Fandom

Uncovering Cicada Wiki

XOR all the things

139pages on
this wiki
Add New Page
Talk0 Share

XOR TOOLS

futile Python XOR script http://pastebin.com/raw.php?i=cyTuaCZd

Win32 XOR: http://ompldr.org/vZ3puNg/OptXor2.8-crashdemons.zip

other XOR tools: PLEASE ADD!



Tool for XORing:

http://codeseekah.com/cicada/xor.html



Crashdaemons tool from OTP22, XORS files with different offsets looking for ASCII characters.

http://code.google.com/p/otpxor/




another Python XOR script: http://pastebin.com/tU7veUHA

File reverser: http://pastebin.com/raw.php?i=eQ4j3Vaw


WHAT YOU CAN XOR

DATA/*, AUDIO/*, twitter data, twitter image, start image, hello, hint, wisdom/folly, PNG from .13 DATA, JPG from twitter data, all sorts of pads like 330133013301... or prime numbers..., Cicada's public key, files from the image (including SPLASH.RLE) and the 3301.img filesystem, etc.

+ reverse, several passes (a xor b xor c...), and offsets - a million ways to go about this, good luck!


WHAT WAS XORd (no guarantees):

167.mp3 761.mp3 wisdom wisdom.rev folly.wisdom 3301/DATA/560.13.rev 3301/DATA/560.13;1 3301/DATA/560.17.rev 3301/DATA/560.17;1 3301/DATA/_560.00.rev 3301/DATA/_560.00;1 34a87d4db5cdcdf30785cf0a1dd71bba.png 34a87d4db5cdcdf30785cf0a1dd71bba.rev hello hello.rev key.asc key.rev start.jpg start.rev runes.jpg runes.rev twitter.out twitter.rev outt.png

Against one another with offsets 0, xor with 3 of all (all combinations of 3). Fed to "file" identification software, nothing suspiicous flagged turned out to be real so far.

outt.png XORd with all files at all first 10,000 prime offsets.

wisdom XORd with all files at all first 10,000 prime offsets.

forest.raw and forest.raw.rev (undecoded forest messages) with all files at all firest 10,000 prime offsets.

XORders, please continue, there is so much to xor!



PEOPLE XORING OLD STUFF AGAIN (JAN 2014)

Form more look for logs of #Cicada3301 on http://spiers.usr.sh:808/


<cluosh> teefs: yea, but 560.13 is still huge. there needs to be a reason why they chose such a huge file
<cluosh> Lurker69: no idea. but what doesn't have a valid signature can just as well be a troll
<Lurker69> cluosh: yeah but ppl are saying that they saw similar shit in brood
<Lurker69> off the record :-)
<teefs> cluosh: is huge...idk what ur gettin at
<teefs> Lurker69: this wisdom xor with modsiw https://infotomb.com/yfy8g
<teefs> in case u dont have
<teefs> nothin ther
<cluosh> teefs: I'm getting at, that we didn't decrypt ALL of 560.13
<teefs> we dint use 560.13 at all iirc
<cluosh> teefs: yes we did
<teefs> for twitter?  which?
<cluosh> teefs: if you xor 560.13 with gematria jpg you get a png file
<teefs> ahh
<cluosh> teefs: if you xor 560.13 with offsets and infos from phone calls, you get onion's
<teefs> i thought that was 17
<cluosh> teefs: but it's still a huge fucking file
<teefs> yea
<cluosh> teefs: iirc it was both 13, and 17
<teefs> hrm
<cluosh> i suggest that 560.13 is an archive of some kind, zip, rar, tar, whatever
<cluosh> when xored with the right key and offset

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.