CICADA 3301

Hier tref je diverse algemene topics aan over occulte en dark side onderwerpen
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 21:12

Wellicht zijn er reeds QFFers die bekend zijn met de materie van CICADA 3301, maar voor diegene die geen idee hebben waar ik het nu over heb, zal ik hieronder even trachten uiteen te zetten waar het hier om gaat. CICADA 3301 is een mysterieuze puzzel die nu al bijna twee jaar lang de aandacht van een groep internetters weet op te slokken en er is na die bijna 2 jaar nog steeds niemand die weet wie er schuil gaat achter dit mysterieuze puzzel project.

Aangezien er 14 januari 2014 weer een volgende ronde gaat beginnen, is CICADA 3301 weer actueel en daarom leek het mij een geschikt moment om CICADA 3301 op QFF te introduceren.

Ik heb er zelf de afgelopen bijna 2 jaar zijdelings wel eens aandacht aan trachtten te schenken maar ik kon simpelweg niet altijd de tijd vinden om me optimaal in het onderzoek te storten. Dit is dan ook de reden dat ik de naam van het project wel op een lijstje had geschreven met zaken waar ik nog een artikel over wilde tikken. Wat gesurf in mijn bookmarks deed mij eergisteren beseffen dat ik hier nog steeds iets over op QFF moest zetten.

Er zijn maar zéér weinig tot geen puzzelaars in Nederland die mee zoeken naar antwoorden over de aanwijzingen van CICADA 3301, en alleen daarom dus al meer dan reden genoeg hier eens wat aandacht aan te schenken op QFF.

Om het maar gemakkelijk te houden zal ik hieronder eerst trachtten een simpele korte samenvatting neer te plempen die enigszins verteld over de afgelopen periode van bijna 2 jaar waarin vele puzzelaars een dolle achtbaanrit mee hebben mogen maken. Ik citeer daarom o.a. maar even de Wikipedia pagina over dit project. Let wel op, het is in het Engels omdat er in het Nederlands dus vrijwel geen informatie over te vinden is. Enfin, Wikipedia dus:
Cicada 3301 is a name given to a set of complex Internet puzzles. The first Internet puzzle started on January 5, 2012 and ran for approximately one month. A second round began exactly one year later on January 5, 2013, and is possibly still ongoing. The stated intent was to recruit "intelligent individuals" by presenting a series of puzzles which were to be solved, each in order, to find the next. The puzzles focused heavily on data security, cryptography, and steganography.

Much speculation exists as to its purpose. Some claim it is an Alternate Reality Game (ARG), but the fact that no company or individual has taken credit or tried to monetize the puzzles has led some to feel that it is not. Some have speculated that it is a recruitment tool for the NSA, CIA, or MI6.[3][1] However, no evidence exists to support this claim.

In January 2012, an image was posted to 4chan's "random" board containing a message stating that the poster was looking for intelligent individuals and inviting users to find a hidden message in the image which would lead them on the road to finding them. This image was the first puzzle in the series. The image was reposted by persons to other boards and sites, increasing internet interest in the ARG. People attempting to solve the puzzles grouped together on the mibbit and n0v4 IRC networks, with splinter groups making use of private IRC channels, forums, and Skype groups.

The ultimate outcome of both rounds of Cicada 3301 recruiting is still a mystery. The final known puzzles became both highly complex and individualized as the game unfolded, though at least one person has claimed to have "won", but verification from the creator(s) of the game was never made and the individuals making the claim have not been forthcoming with information.

The Cicada 3301 clues have spanned many different communication mediums including Internet, telephone, original music, bootable Linux CDs, digital images, and physical paper signs. In addition to using many varying techniques to encrypt, encode, or hide data; these clues have referenced a wide variety of books, poetry, artwork, and music.Each clue has been signed by the same GnuPG private key to confirm authenticity.[citation needed] Among others, these referenced works include:

The Mabinogion
Mayan Numerals
Agrippa (a book of the dead), a novel by William Gibson
The Marriage of Heaven and Hell, a book by William Blake
Liber AL vel Legis by Aleister Crowley
Ecclesiastes
The Lady of Shalott, a painting by John William Waterhouse

Throughout the testing, multiple clues have required participants to travel to various physical locations to retrieve the next clue. These clue locations have included the following cities:

Annapolis, Maryland
Chino, California
Columbus, Georgia
Erskineville, Australia
Fayetteville, Arkansas
Granada, Spain
Greenville, Texas
Haleiwa, Hawaii
Little Rock, Arkansas
Miami, Florida
Moscow, Russia
New Orleans, Louisiana
Okinawa, Japan
Paris, France
Portland, Oregon
Seattle, Washington
Seoul, South Korea
Warsaw, Poland

Speculation that the Cicada 3301 organization is large and/or well-funded is supported by the existence of clues in a large number of locations, all quite distant from one another.

Authorities from the Los Andes Province of Chile claim that Cicada 3301 is a "hacker group" and engaged in illegal activities. Cicada 3301 responded to this claim by issuing a PGP-signed statement denying any involvement in illegal activity.
Bron: ->> http://en.wikipedia.org/wiki/Cicada_3301

En zo is er nog veel meer, en daar er hier op QFF een paar hardcore speurders en puzzelaars zijn leek het mij een goed plan hier een topic aan te wijden zodat ook wij mee kunnen zoeken en speuren en zo kunnen helpen om dit mysterie op te lossen. Ideale tijdsbedrijf voor koude winteravonden dus! ;)

Hieronder zal ik in andere posts proberen zo veel mogelijk relevante informatie te plaatsen over de eerdere aanwijzingen en oplossingen!
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 21:33

De volgende informatie komt van dit Engelstalige forum: http://forums.unfiction.com/forums/view ... hp?t=36893 , het geeft echter een mooie opsomming van het een en ander:
I dont know how well you are informed with CICADA 3301 puzzles from 2012.

Afbeelding

Basically it is recruitment quest of puzzles based on classical literature and pretty hard core encrypting.

If strated for tha first time (that i know of) in january 2012. This is its secon draft that started in 5th january with post on 4chan.

Common thing that sticks out from every Cicada 3301 puzzle are PRIME NUMBERS. Beautiful PRIME NUMBERS.

People who solved both puzzles they got on emails were invited to secret group consistent of people who vere able so solve same puzzle. Not much is known what those people were doing after that. It is a secret afterall. Twisted Evil

Here I will post all the links and all the stuff you need to know.


CICADA 3301 January 2012 (base info about last years challenges)

http://i.imgur.com/2Zeo6.jpg start
http://i.imgur.com/TpntC.jpg end

Articles:
http://www.istartedsomething.com/201201 ... -disguise/
https://github.com/bibanon/bibanon/wiki ... -3301-wiki
http://www.clevcode.org/cicada-3301/
http://www.mentalfloss.com/blogs/archives/156708
http://bernsteinbear.com/cicada

Pastebins:
last public message from legit cicada
leaked mail that people got when they solve last puzzle <----- this is a bit about cicadas beliefs and what they stand for
confession of fake wind troll was published afterwards
main two puzzles you had to solve to get invitation, prior to that you had to solve clues from literature and reddit to find onion links to submit your email


Afbeelding

OK down to business!

This image was posted on 4chan in multiple thread by we dont know who on 5th January. It consist image that when outguessed (stego tool) produce this with legit PGP signature cicada used last year. So source IS CONFIRMED.

There was one similar thread one day earlier full with old images and few interesting links and leads, but in that thread there was NO LEGIT CICADAS PGP signature, so we dont have any idea who eas posting it and how legit things there was.

Here is the post that was on 4chan on 4th Jan .
http://chanarchive.org/4chan/b/65987/it ... this-since

Jan 4th 2013

Note: I have no proofs that any legit cicada people were in this thread. But there was alot of guys that made some miraculous discoveries and few people who were bumping the thread so it didnt die. There sure was some preparation and few coordinated people involved in that thread.

Also note that Cicada hinted that there will be more recruiting rounds in last message from last year. http://i.imgur.com/TpntC.jpg

This are things from last 4chan thread that looks like legit clues, I wasnt able to confirm any of them as being legit, yet! No PGP signed official message was given so far!

miracle no1:

CONTROVERSIAL PASTEBIN Shocked (this document rised alot of dust) there are few differant theories what is the reason someone released it. It was writen with much care. Interpret it as you feel like. Cool

guy who found it was incredibly luck and he claimed he isnt author of it

People who read it usualy react in one of two ways:
1. wow this is cleverly structured organization fighting for basic human rights and freedom
2. wow this looks like cult of some sort

To me it looks like it was written to attract some people and to lead some people off. You can understand it as you wish, that is your right.

You get what you bring in!



miracle no2:

Code:
I´m actually found something weird.
Do you know sms4tor?(http://sms4tor3vcr2geip.onion/)
I took the first 52 digits of the pgp key from >>448463952.

I got this message:
"You are near. The Mandelbrot set near the event horizon is the last clue."
-3301"


what are the chances to find something like that on random??
to use some random part of some random pgp key someone posted and came from last year?
he is referring to that image
btw that image is publicly posted on few sites and all people from last year have it...

Code:
"I doubt not, i had coincidental sms4tor open at the moment so I gave it a try. What sort of verify you think of?"

this was his answer how he found it... sounds fake as hell

Clue people found by goggling Mandelbrot

http://www.butterflyeffect.ca/FractalCo ... heEdge.pdf

5.1.2013

Shit got real we have confirmed CICADA 3301 round 2
with PGPs and all that

http://i.imgur.com/BhjYK.jpg

Arrow Here is ourguess (stego tool) output.



book is http://www.sacred-texts.com/oto/engccxx.htm

Arrow applying book code to text produced this link

https://www.dropbox.com/s/r7sgebdtmzj14s/3301

File consist of LINUX boot CD
DATA FOLDER with 3 files
MP3 song


•Recording of what happens when you boot that linux CD

source code (contains legit PGP)

1.



2.



YouTube: Link

•Mp3 song:



YouTube: Link

Song is palindromic. As the twitter account number and numbers 3301 1033 where linux distribution stops for 2 seconds.

If you open MP3 in text editor you will found hidden poem in it

https://pastee.org/ujpxy

•DATA FOLDER:

Afbeelding

Number printed in final message in LINUX Boot sequence:

1231507051321 It is a beautiful PRIME, palindromic also

http://primes.utm.edu/curios/page.php/1 ... 51321.html


Arrow People found this twitter account.

https://twitter.com/1231507051321

If you fought through previous posts and you are still reading this you are probably interested in joining people who are solving the puzzle.

that are the people we seek for, since currently we are stuck on twitter account encrapted messageds, DATA folder and poem hidden in mp3 file.


You can find people solving it here:
chat http://webchat.freenode.net/?channels=#33012013


wiki:
http://uncovering-cicada.wikia.com/wiki/Status
http://uncovering-cicada.wikia.com/wiki/What_We_Know
http://uncovering-cicada.wikia.com/wiki ... icada_Wiki

I apologize, not much time to explain.
Quite hard to organize community since people expect it is rerouting based on last years experiences and arent really prepared to put enough energy in community and making player base efficient. Most players when they solve part of the puzzle dont have any interest to provide clues and procedures for others who will came in game later. But i guess things will get better with time.

Check new developments here:
http://uncovering-cicada.wikia.com/wiki ... GE_IS_DOWN

We are still
http://webchat.freenode.net/?channels=#33012013

And no it is not cult. At leatst i doesnt seem like it to me. Intention of that "religious" ( pastebin is to keep certain profile of people away from it. I think so at least. It certanly cause alto of people to say this is acult and disband it. Funny thing people who are in channel arent even remotely religious. Hackers community is better guess I think.
About "The Darkest Puzzle" from 2010/11 . I know nothing about it. I know about cicada 3301 in jan 2012 and cicada 3301 in jan 2013. Based on pastebins explaining a bit about nature and organization of Cicada 3301 i could suspect that they did many similar rerouting ARGs. Maybe worth checking if there is any connection.



Image made from tweeter feeds by xoring it with DATA files from dropbox link. There is hidden Outguess message in it. More in wiki. ^



Afbeelding


I will post few links to youtube videos that might motivate you to loog deeper into cryptography, PGP, RSA, TOR...

Apparently they believe in absolute freedom. Individual and the information. I can connect to that thought.


FEW LECTURES FROM C3 (hackers convention in Germany, similar to DEFCON)

Jacob Appelbaum 29C3 Keynote: Not My Department


Cory Doctorow: The coming war on general computation [28C3]


29C3 Panel: Jesselyn Radack, Thomas Drake, William Binney on whistleblowing and surveillance

^ shocking stories from converted Americans that decided not to work for the dark side anymore. Former attorney, spy plane pilot and nsa agent confessions.

FactHacks RSA security and prime factorization[29c3]


How governments have tried to block Tor [28C3]



2 SHORTER VIDEOS

Keiser Report: Happy Hacking! (ft. Richard Stallman) (E344)
<--Stallman nicely explaining why hackers arent bad, why anonymous arent evil and why ddosing sholdnt be illegal


Gambling with Secrets: Part 2/8 (Prime Factorization)
cryptography basics and why primes are so important


Second image we xored from DATA files and mp3 from dropbox CD

Afbeelding

one more video

Growing State Surveillance: National Security Agency Whistleblower William Binney (April 20, 2012)



Top comment:

Code:

TheFortressAmerica 4 months ago

By watching this we are all in the database. Welcome to the party! I'll bring the doritos and beer.

Afbeelding

source CICADA OS splash screen.

DIAGRAM WITH CURRENT PROGRESS
http://i.imgur.com/qR9by.png 1000px width
http://i.imgur.com/J4WRL.jpg 2000px width

Afbeelding


DIAGRAM UPDATED

green rope knots are loose ends

We got additional clue on onion 2 (onion ver 2.2)



But it is basically telling us we are missing something.

So now we have two esoteric messages like this.


Afbeelding

Along with old ones:

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@1231507051321

The key is all around you.

Good luck.

3301

-----BEGIN PGP SIGNATURE-----



Poem hidden in mp3
Code:

The Instar Emergence

Parable 1,595,277,641
Like the instar, tunneling to the surface
We must shed our own circumferences;
Find the divinity within and emerge.


Other loose ends are missing primes, wisdom/folley files, png image, GEMATRIA PRIMUS CHART, 560.17 file

Twin primes, palindromes ,emirps and Rhonda Numbers are special numbers we found until now and alot of all present primes.
Samenvatting pagina 1 van dat bewuste topic.

In de posts hierna nog wat info van datzelfde topic, echter de andere pagina's.
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 21:41

Pagina 2 van datzelfde topic samen gevat:
we have new toy and dead drop locations


MURALLY http://mrl.li/X2p8Ry

NEW ONION PAGE:
Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Well done. You have come far.

pklmx2eeh6fjt7zf.onion

Good luck.

3301


-----BEGIN PGP SIGNATURE-----


DEAD DROP LOCATIONS


OKINAWA

26.41968, 127.73254


https://maps.google.com/maps?oe=utf-8&c ... CDIQ8gEwAA


Afbeelding

Afbeelding

MARYLAND

38.977845, -76.486451

https://maps.google.com/maps?hl=en&clie ... CC8Q8gEwAA


Afbeelding


Afbeelding

Annapolis Maryland

WE ARE EXPECTNG POSTERS LIKE LAST YEAR



We got two more locations OREGON AND TEXAS




we got the first code from Oregon


Afbeelding

Afbeelding

more:
http://uncovering-cicada.wikia.com/wiki ... m_Portland
http://point-at-infinity.org/ssss/

New drop found on okinawa:
We need 5 of them to succesfully decrypt the messsage: http://point-at-infinity.org/ssss/

Afbeelding

STATUS

GOT IT:


"+1 626-586-1033 Access: Y F"

CALL

https://www.dropbox.com/s/1s5scffk5n5by70/WS_10001.WMA
Transcription : Dataset 13 : Offset 37861 : Data : f286b8438cb85eb191ec7bf10a28a54ec06f9a27eb91c5





(17.1.2013 04:50 GMT) WE GOT REPORT FROM OKINAWA:

Be advised, we've conducted a sweep of the objective and
recovered one document.
Document reads as follows: +1 626-586-1033 Access: Y F

http://i50.tinypic.com/4q3f60.jpg
http://i45.tinypic.com/25yxj4j.jpg


http://uncovering-cicada.wikia.com/wiki ... m_Portland <--explanation what we are doing with posters to found new onion pages on TOR

Afbeelding

NEW DROPS: we need people in Columbus GA and Greenville TX


Columbus GA

Last-Modified: Thu, 17 Jan 2013 20:30:01 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

32.478944, -84.983674
-----BEGIN PGP SIGNATURE-----

POSTED on onion : Thu, 17 Jan 2013 20:30:01 GMT
MAP:
http://goo.gl/maps/wSNwS
http://prntscr.com/pir9n
Street view:
http://prntscr.com/pisbj
http://goo.gl/maps/VvDln
PGP:
http://prntscr.com/piruf
PGP TIMESTAMP: 17. 1. 20:28

Afbeelding


Greenville, Texas.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

33.092817, -96.08265
-----BEGIN PGP SIGNATURE-----

https://maps.google.com/maps?q=33.09281 ... 2&t=h&z=18


TIME POSTED: Thu, 17 Jan 2013 12:51:25 GMT

http://www.anonpaste.me/anonpaste2/inde ... YknMpqjgY=



PGP:http://prntscr.com/pgtd6

PGP time: 15.1. 20:50


map:

Afbeelding


No need we have Columbus already

Found posters do far:

Greenville, Texas (retrieved)
OKINAWA (retrieved)
Annapolis,MARYLAND (torn down)
Portland OREGON (retrieved)
Columbus GEORGIA (retrieved)

You can find info in wiki
http://uncovering-cicada.wikia.com/wiki ... us_GEORGIA

Afbeelding


---------------------------------------------------------------------------


MORE NEWS


This coords are coming from this onion adress:
http://pklmx2eeh6fjt7zf.onion

http://pklmx2eeh6fjt7zf.onion.to if you dont have TOR


WE HAVE THREE NEW LOCATIONS

Russia, Moscow

55.793765, 37.578608
http://goo.gl/maps/nE8tx

Afbeelding

Granada, Spain

37.182685, -3.605801
http://goo.gl/maps/VjV6p

Afbeelding

Little Rock, Arkansas

34.7477910, -92.2690863
http://goo.gl/maps/Y03X7

Afbeelding


Another NEWS

WE got all 5 codes necessary to solve SSSS message.

http://point-at-infinity.org/ssss/
http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing


Result was surprising onion page with test that allows us to submit out email to CICADA 3301.

If you want to participate:
http://uncovering-cicada.wikia.com/wiki/SSSS_Code_List

Let this Pastebin be your guide to the depths :

<-----ALL 5 NEEDED CODES
(if you participate, please do not publish onion link with submit email form and test, keep it a bit hidden so people have to at least decode it for themself, it is really not hard)

Afbeelding

No FL for now. But we expect at least two more drops. We found poster in Moscow and Arkansas
We are still working on Spain one.

Ru and US posters had phonenumbers with same set of SSSS codes as previous posters, leading to submit email and pass test page.
No emails from cicada were received yet.
If you decided to pass the test and dont know how to create PGP certificate for your email here is tha link with all information you need.

http://uncovering-cicada.wikia.com/wiki ... PGP_KEY%3F

And yes you need to create it and upload it to MIT server, if you dont you wont be able to decrypt message Cicad will send you back.

Onion for test page:
p7amjopgric7dfdi.onion (it works in clearnet without tor if you use .to; p7amjopgric7dfdi.onion.to)

Retrieved Drops:
Moscow:

Afbeelding

http://uncovering-cicada.wikia.com/wiki/Moscow_RUSSIA

Arkansas


Afbeelding


http://uncovering-cicada.wikia.com/wiki ... kansas,_US

things are strictly technical now, we have to build TCP server with half dozen of different functions, and put it on TOR...

not sure if i can publish it but what the hell:

http://www.anonpaste.me/anonpaste2/inde ... P0vqOaEtM=

I resigned, not competent enough to help you atall, but you are free to join us on IRC and ask other people to help you.

But yes you have to put that TCP server up and send onion address to 3301 so they can check it and leave next instructions to you.

http://webchat.freenode.net/?channels=33012013

IRC channel is still up and running as before.
Wiki is not updated anymore since people now work individually.
Hierna zal ik pagina 3 ook nog even samenvatten.
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 21:45

En hier de samenvatting van de derde pagina van datzelfde topic:

i would agree

none reported any real visit apart for some random short connections, we have no idea where they came from

its hard to imagine that some bots would be able to find onion addresses by random

but you never know what china is up to




People started to get visits on TCP servers after one month of Cicada going dark.

http://uncovering-cicada.wikia.com/wiki ... icada_Wiki

Also Wind visited our IRC one day ago, Wind is nutorious character that played important role on IRC during Cicada 3301 in 2012 puzzle. Winds affiliation to 33301 was never confirmed.

Posting two quotes from LOGs that are showing little insights in how cicada is organized.

Afbeelding

Afbeelding

I ll just add some things here that would maybe interest people reading this thread.

We are still hanging around in #33012013 on freenode IRC. You can find us there. Just idle for an hour or two if nobody answers, sooner or later someone will answer.

Nobody admitted that he was recruited in 2013, it looks just like 3301 went dark, but it is also possible that some were contacted but didnt tell about it.

Few more people who were invited in 2012 stopped in channel and complained that they lost contact to 3301 when their onion board disappeared.

Here are some logs of most interesting perts of that:


http://sebsauvage.net/paste/?459f0f4bf6 ... NzlPiw0Z4=

Some of them shared few things from inner organization of "0H brood" as 2012 group was called.

Here are screenshots of other people on other forums complaining about loosing contact with 2012 group, from hackforums:

Afbeelding

Our wiki is still being edited and it is slowly getting some decent form: http://uncovering-cicada.wikia.com/wiki ... icada_Wiki

There is page on wikipedia also: http://en.wikipedia.org/wiki/Cicada_3301






Maybe interesting:

Someone is posting images of CICADA 3301 logo stickers on 4chan /x/ recently. There is thread about 3301 on it every few weeks.

Pictures (we found 3 for now) and archived threads can be found here:
(note: we do not know who is publishing this, in #33012013 nobody admits being op of those threads)

http://uncovering-cicada.wikia.com/wiki ... da_Sticker

http://uncovering-cicada.wikia.com/wiki ... ember_2013


Afbeelding

Recent article in The Telegtaph (telegraph.co.uk)

http://www.telegraph.co.uk/technology/i ... ffled.html

sparked new interest in 3301.

Here are some articles:

http://uncovering-cicada.wikia.com/wiki ... a_exposure

Tja en nu zal ik in de posts hieronder trachtten nog wat meer informatie te vergaren en dan ben ik benieuwd of als we ons een beetje gaan verdiepen in de materie hier op QFF, of wij bij machte zijn om in 2014 eens mee te gaan zoeken door middel van dit actieve topic hier op QFF.

Daar waar het noodlot ons heen zal brengen toch? ;)
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 21:53

Hier nog een mooie samenvatting, deels met de zelfde maar ook met nieuwe en aanvullende informatie:

Lately there has been a lot of attention about the Cicada 3301 puzzles, and my work on them, after this article:
The internet mystery that has the world baffled

For more information about Cicada 3301 and my solutions for the 2012 challenge, keep on reading…

If these kinds of puzzles and challenges interest you, you might also be interested in looking at the old GCHQ challenge:
GCHQ: solve the online code, become a real-life spy

My solutions for that challenge are available here:
http://www.clevcode.org/canyoucrackit-c ... -solution/

Note that the GCHQ challenge is a bit more technical in nature than the Cicada 3301 puzzles, so it might not be for everyone. ;)

More about me, what I do and the services I offer:
http://www.clevcode.org/about/

My CV is available here:
http://www.clevcode.org/cv.pdf

/ Joel Eriksson <je at clevcode dot org>

Update (2013-11-29):

I think this is probably an imposter, rather than the real Cicada, but I got a cryptic message after the article in Daily Telegraph, from someone calling himself Tibiceninae (the name of a cicada subfamily)… Unfortunately I don’t have the time to look into it much deeper myself at the moment, but I have collected my notes on it so far here: https://1k.io/3301/

On January 4th 2012, an image was uploaded to various image boards, possibly originating at the infamous /b/ board at 4chan. When I came across it, I didn’t think much of it at first, but still decided to look into it just in case it turned out to be interesting. I have always had a hard time resisting a challenge. This is the image that was posted:


Afbeelding


My first thought was that it used steganography to hide a message, and since it was a JPEG image I tried using stegdetect by Niels Provos in case one of the detectable schemes was used. Since stegdetect have not been updated in almost 7 years, I didn’t really get my hopes up that high though, but it is always worth a try. ;) The result can be seen below:

je@isis:~/3301/stage_1$ stegdetect 3301.jpg
3301.jpg : appended(61)<[nonrandom][ASCII text][TIBERIVS CLAVDIV]>
It did not detect any of the common steganographic schemes, but notified me of 61 appended bytes of ASCII text. Since my next move would have been to use “strings”, I would have discovered this anyway, but stegdetect was kind enough to tell me directly instead. :) So, let’s see what we have:

je@isis:~/3301/stage_1$ tail -61c 3301.jpg
TIBERIVS CLAVDIVS CAESAR says "lxxt>33m2mqkyv2gsq3q=w]O2ntk"
This is quite obviously a shift cipher of some sort (also known as a Caesar cipher), with “lxxt>33″ being the ciphered version of “http://”. A shift cipher replaces each letter in the plaintext with a letter (or in this case, arbitrary ASCII character) with a letter a certain number of positions down the alphabet. So, let’s compare the ASCII values for the cipher text with the ASCII value of the supposed plaintext to see what the shift value is:

je@isis:~/3301/stage_1$ perl -e 'print ord("h")-ord("l"),chr(10)'
-4
In this particular case, this might have been a bit overkill, since we could just as well have manually counted the distance between h and l in the alphabet. ;) It is probably not a coincidence that Claudius happens to be the 4th Emperor of the Roman Empire, and the shift value happens to be 4, either. To decipher this, a perl oneliner is enough:

je@isis:~/3301/stage_1$ echo "lxxt>33m2mqkyv2gsq3q=w]O2ntk" | perl -pne 'chomp;s{(.)}{chr(ord($1)-4)}sgex;$_.=chr(10)'

http://i.imgur.com/m9sYK.jpg
The image at the URL above can be seen below:


Afbeelding


It seems like the challenge is a bit harder than a caesar cipher after all. Note that the message contains the words “out” and “guess” though, which could be a hint that we are actually supposed to use the old OutGuess tool to extract the hidden message. Incidentally, OutGuess is also developed by Niels Provos and is available for download from the same site as stegdetect (http://www.outguess.org/). Unfortunately, it seems like stegdetect is only able to detect when the older OutGuess 0.13b has been used and not OutGuess 0.2 (from 2001!). :D

Using outguess 0.2 with the -r option immediately reveals the hidden message in the original image:

je@isis:~/3301/stage_1$ outguess -r 3301.jpg 3301.txt
Reading 3301.jpg....
Extracting usable bits: 29049 bits
Steg retrieve: seed: 228, len: 535
The hidden message can be found here.

Now things are actually getting interesting. Although the challenge have not been required any particularly advanced skills yet, someone has obviously been putting some work into it. The hidden message says that we should go to the following URL: http://www.reddit.com/r/a2e7j6ic78h0j/

The hidden message also includes a so called book code, consisting of a number of lines with two digits separated by a colon on each. The book and more information should be found at the URL above. Book ciphers are ciphers that use a book or a text of some sort as the key to encode a secret message. Traditionally, they worked by replacing words in the plaintext with the locations of words from a book, but in this case it seems more likely that the two digits separated by a colon in the code refers to a line and column number.

When visiting the Reddit page, we can make a number of observations. Most notably, there are a number of posts by the pseudonym CageThrottleUs that seem to consist of encoded text, which we can assume to be the book. It looks like an ordinary Caesar cipher may have been used, but on a closer look no shift value results in readable text. It seems most likely that a key of some sort is required to decode the text.

Looking closer on the page, we can see that the title is “a2e7j6ic78h0j7eiejd0120″. The URL itself is a truncated version of this. To the right, below the “subscribe” button, the title text is repeated and “Verify: 7A35090F” is written underneath. We can also see pictures of some mayan numbers on the top of the page. Mayan numbers are quite logical, at least from 0-19. A dot equals one, and a vertical line equals five. Two lines thus equals ten, one line with two dots equals seven (5 + 2) and so on. There is also a symbol resembling a rugby ball that equals zero. :)

The number sequence that is written using mayan numbers is as follows:
10 2 14 7 19 6 18 12 7 8 17 0 19

Comparing this with the a2e7j6ic78h0j7eiejd0120 in the title, we can see that numbers below 10 in the sequence above is also found in this string, at the same positions. Also note that instead of 10 we have “a”, instead of 14 we have “e”, and so on up to “j” being 19. Since the title of the page contains 23 characters and there were only 13 mayan numbers is is quite likely that we are supposed to continue converting characters from the title to numbers. This gives us:

10 2 14 7 19 6 18 12 7 8 17 0 19 7 14 18 14 19 13 0 1 2 0

This could very well be the key required to decode the text. Regarding the “Verify: 7A35090F”, it may refer to any number of things. A PGP key ID is, however, a good assumption since it consists of a 32 bit value normally encoded as eight hex characters and since PGP keys can be used to verify the signature, and thus the authenticity, of messages signed with a PGP key. This could be quite handy, in case the challenge goes on and in case people decide to drop false leads to the people working on it. So, let’s try to import the public key with the ID in question from one of the common PGP key servers:

je@isis:~$ gpg --recv-keys 7A35090F
gpg: requesting key 7A35090F from hkp server keys.gnupg.net
gpg: key 7A35090F: public key "Cicada 3301 (845145127)" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
The comment for the key mentions 3301, which was used as the signature in the original image. It also includes the word “cicada” and the number 845145127, which may turn out to be significant at a later stage. Note, for instance, that cicadas emerge from their hideouts under earth every 13 or 17 years depending on which kind. By emerging every N:th year, where N happens to be a prime number, cicadas actually minimize the possibility of synchronizing with the life cycles of birds and other animals that prey on them. Also note that 3301 is a prime, and that 845145127 has 3301, 509 and 503 as its prime factors.

je@isis:~$ factor 3301
3301: 3301
je@isis:~$ factor 845145127
845145127: 503 509 3301
When taking a closer look at the lines of encoded text posted to the reddit page, we also find two images. One named Welcome and the other one Problems?. By using OutGuess again, we find another couple of hidden messages:

je@isis:~/3301/stage_2$ outguess -r welcome.jpg welcome.txt
Reading welcome.jpg....
Extracting usable bits: 326276 bits
Steg retrieve: seed: 58, len: 1089
je@isis:~/3301/stage_2$ cat welcome.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From here on out, we will cryptographically sign all messages with this key.

It is available on the mit keyservers. Key ID 7A35090F, as posted in a2e7j6ic78h0j.

Patience is a virtue.

Good luck.

3301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPBRz7AAoJEBgfAeV6NQkP1UIQALFcO8DyZkecTK5pAIcGez7k
ewjGBoCfjfO2NlRROuQm5CteXiH3Te5G+5ebsdRmGWVcah8QzN4UjxpKcTQRPB9e
/ehVI5BiBJq8GlOnaSRZpzsYobwKH6Jy6haAr3kPFK1lOXXyHSiNnQbydGw9BFRI
fSr//DY86BUILE8sGJR6FA8Vzjiifcv6mmXkk3ICrT8z0qY7m/wFOYjgiSohvYpg
x5biG6TBwxfmXQOaITdO5rO8+4mtLnP//qN7E9zjTYj4Z4gBhdf6hPSuOqjh1s+6
/C6IehRChpx8gwpdhIlNf1coz/ZiggPiqdj75Tyqg88lEr66fVVB2d7PGObSyYSp
HJl8llrt8Gnk1UaZUS6/eCjnBniV/BLfZPVD2VFKH2Vvvty8sL+S8hCxsuLCjydh
skpshcjMVV9xPIEYzwSEaqBq0ZMdNFEPxJzC0XISlWSfxROm85r3NYvbrx9lwVbP
mUpLKFn8ZcMbf7UX18frgOtujmqqUvDQ2dQhmCUywPdtsKHFLc1xIqdrnRWUS3CD
eejUzGYDB5lSflujTjLPgGvtlCBW5ap00cfIHUZPOzmJWoEzgFgdNc9iIkcUUlke
e2WbYwCCuwSlLsdQRMA//PJN+a1h2ZMSzzMbZsr/YXQDUWvEaYI8MckmXEkZmDoA
RL0xkbHEFVGBmoMPVzeC
=fRcg
-----END PGP SIGNATURE-----
je@isis:~/3301/stage_2$ gpg --verify welcome.txt
gpg: Signature made Thu 05 Jan 2012 04:46:03 AM CET using RSA key ID 7A35090F
gpg: Good signature from "Cicada 3301 (845145127)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6D85 4CD7 9333 22A6 01C3 286D 181F 01E5 7A35 090F
je@isis:~/3301/stage_2$ outguess -r problems.jpg problems.txt
Reading problems.jpg....
Extracting usable bits: 256999 bits
Steg retrieve: seed: 194, len: 1041
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The key has always been right in front of your eyes.

This isn't the quest for the Holy Grail. Stop making
it more difficult than it is.

Good luck.

3301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPCBl3AAoJEBgfAeV6NQkPo6EQAKghp7ZKYxmsYM96iNQu5GZV
fbjUHsEL164ZLctGkgZx2H1HyYFEc6FGvcfzqs43vV/IzN4mK0SMy2qFPfjuG2JJ
tv3x2QfHMM3M2+dwX30bUD12UorMZNrLo8HjTpanYD9hL8WglbSIBJhnLE5CPlUS
BZRSx0yh1U+wbnlTQBxQI0xLkPIz+xCMBwSKl5BaCb006z43/HJt7NwynqWXJmVV
KScmkpFC3ISEBcYKhHHWv1IPQnFqMdW4dExXdRqWuwCshXpGXwDoOXfKVp5NW7Ix
9kCyfC7XC4iWXymGgd+/h4ccFFVm+WWOczOq/zeME+0vJhJqvj+fN2MZtvckpZbc
CMfLjn1z4w4d7mkbEpVjgVIU8/+KClNFPSf4asqjBKdrcCEMAl80vZorElG6OVIH
aLV4XwqiSu0LEF1ESCqbxkEmqp7U7CHl2VW6qv0h0Gxy+/UT0W1NoLJTzLBFiOzy
QIqqpgVg0dAFs74SlIf3oUTxt6IUpQX5+uo8kszMHTJQRP7K22/A3cc/VS/2Ydg4
o6OfN54Wcq+8IMZxEx+vxtmRJCUROVpHTTQ5unmyG9zQATxn8byD9Us070FAg6/v
jGjo1VVUxn6HX9HKxdx4wYGMP5grmD8k4jQdF1Z7GtbcqzDsxP65XCaOYmray1Jy
FG5OlgFyOflmjBXHsNad
=SqLP
-----END PGP SIGNATURE-----
je@isis:~/3301/stage_2$ gpg --verify problems.txt
gpg: Signature made Sat 07 Jan 2012 11:07:51 AM CET using RSA key ID 7A35090F
gpg: Good signature from "Cicada 3301 (845145127)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6D85 4CD7 9333 22A6 01C3 286D 181F 01E5 7A35 090F
The messages verifies both our assumptions, since they are indeed signed using the key ID 7A35090F and since the second one specifically says that the key “has always been right in front of your eyes”. In other words, it is likely to consist of the numbers we discovered being encoded as characters in the title of the page. The first message also specifically states that all messages from now on will be signed using the PGP key with ID 7A35090F.

All that remains now is to figure out which encoding scheme has been used so that we can apply the key to the text. Since a shift cipher was used in the original image (although it was used as a decoy), perhaps the numbers are different shift values. In other words, for each line of text, shift/rotate the first letter ten steps in the alphabet, rotate the second letter two steps, the third letter 14 steps, and so on, to get the plaintext. Implementing this in C results in the following:

je@isis:~/3301/stage_2$ cat decipher.c
#include <stdio.h>
#include <ctype.h>

int main(void)
{
unsigned char key[] = {
10, 2, 14, 7, 19, 6, 18, 12,
7, 8, 17, 0, 19, 7, 14, 18,
14, 19, 13, 0, 1, 2, 0
};
int c, i = 0;

while ((c = getchar()) != EOF) {
if (isalpha(c)) {
int base, off;
if (isupper(c))
base = 'A';
else
base = 'a';

off = c - base - key[i++ % sizeof(key)];
if (off < 0)
off += 26;

c = base + off;
} else if (c == '\n')
i = 0;

putchar(c);
}

return 0;
}
je@isis:~/3301/stage_2$ gcc -o decipher decipher.c -O -Wall -ansi -pedantic
je@isis:~/3301/stage_2$ head -3 reddit.txt
Ukbn Txltbz nal hh Uoxelmgox wdvg Akw; hvu ogl rsm ar sbv ix jwz
mjotukj; mul nimo vaa prrf Qwkkb aak kau ww Ukpsf, ogq Kzpox vvl luf
yh Qsrjfa, hvu Ktp hzs lbn ph Kipsy; ttv Sdmehpfjsf tad igr
je@isis:~/3301/stage_2$ ./decipher < reddit.txt | head -3
King Arthur was at Caerlleon upon Usk; and one day he sat in his
chamber; and with him were Owain the son of Urien, and Kynon the son
of Clydno, and Kai the son of Kyner; and Gwenhwyvar and her
The file “reddit.txt” consists of the lines posted to the reddit page so far, in the order that they have been posted. Note that this is not in the exact order that they are shown on the reddit page. As you can see, our assumption was correct and we can now decipher every line of text that has been posted, and try to apply the book code that we got in the message hidden in the original image.

Using a small bash script, we can apply the book code to the text from reddit to retreive yet another hidden message:

je@isis:~/3301/stage_2$ ./decipher < reddit.txt > reddit-deciphered.txt
je@isis:~/3301/stage_2$ cat reddit-decode.sh
#!/bin/bash

while read line; do
row=`echo $line | cut -d: -f1`
col=`echo $line | cut -d: -f2`
head -n$row reddit-deciphered.txt | tail -n1 | head -${col}c | tail -1c
done < bookcode.txt
echo
je@isis:~/3301/stage_2$ ./reddit-decode.sh
Call us at us tele phone oumBer two one four thsee nine oi nine si oh ihht
Although we can easily see which phone number is being refered to, it’s obvious that the output is a bit garbled. For the sake of completeness, let’s look into what the cause might be. The first letter that is garbled is the “n” in number that has been turned into an “o”, then the “r” in three which have been turned into an “s” and so on. The upper case “B” may have been intended though, although it seems a bit off. There is actually a lower case “b” on the same line that is used for encoding the upper case “B”, but the upper case one comes first.

When looking at the line corresponding to the “n” turning into an “o” (line 26, column 65), we can see that there is actually an “n” right before the “o” at column 65 (from the name “Kynon”). Looking further down, at the line corresponding to the “r” turning into an “s” (line 48, column 43), we can see that the expected “r” is right before “s” on this line as well (from the word “daggers”).

Another thing in common for these particular lines of text is that they include a period somewhere before the character that has been decoded incorrectly. If we assume that periods, which end sentences, should count as two characters instead of one when applying the book code we get this, which looks a bit neater:

je@isis:~/3301/stage_2$ perl -i -pne 's/\./. /g' reddit-deciphered.txt
je@isis:~/3301/stage_2$ ./reddit-decode.sh
Call us at us tele phone numBer two one four three nine oh nine six oh eight
So, to continue the challenge we need to call the (214) 390-9608, a Texas based phone number. Whoever is behind this challenge, they have obviously put some effort into it. :)

When calling the number, one is (or rather, was, the number has now been deactivated) greeted by the following message:
“Very good. You have done well. There are three prime numbers associated with the original final.jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com to find the next step. Good luck. Goodbye.”

When examining the PGP key, we already noted that it included the number 845145127 in the description, and that this is the product of 3301, 503 and 509. When looking at the metadata for the original image, we also note this:

je@isis:~/3301/stage_1$ exiftool 3301.jpg | grep 50[39]
Image Width : 509
Image Height : 503
Image Size : 509x503
Seems like we’ve solved this stage as well, now let’s head to http://845145127.com/ to find the next part of the challenge. :) When I first arrived at the http://845145127.com/ site, it just displayed an image of a cicada and a countdown. Using OutGuess again, the following signed message could be extracted from the cicada image:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You have done well to come this far.

Patience is a virtue.

Check back at 17:00 on Monday, 9 January 2012 UTC.

3301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPCKDUAAoJEBgfAeV6NQkPf9kP/19tbTFEy+ol/vaSJ97A549+
E713DyFAuxJMh2AY2y5ksiqDRJdACBdvVNJqlaKHKTfihiYW75VHb+RuAbMhM2nN
C78eh+xd6c4UCwpQ9vSU4i1Jzn6+T74pMKkhyssaHhQWfPs8K7eKQxOJzSjpDFCS
FG7oHx6doPEk/xgLaJRCt/IJjNCZ9l2kYinmOm7c0QdRqJ+VbV7Px41tP1dITQIH
/+JnETExUzWbE9fMf/eJl/zACF+gYii7d9ZdU8RHGi14jA2pRjc7SQArwqJOIyKQ
IFrW7zuicCYYT/GDmVSyILM03VXkNyAMBhG90edm17sxliyS0pA06MeOCjhDGUIw
QzBwsSZQJUsMJcXEUOpHPWrduP/zN5qHp/uUNNGj3vxLrnB+wcjhF8ZOiDF6zk7+
ZVkdjk8dAYQr62EsEpfxMT2dv5bJ0YBaQGZHyjTEYnkiukZiDfExQZM2/uqhYOj3
yK0J+kJNt7QvZQM2enMV7jbaLTfU3VZGqJ6TSPqsfeiuGyxtlGLgJvd6kmiZkBB8
Jj0Rgx/h9Tc4m9xnVQanaPqbGQN4vZF3kOp/jAN5YjsRfCDb7iGvuEcFh4oRgpaB
3D2/+Qo9i3+CdAq1LMeM4WgCcYj2K5mtL0QhpNoeJ/s0KzwnXA+mxBKoZ0S8dUX/
ZXCkbOLoMWCUfqBn8QkQ
=zn1y
-----END PGP SIGNATURE-----
Just like before, the message is signed using the Cicada 3301 key. The challenge so far have been a quite fun, and rather different, experience and I’m looking forward to see what comes next.

When the countdown was finished, at 17:00 UTC January 9 2012, it was replaced by strings of digits resembling GPS coordinates. Also, the image of the cicada now contained another signed text containing the same GPS coordinates as on the web page, except for two that were only on the webpage (37.577070, 126.813122 and 36.0665472222222, -94.1726416666667):


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

52.216802, 21.018334
48.85057059876962, 2.406892329454422
48.85030144151387,2.407538741827011
47.664196, -122.313301
47.637520, -122.346277
47.622993, -122.312576
37.5196666666667, 126.995
33.966808, -117.650488
29.909098706850486 -89.99312818050384
25.684702, -80.441289
21.584069, -158.104211
- -33.90281, 151.18421
3301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPChn7AAoJEBgfAeV6NQkPZxMP/05D9TkSpwRaBXPqYthuyqxx
uo+ZDyr/yVIlAdurTBiWb3aGxKJjtWg/vlcHcatK0TGL2qaHwB/FFZQAaqOyU7Zf
DXdpWr8PWoWhpWNYUK8IrOaYu1SmWlJnkTdUSzGrX0lbwjwMmJJoPNS7CJuO6MaA
2GIwpv2G7lYqnH3xeX3kzGlPMsVb/wucKRjobsbdbreh1SNuQuRnhfe4s+oHTTqs
XjtGL/VhBI0DUAdfLqW7z4C+Gvbx6okC8x5Sj2N2UTJOiyMYXz5+QyHoA6fo9g5V
6zodNpx/RvxuZP2Ssc9TqERgTo5FjRBpON1vjDalHgg0H2Fus2LK3gh+NZfj1i5b
Oqa4Cqd9epI2pe+glXn86j9crS+2BEAr1cguqAFepvI9sdFEornDja4VXwDtUdM8
9hMVkU5NiTUYfvxZbL6W7rHIF7wxjGUwpe1ViuixG+cKNfv0enrt60PrtDByBOWI
9LLIUE0cB5HDT1xrczZ/55CtuM3Zf07/l0nLFdmgR0oa8KUA9gWcPs6S1EpBa185
VcyOTqbpIPiT8neiJEkXarbJeFk15m1P73Fr8XZxdj7EHK0aOwGYcc8e4PmW/dSh
gcrSNXiePCbcRVRD2n9L47C0LkNyRpoBkmjvtpcRyp5ISe+0xcx/QI+gc1lkSijC
89qV+ymCHae1RiSDxVbd
=ZJ37
-----END PGP SIGNATURE-----
Using Google Maps (maps.google.com) I could search for each of these locations, and in most cases even get a street view. The locations were spread out around the world without any obvious connection (USA, Poland, France, South Korea and Australia), except for perhaps each of them being home to some talented hackers. At this point I thought it would be the end of the game for me, since I am far away from all of these locations.

I was still very curious on how the challenge would continue though, and found that there are groups of people working on this from all over the world. One of these groups had set up an IRC channel at n0v4.com, and managed to get people to check out the locations at the specified GPS coordinates. What they found was notes attached to lightpoles, with the cicada image and a QR code. When scanning the QR code, they got image URLs with a black and white image of a cicada and the text “everywhere” and “3301″. Each image also contained a hidden signed message. Even though there were 14 locations, only two different messages were used though.

One of them had with the following text at the top of the message (full message here):

In twenty-nine volumes, knowledge was once contained.
How many lines of the code remained when the Mabinogion paused?
Go that far in from the beginning and find my first name.
The other one had this text (full message here here):

A poem of fading death, named for a king
Meant to be read only once and vanish
Alas, it could not remain unseen.
They both also included a 22 line book code. Both of them included the text “the product of the first two primes” at line 3 and 15, and one of them also included the text “the first prime” at line 8. This probably means that the characters on these positions should be replaced with the numbers described. Note that the definition of a prime number is a natural number greater than 1, with no positive divisors other than 1 and itself. This means that the first two prime numbers are two and three.

The three lines of text in each message seemed likely to be a hint to which book/text to use as the key for the included book code. By googling for some keywords in the second message (poem fading death read only once vanish), the Wikipedia entry for a 300-line poem by William Gibson is among the first hits. The poem is called Agrippa (a book of the dead) and according to Wikipedia “Its principal notoriety arose from the fact that the poem, stored on a 3.5″ floppy disk, was programmed to erase itself after a single use; similarly, the pages of the artist’s book were treated with photosensitive chemicals, effecting the gradual fading of the words and images from the book’s first exposure to light.”. This fits the description perfectly.

When googling for william gibson agrippa, the first hit is http://www.williamgibsonbooks.com/source/agrippa.asp. Taking this text, including line breaks, as the key for the book code results in the following:

je@isis:~/3301/stage_3$ cat agrippa-decode.sh
#!/bin/bash

while read line; do
if [ "$line" = "the product of the first two primes" ]; then
echo -n 6
else
row=`echo $line | cut -d: -f1`
col=`echo $line | cut -d: -f2`
head -n$row agrippa.txt | tail -n1 | head -${col}c | tail -1c
fi
done < agrippa-code.txt
echo
je@isis:~/3301/stage_3$ ./agrippa-decode.sh
sq6wmgv2zcsrix6t.onion
Judging by the “.onion” at the end of the string, this is actually an anonymous hidden service in the Tor network. Unfortunately, by the time I arrived at this stage the Tor service was not available anymore. 3301 had concluded the last couple of messages with “You’ve shared too much to this point. We want the best, not the followers. Thus, the first few there will receive the prize.”, so it was probably first come first served. The ones who were lucky enough to arrive in time (most of which did not solve much or any of this challenge themselves, since people were sharing their solutions) got to enter their e-mail addresses and were informed that they would be contacted in few days.

By this time, someone noticed that the DNS entry for 845145127.com had been removed. By using the IP (75.119.203.244) it was found that the page that recently had GPS coordinates had changed yet again, to a seemingly empty page. On a closer look it turned out to consist entirely of spaces, tabs and linebreaks. Since every line contained a multiple of eight spaces/tabs, it seemed likely to be a plain binary code. This was confirmed by:

je@isis:~/3301$ wget -q -O- http://75.119.203.244/ > 3301.html
je@isis:~/3301$ perl -pne 's/[^\s]//g;s/\t/0/g;s/ /1/g;s{([01]{8})}{chr(oct("0b$1)"))}sgex' < 3301.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

162667212858
414974253863
598852142735
876873892385
935691396441
316744223127
427566844663
644169769482
889296759263
963846244281
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPDRkvAAoJEBgfAeV6NQkPVuMP/3ZyAgwsko/B2T9Ew1yqAKVy
K9//wIWCRvMyZ4k79ApqvOJAlezgHTsAM8XG/I71bAG+2wMOXNJfTj/SFONEEbS5
BOp9UP7LHn1j3NKoESrDzsKd+u3oHoNnhs628aLrc8uDqbn/6DNUnObu5Tn3unu0
zZ3NjSs/A5QQX8O56RsK81eSJ2fifbr4NYfHBeUTeVe17nsr48WQI7qc9UVWlPsM
91FWsvhX+WohX8DyFWJmtz0lLvmh3jN+oE8WFPTVbcVCM+eiDt0TqkUNlmq/fxbd
X2Sbs8zMxDXNQWrw58TcSC6oLfXSXZnjh8uTMwrQ0tNdRXHDndgPiurXz62XjVjf
4AhSXBoXF9CHTOyGGEqvfNvFMKyz968iMZDXDNBrM8pkxx1xBHhAnoEznVpeMhII
+IfBTnV8x9lSNgFhmham5eEZlWvqRidqes8EAriqGA6uZokCq7X1IeMHo52ACWmP
2bJsCV5wZDc52c3JnwKe+cAcbsA4OWCNEH29lAsgFw5079BP8lkpY3AH2+8kqs0X
QvqsaMuUq5ZHEaZMgdD0VKYlRrKdhOiDjtJVxoXk1b7YBOV8dZZBXJbEIbTvaof4
yhgUObovx/VFGmsenp+j3nBCxgEO22SgNW3B3pN0yuIMCqccWEZ1nME/QOwLa85n
HOmElIXvK13Q9m545RtP
=Q1Fy
-----END PGP SIGNATURE-----
The message simply contains ten different 12 digit numbers. As it turns out, each of these correspond to image URLs such as: http://75.119.203.244/NUMBER.jpg

Each of these images contains a hidden message that can be extracted with outguess, and it turns out that it’s the same messages that could be extracted from the images found through QR codes on notes at the GPS-coordinates mentioned earlier. Turns out we didn’t have to be at one of those locations after all. :)

Regarding the remaining code, it is very likely to refer to the same .onion site as before. Just to be sure, and not to leave out any piece of the puzzle, it would be nice to solve that one too though.

My thoughts so far are these:

“In twenty-nine volumes, knowledge was once contained” may refer to the 11th edition of Encyclopedia Britannica, which consisted of exactly 29 volumes and that is now in the public domain and available for download since it was released back in 1910-1911.

Regarding “How many lines of the code remained when the Mabinogion paused?”, note that the text posted to the reddit page is from “The Lady of the Fountain”, which is the first out of eleven stories from medieval Welsh manuscripts in the collection called the Mabinogion. Also note that there was a pause for about 24 hours after the 65:th encoded line of text was posted to the reddit page. After that, new encoded lines have been posted about every 6th or 7th hour.

Assuming the code will continue until “The Lady of the Fountain” is finished, we will need to figure out the total number of lines in that story. To do that, we need to find the text that 3301 uses as their source, so that line breaks are placed on the same positions. After a bit of searching around it turns out that the source that 3301 uses is from Project Gutenberg (here). Blank lines are discarded, and lines with only one word on them are being appended to the preceding line. Applying those rules to the entire text of “The Lady of the Fountain” results in a total of 833 lines. Thus, the number of lines of code that remained when the Mabinogion paused is 833 – 65 = 768 (which also happens to be 512+256, but I guess that may be a mere coincidence after all).

Finally we have “Go that far in from the beginning and find my first name”, which could mean a number of things. My guess is that we should go 768 words, sentences, word definitions, characters or pages into the 11th edition of Encyclopedia Britannica. Question is where we are supposed to go from there, since it ends with “and find my first name”. By this, I assume we should only find a certain name at this particular position, and then from this name find the actual text to use as the key for the book code.

I also noticed that the code for this part only use 27 lines, with columns ranging from 1-66 and many columns being above 30-40. This rules out most poems, that usually don’t have long lines. It could very well be a text straight from the Encyclopedia Britannica, however. Due to the large number of possibilities I have not looked into it much further than this, and so far I don’t think anyone have come up with the solution for this particular puzzle. So, anyone up for it? :)

Bron: ->> http://www.clevcode.org/cicada-3301/
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 22:15

http://uncovering-cicada.wikia.com/wiki ... t_1_(2013)

Wederom een interessante samenvatting.

What Happened Part 1 (2013)

The Invitation

It had been exactly 366 days since the 2012 Cicada puzzle began. Nothing had happened in 11 months.
Until the 4th of January 2013, when a second image was posted to /x/
Hello again. Our search for intelligent
individuals now continues.

The first clue is hidden within this image.

Find it, and it will lead you on the road to
finding us. We look forward to meeting the
few that will make it all the way through.

Good luck.

3301
Insert formula here===Analysis of the image=== The image was processed by the steganographic tool outguess. This message was the result. A more analytic look reveals the use of a book cipher. To decrypt the message, one needs to find the text that was used for encrypting.
A book whose study is forbidden
Once dictated to a beast;
To be read once and then destroyed
Or you shall have no peace.
This poem, introducing the secret message, was a nudge towards the right text. After a bit of debate, the text that was used to encrypt the book cipher was discovered.

The Law (Liber AL vel Legis)

The book that was used to hide the message was Liber AL vel Legis by Alester Crowley. Also known as "The Book of Law ", it is available online, and can be found here . The first line I:1:6 points toward the 6th character of the first line in the first chapter, an 'h' in this case. It was assumed that spaces weren't counted. Punctuation, however, influenced the character chosen for the plaintext. During decrypting, we found that dashes were vital to the process, so we kept them in the plaintext. Using these rules, we encrypted the book cipher and came up with the decrypted message.
https:--www.dropbox.com-s-r7sgeb5dtmzj14s-3301
We agreed upon substituting the dashes with slashes and came up with a hyperlink.

The System

The hyperlink (mirror) directed to a dropbox address with a file of 130MB ready for download. After downloading, the file was analysed and a quick check for magic bytes (header bytes) revealed, that the offered file was an .iso image.

The image file was downloaded by multiple solvers and either burned to disc to run on a computer or opened in a virtual drive. Looking into its contents, we find three directories, "data", "boot" and "audio".
When booting from the image, a boot sequence appeared, printing a sequence of numbers to the screen. Investigating the sequence revealed, that the live image prints out all prime numbers up to 3301. There were temporary two-second pauses at 1033 and 3301, where it stops at the latter and moves to the second stage. The next, and last stage of the procedure is a screen that reads:

@1231507051321

The key is all around you.

Good luck.

3301

Further analysis of the live image turned up the routine responsible for the display of the prime numbers. It is a linux shell script (found here , for those interested), which, luckily, is human-readable. It does not calculate prime numbers, like some suggested, but connected the printing command with a sleep command. In most cases, the sleep time is 0.5 seconds. In case of the primes 1033 and 3301 however, the sleep time is 2 seconds, which manifested the relevance of those two numbers. Also, this clue said "you" not "we", differing from the last one in the choice of words.
Also found in the image was this PGP signature, which has been verified to be 3301's official signature released during the puzzle in 2012.

It is possible to interrupt the boot sequence by pressing CTRL+C. User "tc" is active and does not require a password, is in sudoers file with no prompt. `sudo ash` to raise to root. Further inspection revealed nothing that is not listed in this wiki.

The Music

The folder "audio" contained an audio recording. The title of the recording was "761.mp3" and can be downloaded here. The ID3 tags show us that the title of the file is "The Instar Emergence" and the artist "3301". The used instrument is a guitar, with distorting effects on it. On the track, a reversed guitar is played and amplified throughout. The song has been deconstructed and checked for hidden reversed messages, but as of yet has turned up nothing out of the ordinary. Some people claimed the key of the recording to be G#. You can listen to the song here:

Key points about the track is the initial 'breath' sound, believed to be the sound of many cicadas and the tempo changes, beginning at approximately 135 bpm, accelerating to 145bpm, then slowing to 125bpm. This has led some to believe that the song has been slowed down by 5%. The only identified instruments so far are a forward and reversed guitar and a heavily effect driven bass drum.
A draft spectral anlysis shows a constant hum at 15.4-16.1kHz, and empty notches under 500Hz starting from 1:56. A hexdump of the mp3 file revealed the following message:

The Instar Emergence

Parable 1,595,277,641
Like the instar, tunneling to the surface
We must shed our own circumferences;
Find the divinity within and emerge.

The original message had "\n" attached to the end of each line. This character sequence is used to indicate a new line in some programming languages. These were omitted due to the availability of proper formatting techniques.
The subgroup who were assigned the task of analyzing the poem/riddle above have speculated that circumferences might be a reference to perceived limitations rather than actual physical walls. "Find the divinity within and emerge" is most likely a reference to the divine ratio, or phi. Such shedding may also be a reference to the way Cicadas shed their shells.

It has also been pointed out that the song is 2:47 long, or 167 seconds, which is prime. It is also a reversal of the name of the file: 761.mp3, and 761 is also prime.

Meaning of Parable 1.595.277.641

The Twitter

While people still searched through the image to find more hints that may have been overlooked, somebody in the IRC found a twitter account which got our attention, to say the least. Multiple things were strange about that twitter. It fits the overall "style" of cicada, it was registered shortly after the first downloads of the live image and it had no followers. It was later found to be the reference on the boot CD to @1231507051321 (note: 1231507051321 is a palindromic prime number). The most striking thing about it though was the messages it tweeted.
Each tweet consisted of an offset, and 65 bytes of hex code. For example, the first message went like so:

0000000: b69ccce300104a464802545959580001008d0000ff8b6131616a6a632737293d3e322b3b3e3f263a203c0c4762677c326767713d73716d697b6e3000505b494e47

3301 appears to have used a bot to post the tweets at 5 minute intervals (up until 0:00 GMT Jan 7), then onto four minute intervals until 19:00 GMT Jan 7, where it was seemingly random up until 22:04 GMT Jan 7, where it moved onto two minute intervals. The twitter bot stopped posting tweets at 4:52 GMT on Jan 8.
The meaning of the tweets and the rest of the files left the solvers stumped for several hours. A full feed of the tweets is avaliable here.

The Gematria

After a day of fruitless searching, an IRC user did the impossible and solved the next puzzle. This user took the 761.mp3 file, and XORed it with the file produced by following the instructions in the twitter. The result was a .jpg file. It was possible to "pre"-construct the image resulting from the tweets. The .jpg file appears to be a rune table, consisting of three columns, named "Rune", "Letter" and "Value", and 29 entries. "Rune" contains, the actual rune character, "Letter" contains one or more plain text characters and "Value" contains a number. It is interesting to note that the numbers to be found in "Value" are all ascending primes, building the sequences of the first 29 prime numbers. As a member in the IRC pointed out, the runes stem from the Anglo-Saxon rune set, and the letters are in the order of the Anglo-Saxon runes. It was revealed that this is a fully-blown Gematria, which can be applied to different pieces of text to reveal interesting numbers. 'The Instar Emergence', for example, produces 761, which is the name of the file and the file's time signature reversed. It was soon discovered that this image, like the very first one, contained a hidden message, once again masked via OutGuess. The message itself can be found here. As in every message from Cicada, the content was followed by a GPG signature, which proved the authenticity of the message

The Onion Part 1 of 2

After finally getting a message from 3301, the solvers found that it was, to quote the IRC, 'Mostly Blank'. The message, it turned out, contained a mixture of tabs and spaces. The solvers converted this to binary, then again to ASCII, then they found the next message:
"Come to emiwp4muu2ktwknf.onion"

"We shall await you there."

"Good luck."

"3301"
A quick filler: emiwp4muu2ktwknf.onion is a website that can only be accessed through Tor, which is using a hidden service URL, similar to the last Cicada puzzle.
Upon visiting the website, the solvers were presented with the following message:

Note: the formatting may be a little off on your screen. Press control/command and - to view the full message.

Web browsers are useless here.


,+++77777++=:, += ,,++=7++=,,
7~?7 +7I77 :,I777 I 77 7+77 7: ,?777777??~,=+=~I7?,=77 I
=7I7I~7 ,77: ++:~+7 77=7777 7 +77=7 =7I7 ,I777= 77,:~7 +?7, ~7 ~ 777?
77+7I 777~,,=7~ ,::7=7: 7 77 77: 7 7 +77,7 I777~+777I= =:,77,77 77 7,777,
= 7 ?7 , 7~,~ + 77 ?: :?777 +~77 77? I7777I7I7 777+77 =:, ?7 +7 777?
77 ~I == ~77= +777 777~: I,+77? 7 7:?7? ?7 7 7 77 ~I 7I,,?7 I77~
I 7=77~+77+?=:I+~77? , I 7? 77 7 777~ +7 I+?7 +7~?777,77I
=77 77= +7 7777 ,7 7?7:,??7 +7 7 77??+ 7777,
=I, I 7+:77? +7I7?7777 : :7 7
7I7I?77 ~ +7:77, ~ +7,::7 7
,7~77?7? ?: 7+:77777, 77 :7777=
?77 +I7+,7 7~ 7,+7 ,? ?7?~?777:
I777=7777 ~ 77 : 77 =7+, I77 777
+ ~? , + 7 ,, ~I, = ? ,
77:I+
,7
:77
:

Welcome.

Telnetting in

The solvers soon found that web browsers were indeed useless, and that we would have to telnet into the website through the tor network. Some solvers did so, and they found that the website included an interactive shell. They could type in any number to have it factorized, 'count' to have it count up prime numbers, 'quit' to quit, and 'hello' to pump out an interesting message:

hello
A message for you:

0000000:2d2d2d2d2d424547494e20504750205349474e4544204d4553534147452d2d2d2d2d0a486173683a20534841310a0a20202020200a5665727920676f6f642e0a20
0000041:20200a596f75206861766520646f6e652077656c6c20746f20636f6d652074686973206661722e0a20200a7873786e616b73696374366567786b712e6f6e696f6e
0000082:0a20200a476f6f64206c75636b2e0a2020200a333330310a20202020200a2d2d2d2d2d424547494e20504750205349474e41545552452d2d2d2d2d0a5665727369
00000c3:6f6e3a20476e7550472076312e342e31312028474e552f4c696e7578290a0a69514963424145424167414742514a513653304841416f4a45426766416556364e51
0000104:6b502f4a3051414c44716133564a7939784c4c6c6749356a5068524970340a66786562624e6874454c4f4859466b44355a397a745159476c65376c4b504d386c6b
0000145:4d536e636949593035394b4969354e53545637493937734a626f473377740a6b6848745a674e52773176325751357575724375356c31772b38342f4c354a7a324e
0000186:6d456c784f427a57723638646c5159743271664251786b327a522f6654490a544c43454776465a746c6e724e66426b376a7349794a59635858506761625334376f
00001c7:5039764f45586c42312b506d30433775505042504e3761716b665550476c0a6f3166326873634a66374a65324476625a742b3665787859736d3537467039353358
0000208:414e41642f557046567a542f3835325867363367745a72492b536d66335a0a4256636a70437a7948337753385230694d2b7270303243774a704a7a7357474c7865
0000249:51476d584c325358424234337a565a414a716c355564584c5447586b62640a6e504d64332f43624a2b6c37724f305941673570334a66344b617558375a64365a63
000028a:3277484b4c4f76666a5176455758495931434d68493638426a30725a6f2f0a4d2f666933313346465450416d3678684b52762f74482f387756726172326a593777
00002cb:6e45385878685273793734415a35477141326f484d6566544171335975570a35505838733638324a34706b44554b48476134793635766a49703136706d45496e4d
000030c:414c4a4762777a366d7461754251716c53364152735166656b446e336f5a0a796f73532b675743336a6449764835733557555147566c376a797a3974342b335467
000034d:35635439526e367058324e564e585378677a585842346e493258727259610a346b517235615742386c737361763372796a3543673246486c312b4d4b4f30675976
000038e:2f554633515437354d6978514d75344d2b3577436e4e656b676675794f360a5a7679627a70347334537a526a6b6b39734d4d360a3d5759564f0a2d2d2d2d2d454e
00003cf:4420504750205349474e41545552452d2d2d2d2d0a
Offset: 3301, Skip: 0, Col: 65, Line: 16.

It was soon discovered that these ( ) messages could be turned into ASCII which created another message, again GPG signed by 3301. The message reads as follows:
Very good.

You have done well to come this far.

xsxnaksict6egxkq.onion

Good luck.

3301
This led to the second .onion address.

The Onion Part 2 of 2

Once the solvers had found the second .onion, the next logical step was to visit it. Upon arrival, they found the following:
Patience is a virtue.
Rumaging through the source code for the html, they found the following:
<html>
<head><title>3301</title></head>
<body>
Patience is a virtue.
<!-- which means, come back soon. -->
</body>
</html>
Soon afterwards, someone attempted to telnet into it, producing an error message which contained the address of the VPS on which the site was hosted. Promptly afterwards, the site was taken down.

The Clues

As the solvers patiently waited for more news about the second .onion, they continued to explore other options that they may have overlooked in the blind rush towards victory.

The Forrest

A new message was found by telnetting "hint" or "clue". And XORing result with _560.00 file from the DATA folder on 3301.txt CD image.
You can't see the forest when you're looking at the trees.

Good luck.

3301
Full Message:
https://pastee.org/2zae9
"hint" output:
https://pastee.org/tjdbs

The Difference

In Cicada OS the solvers found two files named Wisdom and Folly in ./tmp
http://codeseekah.com/cicada/folly

http://codeseekah.com/cicada/wisdom
Wisdom is exactly the same as folly, but appears to represent no file type.

The Primes

Telnetting 'primes' into the shell printed out a list of primes similar to the one on Cicada OS, but some primes were missing and two have extra spaces in front of them.
There were extra spaces between 29-31 and 3257-3259
And some missing primes between 71-1229

The missing primes are as follows:

73 79 83 89 97 101 103 107 109 113
127 131 137 139 149 151 157 163 167 173
179 181 191 193 197 199 211 223 227 229
233 239 241 251 257 263 269 271 277 281
283 293 307 311 313 317 331 337 347 349
353 359 367 373 379 383 389 397 401 409
419 421 431 433 439 443 449 457 461 463
467 479 487 491 499 503 509 521 523 541
547 557 563 569 571 577 587 593 599 601
607 613 617 619 631 641 643 647 653 659
661 673 677 683 691 701 709 719 727 733
739 743 751 757 761 769 773 787 797 809
811 821 823 827 829 839 853 857 859 863
877 881 883 887 907 911 919 929 937 941
947 953 967 971 977 983 991 997 1009 1013
1019 1021 1031 1033 1039 1049 1051 1061 1063 1069
1087 1091 1093 1097 1103 1109 1117 1123 1129 1151
1153 1163 1171 1181 1187 1193 1201 1213 1217 1223
You can use a hosted telnet service to access the tor website here.

The Onion, part 2.5 of 2

After this the 2nd Onion site finally reopened. The solvers got the following hint:
You already have everything you need to continue.
Sometimes one must "knock on the sky and listen to the sound."
Good luck.
This hint told the solvers that they needed to ping the website's IP address and listen to the reply. Each ping reply was laced with data bytes, which could be combined to make the following:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Well done. You have come far.

pklmx2eeh6fjt7zf.onion

Good luck.

3301


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJQ7vVDAAoJEBgfAeV6NQkP9x4P/31A5LPzIhkii8sBjuVxIcOn
4KFQO+uVVsR53zImSqlhq6iVAE9+Ko7vIqjD2whTIUFVYZNBq/92wEZJuCSonovH
HqYZTQihIS9d+QDuwUNvXr4ilrRmITKMrWw3D23rpWs6ZlnehuUDVI8unbN9Zi3h
3hvok3/+/FofLia9Kvbo+FIDi7T9NNRpqepgXd/6dQIP4kn63kKCP20QMdRf2fXF
ZLx5ADS14OvaNFNUAHTJ1qdkPYcdTiNDJkxqk1s82y2doGoEP0ChBUJxlyMiUVXn
1iLOwm2KNrf6If64KxEoetOraWqg9P6l3BjGVPCkrotB608SSs2Lihsa4B0ifI33
ABlpvSDIgpBu/zIO/WFYOfnnrtdvDpVP/Wy+pgqZJ/wOUuhJZhzi5vppjVCm/q9H
C/aXQxa+XXe7his4f9tuIBD1wIYAtnE8M0uDCsfiZjBaZNMnOO7/hOwnNQSBAMcr
KqL5yHSnpI50CtoA+6ycWZURBkrt1rt4eNxsCqQ1XWed/hWbqb6SlJJemJOPbbmt
V5D7iDUO+r2OIUEZTfCSjdzrXcJ8FLtqCGVaLJhCdsyirRHmURwkYLw/B8TpcJQz
qbY6oeDxDosIbE6uhDNV2RVKmpWqLDMhLGHVjkDjJpodE5L3ObbylWuRnHfFqfKH
1mubvMAGo03rxxlY+9XG
=6Sgs
-----END PGP SIGNATURE-----
The Onion, part 3 and 4 of 2

On the third Onion page the solvers recieved a message instructing them to 'standby for coordinates'. They prepared to visit the addresses which these would undoubtedly lead them to.
Each poster had a phone number on it as well as an access code. Note that each phone number either ends in 3301 or 1033.

Calling the phone number gave an automated speech asking for a code to be typed into the dialer. Solvers soon realised that they had to convert the access code given in the poster to it's gematrified format and type that in. Upon doing so the following message was given (it varied depending on location, this one was for Portland):
Dataset:13
Offset:12821

Data:28C07E1B102D4D5C4C1A376E064477E1416FCC94928765
The data, when XORed with the 560.13 (the 13 coming from the dataset) file from DATA, provided the user with a string of text, notably in this case "gbyh7znm6c7ezsmr.onion". It's important to note that each location gave a different onion address.
All in all, 6 of the locations had their codes recovered, while the seventh was not physically visited, but the phone number obtained by wardialing all numbers ending in 1033.

On each of these onion addresses (as listed in the table below), each solver was given an SSSS code, which stands for Shamir's Secret Sharing Scheme. A secret sharing scheme allows someone to share a secret with a certain number of people, who each get their own string. Once enough of these secrets come together, they can be combined to create the final secret. Each location, its SSSS code and some other data on each part is in the below table:

Location Coordinates Image Phone # Access code Message file / offset Message Onion SSSS
Dallas TX 33.092817, -96.08265 +1 205-396-3301 JD: 3789 17, offset 16433 (actually 33461) f6a2d0a48e1b1ae40cbd454f77baa7d2557683d0cd4998 y2wyuvrqraowagc5.onion 02-41cc481a51fe77f91600f593c1db2ce9babd2626ea6e
Okinawa Japan 26.41968, 127.73254 img +1 626-586-1033 YF: 1032 13, offset 37861 f286b8438cb85eb191ec7bf10a28a54ec06f9a27eb91c5 wzwmcwmsk5cb7gjn.onion 03-7678a5f6b72042d839151b34b02ffe161cf997fed484
Moscow, Russia 55.793765, 37.578608 img +1 928-237-3301 CR: 1311 13, offset 1111111 c657b2707c4266fda4af4a83acf19cc46e69540c0bc5da qw7mhchzvuq6f2mf.onion 05-fcd82965b6632ea25d80edc3e58baafb4b2938895cbd
Little Rock, AR 34.7477910, -92.2690863 img +1 719-428-3301 LM: 7167 13, offset 13831 5edb5e8029dd2182560da925ec6cd3e1257efc0b8328b4 4l6uipnstbggwjyv.onion 07-f3adb3aacb0b4336fa28178bc1e5edce940c16ce5caa
Annapolis, MD* 38.977845, -76.486451 *was not physically recovered +1 253-655-1033 PX: 4347 17, offset 77977 d5a6cb76e55a2166bd6a4d78857ec1f68ea6afa9738 erwfcsdvx6pm2rsk.onion 08-b970e507dbc4ac115a273126f62671654c480fce32e5
Portland, OR 45.50092, -122.652512 +1 424-999-1033 GH: 1723 13, offset 12821 28c07e1b102d4d5c4c1a376e064477e1416fcc94928765 gbyh7znm6c7ezsmr.onion 09-82a98a7fe06014f783b752506cf6cd1fabaa3d8b3750
Columbus, GA 32.478944, -84.983674 img +1 469-251-1033 NR: 2911 17, offset 617 d4b10626d65995e8fb010f4388787d56433f90c6df8d8d ll5afyskb6v6g7ga.onion
10-1668a611ba9fccddee2a0d8fd7e05df4d01c6d42a26d

Once 5 of 10 SSSS codes had been retrieved, they could be decrypted to form their message, which was:
p7amjopgric7dfdi.onion
This was the fifth onion.
The Onion, part 5 of 2

When the solvers visited the onion address they were greeted with this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Welcome, and congratulations. We have been pleased with your teamwork.

While teamwork is most important, we must also test you individually. For this reason, we have devised a short written test.

In recognition of the fact that each individual contributes differently (and there is no "right" way to contribute), this test has no "right" or "wrong" answers. It is designed to show us how you think and how resourceful you are.

Each question is timed, and any answer provided after the time has expired will not be accepted. You are free to research the questions, but keep this time limit in mind.

Asking fellow participants or friends for help and/or their answers is not allowed. Do not publish these questions.


At this time, we ask that you create a new email address to be used for communication for the rest of the challenge. It should be:

* New
* Not associated with your identity in any way
* Created with a web-based email provider, not a temporary/disposable address
* Should not include identifying words (e.g., "cicada," "3301," etc).

You will also need to create a GPG key for use with this address and upload it to the keyservers.

Once you have completed the above, enter the email address below to receive your ID number. Keep this ID number, as you will use it begin the test.

Each person may only register once.

Good luck.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJQ+YMmAAoJEBgfAeV6NQkPJakQAJnYqlC4dZrCxj2nbRYbGQg2
WsAtQJTt/8E6sXT5gZmlM7cQyKijIaa6WU2jXEtRwHdWXMmSazXs0Sbg/kxxJZiF
bL0u1+HOOgWX780/Fx3KHM3gImYp+EtOKGLcF/VR5px7HApKAfXBYGZB5ZUga3su
odLN1wdDqwVN59U8vlvYYD5MFVqyOO77zJeL61hJ1PRvGVbcRw5vhSRz640j2T5e
gpWs3gM5Ya5BDwvQpsK4Ysgb7KgYYw5H/e50r9sFGRApcZPG0+5qkoFSDQh/6IfH
G6+DRMwdtD2eKURfCSMDYwxRRBsU4c1kWgN8Rqguk3UZuh55V6fpSRRbsnGNWOdD
3I+G8s6dbqC6VW2FRg3Ai64tw5VvN/OBjIk4hgO3UruUr8NM1EZ2FPnilkBH9qAq
3uLzmZ1icyCAgVHdlmqFzW+eXozVFxnhWpJ49Rl1bgnNN0V2PDnGEXZ2qHi6Fmo/
BENGbdBGgh5JkWRBb+XMuiHRGuOX2zp23UHAuevB2jD6KPX8ywunLYNG4wM2xCcc
G48c/aVbcSZOaen1088xd0reIXZmMA1BzjjqgEUkSZ2mtwmVUncUpHj2EMhuUeMm
PnBPgarvIGglzHxgmzjjWo64DBiVx0iNx2z0V7s9T7fmjOOdyDVBos6Gi9IapZS9
oATLwzKa/5oaT9h9l+5T
=dBBp
-----END PGP SIGNATURE-----

Here is how test looked:

Here ends Part 1 of What Happened during the 2013 Cicada puzzle, and also ends the part of the 2013 puzzle that was fully publicly available. Part 2 is available here, and relies entirely on leaks (which may also comprise integrity).

Part II

What Happened Part 2 (2013)



The Questions


Upon entering their emails into the website, the solvers were given a set of test questions, and requested not to publish them. There were 19 questions in total, with three different types.

The first type of question gave a statement and then a multitude of answers, which were:


True
False
Indeterminate
Meaningless
Self-Referential
Game Rule
Strange Loop
None of the above


These statements were the following:

There is no truth

What you are is more important than what you do

You cannot step into the same river twice

Observation changes the thing being observed

This sentence is false

I am the voice* inside my head (You undoubtedly just thought "I don't have a voice inside my head." That is the voice the question is referring to)

Disregarding color blindness, any arbitrary color looks the same to all people

If A is not true, then it must be:

1 = 0.9 recurring

People who only study material after a test do better than those who do not study at all

Grass is only green due to a relationship between the grass, the light and your mind

All things are true

We get hundreds of millions of sensations coming into our minds at any moment. Our brain cannot process them all so it categorises these signals according to our belief systems. This is why we find evidence to support our beliefs and rarely notice evidence to the contrary.

The second type of question included an input box with a question. These questions were:

What does the word 'it' refer to in this sentence: It is dark outside?

The mathematical operation known as addition is modeled after what?

Explain, in your own words, what mathematical operation is relied upon for the security of Shamir's Secret Sharing Scheme?

Name similarities between the concept and reality of the 'News Feed' on Facebook?

In the programming language of your choice, write a function that returns the value 3301.
The final type of question only appeared once, and it had different radio buttons to the first type. This question was:
Two people are standing by a lake. One says, "That's a lovely reflection in the water." The other says "I see no reflection, but it's a fascinating assortment of fish, plants and rocks within the water."

Which one is lying?
The answers to this question were:
The one who sees the reflection
The one who sees the fish
Neither
Both
It has been noted that the abstractness of these questions is very similar to the questions that Google supposedly asks its interviewees for serious roles at the company. They can supposedly be used to determine a person's personality and type.
Each question in the test was timed to prevent one from externally researching questions, and the questions chosen were in a random order from the above pool.

This page also saved two cookies on the user's computer, which were:


167=6941f707ff39d259ff71657a79cb6b54c184d2f0455810109c1a960860bde0e6;
761=7bc1e7805ccfa518920f0d94fc4e8f7dbd83287a03b337b89109cd2287befae5;
Note that 167 and 761 are palindromic EMIRPS, primes which appeared earlier in the puzzleset (The Instar Emergence song is 2:47 long, or 167 seconds. Name of the file: 761.mp3.
An emirp (prime spelled backwards) is a prime number that results in a different prime when its digits are reversed.
A palindromic prime (sometimes called a palprime) is a prime number that is also a palindromic number.
A palindromic number or numeral palindrome is a number that remains the same when its digits are reversed.
Palindromic prime used in puzzle was one in twiter account: https://twitter.com/1231507051321

The Servers

After completing the test each solver was sent the following email to the address they had inputted. Please note that the GPG signature has been removed, but multiple sources have confirmed that they received this email.
In the programming language of your choice build a TCP server
that implements the protocol below. The server code must be
written by you and you alone, although you are free to use any
modules or libraries publicly available for the selected
programming language.

Once you have done this, make it accessible as a Tor hidden
service. Then provide us with the onion address and port
via a GPG-encrypted email to this address.

You have until 0:00 UTC on 3 Feb, 2013. Any emails received
after that time will be ignored.

Good luck.

3301

====================================================================


1. INTRODUCTION

The TCP server MUST listen on an arbitrary port, and send and
receive plain text with lines separated by <CRLF> (representing
a carriage return followed by a line feed). The TCP server MUST
disregard the case of input.

In the examples below, lines sent by the server will be preceded
with "S:" and lines sent by the client will be preceded by "C:"

Each message sent by the server MUST conform to the format:

Code: Selecteer alles

 [RESPONSE NAME] [RESPONSE (optional)]<CRLF>

   Where [CODE] and [RESPONSE NAME] is one of:

       CODE   RESPONSE NAME
        00     Welcome
        01     Ok
        02     Error
        03     Data
        99     Goodbye


2. PROCEDURES

   a. Remote Connection

   Upon receiving a remote connection, the server MUST greet the
   client with a 00 WELCOME message.  The RESPONSE of a welcome
   message MAY contain arbitrary text.  The arbitrary text MUST
   at the very least contain the name of the programming language
   used to implement the server.

   Upon receiving a 00 WELCOME message, the client may begin
   initiating procedures.

   Example:

       S: 00 WELCOME [ARBITRARY RESPONSE TEXT]<CRLF>


   b. RAND [n]
  
   Upon receiving a "RAND" request by the client, the server will
   first send a 01 OK response, and will then provide the client
   with [n] cryptographically random numbers within the range of
   0-255.  Each number MUST be followed by <CRLF>.  After the last
   number has been sent, the server MUST send a dot (.) on a line
   by itself.

   Example:

       C: RAND 3<CRLF>
       S: 01 OK<CRLF>
       S: [first random number]<CRLF>
       S: [second random number]<CRLF>
       S: [third random number]<CRLF>
       S: .<CRLF>


   c. QUINE

   Upon receiving a "QUINE" request by the client, the server will
   first send a 01 OK response, and will then provide the client
   with a quine in the programming language used to implement the
   server.  This quine does not have to be original.  After the last
   line of code has been sent, the server MUST send a dot (.) on a
   line by itself.

   Example:

       C: QUINE<CRLF>
       S: 01 OK<CRLF>
       S: [quine code]<CRLF>
       S: .<CRLF>
  

   d. BASE29 [n]

   Upon receiving a "BASE29" request by the client, the server will
   send a 01 OK response followed by the number [n] converted into
   its base 29 representation.

   Example:

       C: BASE29 3301<CRLF>
       S: 01 OK 3QO<CRLF>


   e. CODE

   Upon receiving a "CODE" request by the client, the server will
   send a 01 OK response followed by its own source code.  After the
   last line of code has been sent, the server MUST send a dot(.) on
   a line by itself.  

   Example:

       C: CODE<CRLF>
       S: 01 OK<CRLF>
       S: [Server Source Code]<CRLF>
       s: .<CRLF>


   f. KOAN

   Upon receiving a "KOAN" request by the client, the server will
   send a 01 OK response followed by a koan.  After the last line of
   the koan, the server MUST send a dot (.) on a line by itself.

   Example:

       C: KOAN<CRLF>
       S: 01 OK<CRLF>
       S: A master who lived as a hermit on a mountain was asked by a<CRLF>
       S: monk, "What is the Way?<CRLF>
       S: "What a fine mountain this is," the master said in reply<CRLF>
       S: "I am not asking you about the mountain, but about the Way.<CRLF>
       S: "So long as you cannot go beyond the mountain, my son, you<CRLF>
       S: cannot reach the Way," replied the master<CRLF>
       S: .


   g. DH [p]

   Upon receiving a "DH" request by the client, the server will proceed
   to perform a Diffie-Hellman key exchange using [p] as the prime modulus.
   The server will then select a base [b] to use in the protocol, as well as
   its secret integer.  The server will then compute its exponent result [e]
   as specified within the Diffie-Hellman key exchange protocol. 

   The server MUST then respond with a 01 OK response followed by the
   selected base [b] and computed exponent [e] separated by white space.

   The client MUST respond with its exponent result [e2], and the client and
   server will follow the rest of the Diffie-Hellman key exchange protocol.

   The server MUST then compute the resulting secret key, and provide it
   using 03 DATA [k].

   Example:

       C: DH 23<CRLF>
       S: 01 OK 5 8<CRLF>
       C: 19<CRLF>
       S: 03 DATA 2<CRLF>


   j. NEXT

   Upon receiving a "NEXT" request by the client, the server will respond
   with 01 OK and then listen for text data to be provided by the client. 
   The client will send a dot (.) on a line by itself after the last line
   of text.  The server MUST record this.  This data will be the next set
   of instructions.  Once the data is received the server will respond
   with 01 OK.

   Example:

       C: NEXT<CRLF>
       S: 01 OK<CRLF>
       C: -----BEGIN PGP SIGNED MESSAGE-----<CRLF>
       C: [MESSAGE CONTENTS]<CRLF>
       C: -----END PGP SIGNATURE-----<CRLF>
       C: .<CRLF>
       S: 01 OK<CRLF>


   i. GOODBYE

   Upon receiving a "DH" request by the client, the server MUST respond with
   99 GOODBYE and then gracefully close the connection.

   Example:

       C: GOODBYE<CRLF>
       S: 99 GOODBYE<CRLF>
The solvers began work on their TCP server programs and submitted them by the deadline presented in the email. An example server coded in Go is here, and an example server coded in python is here.
There was no response until two weeks later, when finally the TCP servers were pinged.

A log of one of the server testings is below:

2013/02/25 14:32:01 server is running under address [::]:3307
2013/03/03 10:57:48 got connection from 127.0.0.1:42483
2013/03/03 10:58:05 executing 'rand 3' for 127.0.0.1:42483
2013/03/03 10:58:09 executing 'rand 3' for 127.0.0.1:42483
2013/03/03 10:58:18 executing 'rand 0' for 127.0.0.1:42483
2013/03/03 10:58:29 executing 'rand 1' for 127.0.0.1:42483
2013/03/03 10:58:56 executing 'quine' for 127.0.0.1:42483
2013/03/03 10:59:10 executing 'base29 1033' for 127.0.0.1:42483
2013/03/03 10:59:14 executing 'koan' for 127.0.0.1:42483
2013/03/03 10:59:16 executing 'koan' for 127.0.0.1:42483
2013/03/03 10:59:18 executing 'koan' for 127.0.0.1:42483
2013/03/03 10:59:21 executing 'koan' for 127.0.0.1:42483
2013/03/03 10:59:28 executing 'dh 3301' for 127.0.0.1:42483
2013/03/03 10:59:56 executing 'dh 3301' for 127.0.0.1:42483
2013/03/03 11:00:29 executing 'dh 3301' for 127.0.0.1:42483
2013/03/03 11:00:58 executing 'next' for 127.0.0.1:42483
2013/03/03 11:01:11 executing 'dh' for 127.0.0.1:42483
2013/03/03 11:01:18 executing 'goodbye' for 127.0.0.1:42483
2013/03/03 11:01:18 closing connection to 127.0.0.1:42483


The End?

There were reports that stated they recieved a message similar to the 'leaked email' from 2012's puzzle. These reports cannot be confirmed as no email was leaked.
It was after this that everything went silent, again.

Hopefully only for another year this time...

[/quote]
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 22:25

The internet mystery that has the world baffled

For the past two years, a mysterious online organisation has been setting the world's finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301

Afbeelding

One evening in January last year, Joel Eriksson, a 34-year-old computer analyst from Uppsala in Sweden, was trawling the web, looking for distraction, when he came across a message on an internet forum. The message was in stark white type, against a black background.

“Hello,” it said. “We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck.”
The message was signed: "3301”.

A self-confessed IT security "freak” and a skilled cryptographer, Eriksson’s interest was immediately piqued. This was – he knew – an example of digital steganography: the concealment of secret information within a digital file. Most often seen in conjunction with image files, a recipient who can work out the code – for example, to alter the colour of every 100th pixel – can retrieve an entirely different image from the randomised background "noise”.

It’s a technique more commonly associated with nefarious ends, such as concealing child pornography. In 2002 it was suggested that al-Qaeda operatives had planned the September 11 attacks via the auction site eBay, by encrypting messages inside digital photographs.


Sleepily – it was late, and he had work in the morning – Eriksson thought he’d try his luck decoding the message from "3301”. After only a few minutes work he’d got somewhere: a reference to "Tiberius Claudius Caesar” and a line of meaningless letters. Joel deduced it might be an embedded "Caesar cipher” – an encryption technique named after Julius Caesar, who used it in private correspondence. It replaces characters by a letter a certain number of positions down the alphabet. As Claudius was the fourth emperor, it suggested "four” might be important – and lo, within minutes, Eriksson found another web address buried in the image’s code.

Feeling satisfied, he clicked the link.

It was a picture of a duck with the message: "Woops! Just decoys this way. Looks like you can’t guess how to get the message out.”

"If something is too easy or too routine, I quickly lose interest,” says Eriksson. "But it seemed like the challenge was a bit harder than a Caesar cipher after all. I was hooked.”

Eriksson didn’t realise it then, but he was embarking on one of the internet’s most enduring puzzles; a scavenger hunt that has led thousands of competitors across the web, down telephone lines, out to several physical locations around the globe, and into unchartered areas of the "darknet”. So far, the hunt has required a knowledge of number theory, philosophy and classical music. An interest in both cyberpunk literature and the Victorian occult has also come in handy as has an understanding of Mayan numerology.

It has also featured a poem, a tuneless guitar ditty, a femme fatale called "Wind” who may, or may not, exist in real life, and a clue on a lamp post in Hawaii. Only one thing is certain: as it stands, no one is entirely sure what the challenge – known as Cicada 3301 – is all about or who is behind it. Depending on who you listen to, it’s either a mysterious secret society, a statement by a new political think tank, or an arcane recruitment drive by some quasi-military body. Which means, of course, everyone thinks it’s the CIA.

For some, it’s just a fun game, like a more complicated Sudoku; for others, it has become an obsession. Almost two years on, Eriksson is still trying to work out what it means for him. "It is, ultimately, a battle of the brains,” he says. "And I have always had a hard time resisting a challenge.”

On the night of January 5 2012, after reading the "decoy” message from the duck, Eriksson began to tinker with other variables.

Afbeelding

Taking the duck’s mockery as a literal clue, Eriksson decided to run it through a decryption program called OutGuess. Success: another hidden message, this time linking to another messageboard on the massively popular news forum Reddit. Here, encrypted lines from a book were being posted every few hours. But there were also strange symbols comprising of several lines and dots – Mayan numbers, Eriksson realised. And duly translated, they led to another cipher.

Up until now, Eriksson would admit, none of the puzzles had really required any advanced skills, or suggested anything other than a single anonymous riddle-poser having some fun. "But then it all changed,” says Eriksson. "And things started getting interesting.”

Suddenly, the encryption techniques jumped up a gear. And the puzzles themselves mutated in several different directions: hexadecimal characters, reverse-engineering, prime numbers. Pictures of the cicada insect – reminiscent of the moth imagery in Thomas Harris’s The Silence of the Lambs – became a common motif.

"I knew cicadas only emerge every prime number of years – 13, or 17 – to avoid synchronising with the life cycles of their predators,” says Eriksson. "It was all starting to fit together.” The references became more arcane too. The book, for example, turned out to be "The Lady of the Fountain”, a poem about King Arthur taken from The Mabinogion, a collection of pre-Christian medieval Welsh manuscripts.

Later, the puzzle would lead him to the cyberpunk writer William Gibson – specifically his 1992 poem "Agrippa” (a book of the dead), infamous for the fact that it was only published on a 3.5in floppy disk, and was programmed to erase itself after being read once. But as word spread across the web, thousands of amateur codebreakers joined the hunt for clues. Armies of users of 4chan, the anarchic internet forum where the first Cicada message is thought to have appeared, pooled their collective intelligence – and endless free time – to crack the puzzles.

Within hours they’d decoded "The Lady of the Fountain”. The new message, however, was another surprise: "Call us,” it read, "at telephone number 214-390-9608”. By this point, only a few days after the original image was posted, Eriksson had taken time off work to join the pursuit full time.

"This was definitely an unexpected turn,” he recalls. "And the first hint that this might not just be the work of a random internet troll.” Although now disconnected, the phone line was based in Texas, and led to an answering machine. There, a robotic voice told them to find the prime numbers in the original image. By multiplying them together, the solvers found a new prime and a new website: 845145127.com. A countdown clock and a huge picture of a cicada confirmed they were on the right path.

"It was thrilling, breathtaking by now,” says Eriksson. "This shared feeling of discovery was immense. But the plot was about to thicken even more.” Once the countdown reached zero, at 5pm GMT on January 9, it showed 14 GPS coordinates around the world: locations in Warsaw, Paris, Seattle, Seoul, Arizona, California, New Orleans, Miami, Hawaii and Sydney. Sat in Sweden, Eriksson waited as, around the globe, amateur solvers left their apartments to investigate. And, one by one reported what they’d found: a poster, attached to a lamp post, bearing the cicada image and a QR code (the black-and-white bar code often seen on adverts these days and designed to take you to a website via your smartphone).

"It was exhilarating,” said Eriksson. "I was suddenly aware of how much effort they must have been putting into creating this kind of challenge.” For the growing Cicada community, it was explosive – proof this wasn’t merely some clever neckbeard in a basement winding people up, but actually a global organisation of talented people. But who?
Speculation had been rife since the image first appeared. Some thought Cicada might merely be a PR stunt; a particularly labyrinthine Alternate Reality Game (ARG) built by a corporation to ultimately – and disappointingly – promote a new movie or car.

Microsoft, for example, had enjoyed huge success with their critically acclaimed "I Love Bees” ARG campaign. Designed to promote the Xbox game Halo 2 in 2004, it used random payphones worldwide to broadcast a War of the Worlds-style radio drama that players would have to solve.



But there were complicating factors to Cicada. For one, the organisers were actively working against the participants. One "solver”, a female known only as Wind from Michigan, contributed to the quest on several messageboards before the community spotted she was deliberately disseminating false clues. Other interference was more pointed. One long, cautionary diatribe, left anonymously on the website Pastebin, claimed to be from an ex-Cicada member – a non-English military officer recruited to the organisation "by a superior”. Cicada, he said, "was a Left-Hand Path religion disguised as a progressive scientific organisation” – comprising of "military officers, diplomats, and academics who were dissatisfied with the direction of the world”. Their plan, the writer claimed, was to transform humanity into the Nietzschen Übermensch.

"This is a dangerous organisation,” he concluded, "their ways are nefarious.” With no other clues, it was also asssumed by many to be a recruitment drive by the CIA, MI6 or America’s National Security Agency (NSA), as part of a search for highly talented cryptologists. It wouldn’t have been the first time such tactics had been used.


Back in 2010, for example, Air Force Cyber Command – the United States’ hacking defence force, based at Fort Meade in Maryland – secretly embedded a complex hexadecimal code in their new logo. Cybercom head Lt Gen Keith Alexander then challenged the world’s amateur analysts to crack it (it took them three hours). And in September this year, GCHQ launched the "Can You Find It?” initiative – a series of cryptic codes designed to root out the best British cryptographers. As GCHQ’s head of resourcing Jane Jones said at the time, "It’s a puzzle but it’s also a serious test – the jobs on offer here are vital to protecting national security.”

Afbeelding
GCHQ's 'Can You Find It?' puzzle


Dr Jim Gillogly, former president of the American Cryptogram Association, has been cracking similar codes for years and says it’s a tried and tested recruitment tactic.

"During the Second World War, the top-secret Government Code and Cypher School used crossword puzzles printed in The Daily Telegraph to identify good candidates for Bletchley Park,” he says. "But I’m not sure the CIA or NSA is behind Cicada. Both are careful with security, the recent Snowden case notwithstanding. And starting the puzzle on [the anarchic internet forum] 4chan might attract people with less respect for authority than they would want working inside.”
But that doesn’t rule out other organisations. "Computer and data security is more important than ever today,” says Dr Gillogly. The proliferation of wireless devices, mobile telephones, e-commerce websites like Amazon and chip-and-pin machines, means the demand for cryptologists has never been higher. (Something the UK government acknowledged last year when it announced it was setting up 11 academic "centres of excellence” in cyber security research.)

"One of the more important components of security systems is the efficacy of the cryptography being used,” says Dr Gillogly. "Which means cryptanalysts are in higher demand than ever before - no longer just with the intelligence services. It could just as easily be a bank or software company [behind Cicada].”

Eriksson himself agrees. As a regular speaker at Black Hat Briefings – the secretive computer security conferences where government agencies and corporations get advice from hackers – he knows certain organisations occasionally go "fishing” for new recruits like this. But to him the signs point to a recruitment drive by a hacker group like Anonymous.

"I can’t help but notice,” he says, "that the locations in question are all places with some of the most talented hackers and IT security researchers in the world.” Either way, their identity would prove irrelevant. When the QR codes left on the lamp posts were decoded, a hidden message pointed the solvers towards a TOR address. TOR, short for The Onion Router, is an obscure routing network that allows anonymous access to the "darknet” – the vast, murky portion of the internet that cannot be indexed by standard search engines. Estimated to be 5,000 times larger that the "surface" web, it’s in these recesses where you’ll find human-trafficking rings, black market drug markets and terrorist networks. And it’s here where the Cicada path ended.

After a designated number of solvers visited the address, the website shut down with a terse message: "We want the best, not the followers." The chosen few received personal emails – detailing what, none have said, although one solver heard they were now being asked to solve puzzles in private. Eriksson, however, was not among them. "It was my biggest anticlimax – when I was too late to register my email at the TOR hidden service," he says. "If my sleep-wake cycle had been different, I believe I would have been among the first." Regardless, a few weeks later, a new message from Cicada was posted on Reddit. It read: "Hello. We have now found the individuals we sought. Thus our month-long journey ends. For now." All too abruptly for thousands of intrigued solvers, it had gone quiet.

Except no. On January 4 this year, something new. A fresh image, with a new message in the same white text: "Hello again. Our search for intelligent individuals now continues." Analysis of the image would reveal another poem – this time from the book Liber Al Vel Legis, a religious doctrine by the English occultist and magician Aleister Crowley. From there, the solvers downloaded a 130Mb file containing thousands of prime numbers. And also an MP3 file: a song called The Instar Emergence by the artist 3301, which begins with the sound of – guess what – cicadas.

Analysis of that has since led to a Twitter account pumping out random numbers, which in turn produced a "gematria": an ancient Hebrew code table, but this time based on Anglo-Saxon runes. This pointed the solvers back into the darknet, where they found seven new physical locations, from Dallas to Moscow to Okinawa, and more clues. But that’s where, once again, the trail has gone cold. Another select group of "first solvers" have been accepted into a new "private" puzzle – this time, say reports, a kind of Myers-Briggs multiple-choice personality test.

But still, we are no closer to knowing the source, or fundamental purpose, of Cicada 3301. "That’s the beauty of it though," says Eriksson. "It is impossible to know for sure until you have solved it all." That is why for him, and thousands of other hooked enthusiasts, January 4 2014 is so important: that’s when the next set of riddles is due to begin again. "Maybe all will be revealed then," he grins. "But somehow, I doubt it."
Bron: ->> http://www.telegraph.co.uk/news/worldne ... ffled.html
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 22:29

Het laatste nieuws over CICADA 3301 chec je hier trouwens:

http://uncovering-cicada.wikia.com/
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

zo 01 dec 2013, 22:31

LeQQer toepasselijk muzieQje:

Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

ma 02 dec 2013, 01:01

Okay, nog even wat meer info over de media hype die ontstond in november dit jaar, dus afgelopen maand:
November 2013 media exposure

In November 25th and 26th, 2013, lots of big media houses published articles about Cicada 3301. This sparked a lot of interest across internet communities. We are not sure what caused publishing these articles, but it caught a lot of attention from many different intelligence/cryptography/conspiracy/hacker/puzzle communities all over the web.
First article appers to be The Telegtaph (telegraph.co.uk) one.

http://www.telegraph.co.uk/technology/i ... ffled.html

which looks like ripoff of older MentalFLoss article:

http://mentalfloss.com/article/31932/ch ... s-internet

Joel Eriksson is real though: https://twitter.com/OwariDa, editor of well known http://www.clevcode.org/cicada-3301/

Here are links to few articles:

http://www.telegraph.co.uk/technology/i ... ffled.html

http://www.theprovince.com/news/Cicada+ ... story.html

http://m.heise.de/newsticker/meldung/Ci ... 54956.html

http://www.smh.com.au/technology/techno ... 2y6sj.html

http://www.washingtontimes.com/news/201 ... da-3301-r/

http://thedailybanter.com/2013/11/cicad ... -guessing/

http://www.channel4.com/news/is-mystery ... or-the-cia

https://news.ycombinator.com/item?id=6812668 http://www.drudgereportarchives.net/Art ... ?ID=452836&

http://guardianlv.com/2013/11/cicada-33 ... eck-is-it/

http://eveningharold.com/2013/11/26/rev ... omment-490

Some responses on blogs and other forums:

http://www.metafilter.com/134198/What-is-Cicada-3301

http://www.militaryphotos.net/forums/sh ... -3301-quot

https://disinfo.com/tag/cicada-3301/

http://www.unexplained-mysteries.com/fo ... pic=258410 http://digg.com/search?q=3301

http://doubtfulnews.com/2013/11/a-giant ... ts-it-for/


Apparently article was on first page of reddit (unconfirmed):






As usual, 4chan always joins the party (gamejacking mostly):

http://archive.4plebs.org/x/thread/13761502/#q13765551

http://archive.4plebs.org/x/thread/13767100/
http://archive.4plebs.org/x/thread/13767269/

Same thread was on /b/ ( http://boards.4chan.org/b/res/518333151 )


===2011 Stuff

Links from other souces about 3301 2011 puzzle===

OTHER THREADS GROUPS AND FORUMS from 2011

==Some reddit imposers 0xce5=3301 in hexadecimal 0b110011100101 - binary to decimal

==OwaRidas cryptic message on twitter: https://1k.io/3301/


If you find any more interesting links post them here.

Random quote:

[04:17] Lurker69 3301 is becoming pop culture nao
[04:18] Tech1 lol, no worries crash. yeah, it really is. i saw it top of my feed on google news the other day.
[04:18] Tech1 pretty wild.

Bron: ->> http://uncovering-cicada.wikia.com/wiki ... a_exposure
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

ma 02 dec 2013, 01:05

Iets waar ik ´n jaar terug mee bezig ben geweest, maar waar zover ik weet niemand anders mee bezig is geweest, is het in aart brengen van alle locaties op een wereld kaart om zo eens wat lijntjes te kunnen treken en te zien of daar mogelijkerwijs patronen in te herkennen zijn. Dit zal ik een dezer dagen ook weer eens proberen af te maken zodat ik dat hier ook kan plaatsen.
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

ma 02 dec 2013, 01:25

Iets waardoor het CICADA 3301 project destijds op het 4chan forum mijn aandacht vrijwel direct wist te treken, was het feit dat er gebruik gemaakt werd van de combinatie van 33 en 01. Als vormgever heb ik al veel gekke dingen gedaan en zo ook wel eens iets voor GAP STAR / G-STAR. Daarnaast ben ik bekend met de nodige materie hier op QFF vanuit een nog wat andere achtergrond dan alleen QFF zoals menig oplettende QFFers ongetwijfeld weten.

Afbeelding

3301 zou je daarnaast kunnen zien als symbolische ladderstapjes...

Afbeelding

trappetje op, trappetje af (daar is een heel leuk mopje over)
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

ma 02 dec 2013, 01:40

Dat mopje is raadselachtig als je er met een andere blik naar kijkt...

Er is een man, die rijdt en onderweg komt hij zonder brandstof stil te staan. Hij stapt uit en kijkt om zich heen en beseft dat er zo even niet iets in de buurt is, en hij gaat lopen. Hij loopt en loopt en loopt. Kilometers lang loopt hij tot hij na een uur lopen een huis bereikt heeft en aanbelt.

Het duurt even of de man hoort allemaal sloten open gaan en uiteindelijk ziet hij de deur open gaan. Hij ziet een boer met hooivork en vraagt de boer vriendelijk of er misschien een benzinepomp in de buurt is. De boer lacht en zegt: ´´ Dan he joe pech mienjong, die is 20 km verder en ook al lange niet meer los!´´

Heeft U misschien wat brandstof vraagt de man aan de boer. Nee jong da hek niet! zegt de boer nog en daarna biedt de boer hem aan dat hij mag blijven slapen en dan zal de boer hem morgenochtend naar de benzinepomp brengen. Dat is goed zegt de man en de boer laat hem binnen. Dan biedt de boer hem wat eten en drinken aan. Na het eten en drinken zegt de boer opeens dat hij voor dat de man kan gaan slapen eerst nog iets moet laten zien.

De boer tret een kleed van de vloer en opent een luik. Een lange gang met een trap naar beneden is opeens zichtbaar, de boer ontsteekt een fakkel en de man volgt de boer. Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom... En dan staan ze voor een deur. De boer opent de deur met 4 sloten en wijst naar een propje papier op de grond. Dan spuugt de boer naar het propje en opeens zie je een enorme steevlam. Als joe dat drie keer doet mienjong dan nou oeeeeeeeeee dan mienjong dan omt t nait goud, dus nait doun oke= hest doe dat begreep´n mienjong? De boer kijkt de man ernstig aan en sluit de deur weer. Dan lopen ze terug naar boven...

Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom... Een maal boven aangekomen gaat het luik dicht het kleed er over en wijst de boer de man aan waar hij kan slapen.

Na een uur in bed te liggen houdt de man het niet langer vol, hij gelooft niets van de boer zijn verhaal en gaat op ontdekking. Hij opent het luik na het kleed verwijderd te hebben en begint nadat de fakel is ontstoken aan zijn tocht de kelder in... Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom... Dan opent de man de deur met de enorme hoeveelheid sloten... Hij kijkt naar het propje en spuugt en meteen ziet hij een steevlam. Gelijk spuugt hioj weer en een nog grotere vlam ontstaat, en dan bij de derde keer dat hij spuugt een enorme ontploffing en dan ziet een als in een film een draak ontstaan...

De Draak brult en dondert en spuugt vuur... Snel gooit de man de deur dicht en sluit alle sloten en zet het op een rennen... Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom... Achter zich hoort hij BOM BOM KRAAAAAAAAAAAAK De deur is stuk en dan hoort hij de draak ook de trappetje opdenderen... boem boem boem boem Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom...boem boem boem....Trappetje op, trappetje af, linksom, rechtsom...Trappetje op, trappetje af, linksom, rechtsom... boem boem... het luik snel dicht kleed erover en hij gaat naar buiten kraaaaaaaaak hoort hij achter zich in het huis het luik stuk gaan... rennend gaat de man richting zijn auto en hij wordt vermoeider en vermoeider... eenmaal vlak bij zijn auto hoort hij de draak al vlak achter zich, en dan als hij niet meer kan en nog geen meter meer van de auto staat dan tikt de draak hem op zijn schoeder: ´´Tikkie! Jij bent hem!´´
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

ma 02 dec 2013, 02:12

Even over het getal 33:

Dit getal komt overeen met de leeftijd van Jezus en het aantal treden van de Byzantijnse mystieke ladder.

Dan over het getal 0:

Het getal nul is een heel bijzonder getal omdat het pas rond 1300 na Christus zijn intrede deed in de westerse wereld. De werkelijke oorsprong gaat veel verder terug. Volgens onderzoekers kende men in het oude oosten (c.a.. 3000 voor Christus) al een soort dubbele schuine tussen wig om het ontbreken van een cijfer op een bepaalde positie binnen een getal aan te geven. In India komt het getal nul rond 600 jaar na Christus al voor. De Arabieren hebben het getal nul twee eeuwen later meegenomen naar het westen waar het nog eeuwen duurde voor het ook echt gebruikt werd. Ondanks dat de kerk veel moeite had met de heidense nul, zag de handel het nut in, waardoor het getal nul uiteindelijk in de 14de eeuw gebruik is geraakt. In de natuur komt het getal nul niet voor, het is een cijfer dat door de mens bedacht is om het rekenen eenvoudiger te maken. Het is dus een puur fictief cijfer

Dan het getal 1:

Dit zou een heilig cijfer zijn. Het heeft de onbetwistbare positie als het eerste van alle getallen en werd beschouwd als het symbool van het leven, de schepping en de enige scheppergod of de oereenheid. De ondeelbaarheid van dit getal verstrekt dit nog. De een is het mannelijke, vormende beginsel, het symbool voor het goede, vriendschap en voor de bestendigheid.

Het getal 1 staat ook wel voor de zon.

Bron van dit hierboven is QFF en het topic over getallen en de betekenis ervan van PaNak:

viewtopic.php?f=27&t=82
De volgende gebruiker(s) zeggen bedankt: FreeElectron
Omhoog
Gebruikersavatar
baphomet
Administrator
Administrator
Berichten: 23664
Lid geworden op: za 21 aug 2010, 16:08

ma 02 dec 2013, 13:09

Come on QFF Puzzelaars... ;)
Plaats reactie

Terug naar “Dark Side Algemeen”