Tech – Page 5 – Black as My Coffee

Steganography

TryHackMe ROOM: https://tryhackme.com/room/ccstego

Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png . More broadly ,hiding bad things into good things.

This is just a basic room to introduce to various Stego tools . The tools introduced here are :

steghide : Images and Audio(JPEG, BMP, WAV, AU )files are supported as cover file, no restriction on format of secret data.

zsteg : Images (PNG, BMP) are supported as cover file.
exiftool : Exiftool is a tool that allows you to view and edit image metadata.
stegoveritas : Images(JPG, PNG, GIF, TIFF, BMP), it supports just about every image file .
spectograms : Spectrogram stegonography is the art of hiding hidden an image inside in an audio file’s spectogram. So , While dealing with audio file we will try to analyze the spectogram of the audio file.

Many tools may not be present by default in the system, so it’s advisable to install these tools before doing this room. I am using Manjaro and will try to include both “apt” and “pacman” installations command .

Also download the attachment given in the room for doing assignment .

Extract the zip file using

unzip spect.zip

after cd in the extracted directory , on listing we get

Steghide

Debian Install : sudo apt install steghide

Arch Install : sudo pacman -S blackarch , search for steghide and type the corresponding number .

After installation we should do ,man steghide, which shows us basic commands:

There is a hidden message in jpeg1.jpeg and a passphrase is given too , so we need to extract it , after referring to help menu it will take a form of :

steghide extract -sf filename.jpeg -p givenPassphrase

we will get our output file named as “a.txt” by default .

Zsteg

Debian/Arch Install : ruby should be installed in the system , to install “zsteg”, run

gem install zsteg

zsteg is to png’s what steghide is to jpg’s. It supports various techniques to extract any and all data from png files. Detects various LSB stego, also openstego and the camouflage tools. Running following piece of command , we can get the hidden informations :

zsteg filename.png

Exiftool

Debian Install : sudo apt install exiftool

Arch Install : sudo pacman -S perl-image-exiftool

Check out metadata of media files. Run,

exiftool filename.jpeg

Stegoveritas

Debian/Arch Install : pip3 install stegoveritas && stegoveritas_install_deps

can also use Blackarch to install in Arch.

Now , we can run it as

stegoveritas jpeg2.jpeg

we get our hidden message in a file which is in the folder “results”, see for yourself 🙂

Spectograms

We will solve this problem using , GUI tool sonic-visualiser .Which upon opening gives window like this :

Add a file and then click Layer->Add Spectogram . For wav1 file in example it is as follows :

that’s it. We can clearly see the letter “A” hidden ,which was our message here.

TL;DR : Using Steganography(i.e covered writing), we can hide secret message in otherwise not so secret mediums(and that’s where it differs from cryptography, i.e secret writing.)

It was just a basic room , nothing fancy here :))

The Final Exam – Practicing above learnt tools

Connect to the lab using openvpn:

sudo openvpn /path/to/downloads/username.openvpn

doing a “nikto” scan on the IP of the virtual server :

sudo nikto -h IP_of_the_virtual_server

we get the output as follows, you could see a web server is running at port 80:

so , we will type target IP in our browser , as target_IP:80. we get this page

so from this lesson we have 2 tools to deal with jpeg images : steghide & stegoveritas, and 1 tool(exiftool) to get metadata.

we will first try steghide here:

steghide extract -sf exam1.jpeg

But it will prompt us for passphrase(we have no passphrase right now), so we will try to see something in metadata using exiftool:

exiftool exam1.jpeg

we get the passphrase from metadata , running once again through steghide with passphrase flag as(here, I am just showing a placeholder for passphrase):

steghide extract -sf exam1.jpeg -p theNewlyFoundPassphrase

we get the key and after submitting , in next challenge we have to download wav file and load this in sonic-visualizer and apply spectogram layer(click Layer->Add Spectogram) , we get a URL, when we go to the URL , we get an image(PNG) :

we will try zsteg here as:

zsteg exam2.png

voila, we have 2nd key with us , upon submitting it we get to the page

downloading and using zsteg as: zsteg exam3.png ,gives us dead end.

when scanning QR code , scanning return nothing as the image is bad .We will here use stegoveritas , which also has color correction features which may result in a readable QR code:

stegoveritas exam3.png

we can see stegoveritas has created a folder “results” in which there are many versions of “exam3.png” generated , upon scanning any of these QR code having a high contrast we will get the key .

Evolution of Formula-1

“If you torture the data long enough, it will confess.”
~ Ronald Coase

This is the second blog post related to Data Visualization and this time it’s about Formula 1. I am going to comment on datasets related to Formula-1 racing . You can download the dataset from here . The DataSet and code can be found here too.

“Race cars are neither ugly nor beautiful. They become beautiful when they win.”
– Enzo Ferrari, Founder of Scuderia Ferrari

Some of the stacks used are : Matplotlib, Seaborn , Plotly, Pandas, Numpy,

Formula One cars are the fastest regulated road-course racing cars in the world and many famous constructors like Ferrari, Mercedes, Red-Bull, McLaren , Renault participate in this with their highly engineered cars.

The success in Formula-1 depends upon cars and drivers. But ,Recent years have seen total domination by one team in any given season. It seems that if a team manages to find an engineering edge for their cars, they will win the drivers’ and the constructors’ championships regardless of how good the opposition drivers are. Ferrari, Brawn, Red Bull, now Mercedes – same story. There have been years where Ferrari reigned and then in more recent years Red Bull and then Mercedes have won Championships .

Let’s see which constructor has won most percentage and absolute count of championships.

The upper plot shows the number of Constructor’s championship won by the constructors. The following Plot will show the winners with respective year , so that the plot would be more interesting.

As you can see last 6 years is all Mercedes, from 2010-13 all Red Bull. And this is a proof that machine and constructors are most important factors when it comes to Championship win.Let’s see one more graph

Let’s see this Boxplot , this boxplot is a trivial one and generally it’s not a good idea to use boxplot in this condition. But one thing can be well explained by this boxplot .If we see from 1980s to mid 2000s , there has been three major constructors(Ferrari, McLaren, Williams) who won large number of championships, and they won alternately , i.e there was a three sided wars and all three won their fair share. But after mid-2000s , we can see it has just been a short period of consecutive wins by various constructors as Renault , Red Bull and now Mercedes.when we see after 2005 period it has been all one sided for a period of time, and then a new winner emerges.

Before going to next topic I will also add the plot for most number of championship wins for drivers.

We can see there are a very limited number of driver who has won the championship that started from 1950s , and constructors play a major role in this.

How the speed of cars have changed over time

It will be interesting to see how cars have evolved in all these years, how their speed have changed , how different tracks affect speed.

Hmm, from graph, it doesn’t seem there has been much of improvement in the speed.

We can also see a 3 year span of short lived Indian GP. Italian GP recorded the fastest lap speed , while Singapore GP the least.

Let’s see top 10 fastest Lap and along with their drivers and Constructors.

This info is slightly outdated and now Kimi Räikkönen holds the record with fastest lap speed of 263.587 km/h.(this graph doesn’t contain 2018,2019 championship’s data.)

Now , instead of championship we will see most number of “Races” won by each Driver and Constructor. so,

Top 30 Constructors on basis of Most Races won(i.e most Top finish till 2017)

Well , we can see It is lead by Ferrari and McLaren , and Mercedes are chasing them very well , and it would become more evident if we were to include 2018,2019 data. The below graph is for drivers,

Is there a British superiority in F1 ?

In this plot the color is coded as per nationality (you can see by hovering over graph). Well it may be not completely dominated by british constructors but a well portion of it has been. This will become more evident by following graph:

Nationality of constructors and count of wins in races

It is slightly more evident from this plot, that british constructors have been more dominant than anyone else.

I am going to analyze two density plots:

Density plot of wins for Constructors, What does this Plot mean?

This plot shows the distribution of race wins over 1950s-2017.We can see the winners of race comes from a very narrow distribution of constructors. This distribution expands as we go from ‘Top 1’ to ‘top 3’ to ‘top 10’ finish.Now let’s see this density plot for drivers:

Well, same explanation as above plot, but we have drivers here.

so , this has been my analysis for plot for the F1 championship, I would like to add one more plot for Most number of wins by Driver encoded with their nationality:

So, I stumbled across this dataset and it was way more intresting and huge than my previous movie dataset.So , after a day and half of continuous tinkering this is the result I got. Hope you guys will like it.

In next post, Probably I would be coming with an another interesting dataset.

Till then 🙂