 Okay, today we're going to be looking at solving the hidden message from July 8th 2016 if you go to that video and Press play you can see the squealy QR code and what that is is a number of frames Which are all individual QR codes that go together. I've done this in a previous video But obviously there's more to it than that. Let's go ahead and grab the URL for this video and open up the shell And I'm going to download that video. I'm going to use YouTube dash DL to download that so if you don't have that installed install it or use whatever method you like to download YouTube videos next we need to extract all those frames. I'm going to use FFM peg I'm going to say use that video as an input and then as an output. I'm just going to call that image and I'm going to go Percent to dot PNG is going to create PNGs for each one And the percent two means make and put a number there. That's at least two digits There's only 91 frames in this video if there was more than a hundred you want to make it three You could have made it three basically if you don't do that And you number it one two three four They're going to be out of order when you try to decode them because it might go one ten eleven twelve You get what I'm saying. Hopefully you do Obviously I typed something wrong there. Let's go ahead clear the screen here and Oh, sorry percent two D There we go And we'll list this out and you can see all those images there We can open up my file manager. You can see they're all QR codes except for the very last frame ended up being a black frame That's important because when we go to decode you're going to notice. There's only 90 bar codes decoded because the last one Doesn't have one in it. So don't let that throw you off Okay at this point Let's clear the screen again. I'm gonna say Z bar IMG Which you'll have to have installed for this to work or use whatever application you like to decode bar codes I'm gonna say decode All the PNGs I'm gonna start playing that out and it starts show me what the code looks like now to the train die Such as myself right away. I will look at this and I would assume that it's base 64 or something similar Most likely base 64. What is base 64? I'll get into that in a moment The first thing I want to do here is I'm gonna dump all the base 64 code into a file But first I have to get rid of this QR code header part there that the Z bar image is putting into there for each Code it finds Obviously you could pipe it into cuts and remove that but a simpler way is dash dash raw option for Z bar Image and that will just say give me the raw data Next let's dump all that into a file. So I'll just redirect that and I'm just gonna put it into a file called M for message But you can call it whatever you want. I'll hit enter. It's gonna go through 91 frame So it's gonna take a moment. So let me talk about what base 64 is for those of you Don't know it is basically one of there's other types, but base 64 is probably the most common. You can take any file By no binary or not. It could be an MP3. It could be a wave file It could be a JPEG file a PNG file an application anything and it will turn it into ASCII basically typable characters if you ever look at the raw data from a email with Attachments the attachments are going to be in a base 64 format. That's how it's stored And then your web browser or whatever will decode it back into Whatever binary file it is same and then web browsers if you're creating HTML you can actually embed images in your HTML using base 64 so anyway, here we go it decoded and We got 90 from 90 from 90 and 91 images again the last one was a black image So I can clear the screen again and we can cat out that file. So there it is all You can tell if you if you work base. This is what base 64 looks like it always ends with the little equal signs It's pretty obvious that it's base 64 once you've seen it a couple of times. So at this point I want to decode the base 64 now base 64 is not an encryption It's an encoding so you don't need a pass or anything all you need is a program called base 64 Which if you're running Linux is Ori on your system. It's even built into busy box So if you're running like on a small arm device if it's not already there You can easily put it on there with busy box. Anyway Base 64 dash D for decode and I'm going to say M And if I hit enter it's going to output the original file decoded onto the screen Which right here you can see it is some sort of binary file and just kind of glancing at this You can kind of tell what it is looking at this right here But we need to put it into a file anyway. So again, we're gonna run base 64 dash D to decode name of the file And I'll just redirect that into a new file. I'll call it F for file Again, I already saw the binary output there So I kind of know just by glancing at that what type file it is But if you weren't sure because again, it could be a JPEG file a PNG file a wave file if it's a standard file Format, you know something common on all Linux systems every Linux system I've ever touched has the command file you give it a file name in this case F And it will tell you what type of file it is and right here. We can see it's an ELF 32-bit executable file for Linux. So basically this tells us that we know that this is a Linux executable It's 32 bit. I purposely compiled is 32 bit just to make it a little more compatible because most people have 64-bit machines, but 64-bit machines are usually backwards compatible ELF means Link file external link file. Basically, it's dynamically linked is what that's saying is that it requires some Libraries which are already on your system. Basically, this is a Linux executable file So there's a few things you can do with this So if you're on a Linux machine and you trust me that this isn't malicious code because there's no way for you to really know Whether this is malicious code you can run it through antivirus or something and as I've mentioned the past It's it antivirus isn't going to tell you whether something's a virus or not unless it's known And since I just created this antivirus isn't going to know whether it's a virus or not. I'm promising you It's not so if you trust me Which me attacking viewers computers would be a bad idea I can make it you can make it executable and then dot slash run it and it gives you the video URL that you're looking for So you go there and that's your final destination now if you don't have a Linux system or you don't trust me obviously you can run this in and A virtual environment or some sort of sandbox of some sort if you don't trust me Which even if you trust me I would have eyes doing that, you know So anyway, you could do that or there are two other I'm sure there's more but there's two options you can look at Well, you can look at it in a hex editor So that's one option that I wasn't even going to bring up. So I let's do that. I'll do it hex edit Oops hex edit the name of our file. I can tab over here hit for it http and Right here. You can see it's the URL Right here, but it's it's not straight. It's got things in between certain characters now Before I go any further Quit out of this Let's go back over here. I'm gonna show you the basic code So this is a little insight on how I created this executable. This is the exact same code Except for here. I put in my example here. I put hello world rather than URL now I could have just made a very basic I could have left out the strings header and just said print F and then the URL I Purposely didn't do that to make it a little bit harder for you So that when you go into a hex editor or use one of these other methods the string isn't all together I purposely put it in an array that loops through it so that it would be split up a little bit But you could still find the URL that way so one command that I use all the times called strings You can give it any file and it will remove anything. That's not a principle string So all the gobbledygook inside the executable and just give you the plain text So I can say that and then we can we can see that whole thing So that's all the plain text inside the executable, but we can grep for HTTP But you'll notice again all you're seeing is HTTP again if I just did print F With the string you would see the entire URL right here But since I split it up into an array it's split onto multiple lines Also, this is a 32-bit executable. So you're going to be see four characters Where if this was a 64 bit and you would see eight of the characters at a time But simple fix for this is use grep So string the file pipe it into grep and Then search for this and we're going to say dash capital a and I'll say 10 that says find HTTP in this file and show me that and the 10 lines after it and there you go is your URL split apart You just need to figure out exactly where it ends and you've got your URL Another option if you didn't know about the strings command is you can say grep dash IHTTP dash capital a or just just a and Then I don't know if that has to be over here. Usually I put that over here. So So dash a and what that's saying is I'm giving you a file. That's not plain text I'm giving you something and I want you to search for ASCII in it And so if I do that, oh, I'll have to give it the file name There you go And you can see right here is your URL once again But again, it's because I put it in that array rather than just a string if I just F printed it You would see it right there But I purposely did it this way to make it because I'm a jerk and I want to make it a little bit harder for you guys But you can get rid of the excess characters here like these question marks in the capital E is there and Figure out where the string ends and you'll have your URL if for some reason you couldn't run the executable whether you're on a non-linux system and for some reason you couldn't get a virtual machine running or Something along those lines. So anyway Again, basically we downloaded the video made into images decoded the images, which was base 64 Oh, and if I didn't mention before Hey, I meant to So you might be going how was I supposed to know that space 64 again if you've worked with a 64 you recognize it But I always give you little hints because I want these to be difficult But I don't want them to be impossible in the actual video if you in your browser Look at the code of the page and look for the keywords tag The meta tag I gave you a little hints here that you're gonna use base 64 and I wrote QR code Because that's why I used to create the codes Z bar images what I used to decode it But those are little hints for those of you who might get a little stumped try to always check that So yeah downloaded made the images Z bar image raw to dump them into a file base 64 to decode it and Then file to figure out what type of file it was make it execute bone execute it or take one of these other methods if you didn't Didn't or couldn't execute it for some reason you can look at the data either using strings Grape or hex edit and that is it So thank you for watching. I hope you're enjoying these and in a few more days I'll put out another hidden video message and I guess I let's give a shout out to the people who made it At least the point of me Let's see so Open link Pause that this is the video that the thing brought you to so here are the people go ahead and look at these names These are the people who made it actually a lot of people. I thought this This this one was going to be a little more difficult Than previous ones, but people made it a lot of people made it surprisingly, which is great I love to see that so the next one Will be just a little bit harder. I think at least I thought this one was gonna be harder and more people made it So thanks to all these people who took the time to decode that message and find this hidden video Have a great day. Oh and visit films by Chris calm. That's Chris the cave. It should be a link in the description Also, you know support me patreon.com for session looks with the check all the links in the description for all that stuff I've talked enough have a great day