Cicada 3301: The hunt continues in 2014
The first part .Despite fears that publicity in the media would prevent this, Cicada began a new recruitment on January 6, 2014.
The high popularity of this quest meant the appearance of a huge number of fake pictures from people posing as “Cicadas”, which actually happened. From the first days of January, 4chan began to fill with "black pictures with white text" posing as new tasks. However, on January 5, a day after the usual publication of the first assignment, when everyone had already begun to disperse, and the last hope was lost ...
After almost a year of inactivity, from the Twitter account on which the tasks of previous years were posted, posted a picture with the following text: “Hello. Epiphany is upon you. Your pilgrimage has begun. Enlightenment awaits. Good luck. 3301. ", which can be translated as" Hello. Behold the Epiphany. Your pilgrimage has begun. Enlightenment awaits. Good luck. 3301. "
')
In the picture, as usual, the path to the next task was hidden, but this time it was not there. Having played a little with Photoshop I managed to get the following image:
It turns out that the black color was not black at all, but very dark gray, although at least I had already done something. The really important message was to get a little more difficult: it was necessary to skip the picture through the well-known OutGuess, which with the help of steganography hides different text in different files. Here is what he showed us:
OutGuess output
----- BEGIN PGP SIGNED MESSAGE -----
Hash: SHA1
The work of a private man
who wanted to transcend
He trusted himself
to produce from within.
1: 2: 3: 1
3: 3: 13: 5
45: 5: 2: 3
20: 3: 20: 5
8: 3: 8: 6
48: 5: 14: 2
21: 13: 4: 1
25: 1: 7: 4
15: 9: 3: 4
1: 1: 16: 3
4: 3: 3: 1
8: 3: 26: 4
47: 3: 3: 5
3
13: 2: 5: 4
1: 4: 16: 4
.
o
n
i
o
n
Good luck.
3301
----- BEGIN PGP SIGNATURE -----
Version: GnuPG v1.4.11 (GNU / Linux)
iQIcBAEBAgAGBQJSyjguAAoJEBgfAeV6NQkPsgAP / A3tMC3lpyFNAc / sj + Izu15S
CzUjZJMe20Gu9UMNokQ2UJabktv9w0GMyK17TrMkUcU + ZpjdzGNqKoE2ETVxLmD /
uBZtR5PnF9EE3D08tJUPN1vSrYNkYk + 9zcaUJZMPNgYNCt / CACutPwrOci9i9FDO
7BIpnhGqT3ZruqrSwO2Y73LJI1xxUt1XUqh1NQ + fJeAFMRkJBZZazkxRlgk3GGsF
fLrcEKrS + KBipV1EQaaKxjISc9hc2c1TfxE66evlkN + zLcoyDcYuyruNM5wiZzgM
2uR58c + xgWQgG5UuLFClfvjDxUvDkrKt4mzEeaYSUm1MsYueuYklz4ydlg5Mf6l2
p1WyAxO52XfXVUZASk6VmaEQ0WjODTXvLeFTxUSDoKDMkvxDVxX6wGkufS9JwakB
nTZizZ8Ypv8GcNCuNNGd6gZ1Vk2MYntggXdX8INd0Itcd3QnLqbBnATDOinDxlOs
5zTrtyTHNaxxDagPfAbU1jMXM0aHd7PFAzjjp7kgCTWqMyBch + 8Vt80bjkdL9iw8
Q3hxuanq8mh6nUGc + tNe0UfqKHEbE + jWIezYqgawJB0M9R5OhxWE + E + jPXtZKkXQ
JHYndPDrrsV8q27b7p0KN0 + oblTkjqsItIAuLu7FNd0B4xb1jjp1Sbh7WJdZ / rbi
mCO0vN / obU9qK1Vfapy0
= 6Gxk
----- END PGP SIGNATURE -----
Hash: SHA1
The work of a private man
who wanted to transcend
He trusted himself
to produce from within.
1: 2: 3: 1
3: 3: 13: 5
45: 5: 2: 3
20: 3: 20: 5
8: 3: 8: 6
48: 5: 14: 2
21: 13: 4: 1
25: 1: 7: 4
15: 9: 3: 4
1: 1: 16: 3
4: 3: 3: 1
8: 3: 26: 4
47: 3: 3: 5
3
13: 2: 5: 4
1: 4: 16: 4
.
o
n
i
o
n
Good luck.
3301
----- BEGIN PGP SIGNATURE -----
Version: GnuPG v1.4.11 (GNU / Linux)
iQIcBAEBAgAGBQJSyjguAAoJEBgfAeV6NQkPsgAP / A3tMC3lpyFNAc / sj + Izu15S
CzUjZJMe20Gu9UMNokQ2UJabktv9w0GMyK17TrMkUcU + ZpjdzGNqKoE2ETVxLmD /
uBZtR5PnF9EE3D08tJUPN1vSrYNkYk + 9zcaUJZMPNgYNCt / CACutPwrOci9i9FDO
7BIpnhGqT3ZruqrSwO2Y73LJI1xxUt1XUqh1NQ + fJeAFMRkJBZZazkxRlgk3GGsF
fLrcEKrS + KBipV1EQaaKxjISc9hc2c1TfxE66evlkN + zLcoyDcYuyruNM5wiZzgM
2uR58c + xgWQgG5UuLFClfvjDxUvDkrKt4mzEeaYSUm1MsYueuYklz4ydlg5Mf6l2
p1WyAxO52XfXVUZASk6VmaEQ0WjODTXvLeFTxUSDoKDMkvxDVxX6wGkufS9JwakB
nTZizZ8Ypv8GcNCuNNGd6gZ1Vk2MYntggXdX8INd0Itcd3QnLqbBnATDOinDxlOs
5zTrtyTHNaxxDagPfAbU1jMXM0aHd7PFAzjjp7kgCTWqMyBch + 8Vt80bjkdL9iw8
Q3hxuanq8mh6nUGc + tNe0UfqKHEbE + jWIezYqgawJB0M9R5OhxWE + E + jPXtZKkXQ
JHYndPDrrsV8q27b7p0KN0 + oblTkjqsItIAuLu7FNd0B4xb1jjp1Sbh7WJdZ / rbi
mCO0vN / obU9qK1Vfapy0
= 6Gxk
----- END PGP SIGNATURE -----
As can be seen from the text, there is an encrypted .onion site, whose address was hidden in the book of Ralph Waldo Emerson, to extract the letters, it was necessary to use the following code: x: x: x: x = (paragraph: sentence: book: letter) After a long Searches were able to find this address: auqgnxjtvdbll3pv.onion, clicking on which you got to the page with a collage of modified paintings of William Blake. (Try to find the cicada symbol in the image)
Again using OutGuess, a 130-digit number and an encrypted message were found, to decrypt which, it was necessary to factor the semisimple number and recover the RSA key from the resulting numbers. Despite the simplicity of this process, factorization took a lot of time, all the work was distributed among the volunteers' computers (about 30 people) and took 8 hours. Let's be honest, it was quite fast compared to 1994, when a 129-digit semi-simple number factored 600 people for eight months.
After decrypting the message, we received a new Tor address: cu343l33nqaekrnw.onion . This time the site had an ever-growing list of characters, in which 2 new ones were added every few minutes. We sat and waited. We waited like this for 23 hours. Many guys went to search the previous messages, in the hope of finding the information that was lost earlier. Some tried to determine the sequence of the appearance of characters, and thereby predict what would be next. Until finally everything stopped, at this point the number of characters was 512. A few minutes later the site was a blank page, and a minute later a line appeared containing more than 360,000 characters. Ultimately, it was transformed into 3 separate images, each of which contained a hidden message and 2 lines of mixed letters and numbers:
IDGTK UMLOO ARWOE RTHIS UTETL HUTIA TSLLO
UIMNI TELNJ 7TFYV OIUAU SNOCO 5JI4M EODZZ
Suddenly, the main chat that we used to coordinate actions was filled with ideas from people who had heard about Cicada only from the news and had no idea what was going on at all. Drowning in a huge amount of ideas and questions, real solvers spent most of the day decoding, although it should have taken no more than a couple of hours. After all, the decoding of this text was a very simple process of rearrangement, including columns. As a result, we received this message:
GOOD WORK
ULTIMATE TRUTH IS THE ULTIMATE ILLUSION
JOIN US AT FV7LYUCMEOZZD5J4ONIO
It is assumed that the last n of onion was intentionally omitted.
Soon a huge number of people gathered at the indicated site and various oddities began there. All visitors to the site welcomed a blank page. Many tried to search the site for any hidden information. One even managed to find the server status page, which, as it seems to us, we should not have found. On this page, the IP addresses of all visitors were recorded. Almost immediately after this, the contents of the main page changed. Every few minutes 2 symbols appeared again, just like a few days ago. Even after a day it did not stop, and we again sit and wait. Some try to look for missing parts in previous tasks, but for the most part we do nothing.
(Condition on Friday, January 10th)
PS Please forgive me for the brevity of this text, this is only a third of the entire 2014 investigation. And, gentlemen, please tell me, would you like to continue this cycle as a simple story, or in more detail, with all the slightest nuances of this investigation?
Thank.
Source: https://habr.com/ru/post/211428/
All Articles