[ARG] The Pizza Code Mystery


#5646

The hint pointed at twofish though. :no_mouth:

The clue that delivered “752” ends with “Abortive” and to me that means the data stream could be truncated. You could still decrypt with twofish and just ignore the last block error, or if nettle won’t work at all with the incorrect length you could just pad the input with some null bytes.

I suspect a successful first decryption with rc4 may reveal some container format header for the second round of decryption with twofish.


#5647

Maybe we don’t even need to figure out the key… If we’re running on the assumption that this is RC4 then we only need to know the key stream. RC4 generates a key stream from the key, and then this stream is XOR’d with the plaintext to generate the ciphertext.

If there were certain assumptions we could make about the plaintext then it would be possible to know portions of the key stream. Knowing a portion of the key stream could reveal an intentional pattern, i.e. the key stream could have been manually created from binary data representing a high precision irrational number such as pi.

Hmm…


#5648

Would it theoretically be possible to generate something like that from our 1001085139140914?


#5649

Absolutely, any bit of data can be used as the seed for a random number generator.


#5650

Here’s an example of what I’m trying to say:

Let’s assume that the first 8 bytes of the plaintext is “[[Proxyh” since a lot of our clues start that way.
In hex it’s represented as:

5b 5b 50 72 6f 78 79 68

And with the first 8-bytes of “752” being:

b3 2b 00 3a 35 ba dd 66

After XORing each byte we know the first 8 bytes of the key stream would be:

e8 70 50 48 5a c2 a4 0e

So then the question is, is there anything interesting about those numbers? The results of this example don’t seem to reveal anything unfortunately. I like to use this hex editor https://hexed.it to view hex data as multiple common data structures at once.


#5651

Here’s something fun–if you take the non-hex representation and turn it into Webdings, you get a bunch of circled numbers throughout. Remove the non-number symbols and you get:

image

It’s fun, but probably doesn’t mean anything.


#5652

So, to summarize all the full “Code_” messages, we have:

Before the SECOM solution:

First letters from each sentence: A I I T E A
(Also note that time is once again mentioned here. Time reveals all and stuff.)

Leading up to the message in the wiki:

First letters from each sentence: H I I

The big messages in the wiki itself:

Big message

"Apologies for the time delay, things have been hell here for the last month or so.

I ran the code through a few programs that analyze entropy via auto-correlation, the n gram results indicate a weak encryption, but one that results in highly entropic data (which I correlated against a similar data set size from a randomness extractor) when decoded via Hex, which I suspect is a secondary encode, as most encrypted data sent via communications is encoded in order to avoid corruption. This may have skewed the block size analysis done previously (resulting in 376bytes or 64bits).

Code:
³+�:5ºÝfW|$ÁOÉCFÑ1§ÅK¸/þà"aWw?$y#Ü!ö,Ô.‘ògµE«Êí¯aQ
Nê‡Í3ÇÇ?q10œÄ(´$=TðDùÏb–Ù¿÷9~C˜æ2Ú
?äx³¥O]Üiuú÷I„žbYZŸc•‘=à>:¬?8ŒEû…þ‘5AÖÀƒ˜òȃ2¨/ß�(büÜOçäj?éQÅÈ´dã:¹,–†.‹À™¸8�Úy¶?ä¢Y›mHǹSŒîc‘D ôaº’äþu$,Ø?QÖ•Q˜‡j|ª½{@I"A0©f̳Á9F:?~š7ª†?²xü—1À œŒy~y“
@eF²Lšb›&Â?Î*KäXš7_ësÄ«"\„Œøž)²q3—6G?J‰(í֏TiŒ^[PgFövZo%Þ¤Ú@þ¶e?E$i6•ˆ=Ë!æûþû¸Z)‘”€6¥+]Thinking in a non linear way, I’ve tried to classify the OTR message header with its increasing scale as the puzzles moved on.

[CLASSIFIED INFORMATION LEVEL 8][OTR//4.0]

working from that basis and the other messages I have developed this list.

Level 0 - 2 = Non Encrypted or Encoded (similar to private and confidential?)
Level 3 - 4 = OTR 1 - Base 64 or Base 85 encoded
Level 5 - 6 = OTR 2 - Hyper-encrypted (layered) Pen and Paper Ciphers
Level 7 = OTR 3 - Hyper-encrypted (layered) One Time Pad
Level 8 = OTR 4 - ???
Level 9 - ?? = OTR 5 - ???

Considering a flawed OTP (which it was, considering the ability to analyze it), when done properly should be information-theoretically secure, the next level should be either hyper-encryption using random bits (which is unlikely considering the difficulty in making that crackable and for the fact it’s usually used on hardware encryption chips), or some form of Block Cipher (from which if we assume the scale of Levels goes up to 10), can be extended into simple block ciphers with small block size, which analysis seems to indicate it is not, up to triple cascaded ciphers with high block sizes, salts and perhaps even key files to add additional strength.

It is just an assumption, but one using the available evidence, OTR 4.0 is either a 128bit or 256bit block cipher with an unknown mode and key length. I would assume AES or Rjindael as candidates to allow for the most commonly used (also as Off the Record encryption uses AES as its base algorithm, that may be a hint). So to modify the list -

Level 0 - 2 = Non Encrypted or Encoded (similar to private and confidential?)
Level 3 - 4 = OTR 1 - Base 64 or Base 85 encoded
Level 5 - 6 = OTR 2 - Hyper-encrypted (layered) Pen and Paper Ciphers
Level 7 = OTR 3 - Hyper-encrypted (layered) One Time Pad
Level 8 = OTR 4 - 128bit/256bit block cipher (AES or Rjindael or Twofish or Serpent)
Level 9 = OTR 5 - Cascaded Block Ciphers with salt (SHA 512 or Whirlpool etc)
Level 10 = OTR 6 - Cascaded Block Ciphers with salt and possible key file additions (to increase password strength)

For the moment therefore, I will continue to try and analyze the non Hex code and work out the block size, algorithm basis, key length etc.

If it is a block cipher, then algorithm cracking is pointless, and as such key forcing may be necessary.

If I were a betting man, I would say this is a 256bit encryption, probably of the AES or Rjindael cipher algorithm (not that you can tell from the code, but its pretty common) .

The password will probably be hinted at, perhaps in a less than obvious way. We can assume this much as it is almost impossible to analyze a cipher text with only one message and nothing to confirm patterns. Once I’ve got a rough estimate of what mode/algorithm it uses, I can dedicate some run time to rainbow table attacks on the key. I have a feeling this is a holding puzzle, designed to allow time to construct further aspects of the ARG or work on whatever is behind their NDA.

Recently there was a problem with the computer systems at work, so I may not have access to all the analytical machinery I usually do, it may take a bit longer to get more information, if i find anything interesting I’ll let you know. I may have access to some more specialist equipment at a later date, so more progress will likely be made then. I think we can rule out SSH or OTP though."

First letters from each sentence: A I T T C I I S F I I T W O I R I I
(Additionally, capitalized Hex occurs twice, optionally adding 2 H’s): H H

Plus, the smaller message after it:

Separate PM

"“some secret project we dont have the access levels to get at”

That bit stands out the most, and I think is likely directly linked to whatever is in rooms X01 and X02.

Macroscale Quantum Systems could relate to anything that uses quantum mechanics for a larger purpose.

We’ve heard stuff about Niobium a few times, and it’s used in super conductive alloy, so I would assume some kind of Quantum computer system, probably an AI, perhaps under the name of HALOS."

First letters from each sentence: T M W
(Note the lack of the word “time” in this message though. If “time” reveals all, does that mean this message is excluded?)

All first letters together:
A I I T E A
H I I
A I T T C I I S F I I T W O I R I I (+ H H from “Hex”)
(T M W)

Are these all the messages, or am I missing some?

It bothers me that the only way we can get the H in “twofisH” in the big message alone is by making an exception to “ignore capitals except at the start of a sentence”. I don’t suppose the PM had a title like “Hey” or “Hi” or “Hello again”, giving us that missing H?


#5653

It bothers me as well. I would have been more convinced if the anagram could be solved exactly into something that had the same format as what is written on the c2a4x_labboard15:

image

“Please use Cascade ciphers only (eg. 1 Aes 1 2F 1 SP.)”

where Aes = AES (Advanced Encryption Standard), 2F = Twofish, SP = Serpent. In other words, it is describing a AES-Twofish-Serpent cascade encryption where each cipher algorithm is applied once in sequence.

So, following this format, but using the capital letter I instead of the number 1, the hint should have read something like this: I ARCFOUR I TWOFISH.

It also bothers me that we are interpreting four I’s as FOUR. The Roman numerals for the number four is IV.

In the past, we have seen clues or hints where words or a message was formed by using two different but similar methods:

  1. Acrostic, first letters from each sentence (the SECOM hint.)
  2. Out of place capital letters (the terminal message, IRC clues 2 & 6, the Tempus omnia revelant wiki page.)

But now by including the H’s from Hex, we are assuming that the hint is combining both these two methods in addition to anagramming.

If we drop the H’s, then we may possibly be looking at ARCTWO (RC2), which is a 64-bit block cipher.

Also, I think a problem with anagrams is that given enough letters it is very easy to arrange it into something you want to see. Any leftover letters that doesn’t really fit into words that make much sense are usually a sign that it is a false solution.

Lastly, another potential problem with this hint is delivery. The combination of ARCFOUR and Twofish in cascade is IMO very unusual, and AFAIK we have not found any strong indications in the past clues that remotely suggest that this is what we are dealing with. Therefore, if the way to solve this puzzle was indeed by contacting Code_/0418, we are essentially reliant on an ARG NPC, who was masquerading as a helpful player, to give us a vital clue in order to have a reasonable chance of being able to solve the puzzle. To me that feels somewhat like a cheat — unless Code_/0418 was in fact Dr. Horn himself, who had broken through the fourth wall.


#5654

I had wondered about Mack0438.
(4=D, 3=C, 8=H). Dr Chris Horn


#5655

Agreed on the Roman numerals (I had the same issue), but when counting in fives (4 straight lines then one across) it’s still valid, so I can look past that.

Good observation on ARC2, but that leads me to your following point; what to do with the extra letters? I’m fully with you on the anagram bit, and it’s exactly what bothers me so much here.

I believe this is the first ever mention of ARC4 in the ARG so far. From what I’ve found, we’ve had all AES candidates except MARS and RC6 mentioned, but never ARC4. Rijndael (the AES implementation specifically), Twofish and Serpent are our most commonly named culprits, both on the whiteboard and in Code’s message, but never one in the RC family. While Stormseeker did say he had to up the difficulty, everything else so far has been at least mentioned or hinted at somewhere - ARC4 has not. That alone is a very significant jump in difficulty, as shown by the amount of time it took us to even consider it. Never mind figuring out what to do with it - by now we have so many different (possibly false) hints, clues, algorithms and possible passwords we can’t see the forest for the trees.

The bit about contacting Code makes sense to me though, at least story-wise; 0418 was Dr Horn (or rather, is…). The “story so far” seems to be one of a major disaster, and Dr Horn probably is in need of help. There’s presumably people who want him dead. 0418’s true name “Dr Horn” was plain to see for all who bothered to decode his numeric username - but, probably as intended, this took some time. Were he to actively give away all the information that was required to help him, his enemies would easily have recognized and found him, so he had to play dumb and give only nudges in the right direction. And after he was unmasked by someone who actually did decode it, he went silent and went underground, to protect himself. From this point of view, also reconsider some of the lines in the messages above:

Apologies for the time delay, things have been hell here for the last month or so.

Recently there was a problem with the computer systems at work, so I may not have access to all the analytical machinery I usually do, it may take a bit longer to get more information, if i find anything interesting I’ll let you know. I may have access to some more specialist equipment at a later date, so more progress will likely be made then.

Hey, sorry I’ve been super busy with things recently. I don’t have a huge amount of time, but I’ll look into it. I’ve got a few too many things on my plate at the moment, what with a new project I’ve just been put in charge of at work

Perhaps he wasn’t talking about a boring office job, huh…

Anyway, as for the non-story side of things; I’ve been on the receiving end of some cryptic messages and (vital) hints during the Portal 2 Potato ARG. It’s a very effective way of forwarding new data to the players, especially in situations where one can not easily publish a new build of the game with more clues. It’s also a lot quicker than keeping a website up and running (and easier, as we can see with the many times bmrf.us has been down).

In short, the method of delivery itself is not what bothers me. It’s the information we get from it that confuses me - what do we know now that we did not then?

PS. interestingly, because of this whole thing I just found out the main guy behind RC, Ron Rivest (hence RC: Rivest Cipher or Ron’s Code) is also one of the co-authors of Introduction to Algorithms by Cormen et al. which is basically the algorithms bible for computer science students. It’s one of the very few study books I’ve ever voluntarily re-opened after I finished the course I got it for. TIL! =)

Edit:

PPS. I also still don’t know why in that big PM, Rijndael was consistently mis-spelled as “Rjindael” (ij -> ji) , three times. Honest mistake, or on purpose?


#5656

Sorry for the double post, but I can’t keep editing the same post forever. I went looking for 0418’s last post in this thread, and found it was a post in which he was complimenting @Flavrans 's work. Here is the post he responded to (I wrote this as a reply to it as well but I’m not sure how well that shows up in this forum):

As you might notice, while almost all posts around it talk of practical stuff and hard facts (‘these bits are new data’, ‘X appears in Y’, ‘OTR can stand for “Off The Record” messaging’, etc.), this post by Flavrans talks of the story:

Out of the entire post, the only part 0418 actually reacts to is the bit about AI (and Niobium):

Two things:

  • I very much doubt we are expected to get our hands on real Niobium.
  • I also doubt we’re supposed to write an AI.

In other words; stuff that is too vague to base a definitive clue on, but only talks about the story. Basically, we’re being told that the story is more important than the cold hard facts. So I looked back at the rest of the posts by 0418. Here’s what I found:

It might be a good idea to collate what we know about the storyline behind all this, the characters, the subject matter on the whiteboards and things from the IRC messages that could build up a better picture of whats going on.

I just think people have been making red herrings everywhere due to taking the clues a bit too literally.

I think the IRC clues are storyline based, in this case the transporting of an element needed for a project. I dont think they are clues, as nothing in there seems relevant to a cipher.

The ARG seems to have both an in game and a web element. I notice that so far people seem obsessed with running around inside the game, but noone seems to have thought to look outside it. There seems to be alot of hints about a Dr Welsh, does he have any links outside the game?

Storyline, storyline, storyline. 6 posts, and almost all of them tell us to drop the details and look at the bigger picture. He pretty much literally tells us to, at least for now, forget everything except the story. Not only that, he did the same thing on the wiki, AND in the first post in this topic. In fact, he even gives us a hint on how he thinks we should proceed:

I would take the information you have, and create a map of where they were all found, then focus on that area before looking in every nook and cranny of every level in the game.

I would start in Dr Horns office and work out from there.

I’ve seen lots of analysis done so far, but I can’t remember ever seeing a map like this. This post is from September 2012.

How about, after almost 6.5 years, we finally drop the details and do what he asks us to?

PS. based on the “seek code out he is watching” and “he is AI” clues mentioned in the quoted post by Flavrans, perhaps my previous conclusion that 0418 is really Dr Horn is slightly off - perhaps 0418 is merely an AI posing as Dr Horn, or running on Dr Horn’s accounts, or similar.


#5657

I feel ya, man, I really do. 6 1/2 years is a long time to look at the same 752 characters, and I have tried to examine the story in every way possible. What I keep coming back around to, though, is the fact that it’s encrypted, and we need to figure out how it’s encrypted. And that’s where we hit the wall.

:frowning:


#5658

A point of note is that this was from before the in-game puzzle trail was solved.

I seem to recall that some work was done on creating such a map of the in-game clues, and level overview maps of the QE chapter were made for this purpose. I’m not sure what became of it, but the raw level overview images can be found on the wiki.

In order to create a single map, I would composite the two images on top of one another using the staircase as a guide for lining up the two images.

I think the suggestion of creating a map was to help with focus and make it easier for us to see the linear progression in the placement of the codes A-D. Also, the password to the Code D cipher (SECOM cipher) was almost literally “the big elephant” in the room where the cipher was found.

Moving forward to our current puzzle, I’m not sure how we would extend a map of the in-game clues to include the web- and IRC-based clues. However, if there’s anything to be learned from the first puzzle trail, it may very well be that the answer could be staring us right in the face.

As for the storyline, there have been many good discussions and posts about the storyline over the years. @CPU collected some of these posts and posted them in a separate thread (which could use a beautifying pass as a result of the forum upgrade), and there are probably a few more story related posts that he missed, buried somewhere in this thread.

The problem, though, is that there are so many different ideas and takes on the story, and everyone seems to have their own opinions and expectations about what the story is, which makes it difficult to come to some sort of consensus about the storyline. Perhaps we are trying to look too far into the rabbit hole. Instead, perhaps what we should try to do is to condense it all into a short synopsis of the storyline, directly based on the information we find in the clues and on the whiteboards, and what can be inferred from it, with as little speculation as possible. But even this seems to be a difficult task.

On a story related note, someone recently asked Stormseeker a question on Twitter that had to do with It’s everywhere you look. Stormseeker tweeted the following reply:

*It* is everywhere you go, watching everything you do - except perhaps in Xen.

I didn’t post a link to the tweet here, since I’m not sure if it’s okay to do so.


#5659

Fair point. Still, 0418’s insistence on story kept coming up (see the wiki story page and the first-post edit), from what I can tell even after all we had left was the HALOS code (before most of the newer bmrf.us etc. stuff, but still). It just seems to me that we need to rethink our options on what we can do with the story hints. In particular, we know some of the offices and locations of the “story characters”. Have we ever made an overview of what we believe these people were actually supposed to be doing instead of arguing about pizza? And do those things fit with the locations we found them in?

Another thing that’s been bothering me is these two questions and answers from Stormseeker:

What if, instead of being a rhetorical question, “how do you know solving this has anything to do with encryption” was a hint? What if we are supposed to look into the answer(s), that being “the whiteboards talking about encryption” and “the hints given by 0418 / Code_”? What are the implications of those answers, and how do they relate to the story? For example, why do they need to send encrypted code (they’re in a freaking underground bunker with strict security checkpoints everywhere, why are they using multilayered encryption if it’s kept locally, was this intended for a location outside BMRF?), and what were they sending each other that was so important that they had to use “cascade ciphers only”? What is this “Code” mentioned on the whiteboard, and is it what we have been told to seek out? Is that Code the same “Code_” as we were talking to on IRC?

… are we the experiment?


#5661

I would like to propose an idea or two…If we were to think outside the box, and really go outside…what if we are to play different mods, that the Crowbar “COLLECTIVE” devs have done. There are a few, one that I had missed that I installed today was “Causality Effect”, A mod done by Anthony Stone. Which I believe picks up on “Red Letter Day” or there abouts in HL2. I skimmed a little bit and see that there are multiple endings, I have not seen them yet. Whenever we are playing HL, we are connected to the servers, so what if events in different mods are all linked, cooky time travel, time loops, really anything goes when it comes to that. The Red Letter day is mentioned by Alyx, she tells Gordon something about, its funny you show up on this day. As if its an Anniversary of a prior event. Could guess that its 20ish years since the Black Mesa incident. So I’ll try and find the exact date for that, and how it relates to events in other mods, the original Black mesa incident, the Red Letter day, any other events in the HL story line, mod events, or titles worked on by various members of the CC… What if working together to crack this, means we are to line up timelines in these mods and see if we cant link things in an order that will make sense. As far as I know, all the clocks in BM, are all frozen at a specific time. Except, the clock in Lambda Core… the clock there is working and the time is around 7:35 I think. Why would that SINGLE clock be working, when all the rest are not. Any time a portal is opened in the HL timeline, they could all be linked if you want to make that jump. Just figured this is something that hasn’t been really looked at. Looking for “trigger” events in game files, what if the trigger events aren’t really compounded in a single game, what if its a single event at a certain time in each mod, when something is done, the game relays to the servers that event A is complete, and in another mod, event B could be complete and send that info to the servers… and so on. And lastly, I’m sure its been mentioned, but how do we feel about the Halos project, being the Holographic Assistant, … logistics operating system? Something along those lines. As there is the Hazard Course mod, but there is not a Hazard Course portion to the BMS mod. Just an alternate timeline. So thats what I’ll be trying to piece together, likely nothing, but something that hasn’t been really looked into.


#5662

Alyx, Kleiner and Barney all remark on the coincidence of Gordon turning up when he does: the exact day when the teleport in Kleiner’s lab is completed and ready to test.


#5663

I could be wrong guys, but I am pretty sure old mods that the dev team created are NOT a part of the ARG.


#5664

I’ve read things along those lines, I’m going to check anyways, cant trust anyone… its not safe…


#5665

7 years later and the thread’s still going strong lol, nice


#5666

Does anyone have by chance, a save game with all the pizzas in one spot? Also, if Dr. Horn, or any of the scientist for that matter, wanted to insert their mind into a shell for instance… what would be used?