Wikia

Uncovering Cicada Wiki

CICADA 3301 2014 PUZZLE

Comments497
163pages on
this wiki


Get a life!

LINK TO CURRENT SITE WITH UPDATED PROGRESS

Cicada 3301 2014 Main articles and SubpagesEdit

Main articles:

Subpages, tools, splinter groups, other sources...

Subpages: Hot Links:

Warm Links:

/dev/random

'Some other groups and pages

If you want to add your link on this menu PM Lurker69

ContentsEdit

START: cca 07:30 GMT 6th JAN 2014Edit

The following link is the Twitter account from which the automated tweets were sent last year (2013).

https://twitter.com/1231507051321

From that Twitter account came the first image of Cicada 2014 which is as follows:

<p style="text-align: center;">
ZN4h51m














ADDITIONAL INFORMATION


Resolution: 547*577

http://i.imgur.com/zN4h51m.jpg

Uploaded to: http://prntscr.com/2gy9v1

OutGuess steganography software output: http://pastebin.com/raw.php?i=7ruHyAdB

Quick edits for now, will update with full write up later.

UPLOADED ON:



SIDE NOTE


ZN4h51m 1
After running the original image through Paint.net 3bit steganography plugin a cicada was revealed. (It can also be seen by simply adjusting the brightness and contrast.)
  • it is just dark gray cicada on black background, if you set your monitor colors correctly it should be visible on  i.imgur.com/zN4h51m.jpg



This is most likely nothing, as cicadas are a common motif.


FILE NAME


The original image was named as follows:

zN4h51m.jpg

Although there is no solid foundation as yet to suggest the filename is anything other than a re-upload, it may be worth while putting the name of the file to one side.

zN4h51m

FILENAMES ON IMGUR ARE RANDOM

Cicada had no infuence on filename while uploading file.

JPEGsnoop


zN4h51m.jpg - http://pastebin.com/16Cn3jw2


Image Forensics


http://www.map-base.info/forensics/report_1/index_uk.shtml

OUTGUESSEdit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The work of a private man
who wished to transcend,
He trusted himself,
to produce from within.


1:2:3:1
3:3:13:5
45:5:2:3
20:3:20:5
8:3:8:6
48:5:14:2
21:13:4:1
25:1:7:4
15:9:3:4
1:1:16:3
4:3:3:1
8:3:26:4
47:3:3:5
3
13:2:5:4
1:4:16:4
.
o
n
i
o
n

Good luck.

3301


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSyjguAAoJEBgfAeV6NQkPsgAP/A3tMC3lpyFNAc/sj+Izu15S
CzUjZJMe20Gu9UMNokQ2UJabktv9w0GMyK17TrMkUcU+ZpjdzGNqKoE2ETVxLmD/
uBZtR5PnF9EE3D08tJUPN1vSrYNkYk+9zcaUJZMPNgYNCt/CACutPwrOci9i9FDO
7BIpnhGqT3ZruqrSwO2Y73LJI1xxUt1XUqh1NQ+fJeAFMRkJBZZazkxRlgk3GGsF
fLrcEKrS+KBipV1EQaaKxjISc9hc2c1TfxE66evlkN+zLcoyDcYuyruNM5wiZzgM
2uR58c+xgWQgG5UuLFClfvjDxUvDkrKt4mzEeaYSUm1MsYueuYklz4ydlg5Mf6l2
p1WyAxO52XfXVUZASk6VmaEQ0WjODTXvLeFTxUSDoKDMkvxDVxX6wGkufS9JwakB
nTZizZ8Ypv8GcNCuNNGd6gZ1Vk2MYntggXdX8INd0Itcd3QnLqbBnATDOinDxlOs
5zTrtyTHNaxxDagPfAbU1jMXM0aHd7PFAzjjp7kgCTWqMyBch+8Vt80bjkdL9iw8
Q3hxuanq8mh6nUGc+tNe0UfqKHEbE+jWIezYqgawJB0M9R5OhxWE+E+jPXtZKkXQ
JHYndPDrrsV8q27b7p0KN0+oblTkjqsItIAuLu7FNd0B4xb1jjp1Sbh7WJdZ/rbi
mCO0vN/obU9qK1Vfapy0
=6Gxk
-----END PGP SIGNATURE-----

OUTGUESS DECYPHER WALKTHROUGH


  • Using  Outguess run the following command:
outguess -r /path/zN4h51m.jpg /path/zN4h51m.txt
  • Replace '/path/' with the directory structure location of where you want your file to output to. After the output location, name your file whatever you want with a .txt file extension.
  • WInfags use win binnaried in wikia or CYGWIN
Cypher = x:x:x:x (paragraph:sentence:word:letter)




PART 1

The work of a private man
who wished to transcend,
He trusted himself,
to produce from within.

Which leads to - http://www.math.dartmouth.edu/~doyle/docs/self/self.pdf



Cypher = x:x:x:x (paragraph:sentence:word:letter)
Self-reliance-other-essays-ralph-waldo-emerson-paperback-cover-art
PART 2

1:2:3:1                      =             a
3:3:13:5                     =             u
45:5:2:3                     =             q
20:3:20:5                    =             g
8:3:8:6                      =             n
48:5:14:2                    =             x
21:13:4:1                    =             j
25:1:7:4                     =             t
15:9:3:4                     =             v
1:1:16:3                     =             d
4:3:3:1                      =             b
8:3:26:4                     =             l
47:3:3:5                     =             l
3                            =             3
13:2:5:4                     =             p
1:4:16:4                     =             v
.
o
n
i
o
n

Which is equal to - auqgnxjtvdbll3pv.onion or http://auqgnxjtvdbll3pv.onion/

Good luck.

3301

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGB...

PGPEdit

Signature of image is valid: 
TwitterjpgPGP
6D85 4CD7 9333 22A6 01C3  286D 181F 01E5 7A35 090F
gpg: Signature made Sun 05 Jan 2014 10:59:26 PM CST using RSA key ID 7A35090F
gpg: using PGP trust model

Further verification: http://imgur.com/r7s3E9S


PGP HELP FILES


Pretty Good Privacy (PGP) Downloading, Installing, Setting Up, and Using this Encryption Software A Tutorial for Beginners to PGP

http://www.pitt.edu/~poole/accessiblePGP703.htm

Determining Strengths For Public Keys Used For Exchanging Symmetric Keys - RFC 3766

http://tools.ietf.org/search/rfc3766

OpenPGP Message Format - RFC 2440

http://www.ietf.org/rfc/rfc2440.txt

MIME Security with OpenPGP - RFC 3156

http://tools.ietf.org/search/rfc3156

Hacking PGP

https://www.blackhat.com/presentations/bh-europe-05/bh-eu-05-callas-up.pdf

Blackhat Archives

https://www.blackhat.com/html/archives.html

BOOK CODEEdit


BOOK NAME


Self-Reliance by Ralph Waldo Emerson1841

  • Cypher recovered from the hidden message in the original image for 2014 is decyphered using this book. The cypher was set out as x:x:x:x or paragraph:sentence:word:letter



BOOK LINK


http://www.math.dartmouth.edu/~doyle/docs/self/self.pdf



CLUE FOR THE BOOK


The work of a private man
who wished to transcend,
He trusted himself,
to produce from within.
  • Poem references transcendentalism
  • Emerson is a noted transcendentalist author
  • "he trusted himsef" refers to "trust thineself", which is a theme throughout Self-Reliance, as is producing from within

ONION NO1 - For Every Thing That Lives Is HolyEdit


DECYPHERED URL


http://auqgnxjtvdbll3pv.onion/


JPG ON ONION


1033

If you look closer to the image, there is the cicada symbol



  • if you look closely at the image, there is a cicada symbol
  • the center bottom (Ancient of Days) image is shifted two pixels to the right, and the right image is two pixels shorter than the canvas, leaving a 2 px wide vertical and horizontal strip of 415 and 293 pixels empty.

Resolution of jpg:

  • 1327 *1427
  • 1327 1427 3301 is prime
    330172417231 is prime and the reverse (EMIRP)


  • Error Level Analysis of the image reveals numerous modified square regions measuring 16px x 16px. They way they are scattered and the fact that they are 256bit (16x16) makes me think that it's probably a part of the data found with outguess but it is worth noting anyway.
Ela1 of onion1 image

Error Level Analysis (ELA) Of Onion1 image

DEBATE ABOUT MEANING OF THE PICTURE ON ONIONEdit




FILE NAME


The original file name is:

On image center where (like in mirror ) dude places finger there are words vodo III(under line) and some code,photoshop boys where are u?... and on left image on second finger are some dot...?

1033.jpg

This may be notable (unconfirmed), as it is a mirror of 3301 i.e. Cicada 3301

1033 vs. 3301
WTF

JPEGsnoop


1033.jpg - http://pastebin.com/NNtsegga




HTML SOURCE CODE OF  http://auqgnxjtvdbll3pv.onion/ (no linebreaks added)Edit


(no linebreaks added)

<html><head><title>For Every Thing That Lives Is Holy</title><body><img src="1033.jpg" /></body></html>



HTML OF .onion RAW SOURCE CODE


<html>

<head>

<title>For Every Thing That Lives Is Holy</title>

<body>

<img src="1033.jpg" />

</body>

</html>


*Note missing trailing </head> in source code

ALTERNATIVE IMAGE LOCATIONS


There's also this 



HTTP BANNER ONION 1


HTTP/1.1 200 OK
Date: Mon, 06 Jan 2014 14:24:13 GMT 
Server: Apache
Last-Modified: Mon, 06 Jan 2014 07:43:43 GMT 
ETag: "9904-68-4ef486b41c9c0"
Accept-Ranges: bytes
Content-Length: 104 
Vary: Accept-Encoding
Content-Type: text/html


HTTP ETags ONION 1

auqgnxjtvdbll3pv.onion/1033.jpg: 98e5-53959-4ef4858107540

auqgnxjtvdbll3pv.onion: 9904-68-4ef486b41c9c0

OUTGUESS FROM 1033.jpg from ONION 1Edit



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Welcome.

Good luck.

3301



e = 65537
n = 75579125746085351644267182920580212556413102071876330957950694457000592\
    10248050757270234679993673844203148013173091173786572116639


- -----BEGIN COMPRESSED RSA ENCRYPTED MESSAGE-----
Version: 1.99
Scheme: Crypt::RSA::ES::OAEP

eJwBswBM/zEwADE2MgBDeXBoZXJ0ZXh0LE2jxJS1EzMc80kOK+hra1GKnXgQKQgVitIy8NgA7kxn
2u8jNQDvlu0uymNNiu6XVCCn66axGH0IZ9w4Af3K/yRgjObsfA1Q7QqpXNALJ9FFPgYl5rh07cBP
M9kbSH6DynU/5cYgQod2KymjWcIvKx3FkjV4UOGakDnBf1eQp1uwvn3KxDVwTyzPqbMnZvOA06Ec
AfKtyz1hEK/UBXkeMeVrnV5SQQ==
=yTUshDMKN65aPaKAR0OU8g==
- -----END COMPRESSED RSA ENCRYPTED MESSAGE-----


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSyly/AAoJEBgfAeV6NQkPHhUP/R7nuYiTMw+3sbe0xV+4rmiN
liSDmW6ibOK4UTkZDTeAS5kAKIjxCC3DwWi0lXqBGZyabojWHM2wRwYLOhvfKvgg
DgPnW1BSZ/R67GaUy0CM/vtZOtktBeIdntlZamk9DpW5bQ311c7N9dy6uWc8+hOM
umkcnT7u799zESazFgCeDSOw0cFgHDiG9UTAQxbe+NsXY/NKm4N0WAtgWmdte5ym
dU8ImpmXWg8NChdn49UtuAACi8s8tcI/lHj1Yjh+AQRbO2+Ozn9eSxUAQ1TsXSgt
30jKmXI5ss4WHS16nYsS97BUbo4oX3NBXaCjSZb7fKO9CRJBo3gm2R8/NcIMIkEc
GlQ/7rCQWHXA0MC+415ut5dcJf2ihwid81c1xsDyqQdfhEsWE/wVnK7Ujje+BgcO
ybBHl8ejJzWhZkCvesHOmIo1RLEanxlGUC5jcRLqImrT7A9CrO+EVFW16EZpvzug
Tsopo56+JbIFiIzAq+CGujHgDZnoHJFtB574utjOnZz9xzsVZ3lirQyAFOGauH+g
K+XxjXjY8tT5lppAgmF3zWKqha7NoV+9FgFl2q2SS9ue+s4Joyn5PYKnICJeze3i
K9BZ7gIT694s4dLEzu6kGaRyuNmx8qaoDs0kjvEB5pI+1buGuNAysHQWIDyY3DWb
CjJ1AnBLY0ObxaMbWMR/
=d5E8
-----END PGP SIGNATURE-----

PGP VALIDATIONEdit


PGP Validates - http://prntscr.com/2h1cvj
RSAPUZZLEPGP



RSA THEORYEdit


e = 65537




3.3.1. The rsa-sha1 Signing Algorithm

  The rsa-sha1 Signing Algorithm computes a message hash as described
  in Section 3.7 below using SHA-1 [FIPS.180-2.2002] as the hash-alg.
  That hash is then signed by the signer using the RSA algorithm
  (defined in PKCS#1 version 1.5 [RFC3447]) as the crypt-alg and the
  signer's private key.  The hash MUST NOT be truncated or converted
  into any form other than the native binary form before being signed.
  The signing algorithm SHOULD use a public exponent of 65537.



Source: http://www.ietf.org/rfc/rfc4871.txt


n = 75579125746085351644267182920580212556413102071876330957950694457000592\10248050757270234679993673844203148013173091173786572116639


Our n is 130 decimal digits long or 429 bit.


3.3.3. Key Sizes

  Selecting appropriate key sizes is a trade-off between cost,
  performance, and risk.  Since short RSA keys more easily succumb to
  off-line attacks, signers MUST use RSA keys of at least 1024 bits for
  long-lived keys.  Verifiers MUST be able to validate signatures with
  keys ranging from 512 bits to 2048 bits, and they MAY be able to
  validate signatures with larger keys.  Verifier policies may use the
  length of the signing key as one metric for determining whether a
  signature is acceptable.

  Factors that should influence the key size choice include the
  following:

  o  The practical constraint that large (e.g., 4096 bit) keys may not
     fit within a 512-byte DNS UDP response packet

  o  The security constraint that keys smaller than 1024 bits are
     subject to off-line attacks

  o  Larger keys impose higher CPU costs to verify and sign email

  o  Keys can be replaced on a regular basis, thus their lifetime can
     be relatively short

  o  The security goals of this specification are modest compared to
     typical goals of other systems that employ digital signatures

  See [RFC3766] for further discussion on selecting key sizes.



Source: http://www.ietf.org/rfc/rfc4871.txt


STEGDETECTEdit


Stegdetect also detects jphide data inside this image

  • Stegdetects commonly detects false positives

SIDE NOTEEdit


For people who are not going to go the bruteforce way, they can check their p and q assumptions here: http://codeseekah.com/cicada/isp.php

It is important to note that p and q are not necessarily primes (i.e. nobody forced 3301 to use primes). (http://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation)

Also note that factoring will take a long time, so guessing might be a good approach as well - look at sets of emirps for example, there might be a 60-65 digit emirp/prime set out there that produces n.

WE ALMOST SAME PUZZLE IN 2012. But it was individualized, one before last one.

IF YOU RUN OUTGUESS ON THE IMAGE WITH KEY OF 3011 YOU GET THE FOLLOWING:

http://pastebin.com/ZPxPSFXV


RSAEdit


DAFUQ IS THIS RSA ? WHY DO WE HAVE TO FACTORIZE n ? HOW RSA KEY WORKS ?

*p distinct prime number

*q distinct prime number

*n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.

(In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm (such as a cipher).)

*e is released as the public key exponent.


RSA encryption and decryption


  Assume that an RSA public key uses a modulus with j bits; its factors
  are two numbers of about j/2 bits each.  The expected computation
  time for encryption and decryption are different.  As before, we
  denote the number of words in the machine representation of the
  modulus by the symbol n.
  Most implementations of RSA use a small exponent for encryption.  An
  encryption may involve as few as 16 squarings and one multiplication,
  using n-by-n-word operations.  Each operation must be followed by a
  modular reduction, and therefore the time complexity is about 16*(.6
  + 1) + 1 + 1 ~= 28 n-by-n-word multiplies.
  RSA decryption must use an exponent that has as many bits as the
  modulus, j.  However, the Chinese Remainder Theorem applies, and all
  the computations can be done with a modulus of only n/2 words and an
  exponent of only j/2 bits.  The computation must be done twice, once
  for each factor.  The effort is equivalent to  2*(j/2) (n/2 by n/2)-
  word multiplies.  Because multiplying numbers with n/2 words is only
  1/4 as difficult as multiplying numbers with n words, the equivalent
  effort for RSA decryption is j/4 n-by-n-word multiplies.
  If you double the size of the modulus for RSA, the n-by-n multiplies
  will take four times as long.  Further, the decryption time doubles
  because the exponent is larger.  The overall scaling cost is a factor
  of 4 for encryption, a factor of 8 for decryption.

Source: http://tools.ietf.org/search/rfc3766#page-11


NFS FACTORIZATIONEdit


FACTORIZING CICADA 3301 PUZZLE n FOR REALEdit


TOGETHER AS ONE DIVIDED BY ZERO


Our best self-motivated coders distributed factorization among their boxes:

Heroes

our heroes

13:36 <@mdzhb> PID28389 2014-01-07 05:27:44,557 Info:Lattice Sieving: Total CPU time: 878768.6999999997s
13:36 <@mdzhb> PID28389 2014-01-07 05:27:44,557 Info:Filtering - Singleton removal: Total cpu/real time for purge: 610.26/424.892
13:36 <@mdzhb> PID28389 2014-01-07 05:27:44,558 Info:Filtering - Merging: Total cpu/real time for replay: 43.01/37.4837
13:37 <@mdzhb> PID28389 2014-01-07 05:27:44,558 Info:Linear Algebra: Krylov: CPU time 34471.22, COMM time 954.22
13:37 <@mdzhb> PID28389 2014-01-07 05:27:44,559 Info:Linear Algebra: Mksol: CPU time 20060.39, COMM time 512.27
13:37 <@mdzhb> PID28389 2014-01-07 05:27:44,667 Info:Complete Factorization: Total cpu/real time for everything: 938758/18361

To all those who participated: YOU ROCK FOLKS! We did it!!!!!



SOLUTION GOES HERE   SOLVED AT 07:39 GMT  7. 1. 2014


(23 hours after finding n, 8 hours of factorizing)


factors of n:

n= 7557912574608535164426718292058021255641310207187633095795069445700059210248050757270234679993673844203148013173091173786572116639

are:

sage: p = 97513779050322159297664671238670850085661086043266591739338007321
sage: q = 77506098606928780021829964781695212837195959082370473820509360759

sage: p.is_prime()
True
sage: q.is_prime()
True
sage: p*q
confirmed!

NEXT STEPEdit

Next step will be to use the two prime numbers, *p & *q, to recreate the private RSA KEY and decrypt the message:

-----BEGIN COMPRESSED RSA ENCRYPTED MESSAGE-----
Version: 1.99
Scheme: Crypt::RSA::ES::OAEP

eJwBswBM/zEwADE2MgBDeXBoZXJ0ZXh0LE2jxJS1EzMc80kOK+hra1GKnXgQKQgVitIy8NgA7kxn
2u8jNQDvlu0uymNNiu6XVCCn66axGH0IZ9w4Af3K/yRgjObsfA1Q7QqpXNALJ9FFPgYl5rh07cBP
M9kbSH6DynU/5cYgQod2KymjWcIvKx3FkjV4UOGakDnBf1eQp1uwvn3KxDVwTyzPqbMnZvOA06Ec
AfKtyz1hEK/UBXkeMeVrnV5SQQ==
=yTUshDMKN65aPaKAR0OU8g==
-----END COMPRESSED RSA ENCRYPTED MESSAGE-----

Script that does all this in one step:

HERE WE GO:Edit

RSAdecrypt

SCRIPT WITH p, q, and RSA ENCRYPTED MESSAGE inserted


DECRYPTED RSA MESSAGE:

 cu343l33nqaekrnw.onion





THIS PAGE IS DISCONTINUED, READONLY NOW. PLEASE DONT EDIT IT ANYMORE.

 TO CONTINUE GO TO ARTICLE PART 2

LINK TO CURRENT SITE WITH UPDATED PROGRESS






Cicada 3301 2014 Main articles and SubpagesEdit

Main articles:

Subpages, tools, splinter groups, other sources...

Subpages: Hot Links:

Warm Links:

/dev/random

'Some other groups and pages

If you want to add your link on this menu PM Lurker69

Around Wikia's network

Random Wiki