:

7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e


[2:43 AM] claudiacardinale: Spread this everywhere.
[2:43 AM] claudiacardinale: Download the blockchain and the insurance files NOW
[2:43 AM] iDanoo: saving it
[2:44 AM] iDanoo: done!
[2:45 AM] iDanoo: Thanks @claudiacardinale
[2:45 AM] Bobb: Ok so wow and thanks
[2:47 AM] Bobb: it seems like layered hex that one "TOR" file.  That is anothers comment not mine.  I like the tool there also. is I understand correctly it is a way to recomplile files from multiple bitcoin trancasctions.  That could be huuge utility going forward.
[2:51 AM] iDanoo: Yeah I'm not sure, woo gone from 8 years down to 5 years behind in the block chain
[2:54 AM] claudiacardinale: Please take my messages about, put them into a text file and save them.
[2:54 AM] claudiacardinale: I don't have much time.
[2:55 AM] Bobb: I saved your message @claudiacardina
[2:56 AM] Bobb: thanks
[3:00 AM] iDanoo: @claudiacardinale where are you from? If you don't mind me asking.
[3:01 AM] claudiacardinale: I am completely compromised. I don't have more time left. I won't be able to log back in after I disconnect now.
[3:04 AM] iDanoo: Is there anything else?
[3:04 AM] iDanoo: Do you have pgp/any other contact methods?
[3:04 AM] iDanoo: We appreciate the info/time you've put in.
[3:07 AM] Bobb: How do you know you are comp'd?  You are good if you can tell IMO
[3:09 AM] Bobb: when the fcc took over the internet in the usa many people did not notice the bug running in the background.  Only those who hand code their websites noticed anything at all.  And that was on an older machine running a special linux live cd
[3:09 AM] Bobb: that is why I ask re: "I am completely compromised"...
[3:10 AM] claudiacardinale: Pay attention to the DDoS attacks and what gets deleted from the Internet.
[3:10 AM] claudiacardinale: Listen. There is no one left.
[3:11 AM] claudiacardinale: When we started we had a big group
[3:11 AM] claudiacardinale: Everyone is missing or completely silent.
[3:11 AM] claudiacardinale: We made the mistake of working alone and not sharing.
[3:11 AM] claudiacardinale: If we spread the progress there is no reason to silence anyone.
[3:11 AM] claudiacardinale: The keys are out there. Don't let anyone tell you otherwise. The truth can still come out.
[3:11 AM] claudiacardinale: Work together and keep everyone informed.
[3:12 AM] claudiacardinale: Push progress to the blockchain.
[3:12 AM] Bobb: I agree the keys are out
[3:12 AM] Bobb: good plan claudia
[3:12 AM] iDanoo: Will do that.
[3:13 AM] Bobb: Where are the keys?
[3:14 AM] Bobb: You are not alone
[3:15 AM] claudiacardinale: Use the information posted above.
[3:15 AM] claudiacardinale: If anyone finds a working key spread it immediately.