In early January 2014, people gathered together to wait for the next signs of life from Cicada 3301. After several attempts to mislead solvers, eventually, a genuine message from cicada was found. On January 6th, the twitter used by cicada in 2013 was re-examined; after being in active for about a year, it featured a tweet linking to an image on imgur.
In line with earlier rounds, this image contained a message, which can be recovered using the program outguess. Executing
outguess -r zN4h51m.jpg zN4h51m_output
on a linux machine returns this message.
Unlike any previous attempts by the numerous distractors, the authenticity of this message was established by verifying its PGP signature. It contains a valid signature for the PGP key used by cicada in the past.
The Book CipherEdit
The message looked like a book cipher - and indeed, book ciphers have been used by cicada in the past. The community quickly found the book in question - Self-Reliance and Other Essays by Ralph Waldo Emerson.
To illustrate how to solve this, let us take the first line of the message:
This references the first paragaph of the text, the second sentence, of which the third word and finally the first letter. To make a long story short, this returns "always" - the first character is a. Following this scheme (with the exception being the sole number "3" in the cipher referencing the third character, an l in the authors name) and appending the vertically spelled ".onion" to the result, we finally come up with this:
The resulting onion domain was quickly investigated. However, it appears to be offline as of January 9th 2014.
The First OnionEdit
Following the usual procedure for investigating images, it was noticed that this image contains a message, again, extractable by outguess. This message in its entirety can be found here. The following is its content, omitting the PGP header and signature:
e = 65537 n = 75579125746085351644267182920580212556413102071876330957950694457000592\ 10248050757270234679993673844203148013173091173786572116639 - -----BEGIN COMPRESSED RSA ENCRYPTED MESSAGE----- Version: 1.99 Scheme: Crypt::RSA::ES::OAEP eJwBswBM/zEwADE2MgBDeXBoZXJ0ZXh0LE2jxJS1EzMc80kOK+hra1GKnXgQKQgVitIy8NgA7kxn 2u8jNQDvlu0uymNNiu6XVCCn66axGH0IZ9w4Af3K/yRgjObsfA1Q7QqpXNALJ9FFPgYl5rh07cBP M9kbSH6DynU/5cYgQod2KymjWcIvKx3FkjV4UOGakDnBf1eQp1uwvn3KxDVwTyzPqbMnZvOA06Ec AfKtyz1hEK/UBXkeMeVrnV5SQQ== =yTUshDMKN65aPaKAR0OU8g== - -----END COMPRESSED RSA ENCRYPTED MESSAGE-----
The message can be seperated into two parts. The first part, spanning the first 3 rows, declares two values, an N and an e. The next part, hugged by "BEGIN COMPRESSED RSA ENCRYPTED MESSAGE", contains information about an encryption scheme, also called a chiffre, as well as data encoded in base64. Base64 is a scheme to encode unprintable bytes into printable characters.
The Scheme line tells us, that the following message is encrypted using the cipher RSA. It was decided to get to the meat of this cipher.
The Hunt For The Private KeyEdit
RSA is a moderately complex cipher to understand; Numberphile provides a good introduction to the topic. Its main advantage is that it allows sharing of encryption keys without transmitting the key in plaintext or agreeing on a key in advance, for example, by meeting in person. This is impractical for basically all occasions.
N and e are variables commonly used in the mathematical aspects of RSA; in fact, they constitute the public part of the key. The public and the private parts are mathematically related. Without going too much into detail, they both are related to N, which is the product of two large primes, called p and q. If an attacker manages to factor N, which is part of the openly available public key, then calculating the private key, which allows for encryption of messages and appearing as the genuine owner of the key, is trivial; in fact, calculating the private components from the found p and q would take less than a second on any modern computer.
In reality, this is a computationally hard problem. Usually, an N with 2048 or 4096 bits is being used, as they provide enough complexity to not be factored in the foreseeable future. To our luck, the given N is a lot less complex than the one used in our case. This N is 432 bits or 130 decimal digits long.
To sum up: we have received a message and the public key it was encrypted with. To decrypt the message, something only the owned or the private key could do, we need to find the private key.
The community behind this wiki has exhausted a lot of options to gather this information. They have searched for suspicious information in the data provided so far, investigated images, correlations, connections.
To be continued, please don't delete. I know where you live.