We haven't had much success with the ARG lately, as we're still stuck on the Hex Code puzzle. I recently revealed that Storm had been PMing me directly about the ARG, although his messages revealed little:
"Apologies for the time delay, things have been hell here for the last month or so.
I ran the code through a few programs that analyze entropy via auto-correlation, the n gram results indicate a weak encryption, but one that results in highly entropic data (which I correlated against a similar data set size from a randomness extractor) when decoded via Hex, which I suspect is a secondary encode, as most encrypted data sent via communications is encoded in order to avoid corruption. This may have skewed the block size analysis done previously (resulting in 376bytes or 64bits).
Code:
³+�:5ºÝfW|$ÁOÉCFÑ1§ÅK¸/þà"aWw?$y#Ü!ö,Ô.‘ògµE«Êí¯aQ
Nê‡Í3ÇÇ?q10œÄ(´$=TðDùÏb–Ù¿÷9~C˜æ2Ú
?äx³¥O]Üiuú÷I„žbYZŸc•‘=à>:¬?8ŒEû…þ‘5AÖÀƒ˜òȃ2¨/ß�(büÜOçäj?éQÅÈ´dã:¹,–†.‹À™¸8�Úy¶?ä¢Y›mHǹSŒîc‘D ôaº’äþu$,Ø?QÖ•Q˜‡j|ª½{@I"A0©f̳Á9F:?~š7ª†?²xü—1À œŒy~y“
@eF²Lšb›&Â?Î*KäXš7_ësÄ«"\„Œøž)²q3—6G?J‰(íÖTiŒ^[PgFövZo%Þ¤Ú@þ¶e?E$i6•ˆ=Ë!æûþû¸Z)‘”€6¥+]Thinking in a non linear way, I've tried to classify the OTR message header with its increasing scale as the puzzles moved on.
[CLASSIFIED INFORMATION LEVEL 8][OTR//4.0]
working from that basis and the other messages I have developed this list.
Level 0 - 2 = Non Encrypted or Encoded (similar to private and confidential?)
Level 3 - 4 = OTR 1 - Base 64 or Base 85 encoded
Level 5 - 6 = OTR 2 - Hyper-encrypted (layered) Pen and Paper Ciphers
Level 7 = OTR 3 - Hyper-encrypted (layered) One Time Pad
Level 8 = OTR 4 - ???
Level 9 - ?? = OTR 5 - ???
Considering a flawed OTP (which it was, considering the ability to analyze it), when done properly should be information-theoretically secure, the next level should be either hyper-encryption using random bits (which is unlikely considering the difficulty in making that crackable and for the fact it's usually used on hardware encryption chips), or some form of Block Cipher (from which if we assume the scale of Levels goes up to 10), can be extended into simple block ciphers with small block size, which analysis seems to indicate it is not, up to triple cascaded ciphers with high block sizes, salts and perhaps even key files to add additional strength.
It is just an assumption, but one using the available evidence, OTR 4.0 is either a 128bit or 256bit block cipher with an unknown mode and key length. I would assume AES or Rjindael as candidates to allow for the most commonly used (also as Off the Record encryption uses AES as its base algorithm, that may be a hint). So to modify the list -
Level 0 - 2 = Non Encrypted or Encoded (similar to private and confidential?)
Level 3 - 4 = OTR 1 - Base 64 or Base 85 encoded
Level 5 - 6 = OTR 2 - Hyper-encrypted (layered) Pen and Paper Ciphers
Level 7 = OTR 3 - Hyper-encrypted (layered) One Time Pad
Level 8 = OTR 4 - 128bit/256bit block cipher (AES or Rjindael or Twofish or Serpent)
Level 9 = OTR 5 - Cascaded Block Ciphers with salt (SHA 512 or Whirlpool etc)
Level 10 = OTR 6 - Cascaded Block Ciphers with salt and possible key file additions (to increase password strength)
For the moment therefore, I will continue to try and analyze the non Hex code and work out the block size, algorithm basis, key length etc.
If it is a block cipher, then algorithm cracking is pointless, and as such key forcing may be necessary.
If I were a betting man, I would say this is a 256bit encryption, probably of the AES or Rjindael cipher algorithm (not that you can tell from the code, but its pretty common) .
The password will probably be hinted at, perhaps in a less than obvious way. We can assume this much as it is almost impossible to analyze a cipher text with only one message and nothing to confirm patterns. Once I've got a rough estimate of what mode/algorithm it uses, I can dedicate some run time to rainbow table attacks on the key. I have a feeling this is a holding puzzle, designed to allow time to construct further aspects of the ARG or work on whatever is behind their NDA.
Recently there was a problem with the computer systems at work, so I may not have access to all the analytical machinery I usually do, it may take a bit longer to get more information, if i find anything interesting I'll let you know. I may have access to some more specialist equipment at a later date, so more progress will likely be made then. I think we can rule out SSH or OTP though."
Latest Message from Storm
Another thing to note is that we have received another message on the ARG's main Wiki site, in the comments section of the "Tempus omnia revelant" page. The message is as follows:
"Aug 09
--------------
W### has been p########## well on the L#### O####### L######## Can####, other#### kn### as the T## Cann##. My t##### to the #####etic
induction coil have reduced the likelyhood of overcharge by 200%! I still cannot fathom why the fuse we introduced continues to fail
however, perhaps the leptons have a mi7s6d0976)(&^A)S()F ()A^SF) A()&^ ^)(AS&^ (^6097^)(76)(*"_)"_)(*")(*!")(*!")(!"*)(.................................. ........ .........................................."
It is believed by some that the different symbols may be converted to numbers--the resulting "code" is:
7609760976090906090766097696609760976098202098209812098120912809
It's important to note, however, that this code is probably just produced by random keystrokes.
My Prediction
Below is something I recently posted on the forums about the ARG, and I currently stand by it:
"I have pretty much concluded at this point that we're dealing with 3DES. The Lucifer cipher is directly connected to DES. Furthermore, we have things happening in groups of threes:
In the image with red writing, the word "lies" is written three times--there may be a fourth, but it looks like something else.
The first "lies" is also underlined three times.
We have three instances of Satan/Lucifer being mentioned:
* Once on the grilledpizza page: "When you're building a cage for Satan, you don't ask him to wait around whilst you put the doors on."
* The picture with the red writing
* Indirect suggestion with the Dante's Inferno references: "Raphèl maí amèche zabí almi"
Other than that, I think it's just a feeling. I found this page randomly tonight: It details how someone solved a hex code for a contest to win tickets. The first round of the code actually mentioned Lucifer, and the gentleman used DES to solve it. His hex code was extremely similar to ours."
Other Possibly Relevant Material
Lastly, here is some other information pulled from the Wiki that may or may not be helpful or even relevant:
- User:Dr_Horn created the page Tempus omnia revelant (Time reveals all) after the trail on this problem went cold. Stormseeker then updated the forum thread's original post, adding the text 'tempus omnia revelant'. This seems to confirm that the Wikia account for Dr Horn is indeed Stormseeker.
- Stormseeker later says on his Steam Profile:
- "If it's about the ARG, I've not set up or had any sites setup for hacking, so no. There is an answer, but you can't brute force it, the CIA couldn't brute force it. Someone is already close."
- Stormseeker teased encryption may not be the right idea. "How do you know solving this has anything to do with encryption?"
