|
some guy signed up on SA to spam what is presumably an ARG: https://forums.somethingawful.com/showthread.php?threadid=3894591 https://forums.somethingawful.com/showthread.php?threadid=3750534&pagenumber=209&perpage=40#post496949575 https://forums.somethingawful.com/showthread.php?threadid=3846107&pagenumber=265&perpage=40#post496949682 etc don't know if there's already a thread so i'll post progress here --- the "missing" poster in the spammed post has a github repo url in it: https://github.com/saphirecalypso/F2D64AD97033074E forums poster cZk got the first stage https://forums.somethingawful.com/showthread.php?threadid=3894591#post496950300  that red text is the ISBN of TCP/IP Illustrated and a ref to a specific diagram in it  the name of the repo, F2D64AD97033074E, turns up this vid with the same name on youtube https://www.youtube.com/watch?v=qj8uYBbUvQk video description is "you have made it half way." the same account also uploaded this video "OPAL JADE 3" https://www.youtube.com/watch?v=qweD28f4hpw video description is "C79A43F5E5E8E988" the gihub repo also contains two EC private keys: https://github.com/saphirecalypso/F2D64AD97033074E/blob/master/POTATOES and a file with a hint that it's "AES256": https://github.com/saphirecalypso/F2D64AD97033074E/blob/master/MEAT --- i'll make the wiki
|
#
?
Jul 24, 2019 02:19
|
|
|
|
| # ? May 9, 2024 14:08 |
|
|
|
|
#
?
Jul 24, 2019 02:22
|
|
|
oh kewl you saved me the anxiety of trying to figure out where to post this thread here's what I've found thus far: youtube video has some SSTV auto, which translates to  here's that site: http://45.55.24.10/chocolateWonder.msf currently trying to figure out what the username is supposed to be related to this??? https://github.com/saphirecalypso/F2D64AD97033074E/blob/master/MEAT
|
|
#
?
Jul 24, 2019 02:29
|
|
|
p.s. the hangul on the missing poster translates to "Let's play....reality games"
|
|
#
?
Jul 24, 2019 02:30
|
|
|
good poo poo op
|
|
#
?
Jul 24, 2019 02:38
|
|
|
real life in 2019 is an alternate reality game
|
|
#
?
Jul 24, 2019 02:43
|
|
|
gas
|
|
#
?
Jul 24, 2019 02:43
|
|
|
Sirotan posted:here's that site: http://45.55.24.10/chocolateWonder.msf main page of that site has a link to this file http://45.55.24.10/mitmcert.cer this looks at first glance to be a normal local mitmproxy CA. unsure of relevance if any theres also 3 exe's linked "LittleTornado.exe HDD/SSD nuker" "NT8-PWGrabber.exe ntlm hash grabber" "JADEOPAL.exe pwrsh revsh hits NY C&C cluster" ptr record for that ip is em-attack.com fwiw Rufus Ping fucked around with this message at 02:50 on Jul 24, 2019 |
|
#
?
Jul 24, 2019 02:44
|
|
|
Sirotan posted:here's that site: http://45.55.24.10/chocolateWonder.msf if you go to the main page of the url in this file, there's a hidden link at the bottom of that page to http://purplewaterbottle.com/rainbowkitten/lander.php
|
|
#
?
Jul 24, 2019 02:55
|
|
|
rooting around also reveals 3 supposed openvpn config files, apparently for commercial vpn provider IVPN http://purplewaterbottle.com/rainbowkitten/Filez/DANGER/
|
|
#
?
Jul 24, 2019 02:59
|
|
|
Rufus Ping posted:if you go to the main page of the url in this file, there's a hidden link at the bottom of that page to http://purplewaterbottle.com/rainbowkitten/lander.php nice find! i am trying to figure out the AES bit of the username to log into purplewaterbottle.com/saphirecalypso, but with every ARG i've ever tried to participate on, i totally suck at ciphers
|
|
#
?
Jul 24, 2019 02:59
|
|
|
Sirotan posted:i am trying to figure out the AES bit of the username to log into purplewaterbottle.com/saphirecalypso https://github.com/saphirecalypso/F2D64AD97033074E/blob/master/MEAT aes256 uses a 256 bit (=32 byte =64 hex char) key and potentially a 128 bit (=16 byte =32 hex char) IV the base64 string in that file is 384 bits, so it could be both concatenated. or something else entirely what is the ciphertext we're supposed to be decrypting with aes? i assume the plaintext is then used as the username for the next step
|
|
#
?
Jul 24, 2019 03:12
|
|
|
Rufus Ping posted:https://github.com/saphirecalypso/F2D64AD97033074E/blob/master/MEAT that MEAT file used to be this, two days ago: quote:So now about it. I am son to sing what his father island or foul, your loom, she was high up in two of his dead close took her side of him." related???
|
|
#
?
Jul 24, 2019 03:14
|
|
|
as for the password,https://pastebin.com/6pr5Trsd posted:a = [They are classed as biologically unacceptable, a menace to the pristine heredity of the race. Once pegged as special, a citizen, even if accepting sterilization, dropped out of history. He ceased, in effect, to be part of mankind.] questions: - what hash function outputs 13-digit (decimal digit? hex digit?) codes - what are those comments for
|
|
#
?
Jul 24, 2019 03:15
|
|
|
they are quotes from literary passages. First is from Blade Runner. second is from whatever the gently caress this is: http://lib.oto-usa.org/libri/liber0002.html think a is probably bladerunner and b is mastertherion
|
|
#
?
Jul 24, 2019 03:20
|
|
|
those fuckers are mocking us nowquote:Sneaking about, yet not going far.
|
|
#
?
Jul 24, 2019 03:21
|
|
|
<br><BR><!-- atleast youre faster than imgur... they have had a head start --> lol
|
|
#
?
Jul 24, 2019 03:26
|
|
|
uhh don't know if this is meant for us or someone else but http://purplewaterbottle.com/rainbowkitten/Filez/files.php The AES KEY IS: enoovgUbyr_2019 jaqiqkLqlp_2019 Keep up the excellent work. We are proud of your endevours. Virgenereire key = saphirecalypso
|
|
#
?
Jul 24, 2019 03:28
|
|
|
Rufus Ping posted:uhh don't know if this is meant for us or someone else but they just updated it so I guess so!
|
|
#
?
Jul 24, 2019 03:31
|
|
|
hi ARG creators, ARGs are cool and your efforts are appreciated even if i am too dense to solve it
|
|
#
?
Jul 24, 2019 03:34
|
|
|
thank you, i hate it
|
|
#
?
Jul 24, 2019 03:36
|
|
|
hmm ok the AES keys are now listed as enoovgUbyr_2018 jaqiqkLqlp_2018 (note 2018, not 2019) also not sure where a Vigenere [sic] cipher is going to come into play yet, but here is a decoder https://www.dcode.fr/vigenere-cipher edit: looks like this enoovgUbyr_2018 => mnzhnpqzyg_2018 jaqiqkLqlp_2018 => rabbithole_2018 Sirotan fucked around with this message at 03:49 on Jul 24, 2019 |
|
#
?
Jul 24, 2019 03:46
|
|
|
it's 2017 now! enoovgUbyr_2017 jaqiqkLqlp_2017
|
|
#
?
Jul 24, 2019 03:48
|
|
|
(it's also php, so might be changing automatically in response to something)
|
|
#
?
Jul 24, 2019 03:49
|
|
|
Sirotan posted:hmm ok the AES keys are now listed as enoovgUbyr_2018 jaqiqkLqlp_2018 (note 2018, not 2019) the _2018 isn't part of the alphabet used, so i think we can ignore that? rabbitHole (capital H) looks good
|
|
#
?
Jul 24, 2019 03:52
|
|
|
enoovgUbyr is just rot13 of the same thing (rabbitHole) lol
|
|
#
?
Jul 24, 2019 03:55
|
|
|
Ready to decode this and be a part of the trump cyber team
|
|
#
?
Jul 24, 2019 03:55
|
|
|
who cares
|
|
#
?
Jul 24, 2019 03:57
|
|
|
Rufus Ping posted:enoovgUbyr is just rot13 of the same thing (rabbitHole) lol dang it
|
|
#
?
Jul 24, 2019 03:57
|
|
|
args are never followed up by anything worthwhile
|
|
#
?
Jul 24, 2019 03:57
|
|
|
13 digit code = the isbn-13 of those books
|
|
#
?
Jul 24, 2019 03:58
|
|
|
^^^noice op image on the github page says "Do not fall for the holes, where rabbits keep their gold.", maybe this is a red herring??
|
|
#
?
Jul 24, 2019 03:58
|
|
|
Pollyanna posted:who cares cypher-nards
|
|
#
?
Jul 24, 2019 04:00
|
|
|
hrm it could be. nevertheless: The Book of the Law - Weiser Books (Reissue edition; May 1987; ISBN 0-87728-334-6) working on philip k dick one
|
|
#
?
Jul 24, 2019 04:03
|
|
|
Do Androids Dream of Electric Sheep? 978-0345404473 The Book of the Law 978-0877283348 op do you concur Sirotan fucked around with this message at 04:06 on Jul 24, 2019 |
|
#
?
Jul 24, 2019 04:04
|
|
|
electric sheep 1984 del ray edition is 9780345323880
|
|
#
?
Jul 24, 2019 04:06
|
|
|
hrm, might be too many possibilities here
|
|
#
?
Jul 24, 2019 04:07
|
|
|
ok I think we were forgetting these clues: M = 13 digit code(a) <!-- //DELishusRAYcast1984 --> N = 13 digit code(b) <!-- //HeferWEISER1987 --> so 1984 versions of the Dick book, and 1987 version of the Crowley book? edit: jk op it seems you did not forget these...
|
|
#
?
Jul 24, 2019 04:10
|
|
|
the ones i posted dont work (with username=rabbitHole), need to double check them
|
|
#
?
Jul 24, 2019 04:12
|
|
|
|
| # ? May 9, 2024 14:08 |
|
|
so password is 97803453238809780877283348 ? this does not work with rabbitHole or rabbitHole_2016 edit: could not find a winning combo but now it is time for sleep, goodnight op(s) and i'll pick this up tomorrow Sirotan fucked around with this message at 04:54 on Jul 24, 2019 |
|
#
?
Jul 24, 2019 04:12
|
|