PLEASE DUMP ALL THE THINGS YOU FIND RELATED TO THE PUZZLE IN HERE (do not delete anything -- just add new things. Also, add titles so it is easier to edit)
Contents
START: cca 07:30 GMT 6th JAN 2014
The following link is the Twitter account from which the automated tweets were sent last year (2013).
https://twitter.com/1231507051321
From that Twitter account came the first image of Cicada 2014 which is as follows:
ADDITIONAL INFORMATION
Resolution: 547*577
http://i.imgur.com/zN4h51m.jpg
Uploaded to: http://prntscr.com/2gy9v1
OutGuess steganography software output: http://pastebin.com/raw.php?i=7ruHyAdB
Quick edits for now, will update with full write up later.
UPLOADED ON:
- http://prntscr.com/2gy9v1 imgur
- http://prntscr.com/2gy9y5 twitter
- (printscreen made at 7:39 GMT jan 6th
- in time zone: Central European Time Zone (UTC+01:00)
- local time: 08:40 AM
SIDE NOTE
After running the original image through Paint.net 3bit steganography plugin a cicada was revealed. (It can also be seen by simply adjusting the brightness and contrast.)
- it is jst dak gay cicada on black background, if you set your monitor colors correctly i should be visible on i.imgur.com/zN4h51m.jpg
This is most likely nothing, as cicadas are a common motif.
FILE NAME
The original image was named as follows:
zN4h51m.jpg
Although there is no solid foundation as yet to suggest the filename is anything other than a re-upload, it may be worth while putting the name of the file to one side.
zN4h51m
FILENAMES ON IMGUR ARE RANDOM
- Cicada had no infuence on filename while uploading file.
JPEGsnoop
zN4h51m.jpg - http://pastebin.com/16Cn3jw2
Image Forensics
http://www.map-base.info/forensics/report_1/index_uk.shtml
OUTGUESS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The work of a private man who wished to transcend, He trusted himself, to produce from within. 1:2:3:1 3:3:13:5 45:5:2:3 20:3:20:5 8:3:8:6 48:5:14:2 21:13:4:1 25:1:7:4 15:9:3:4 1:1:16:3 4:3:3:1 8:3:26:4 47:3:3:5 3 13:2:5:4 1:4:16:4 . o n i o n Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJSyjguAAoJEBgfAeV6NQkPsgAP/A3tMC3lpyFNAc/sj+Izu15S CzUjZJMe20Gu9UMNokQ2UJabktv9w0GMyK17TrMkUcU+ZpjdzGNqKoE2ETVxLmD/ uBZtR5PnF9EE3D08tJUPN1vSrYNkYk+9zcaUJZMPNgYNCt/CACutPwrOci9i9FDO 7BIpnhGqT3ZruqrSwO2Y73LJI1xxUt1XUqh1NQ+fJeAFMRkJBZZazkxRlgk3GGsF fLrcEKrS+KBipV1EQaaKxjISc9hc2c1TfxE66evlkN+zLcoyDcYuyruNM5wiZzgM 2uR58c+xgWQgG5UuLFClfvjDxUvDkrKt4mzEeaYSUm1MsYueuYklz4ydlg5Mf6l2 p1WyAxO52XfXVUZASk6VmaEQ0WjODTXvLeFTxUSDoKDMkvxDVxX6wGkufS9JwakB nTZizZ8Ypv8GcNCuNNGd6gZ1Vk2MYntggXdX8INd0Itcd3QnLqbBnATDOinDxlOs 5zTrtyTHNaxxDagPfAbU1jMXM0aHd7PFAzjjp7kgCTWqMyBch+8Vt80bjkdL9iw8 Q3hxuanq8mh6nUGc+tNe0UfqKHEbE+jWIezYqgawJB0M9R5OhxWE+E+jPXtZKkXQ JHYndPDrrsV8q27b7p0KN0+oblTkjqsItIAuLu7FNd0B4xb1jjp1Sbh7WJdZ/rbi mCO0vN/obU9qK1Vfapy0 =6Gxk -----END PGP SIGNATURE-----
OUTGUESS DECYPHER WALKTHROUGH
- Using Outguess run the following command:
outguess -r /path/zN4h51m.jpg /path/zN4h51m.txt
- Replace '/path/' with the directory structure location of where you want your file to output to. After the output location, name your file whatever you want with a .txt file extension.
- WInfags use win binnaried in wikia or CYGWIN
Cypher = x:x:x:x (paragraph:sentence:word:letter) PART 1 The work of a private man who wished to transcend, He trusted himself, to produce from within.
Which leads to - http://www.math.dartmouth.edu/~doyle/docs/self/self.pdf
Cypher = x:x:x:x (paragraph:sentence:word:letter)
PART 2 1:2:3:1 = a 3:3:13:5 = u 45:5:2:3 = q 20:3:20:5 = g 8:3:8:6 = n 48:5:14:2 = x 21:13:4:1 = j 25:1:7:4 = t 15:9:3:4 = v 1:1:16:3 = d 4:3:3:1 = b 8:3:26:4 = l 47:3:3:5 = l 3 = 3 13:2:5:4 = p 1:4:16:4 = v . o n i o n
Which is equal to - auqgnxjtvdbll3pv.onion or http://auqgnxjtvdbll3pv.onion/
- or clernet adress
Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGB...
PGP
Signature of image is valid:
6D85 4CD7 9333 22A6 01C3 286D 181F 01E5 7A35 090F gpg: Signature made Sun 05 Jan 2014 10:59:26 PM CST using RSA key ID 7A35090F gpg: using PGP trust model
Further verification: http://imgur.com/r7s3E9S
PGP HELP FILES
Pretty Good Privacy (PGP) Downloading, Installing, Setting Up, and Using this Encryption Software A Tutorial for Beginners to PGP
http://www.pitt.edu/~poole/accessiblePGP703.htm
Determining Strengths For Public Keys Used For Exchanging Symmetric Keys - RFC 3766
http://tools.ietf.org/search/rfc3766
OpenPGP Message Format - RFC 2440
http://www.ietf.org/rfc/rfc2440.txt
MIME Security with OpenPGP - RFC 3156
http://tools.ietf.org/search/rfc3156
Hacking PGP
https://www.blackhat.com/presentations/bh-europe-05/bh-eu-05-callas-up.pdf
BOOK CODE
BOOK NAME
Self-Reliance by Ralph Waldo Emerson1841
- Cypher recovered from the hidden message in the original image for 2014 is decyphered using this book. The cypher was set out as x:x:x:x or paragraph:sentence:word:letter
BOOK LINK
http://www.math.dartmouth.edu/~doyle/docs/self/self.pdf
CLUE FOR THE BOOK
The work of a private man who wished to transcend, He trusted himself, to produce from within.
- Poem references transcendentalism
- Emerson is a noted transcendentalist author
- "he trusted himsef" refers to "trust thineself", which is a theme throughout Self-Reliance, as is producing from within
ONION NO1 - For Every Thing That Lives Is Holy
DECYPHERED URL
http://auqgnxjtvdbll3pv.onion/
JPG ON ONION
If you look closer to the image, there is the cicada symbol
- PRINTSCREEN of onion 1 page
- if you look closely at the image, there is a cicada symbol
- the center bottom (Ancient of Days) image is shifted two pixels to the right, and the right image is two pixels shorter than the canvas, leaving a 2 px wide vertical and horizontal strip of 415 and 293 pixels empty.
Resolution of jpg:
- 1327 *1427
DEBATE ABOUT MEANING OF THE PICTURE ON ONION
FILE NAME
The original file name is:
1033.jpg
This may be notable (unconfirmed), as it is a mirror of 3301 i.e. Cicada 3301
1033 vs. 3301
JPEGsnoop
1033.jpg - http://pastebin.com/NNtsegga
HTML SOURCE CODE OF http://auqgnxjtvdbll3pv.onion/ (no linebreaks added)
(no linebreaks added)
<html><head><title>For Every Thing That Lives Is Holy</title><body><img src="[view-source:http://auqgnxjtvdbll3pv.onion/1033.jpg 1033.jpg]" /></body></html>
HTML OF .onion RAW SOURCE CODE
<html> <head> <title>For Every Thing That Lives Is Holy</title> <body> <img src="1033.jpg" /> </body> </html> *Note missing trailing </head> in source code
ALTERNATIVE IMAGE LOCATIONS
There's also this
HTTP BANNER ONION 1
HTTP/1.1 200 OK Date: Mon, 06 Jan 2014 14:24:13 GMT Server: Apache Last-Modified: Mon, 06 Jan 2014 07:43:43 GMT ETag: "9904-68-4ef486b41c9c0" Accept-Ranges: bytes Content-Length: 104 Vary: Accept-Encoding Content-Type: text/html
OUTGUESS FROM 3301.jpg from ONION 1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Welcome.
Good luck.
3301
e = 65537
n = 75579125746085351644267182920580212556413102071876330957950694457000592\
10248050757270234679993673844203148013173091173786572116639
- -----BEGIN COMPRESSED RSA ENCRYPTED MESSAGE-----
Version: 1.99
Scheme: Crypt::RSA::ES::OAEP
eJwBswBM/zEwADE2MgBDeXBoZXJ0ZXh0LE2jxJS1EzMc80kOK+hra1GKnXgQKQgVitIy8NgA7kxn
2u8jNQDvlu0uymNNiu6XVCCn66axGH0IZ9w4Af3K/yRgjObsfA1Q7QqpXNALJ9FFPgYl5rh07cBP
M9kbSH6DynU/5cYgQod2KymjWcIvKx3FkjV4UOGakDnBf1eQp1uwvn3KxDVwTyzPqbMnZvOA06Ec
AfKtyz1hEK/UBXkeMeVrnV5SQQ==
=yTUshDMKN65aPaKAR0OU8g==
- -----END COMPRESSED RSA ENCRYPTED MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJSyly/AAoJEBgfAeV6NQkPHhUP/R7nuYiTMw+3sbe0xV+4rmiN
liSDmW6ibOK4UTkZDTeAS5kAKIjxCC3DwWi0lXqBGZyabojWHM2wRwYLOhvfKvgg
DgPnW1BSZ/R67GaUy0CM/vtZOtktBeIdntlZamk9DpW5bQ311c7N9dy6uWc8+hOM
umkcnT7u799zESazFgCeDSOw0cFgHDiG9UTAQxbe+NsXY/NKm4N0WAtgWmdte5ym
dU8ImpmXWg8NChdn49UtuAACi8s8tcI/lHj1Yjh+AQRbO2+Ozn9eSxUAQ1TsXSgt
30jKmXI5ss4WHS16nYsS97BUbo4oX3NBXaCjSZb7fKO9CRJBo3gm2R8/NcIMIkEc
GlQ/7rCQWHXA0MC+415ut5dcJf2ihwid81c1xsDyqQdfhEsWE/wVnK7Ujje+BgcO
ybBHl8ejJzWhZkCvesHOmIo1RLEanxlGUC5jcRLqImrT7A9CrO+EVFW16EZpvzug
Tsopo56+JbIFiIzAq+CGujHgDZnoHJFtB574utjOnZz9xzsVZ3lirQyAFOGauH+g
K+XxjXjY8tT5lppAgmF3zWKqha7NoV+9FgFl2q2SS9ue+s4Joyn5PYKnICJeze3i
K9BZ7gIT694s4dLEzu6kGaRyuNmx8qaoDs0kjvEB5pI+1buGuNAysHQWIDyY3DWb
CjJ1AnBLY0ObxaMbWMR/
=d5E8
-----END PGP SIGNATURE-----
PGP VALIDATION
PGP Validates - http://prntscr.com/2h1cvj
RSA THEORY
e = 65537
3.3.1. The rsa-sha1 Signing Algorithm
The rsa-sha1 Signing Algorithm computes a message hash as described
in Section 3.7 below using SHA-1 [FIPS.180-2.2002] as the hash-alg.
That hash is then signed by the signer using the RSA algorithm
(defined in PKCS#1 version 1.5 [RFC3447]) as the crypt-alg and the
signer's private key. The hash MUST NOT be truncated or converted
into any form other than the native binary form before being signed.
The signing algorithm SHOULD use a public exponent of 65537.
Source: http://www.ietf.org/rfc/rfc4871.txt
n = 75579125746085351644267182920580212556413102071876330957950694457000592\10248050757270234679993673844203148013173091173786572116639
3.3.3. Key Sizes
Selecting appropriate key sizes is a trade-off between cost,
performance, and risk. Since short RSA keys more easily succumb to
off-line attacks, signers MUST use RSA keys of at least 1024 bits for
long-lived keys. Verifiers MUST be able to validate signatures with
keys ranging from 512 bits to 2048 bits, and they MAY be able to
validate signatures with larger keys. Verifier policies may use the
length of the signing key as one metric for determining whether a
signature is acceptable.
Factors that should influence the key size choice include the
following:
o The practical constraint that large (e.g., 4096 bit) keys may not
fit within a 512-byte DNS UDP response packet
o The security constraint that keys smaller than 1024 bits are
subject to off-line attacks
o Larger keys impose higher CPU costs to verify and sign email
o Keys can be replaced on a regular basis, thus their lifetime can
be relatively short
o The security goals of this specification are modest compared to
typical goals of other systems that employ digital signatures
See [RFC3766] for further discussion on selecting key sizes.
Source: http://www.ietf.org/rfc/rfc4871.txt
STEGDETECT
Stegdetect also detects jphide data inside this image
- Stegdetects commonly detects false positives
Our n is 130 decimal digit s long or 429 bit.
SIDE NOTE
For people who are not going to go the bruteforce way, they can check their p and q assumptions here: http://codeseekah.com/cicada/isp.php
It is important to note that p and q are not necessarily primes (i.e. nobody forced 3301 to use primes). (http://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation).
Also note that factoring will take a long time, so guessing might be a good approach as well - look at sets of emirps for example, there might be a 60-65 digit emirp/prime set out there that produces n.
WE ALMOST SAME PUZZLE IN 2012. But it was individualized, one before last one.
IF YOU RUN OUTGUESS ON THE IMAGE WITH KEY OF 3011 YOU GET THE FOLLOWING:
RSA
DAFUQ IS THIS RSA ? WHY DO WE HAVE TO FACTORIZE n ? HOW RSA KEY WORKS ?
- http://youtu.be/M7kEpw1tn50?t=54s
- https://www.cs.drexel.edu/%7Ejpopyack/IntroCS/HW/RSAWorksheet.html
- http://searchsecurity.techtarget.com/definition/RSA
- http://en.wikipedia.org/wiki/RSA_%28algorithm%29
- https://en.wikipedia.org/wiki/Primality_test
*p distinct prime number
*q distinct prime number
*n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.
(In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm (such as a cipher).)
*e is released as the public key exponent.
RSA encryption and decryption
Assume that an RSA public key uses a modulus with j bits; its factors
are two numbers of about j/2 bits each. The expected computation
time for encryption and decryption are different. As before, we
denote the number of words in the machine representation of the
modulus by the symbol n.
Most implementations of RSA use a small exponent for encryption. An
encryption may involve as few as 16 squarings and one multiplication,
using n-by-n-word operations. Each operation must be followed by a
modular reduction, and therefore the time complexity is about 16*(.6
+ 1) + 1 + 1 ~= 28 n-by-n-word multiplies.
RSA decryption must use an exponent that has as many bits as the
modulus, j. However, the Chinese Remainder Theorem applies, and all
the computations can be done with a modulus of only n/2 words and an
exponent of only j/2 bits. The computation must be done twice, once
for each factor. The effort is equivalent to 2*(j/2) (n/2 by n/2)-
word multiplies. Because multiplying numbers with n/2 words is only
1/4 as difficult as multiplying numbers with n words, the equivalent
effort for RSA decryption is j/4 n-by-n-word multiplies.
If you double the size of the modulus for RSA, the n-by-n multiplies
will take four times as long. Further, the decryption time doubles
because the exponent is larger. The overall scaling cost is a factor
of 4 for encryption, a factor of 8 for decryption.
Source: http://tools.ietf.org/search/rfc3766#page-11
NFS FACTORIZATION
- http://gilchrist.ca/jeff/factoring/benchmark.html
- http://gilchrist.ca/jeff/factoring/nfs_beginners_guide.html
- http://gilchrist.ca/jeff/factoring/index.html
FACTORIZING CICADA 3301 PUZZLE n FOR REAL
TOGETHER AS ONE DIVIDED BY ZERO
Our best self-motivated coders distributed factorization among their boxes:
our heroes
- They used: http://cado-nfs.gforge.inria.fr/
- Number Field Sieve (NFS) algorithm.
- Currently on final step.
- Expect results "In Time."
- http://en.wikipedia.org/wiki/General_number_field_sieve
- I cant find any videos describing what NFS is
- http://www.youtube.com/watch?v=x_8YtOfKA0Q
- add if you find some
- http://primes.utm.edu/notes/rsa130.html
- Please read what GNFS is in respect to others doing hard work
13:36 <@mdzhb> PID28389 2014-01-07 05:27:44,557 Info:Lattice Sieving: Total CPU time: 878768.6999999997s 13:36 <@mdzhb> PID28389 2014-01-07 05:27:44,557 Info:Filtering - Singleton removal: Total cpu/real time for purge: 610.26/424.892 13:36 <@mdzhb> PID28389 2014-01-07 05:27:44,558 Info:Filtering - Merging: Total cpu/real time for replay: 43.01/37.4837 13:37 <@mdzhb> PID28389 2014-01-07 05:27:44,558 Info:Linear Algebra: Krylov: CPU time 34471.22, COMM time 954.22 13:37 <@mdzhb> PID28389 2014-01-07 05:27:44,559 Info:Linear Algebra: Mksol: CPU time 20060.39, COMM time 512.27 13:37 <@mdzhb> PID28389 2014-01-07 05:27:44,667 Info:Complete Factorization: Total cpu/real time for everything: 938758/18361
To all those who participated: YOU ROCK FOLKS! We did it!!!!!
SOLUTION GOES HERE SOLVED AT 07:39 GMT 7. 1. 2014
(23 hours after finding n, 8 hours of factorizing)
factors of n:
n= 7557912574608535164426718292058021255641310207187633095795069445700059210248050757270234679993673844203148013173091173786572116639
are:
sage: p = 97513779050322159297664671238670850085661086043266591739338007321 sage: q = 77506098606928780021829964781695212837195959082370473820509360759 sage: p.is_prime() True sage: q.is_prime() True sage: p*q confirmed!
NEXT STEP
Next step will be to use the two prime numbers, *p & *q, to recreate the private RSA KEY and decrypt the message:
-----BEGIN COMPRESSED RSA ENCRYPTED MESSAGE----- Version: 1.99 Scheme: Crypt::RSA::ES::OAEP eJwBswBM/zEwADE2MgBDeXBoZXJ0ZXh0LE2jxJS1EzMc80kOK+hra1GKnXgQKQgVitIy8NgA7kxn 2u8jNQDvlu0uymNNiu6XVCCn66axGH0IZ9w4Af3K/yRgjObsfA1Q7QqpXNALJ9FFPgYl5rh07cBP M9kbSH6DynU/5cYgQod2KymjWcIvKx3FkjV4UOGakDnBf1eQp1uwvn3KxDVwTyzPqbMnZvOA06Ec AfKtyz1hEK/UBXkeMeVrnV5SQQ== =yTUshDMKN65aPaKAR0OU8g== -----END COMPRESSED RSA ENCRYPTED MESSAGE-----
Script that does all this in one step:
- Script for decryption (insert correct p, q, e and encrypted message)
- ! copy script from Raw Paste Data on bottom of pastebin page
- pastebin formatting from normal window causes:
- Uncaught exception from user code: Breached Armour.
- To fix it you have to move the my $plaintext and the message to the beginning of the line
- Winfags need: http://strawberryperl.com/ (dont forget to set paths: http://prntscr.com/2h0193)
HERE WE GO:
SCRIPT WITH p, q, and RSA ENCRYPTED MESSAGE inserted
ONION no2: http://cu343l33nqaekrnw.onion/
OUTPUT OF PERL SCRIPT IS:
cu343l33nqaekrnw.onion
http://cu343l33nqaekrnw.onion/
http://cu343l33nqaekrnw.onion.to/
https://cu343l33nqaekrnw.tor2web.org/
CONTENT:
<|!--Patience is a virtue--|>
634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724c
634292ba49fe336edada779a34054a335c2ec12c8bbaed4b92dcc05efe98f76abffdc2389bdb9de2cf20c009acdc1945ab095a52609a5c219afd5f3b3edf10fcb25950666dfe8d8c433cd10c0b4c72efdfe12c6270d5cfde291f9cf0d73cb1211140136e4057380c963d70c76948d9cf6775960cf98fbafa435c44015c5959837a0f8d9f46e094f27c5797b7f8ab49bf28fa674d2ad2f726e197839956921dab29724c
6342 92ba 49fe 336e dada 779a 3405 4a33 5c2e c12c 8bba ed4b 92dc c05e fe98 f76a bffd c238 9bdb 9de2 cf20 c009 acdc 1945 ab09 5a52 609a 5c21 9afd 5f3b 3edf 10fc b259 5066 6dfe 8d8c 433c d10c 0b4c 72ef dfe1 2c62 70d5 cfde 291f 9cf0 d73c b121 1140 136e 4057 380c 963d 70c7 6948 d9cf 6775 960c f98f bafa 435c 4401 5c59 5983 7a0f 8d9f 46e0 94f2 7c57 97b7 f8ab 49bf 28fa 674d 2ad2 f726 e197 8399 5692 1dab 2972 4c
STRING LENGHT
String is 326 characters at last edit and counting. String seems to be growing incrementally.
- [08:48] String is 280 characters.
- [09:13] it's 284 now.
- [10:10] 296 char
- [10:34] 300 char
- [11:34] 306 char
- [11:52] 310 char
- [11:56] 312 char
- [11:19 GMT] 318 char
- [11:55 GMT] 320 char
- [12:03 GMT] 322 char
- [12:15 GMT] 324 char
- [12:20 GMT] 326 char
XOR? OR NOT XOR?
Since string on Onion no 2 is growing; we expect it is like it was reddit in 2012 and twitter in 2013.
Most agree that XOR Would be good guess
WE NEED LIST OF THINGS THAT HAVE BEEN XORED AND RESULTED STRINGS
