Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«35 »
  • Post
  • Reply
SpaceGoatFarts
Jan 5, 2010


Zelmel posted:

maybe an SHA hash or something? The fact that the message lists a salt right after suggests it too.

All messages mention a "SALT", and most of them are simply decimal to ASCII correspondences. Sometimes it required a bit more unscrambling via an external key which is a txt file fond on one of the discs.

That message 3233 is really strange because this time the values are hexadecimal and fall outside the range used before (basically 48-90 for standard characters), and they seem evenly distributed over the whole range 0-255, so the coding method is obviously different.

SpaceGoatFarts fucked around with this message at Oct 2, 2012 around 15:42

Adbot
ADBOT LOVES YOU

Winkle-Daddy
Mar 10, 2007


The IRC server appears to be down or is it just me?

When my co-worker went back to the Lake Oswego library he found the book of first ladies was no longer present. This was a reference book that cannot be checked out; so it appears to have been stolen. Probably unrelated, but my co-worker also had the air let out of his tires in the 90 minutes or so he was in the library; he had to go to the gas station and re-fill them (which is why he thinks air was simply let out, they weren't slashed or anything).

We have also made no progress on brute forcing the trueCrypt volume; but are increasingly skeptical about being able to brute force it with a dictionary attack; too out of character for the ARG for the volume to be encrypted with anything found in a dictionary. It must have something to do with either the 3233 code or the LO drop.

ymgve
Jan 2, 2004




One of the phone numbers started spewing out different stuff yesterday. I've managed to extract this number sequence from the recordings, but I can't get any further. Anyone else able to solve it?

4 10 12 5 4 10 8 15 4 10 12 15 8 5 4 10 4 5 24 5 12 5 4 5 - 4 10 4 15 12 10 4 15 4 5 24 10 4 20 16 15 24 10 4 10

CloFan
Nov 5, 2004

Khaleesi..


Winkle-Daddy posted:


When my co-worker went back to the Lake Oswego library he found the book of first ladies was no longer present. This was a reference book that cannot be checked out; so it appears to have been stolen. Probably unrelated, but my co-worker also had the air let out of his tires in the 90 minutes or so he was in the library; he had to go to the gas station and re-fill them (which is why he thinks air was simply let out, they weren't slashed or anything)..
That's very odd. Did he ask a librarian about the book? Also, can he look for security cameras to see if any could see where his vehicle was parked?

I'm curious about the tires thing. Were all four let out? Did he mention the book to anyone at the library? If so, maybe whoever he spoke with or was within earshot is part of the game. Then again, messing with someone's car like that doesn't seem to be in the nature of a game like this.

Winkle-Daddy
Mar 10, 2007


CloFan posted:

That's very odd. Did he ask a librarian about the book? Also, can he look for security cameras to see if any could see where his vehicle was parked?

I'm curious about the tires thing. Were all four let out? Did he mention the book to anyone at the library? If so, maybe whoever he spoke with or was within earshot is part of the game. Then again, messing with someone's car like that doesn't seem to be in the nature of a game like this.

I just asked him, apparently it was just one tire. He got in the car and the "tire pressure" warning light was on. He did ask the librarian about the book who walked him over to where it was supposed to be. She grumbled something about how you're not supposed to check out that book; she checked the computer and no one had checked it out. It was either gone or put in a completely wrong place. He did not look for security cameras; the library was closing up when he left so he just went to the gas station to refill the air in his tire.

CloFan
Nov 5, 2004

Khaleesi..


^^that's probably just a coincidence then.

ymgve posted:

One of the phone numbers started spewing out different stuff yesterday. I've managed to extract this number sequence from the recordings, but I can't get any further. Anyone else able to solve it?

4 10 12 5 4 10 8 15 4 10 12 15 8 5 4 10 4 5 24 5 12 5 4 5 - 4 10 4 15 12 10 4 15 4 5 24 10 4 20 16 15 24 10 4 10

Came up with this, which is probably nothing:



CloFan fucked around with this message at Oct 2, 2012 around 16:39

Oppenheimer
Dec 26, 2011

Fuck 'em, we ball

Those numbers add up to 420.

party hat
Apr 22, 2010


Winkle-Daddy posted:

I just asked him, apparently it was just one tire. He got in the car and the "tire pressure" warning light was on. He did ask the librarian about the book who walked him over to where it was supposed to be. She grumbled something about how you're not supposed to check out that book; she checked the computer and no one had checked it out. It was either gone or put in a completely wrong place. He did not look for security cameras; the library was closing up when he left so he just went to the gas station to refill the air in his tire.

It's possible he had a slow leak of some sort, like driving over a nail or a rim leak and it just happened to go over the limit of the warning point while he was there, and that would still allow him to put air in it without it deflating immediately. Have him check his tire pressure over the next little bit and see if its going down at a faster than normal rate.

Either that or this isn't an ARG after all.

PhantomBowie
Sep 3, 2009

"I always had a repulsive need to be something more than human."


ymgve posted:

One of the phone numbers started spewing out different stuff yesterday. I've managed to extract this number sequence from the recordings, but I can't get any further. Anyone else able to solve it?

4 10 12 5 4 10 8 15 4 10 12 15 8 5 4 10 4 5 24 5 12 5 4 5 - 4 10 4 15 12 10 4 15 4 5 24 10 4 20 16 15 24 10 4 10

Im at work so I can't follow through too well, but I started converting those to binary and then to text. Though I'm sort of seeing a pattern with numbers after the 4 10s(not related to the binary/text previously mentioned)

Mr Underhill
Feb 14, 2012


I feel dumber and dumber, but I'm still returning to this thread. It's great.

Winkle-Daddy
Mar 10, 2007


party hat posted:

It's possible he had a slow leak of some sort, like driving over a nail or a rim leak and it just happened to go over the limit of the warning point while he was there, and that would still allow him to put air in it without it deflating immediately. Have him check his tire pressure over the next little bit and see if its going down at a faster than normal rate.

Either that or this isn't an ARG after all.

It is possible; just another coincidence, much like the crashing into the phone booth in silentblue hill.

SpaceGoatFarts
Jan 5, 2010


ymgve posted:

One of the phone numbers started spewing out different stuff yesterday. I've managed to extract this number sequence from the recordings, but I can't get any further. Anyone else able to solve it?

4 10 12 5 4 10 8 15 4 10 12 15 8 5 4 10 4 5 24 5 12 5 4 5 - 4 10 4 15 12 10 4 15 4 5 24 10 4 20 16 15 24 10 4 10

I don't know if it helps, but these are all multiples of 4 and 5 unless I'm mistaken?

edit: actually, it's alternating between multiples of 4 and 5

SpaceGoatFarts fucked around with this message at Oct 2, 2012 around 17:37

CloFan
Nov 5, 2004

Khaleesi..


SpaceGoatFarts posted:

I don't know if it helps, but these are all multiples of 4 and 5 unless I'm mistaken?

edit: actually, it's alternating between multiples of 4 and 5

Good catch. No idea what it means, but you're right.

Edit:
1 2 3 1 1 2 2 3 1 2 3 3 2 1 1 2 1 1 6 1 3 1 1 1 - 1 2 1 3 3 2 1 3 1 1 6 2 1 4 4 3 6 2 1 2

That is the the sequence broken down by multiples of 4 and 5.

CloFan fucked around with this message at Oct 2, 2012 around 17:46

party hat
Apr 22, 2010


ymgve posted:

One of the phone numbers started spewing out different stuff yesterday. I've managed to extract this number sequence from the recordings, but I can't get any further. Anyone else able to solve it?

4 10 12 5 4 10 8 15 4 10 12 15 8 5 4 10 4 5 24 5 12 5 4 5 - 4 10 4 15 12 10 4 15 4 5 24 10 4 20 16 15 24 10 4 10

I'd be curious to hear the recording myself but I don't know how and I don't want to be making long distance calls. if anyone has/finds a recording, please post!

Air Julio
Oct 9, 2005

forever flying, forever


party hat posted:

I'd be curious to hear the recording myself but I don't know how and I don't want to be making long distance calls. if anyone has/finds a recording, please post!

Check the page linked in the OP. everything the IRC group finds ends up there.

SpaceGoatFarts
Jan 5, 2010


CloFan posted:

Good catch. No idea what it means, but you're right.

Edit:
1 2 3 1 1 2 2 3 1 2 3 3 2 1 1 2 1 1 6 1 3 1 1 1 - 1 2 1 3 3 2 1 3 1 1 6 2 1 4 4 3 6 2 1 2

That is the the sequence broken down by multiples of 4 and 5.

I did the same and tried to convert this to binary (counts of 0 and 1) but couldn't get anything out of it further than this

1001110100110001001110001101001011111101110101001000111001000101111110010000111100011111100100

0110001011001110110001110010110100000010001010110111000110111010000001101111000011100000011011

Soricidus
Oct 20, 2010


SquadronROE posted:

The biggest things we're trying to do now (or at least before I went to bed) was to try to crack the "Agent 3323" puzzle. Do some googling around cryptography to get a background, try to figure out what those number/letters could mean. I'd like to think that we would have figured it out if it's a straight replacement scheme, but maybe you'll have the idea that solves it.
Repeating my question from earlier: what have people already tried?

The wiki page just states the problem, and the discussion page for it is blank. Presumably someone is keeping a log somewhere of rejected ideas? It would be silly to spend time on this if I was just repeating things other people have already shown to be wrong.

Some trivial observations:
  • The 32330A at the start is just ASCII "23" plus a newline to indicate the end of the number. It's giving the length of the payload that follows.
  • The payload bytes are pretty random, no obvious patterns even at the bit level, so it's not a simple substitution.
  • The payload is probably not a hash, because those usually have lengths that are a power of 2.
And a random thought: 23 = 7 + 8 + 8, which would for example be the right length for a 56-bit key plus two 64-bit encrypted blocks. Might be worth ruling out DES.

Air Julio
Oct 9, 2005

forever flying, forever


As far as what has been tried, your best bet is to hop into the irc channel and ask there. The main guy with most answers is Anonen. He/she is nice. Give it a shot.

If you dont have an irc client on your pc, there are a few browser-based clients to use. I like mibbit, personally, but use pidgin on my pc for my irc-ing.

party hat
Apr 22, 2010


Air Julio posted:

Check the page linked in the OP. everything the IRC group finds ends up there.

Yeah I've looked but I'm having a hard time navigating through that wiki/finding what I'm looking for. I don't know if its unclear of if I'm just stupid . I will continue my search!

SquadronROE
Mar 18, 2012

In the Grim Darkness of the Future, there is only war.

...and delicious ice cream.


Soricidus posted:

Repeating my question from earlier: what have people already tried?

The wiki page just states the problem, and the discussion page for it is blank. Presumably someone is keeping a log somewhere of rejected ideas? It would be silly to spend time on this if I was just repeating things other people have already shown to be wrong.

Some trivial observations:
  • The 32330A at the start is just ASCII "23" plus a newline to indicate the end of the number. It's giving the length of the payload that follows.
  • The payload bytes are pretty random, no obvious patterns even at the bit level, so it's not a simple substitution.
  • The payload is probably not a hash, because those usually have lengths that are a power of 2.
And a random thought: 23 = 7 + 8 + 8, which would for example be the right length for a 56-bit key plus two 64-bit encrypted blocks. Might be worth ruling out DES.

It's really hard to pull together a coherent answer to that question. Your best bet is to hop on the IRC and get information from there.

Soricidus
Oct 20, 2010


Thanks both. Got some IRC logs containing all the 3233 speculation I could ever want.

(And I tried the DES thing, just in case, and of course it didn't work. Oh well.)

o prbl
Aug 25, 2012

Creeperssssss gonna creep


SquadronROE posted:

It's really hard to pull together a coherent answer to that question. Your best bet is to hop on the IRC and get information from there.

How about we just close the thread then if we're going to just get pissy at people actually engaging in discussion about the thread topic?

For the record, it's really easy to pull together a coherent answer to that question. Here it is:

I had a friend throw together a quick Python script to apply a given DES key to a set of payload bytes. The output is not intelligible:

56-bit Key: 7F FE CA 26 B6 3E D8

Bitstream: 01111111111111101100101000100110101101100011111011011000

Broken into 8 7-bit groups:
0111111
1111111
1011001
0100010
0110101
1011000
1111101
1011000

With parity bits (0 - odd, 1 - even):
0111111(1)
1111111(0)
1011001(1)
0100010(1)
0110101(1)
1011000(0)
1111101(1)
1011000(0)

64-bit Key (above, in hex): 7F FE B3 45 6B B0 FB B0

16-byte payload: D5 61 8E 59 95 69 6F 8C C8 E5 B5 DF BD FA 84 9C

Decrypted: 73 6F 4B 2B 22 25 FA F9 4C 4E 88 DF 50 24 95 D7 ("soK+"%**LN**P$**" where asterisks are non-ASCII character codes)

The coherent answer: No. No, it's not DES.

E:f;b (started writing the post an hour ago, that'll teach me to post from work)

The Royal Scrub
Jun 21, 2007


ymgve posted:

4 10 12 5 4 10 8 15 4 10 12 15 8 5 4 10 4 5 24 5 12 5 4 5 - 4 10 4 15 12 10 4 15 4 5 24 10 4 20 16 15 24 10 4 10

if a=4 and b=5,

a 2b 3a b a 2b 2a 3b a 2b 3a 3b 2a b a 2b a b 6a b 3a b a b - a 2b a 3b 3a 2b a 3b a b 6a 2b a (4a/5b) 4a 3b 6a 2b a 2b

to binary, if a=0 and b=1

011000101100111011000111001011010000001000101 - 011011100011011101000000110(0000/11111)000011100000011011

if a=1 and b=0

100111010011000100111000110100101111110111010 - 100100011100100010111111001(1111/00000)111100011111100100

The parentheses exist because 20 is a multiple of 4 and 5, so there are 4 different binary codes possible. They are

1. 011000101100111011000111001011010000001000101 - 01101110001101110100000011011111000011100000011011

2. 011000101100111011000111001011010000001000101 - 0110111000110111010000001100000000011100000011011

3. 100111010011000100111000110100101111110111010 - 1001000111001000101111110010000)111100011111100100

4. 100111010011000100111000110100101111110111010 - 1001000111001000101111110011111111100011111100100

This binary translator translates those into text, hex, base-64 and ASCII. Would any of those potentially mean something?

The Royal Scrub fucked around with this message at Oct 2, 2012 around 21:44

party hat
Apr 22, 2010


Going with the multiples theory, don't forget that the numbers that are multiples of 4 are also multiples of 2, which would be the lowest common denominator.

Edit: which would also mean that it would break the 4 5 4 5 pattern so maybe not.

Soricidus
Oct 20, 2010


o prbl posted:

The coherent answer: No. No, it's not DES.

E:f;b (started writing the post an hour ago, that'll teach me to post from work)
Your effort wasn't wasted - looks like I was padding the key in the wrong place, so I'd gotten a different failure. At any rate that's one more impossible thing ruled out.

choonagephatbeat
Mar 8, 2012


kicktd posted:

Not sure if this info has been posted (didn't see any info posted here or wiki):

About (303) 309-0004
is a Landline
Colorado (Aurora, Denver)
Denver metro area, Adams County
Licensed by:Global Crossing Local Services, Inc

Global Crossing Local Services is now owned by Level 3 Communications and does VoIP.

The other number is a bit more interesting:

About (202) 999-3335
is a Mobile Phone
City/State:Westchester, DC (Washington DC area)
Type:Mobile
Licensed by:Verizon Wireless

A little strange to see a mobile phone used instead of another VoIP number.

I work at level3, and queried the TN in question: 3033090004. I successfully pulled it up in various DB's here at work.

This TN belongs to a customer called Twilio Inc. - we provisioned/created this CSN and RouteLabel on 2010-10-26T00:14:28, and it has not been modified since.

I also looked up 2029993335, which is also owned by Twilio Inc, and was provisioned on 2011-11-23T00:00:00.

Here is the customers website. http://www.twilio.com/

I will continue to dig if and when information becomes relevant. Feel free to ask me any questions.

edit: For what its worth as well, looking at some data for this customer and how they are setup in our systems is a bit odd - there is a lot of data missing that SHOULD be here and is not.

I suppose I could deactivate that TN on all networks, wait for someone to call in to report an outage and then question them about it. Course... id probably loose my job, so im not sure how I would be able to afford booze anymore

choonagephatbeat fucked around with this message at Oct 2, 2012 around 22:18

SpaceGoatFarts
Jan 5, 2010


choonagephatbeat posted:

I work at level3, and queried the TN in question: 3033090004. I successfully pulled it up in various DB's here at work.

This TN belongs to a customer called Twilio Inc. - we provisioned/created this CSN and RouteLabel on 2010-10-26T00:14:28, and it has not been modified since.

I also looked up 2029993335, which is also owned by Twilio Inc, and was provisioned on 2011-11-23T00:00:00.

Here is the customers website. http://www.twilio.com/

I will continue to dig if and when information becomes relevant. Feel free to ask me any questions.

Nice find!

Now we just need to find if Valve signed a contract with Twilio, and HL≥ is confirmed.

choonagephatbeat
Mar 8, 2012


SpaceGoatFarts posted:

Nice find!

Now we just need to find if Valve signed a contract with Twilio, and HL≥ is confirmed.

One thing to consider as well is that Twilio might just be a re-seller of VOIP services, and bought a shitload of poo poo from us. I am simply providing a lead and any new information about the source. Twilio might have resold it to a "whatever crazy ideas and theories are out there about this" (I still need to play catchup on this matter)

CloFan
Nov 5, 2004

Khaleesi..


I doubt that info is relevant (on the front end of the game), since the organizer would have to expect someone working for your company to provide that info. (e: I could be completely wrong if this is public info)

That said, keep digging and we'll totally sequence break this thing!

CloFan fucked around with this message at Oct 2, 2012 around 22:26

SpaceGoatFarts
Jan 5, 2010


CloFan posted:

I doubt that info is relevant (on the front end of the game), since the organizer would have to expect someone working for your company to provide that info. (e: I could be completely wrong if this is public info)

That said, keep digging and we'll totally sequence break this thing!

Let's speedrun this ARG

Air Julio
Oct 9, 2005

forever flying, forever


o prbl posted:

How about we just close the thread then if we're going to just get pissy at people actually engaging in discussion about the thread topic?

We couldn't answer the question because we didn't know what had and hadn't been tried. We're not in the room all hours of the day. No one was being pissy, we simply didn't know. We get our info from the IRC room and pass it along when we find something interesting. We encourage anyone who is interested in the game to at least stop in from time to time for updates direct from the source.

Thanks for your help though. It really is appreciated. Can we be friends?

SquadronROE
Mar 18, 2012

In the Grim Darkness of the Future, there is only war.

...and delicious ice cream.


Air Julio posted:

We couldn't answer the question because we didn't know what had and hadn't been tried. We're not in the room all hours of the day. No one was being pissy, we simply didn't know. We get our info from the IRC room and pass it along when we find something interesting. We encourage anyone who is interested in the game to at least stop in from time to time for updates direct from the source.

Thanks for your help though. It really is appreciated. Can we be friends?

People get upset when someone tells them "I'm sorry, but no we can't easily pull together the information gathered at all hours of the day.". Whatever, though. It looks like there has been some really good digging done here, with good creative thinking. Definitely keep it up, I'm trying to keep up with all the new stuff as best I can, to at least make sure everyone is on the same page.

intervoid
Nov 1, 2004


Just an FYI with the Twilio stuff. Twilio is a company that resells phone and texting "data plans" to developers and companies to run their own phone lines and stuff through Twilio. Twilio provides some really awesome APIs and easy-to-use interfaces.

I just don't want people going down the road of thinking that Twilio is involved, they're clearly just the company that whoever is running this operation is using for the phones.

On3moresoul
Apr 22, 2010


http://news.cnet.com/8301-10805_3-5...t-chinese-site/

quote:

The software giant reached an agreement with the owner of 3322.org, a site that has been linked to malware such as the Nitol botnet.

From Google News, that reminded me strongly of 3233 for some reason, sure it's totally unrelated but how interesting it involves cybercriminals and a foreign government.

Mr Underhill
Feb 14, 2012


apparently I'm an idiot.


Mr Underhill fucked around with this message at Oct 3, 2012 around 00:10

intervoid
Nov 1, 2004


Mr Underhill posted:

well, it's probably nothing, but hey.

"John 1:41 He *found 2147 first 4413 his own 2398 brother 80 Simon 4613 and *said 3004 to him, "We have found 2147 the Messiah 3323" (which 3739 translated 3177 means 1510 Christ 5547).



Codename Messiah!

Care to explain what you are trying to say?

Mr Underhill
Feb 14, 2012


That I'm a retard and read 3323 instead of 3233. There goes the mystical tie-in...drat it. Back to the ol'drawing board.

Ichabod Sexbeast
Dec 5, 2011


I'd like to think that this is neither intelligence agency nor ARG, but a group of paranoid schizophrenics sharing a delusion and trying to fight fire with fire.

gnarlyhotep
Sep 30, 2008



Could be paranoid schizophrenic intelligence agents playing an ARG.

Adbot
ADBOT LOVES YOU

party hat
Apr 22, 2010


gnarlyhotep posted:

Could be paranoid schizophrenic intelligence agents playing an ARG.

I think it's a master plan by Glenn Beck to prove that we're spies.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«35 »