Okay it seems you are able to hide hidden files inside uploaded images here....I saved a pic off this site, opended with 7zip and it seems there was a butt ton of DNP images inside....there are a few of these images hidden on the site, some years old....

example: https://e621.net/post/show/170833

...Did anyone else know about this? o.o

Also it seems you can find other files like this on the site if you search order:filesize

I wonder if there are more cases like that lol.

Yeah, I've seen it done to upload batches of .gif files on a different site.

Butterscotch said:
I wonder if there are more cases like that lol.

Search order:filesize and look for small rez images with high file sizes....there are a LOT of them.

So much DNP stuff hidden in okay images....this has really gone under the radar it seems...now my question is, how do we fix this or even keep an eye on this? is there no way to stop this from happening?

I thought this was pretty well known, I even have the instructions on how to create those images flying around somewhere.

The only way to stop this from happening would be to strip all images from the additional data and only leave image and maybe exif data intact.

Yo I found another one :P

post #169150

uploaded by the same user, this one has the dnp'est of the dnp sexyfur hidden on it.

We've come to a decision on this one, we'll weed out all archives we can find that contain DNP or illegal content, if you find something, report it to us, either per PM to somebody, email to [email protected] or by using the report feature.

(Report me if you wish to make it anonym for example, just make sure you put a good reason in.)

NotMeNotYou said:
We've come to a decision on this one, we'll weed out all archives we can find that contain DNP or illegal content,

wont this take forever? I mean there are a lot of images that could have hidden files....even when searching that term.

Butterscotch said:
Yo I found another one :P

post #169150

uploaded by the same user, this one has the dnp'est of the dnp sexyfur hidden on it.

Perhaps if we find more by other users this should call for a search of everything they have uploaded, as it seems they have done this on purpose

Hey, some more!

(Using this format: "Post ID: Type, Assumed filename, Size")

post #169354: RAR, Guava, 9.16MB
post #170824: RAR, Apple, 8MB
post #169146: RAR, Banana, 6.55MB
post #169145: RAR, History, 6.68MB
post #169148: RAR, Egg, 3.81MB
post #169351: RAR, Durian, 1.39MB

All uploaded by WoerWyre.interactive (haven't checked anyone besides this user) and contain SexyFur comics

Also, why would you open an image in 7zip?

Xch3l said:

Also, why would you open an image in 7zip?

Its a old trick I learned when hiding certain files from others who use the same pc. Its also a good hiding spot for text files of important info as well, but some users use it for hiding porn, since its all hidden in a harmless image of a cat or something.

Can also add other files. Easy with hex editor. :3

Hmm. They were all uploaded by the same user, who got a negative record for uploading DNP. Think he did this to get back at the admins? :3

JoeX said:
Hmm. They were all uploaded by the same user, who got a negative record for uploading DNP. Think he did this to get back at the admins? :3

Most likely, but this worries me somewhat. I am starting to think their is a hidden group of furries on E621 that upload harmless images with hidden DNP files inside of them, bypassing the DNP rule and sharing them among this hidden secret society that seems to secretly lurk here among the common users...

I have a feeling this may be on more images in smaller doses from other users as well. I wonder if there is a sure way to stop this in the future....

Conker said:
Its a old trick I learned when hiding certain files from others who use the same pc. Its also a good hiding spot for text files of important info as well, but some users use it for hiding porn, since its all hidden in a harmless image of a cat or something.

I never thought of that

furballs_dc said:
Can also add other files. Easy with hex editor. :3

Yeah, that's how I extracted them :)

Xch3l said:
I never thought of that

It goes unnoticed if the files are txt files or something smaller. However when using it to hide so many images the file sizes become quite big and easy to notice if one checks the size. Starting to wonder how e621 will handle this in the future, due to some files going unnoticed if the file size is kept low enough.

Conker said:
It goes unnoticed if the files are txt files or something smaller. However when using it to hide so many images the file sizes become quite big and easy to notice if one checks the size. Starting to wonder how e621 will handle this in the future, due to some files going unnoticed if the file size is kept low enough.

We'll need file sizes and dimensions on post tooltips (or ALT text)

Xch3l said:
We'll need file sizes and dimensions on post tooltips (or ALT text)

I sense an incoming hunt

This is going to be a tough one....

This should be interesting if nothing else... hopefully there is nothing nastier than dnp stuff hidden in these images....like a virus or something...

Conker said:
hopefully there is nothing nastier than dnp stuff hidden in these images....like a virus or something...

This is what worries me

Conker said:
Most likely, but this worries me somewhat. I am starting to think their is a hidden group of furries on E621 that upload harmless images with hidden DNP files inside of them, bypassing the DNP rule and sharing them among this hidden secret society that seems to secretly lurk here among the common users...

Damn, do you still wear a tinfoil hat or already an entire space suit made from tinfoil?

Also, that trick with .zip and .7z is as least as old as /b/, both work because they check the file for start of a zip archive and will actively ignore everything before the start of the archive, while image programs don't care about any data after the image, both parts are simply worthless (and ignored) garbage to the other program.

Conker said:
I have a feeling this may be on more images in smaller doses from other users as well. I wonder if there is a sure way to stop this in the future....

https://encyclopediadramatica.es/Embedded_files

Interestingly enough, most of this accurate.

This is exactly why I've found it odd that in case of dupes, larger filesizes are always kept. If it looks the same but is larger than the original, there must be something extra in it. Ranging from useless metadata to nastier stuff..

Genjar said:
This is exactly why I've found it odd that in case of dupes, larger filesizes are always kept. If it looks the same but is larger than the original, there must be something extra in it. Ranging from useless metadata to nastier stuff..

most 'dupes' typically have been larger resolution. Now, wherever the idea that larger resolution is better came from, that I dunno, but to a point it makes sense. All the Las Lindas hentai that's massively sized though, doesn't make sense to me. ._.; Who is ever going to actually view it that large?

123easy said:
most 'dupes' typically have been larger resolution. Now, wherever the idea that larger resolution is better came from, that I dunno, but to a point it makes sense.

Yes, but I was referring to the dupes that have the same resolution but different filesize. Such as post #409612: the original image uploaded directly from the source got deleted, and the modified one with larger filesize got kept.

Genjar said:
Yes, but I was referring to the dupes that have the same resolution but different filesize. Such as post #409612: the original image uploaded directly from the source got deleted, and the modified one with larger filesize got kept.

This.

NotMeNotYou said:
Damn, do you still wear a tinfoil hat or already an entire space suit made from tinfoil?

Its just a joke :P But also kinda being serious a tiny bit...
Also off topic but once someone I knew someone who made a tinfoil suit, wore it over his entire body (like 7 foot black guy in tinfoil suit) and walked around with the sign "moon rock" on them :V lol

Genjar said:
Yes, but I was referring to the dupes that have the same resolution but different filesize. Such as post #409612: the original image uploaded directly from the source got deleted, and the modified one with larger filesize got kept.

I would delete this file also. I can't see any difference and it was posted later - it is a duplicate. Though IMO comment of chdgs is wrong.

E621 might want to scan new (and old) submissions for hidden content to prevent further abuse. I know "next-gen firewalls/IPSs" can scan e-mails and the like for embedded malicious content. The technology to scan .swf, .gif, and other media formats for hidden content should be available if the embedding techniques used are as old as suggested in this thread. The challenge would be creating some detection rules that can differentiate, say, expected image content in a .swf file from unexpected and potentially banned content. Security software vendors would be willing to tell e621 if their solutions can meet e621's needs or provide cost estimates for developing the necessary detection modules.

...or perhaps that's entirely overthought, and a simple script running a program like 7zip on e621's database, marking files with "extra" content for review, would suffice. Meh, one's an enterprise solution and one isn't. Having users manually check files for hidden content is not a good solution because (1) it's certainly an incomplete scan, (2) it's reactive rather than proactive, and (3) banned content is successfully distributed to those users, if no one further.

Still, the discussion makes me wonder what solution e621 currently uses to detect "normal" malicious content (e.g., viruses or readable text) embedded via steganography and similar techniques. A public image hosting site is a great platform for distributing malicious payloads, provided the attacker exploited image-handling or flash vulnerabilities. Though, I guess complaints would have arisen if e621 did not adequately protect its users.

ImageMagick probably has the ability to remove embedded files from images being uploaded

Whatever moot used, just steal that or whatever, I think it should work the same...

What, you mean the fuctionality of which is described in detail as well as the method of getting around it, on the uncyclopedia page that Nimmy posted?

Hello, Since I think i caught the first one I think i'll explain how i found it, as it might help people catch more

I discovered it when I found out the origins of /b/ sink threads and how they where actually using it to post illegal content, not only using 7zip, but also with a JavaScript program called gold that could hide files inside PNG in a way to avoid detection. People on /g/ had a little panic and wrote a batch script that could scan whole folders/sub folder, log, and extract any files found inside various pictures, which is how i found a few, and doing a reverse google search found the same one was posted here and a few rule34 and booru sites, all had the hidden achieves in them as well.
The bat script can be found here but the link for gold-cli might be dead, if anyone is really interested in it i can post it to mega or something.
http://4chandata.org/g/spoilerYou-might-have-downloaded-unwanted-content-from-4chan-or-other-places-without-even-knowing-spoilerSeveral-anons-have-contri-a463523

http://en.wikipedia.org/wiki/Steganography
you might want to put -furryratchet on order:filesize searches (;