LEAKS?!

Bump for sauce

Honestly I know a little programming but still can't figure out exactly what this does. I don't know what echo does. Trying to google to figure out if this is important or not.

Julian is dead wot

Does anyone know what this does??

THE KEYS FOR THE WIKILEAKS INSURANCE FILES

Sauce:

pastebin.com/evFHJ61L

I'll bite. The fuck you mean you don't know what "echo" means?

Fall of Cassandra found this imgur.com/r/The_Donald/KaVd87f

I've seen this before, probably a couple weeks back, I don't remember what it was about though.

...

Haha I just looked it up. Honestly when I say I know programming I just have used really ancient shitty programming languages in college. I figured it out.

I don't know if this is important anymore. Seems to be related to this reddit post?

reddit.com/r/The_Donald/comments/58t9xm/i_decoded_that_supposed_wikileaks_message/

So these aren't keys to the insurance files?

Ah, understood. Well, it's a bash script fyi. Do with that information what you will.

I've found a source for this:

reddit.com/r/DNCleaks/comments/58ov84/possible_insurance_key_dump_please_help_the_donald/d929ryr/

Yeah from what I understand however, they are only supposed to be 'unlockable' if Assange doesn't basically press a button once every 24 hours or so.
> Pic Related

It's rigged? They already know who's going to win??

bump

Why would Assange put this up as an anonymous pastebin, but NOT also on wikileaks.org, or a link on the twitter? This seems a lot like diversion and literally nothing.

Agreed. I just saw this posted and thought it was my duty to figure out if it was important. Been seeing a lot of censorship lately. Not ruling anything out.

How does one open the Wikileaks insurance files anyway?

I have them downloaded, but don't know what format they're in/what program would be used to decompress them.

Can you try these? use openssl

where's the oldfags when you need them

WE NEED CONFIRMATION THIS ISN'T REAL

Aight, I suck with Terminal but I'm installing openssl now

>life insurance

This

Not sure what to do next or if I did it correctly. I have key and hex files. I only have the last insurance file though. Not the earlier ones.

Bump

Bump

y u slide?

shills trying to slide

bump

This is old.

where is hacker to save us

Have openssl installed now and all WL insurance files downloaded - someone walk me through this shit

Kimdotcom just tweeted

>From brexit to hexit

He referencing something?

Bump

unix fag here

on lines 20-24 he saves those long ass strings into separate files with funny names

on lines 26-30, he reads in those files and encrypts them with AES256, and saves the results in .key files

note that when you run this command, it asks you for a password. The password "he" used isn't specified here.

34-38 is a 2-stage loop
first, the loop iterates over all of the files named *.aes256 - these are the three insurance files below

next, the loop iterates over all of the .key files he stored in lines 26-30

for each combination of an .aes256 file and a .key file, he spits out one line of text, consisting of
the aes256 filename. the key filename. the result of a long command

here's the long command:
$(echo "$(openssl enc -d -aes256 -in $w -kfile $k -bufsize 8 | xxd -l 8 | sed s/00000000://g)" | cut -c 1-23)"

openssl enc -d is "decrypt". he attempts to decrypt the first 8 chars of each file with each key.

it then pipes the output to the command "xxd -l 8". xxd is a hex dump utility.

it then pipes the hex dump output to a sed filter and a cut filter. These remove the leading address info and the trailing raw bytes, leaving only the hex bytes.

these hex bytes are the result of the long command.

if this were all legit, then those funny strings at the end of each line of insurance + keys + command output, would be the first 8 hexadecimal bytes of each decrypted insurance file.

you can use those hex strings to see if they match any known file headers, or ascii codes, or things of that nature.

note that he tries every key on every file, and the messages are different for each combination. only one key could plausibly produce the correct decrypted output, so for each insurance file, a maximum of one of the lines of output could be correct.

i don't know why he would try all the keys on all the insurance files - unless he wasn't sure what went with what.

copy and paste the raw pastebin into a file called "script" or something

then type these commands (without the $):

$ chmod u+x script
$ ./script

its a shell script. run it.

rm –rf /

Where's senpai FUG D:

reported to richard stallman

Godspeed Senpai I'll be watching you, and please make another thread if this one goes rip.

Fuck that man enjoy those roms instead

anyway, if you wanted to see if those hex values mean anything, basically, try to search on these strings, either as file headers, or, try converting them to ascii with an ascii table:

6f46 30e1 c6f3 385d
f22d 7304 8224 8ad6
07d6 db54 f3c2 7d4a

(etc.. the last section of bytes on each line from 41-55)

Finally, note what we don't have here
1) we don't have the contents of the KEY files. Those KEY files are the actual decryption keys
2) we only have PART of the information that generates the KEY files. The key files are generated by steps 20-24, but those steps appear to require that a human enter a password. which password?

there's a chance that the passwords are the comments, e.g. "fall of cassandra" is the password used to encrypt 2B6DAE482AEDE5BAC99B7D47ABDB3

if that were true, then you could faithfully generate the .key file "fall-of-cassandra.key"

tl;dr - the most that someone could do with this paste-bin is see if any of the 8-byte hex thumbprints of the final lines of output mean anything, like the start of a known filetype.

the reason that doesn't work is because the openssl enc commands that generate the .key files require human input (the passphrase)

Bump

Possibly fake and already debunked?
archive.4plebs.org/pol/thread/94424687/

is it time? time to shed off this mossy stone from my back, the hum of the ancients through the granite of my flesh? is it time to return to being...

a king?

Bump where's our fuckin coderfags

I am curious about this, not much left for me to do. Already voted for the Big D, not in a swing state so what else? Just shitpost here and on twitter.

here and I'm pretty sure this is fake. If Wikileaks is going to leak the key, they'll do it in a way that is obvious and with clear instructions.

They have multiple locations across the globe, so one of them will get the info out.

It's a bash script. It looks like it might be using OpenSSL to decode the WLInsurance files, but I don't know enough OpenSSL CLI syntax offhand to know exactly what it's doing in that loop.

Save this as a text file on a linux server, chmod +x it, and run it. See what happens.

RTFM

man openssl

u fucking chach

Not fake, so much as a failed attempt to bruteforce unlock the files.

additional reminder that these are "Insurance" files, so their purpose is to be leaked at the last moment when WIkileaks is under imminent threat of being taken down.

>b-b-but it's just a quick read in the m-m-manual!!
fuck you, I do crypto and unix shit for fun and the manual is the last (but most thorough) place to look. Most people don't need to know how every little detail works.

welp

good call, I have no idea what I'm doing

learn to grep faggot

man openssl | grep -- -d

man openssl | grep -- -whateverflagyouwant

>using grep instead of egrep/regex
yeah, gonna quickly check a flag that I somehow magically remember.

but aren't you trying to figure out what the openssl command does? you don't know what it does cuz you don't know the flags.... so just see what the flags do

idk mayne not tryna argue, just being a chach on Sup Forums
sorry 4 being a dick mayne MAGA

That openSSL asks you for a passphrase to generate .key files is just to protect the keyfile on disk. When you go to use it to decypt something, it'll ask you for the passphrase you entered earlier, but it's only to decrypt the key file. It's just an idiosyncracy of OpenSSL... You can actually, if you want, decrpyt the key file so you don't need a passphrase for it immediately after generating it. That's what you have to do when setting up SSL for a public server.

Apparently, if I'm reading it right those hex strings *are* the keys, or at least this person believed them to be.

no problem, I use linux all the time and I get really pissed at the Sup Forums gentoo fags that act fucking pretentious and don't understand basic user workflow

shit, I figured out what openssl command to use, but realized that this pastebin is for the old insurance files, not the July 2016 one that would presumably be what we want...

also, just sayin', egrep is just an alias for grep -E

yeah, that's why I also threw in regex.

2shay

maybe it's something to do with this encrypted wikileaks file from a few weeks ago?
wasn't that encrypted?
or something....

Record officially corrected

or with those strange podesta beach picture.
or any of those pictures.
maybe to find the hidden messages/watermarks or what's it called

My app stored this image icon from a deleted bread. Interesting... no idea who did the post.

Edited to remove time, exif, router name.

who's smart enough to tackle this one?

I have some images that might help.

...

...

...

Should we ask Sup Forums ?

Bump for nevar killary

...

...

...

...

...

...

...

...

...

>reddit.com/r/DNCleaks/comments/58ov84/possible_insurance_key_dump_please_help_the_donald/d929ryr/
copy paste the commands in the pastebin into your terminal

That's all I got. I'm going back to /cfg land

Best of luck!