The Cicada 3301 Mystery (Puzzle 1)
On January 5th, 2012 an image was uploaded to 4chan. This was a boring image and normally shouldn't have attracted any attention. However, it attracted a good deal of attention.
This image had extra information hidden at the end if examined in a text editor.
VS CLAVDIVS CAESAR says "lxxt> 33m2mqkyv2gsq3q = w] O2ntk"
This word Caesar just hints at the Caesar cipher which is nothing more than a ROT technique for rotating text. So you can just apply rotations until the string looks normal. So take the above string and ROT4 it into the below string. It isn't quite normal, but it is enough to produce a URL.
http> 33i2imgur2com3m = s] K2jpg
We now had an image, but our first dead end.
This duck however drew attention to the words "guess" and "out". This was leading to the program "outguess" which was a stenography tool for images. Specializing in hiding text among an image for extraction later.
So now if we ran "outguess" over the original image. We get:
Here is a book code. To find the book, and more information, go to http://www.reddit.com/r/a2e7j6ic78h0j/ 1:20, 2:3, 3:5, 4:20, 5:5, 6:53, 7:1, 8:8, 9:2, 10:4, 11:8, 12:4, 13:13, 14:4, 15:8, 16:4, 17:5, 18:14, 19:7, 20:31, 21:12, 22:36, 23:2, 24:3, 25:5, 26:65, 27:5, 28:1, 29:2, 30:18, 31:32, 32:10, 33:3, 34:25, 35:10, 36:7, 37:20, 38:10, 39:32, 40:4, 41:40, 42:11, 43:9, 44:13, 45:6, 46:3, 47:5, 48:43, 49:17, 50:13, 51:4, 52:2, 53:18, 54:4, 55:6, 56:4, 57:24, 58:64, 59:5, 60:37, 61:60, 62:12, 63:6, 64:8, 65:5, 66:18, 67:45, 68:10, 69:2, 70:17, 71:9, 72:20, 73:2, 74:34, 75:13, 76:21 Good luck. 3301
The subreddit (as of 9/29/2019) is still alive and in read only mode and helps show a mess of random characters and two images.
Of course continuing our pattern. We should run "outguess" over these two images.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From here on out, we will cryptographically sign all messages with this key. It is available on the mit keyservers. Key ID 7A35090F, as posted in a2e7j6ic78h0j. Patience is a virtue. Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPBRz7AAoJEBgfAeV6NQkP1UIQALFcO8DyZkecTK5pAIcGez7k ewjGBoCfjfO2NlRROuQm5CteXiH3Te5G+5ebsdRmGWVcah8QzN4UjxpKcTQRPB9e /ehVI5BiBJq8GlOnaSRZpzsYobwKH6Jy6haAr3kPFK1lOXXyHSiNnQbydGw9BFRI fSr//DY86BUILE8sGJR6FA8Vzjiifcv6mmXkk3ICrT8z0qY7m/wFOYjgiSohvYpg x5biG6TBwxfmXQOaITdO5rO8+4mtLnP//qN7E9zjTYj4Z4gBhdf6hPSuOqjh1s+6 /C6IehRChpx8gwpdhIlNf1coz/ZiggPiqdj75Tyqg88lEr66fVVB2d7PGObSyYSp HJl8llrt8Gnk1UaZUS6/eCjnBniV/BLfZPVD2VFKH2Vvvty8sL+S8hCxsuLCjydh skpshcjMVV9xPIEYzwSEaqBq0ZMdNFEPxJzC0XISlWSfxROm85r3NYvbrx9lwVbP mUpLKFn8ZcMbf7UX18frgOtujmqqUvDQ2dQhmCUywPdtsKHFLc1xIqdrnRWUS3CD eejUzGYDB5lSflujTjLPgGvtlCBW5ap00cfIHUZPOzmJWoEzgFgdNc9iIkcUUlke e2WbYwCCuwSlLsdQRMA//PJN+a1h2ZMSzzMbZsr/YXQDUWvEaYI8MckmXEkZmDoA RL0xkbHEFVGBmoMPVzeC =fRcg -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The key has always been right in front of your eyes. This isn't the quest for the Holy Grail. Stop making it more difficult than it is. Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPCBl3AAoJEBgfAeV6NQkPo6EQAKghp7ZKYxmsYM96iNQu5GZV fbjUHsEL164ZLctGkgZx2H1HyYFEc6FGvcfzqs43vV/IzN4mK0SMy2qFPfjuG2JJ tv3x2QfHMM3M2+dwX30bUD12UorMZNrLo8HjTpanYD9hL8WglbSIBJhnLE5CPlUS BZRSx0yh1U+wbnlTQBxQI0xLkPIz+xCMBwSKl5BaCb006z43/HJt7NwynqWXJmVV KScmkpFC3ISEBcYKhHHWv1IPQnFqMdW4dExXdRqWuwCshXpGXwDoOXfKVp5NW7Ix 9kCyfC7XC4iWXymGgd+/h4ccFFVm+WWOczOq/zeME+0vJhJqvj+fN2MZtvckpZbc CMfLjn1z4w4d7mkbEpVjgVIU8/+KClNFPSf4asqjBKdrcCEMAl80vZorElG6OVIH aLV4XwqiSu0LEF1ESCqbxkEmqp7U7CHl2VW6qv0h0Gxy+/UT0W1NoLJTzLBFiOzy QIqqpgVg0dAFs74SlIf3oUTxt6IUpQX5+uo8kszMHTJQRP7K22/A3cc/VS/2Ydg4 o6OfN54Wcq+8IMZxEx+vxtmRJCUROVpHTTQ5unmyG9zQATxn8byD9Us070FAg6/v jGjo1VVUxn6HX9HKxdx4wYGMP5grmD8k4jQdF1Z7GtbcqzDsxP65XCaOYmray1Jy FG5OlgFyOflmjBXHsNad =SqLP -----END PGP SIGNATURE-----
This was the first time the outguess text segments included a signature, thus allowing all future 3301 messages to be verified. You would simply pass the entire message into GPG and verify it. With fakes in the air, this gave peace of mind to all that the real 3301 was here.
This puzzle itself stumped people for a bit. We had random strings, but no matter how they were shifted nothing would make sense. Until people started looking at the subreddit header.
The subreddit name seemed random at first, but a trained eye noticed the symbols resembled that of the Mayan numbering.
So if the 2nd number in the image is "2" and the 2nd character in the subreddit name is also 2 (a2e7j6ic78h0j) we've found our pattern. This means the A in the subreddit name must correspond to "10".
A longer version of the subreddit name was also found in the sidebar, which looked like:
So now we could decode this into a string of numbers.
10, 2, 14, 7, 19, 6, 18, 12, 7, 8, 17, 0, 19, 7, 14, 18, 14, 19, 13, 0, 1, 2, 0
With this string of numbers (perhaps a key), what do we do? These puzzles had been revolving around rotation and shifting of text. So perhaps the numbers were just hints at rotations. So below we have one of the lines of text from the subreddit and the solved iteration of it.
Ukbn Txltbz nal hh Uoxelmgox wdvg Akw; hvu ogl rsm ar sbv ix jwz King Arthur was at Caerlleon upon Usk; and one day he sat in his
So I skipped a lot of steps there, but we basically took the letter "U" from first string and subtracted 10 characters in alphabet and got "K". However, this is where it gets confusing. So instead of then subtracting 10 from next character, you move to the next number on key (2). So "k" - 2 = "i".
In an easier to parse format:
U - 10 = K
k - 2 = i
b - 14 = n
n - 7 = g
We are starting to decode this now. So write a script, input all the lines from the subreddit and you actually end up with a snippet of a book.
Our first message a long time ago was a book code! So we start using that code to find the 20th character on the 1st line, then 3rd character on 2nd line. Slowly we decrypt a solution.
Call us at us telephone numBer two one four three nine oh nine six oh eight
This phone number no longer works, but if you are interested here is the audio:
If you don't want to watch the video (audio), then the voice said the following:
Very good. You have done well. There are three prime numbers associated with the original final.jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com to find the next step. Good luck. Goodbye.
Once again a bit of an investigation needed to take place, but it turns out it was quite obvious.
➜ cicada exiftool 3301orig2012cesarincluded.jpg | grep 'Image' Image Width : 509 Image Height : 503 Image Size : 509x503
We can dump the metadata of the image and we get the height and width which is also another set of primes. So now we can multiply 509 x 503 x 3301 = 845145127. So now we need to add a ".com" and another set has been solved.
Going to the website gave another image, when decoded gave:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You have done well to come this far. Patience is a virtue. Check back at 17:00 on Monday, 9 January 2012 UTC. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPCKDUAAoJEBgfAeV6NQkPf9kP/19tbTFEy+ol/vaSJ97A549+ E713DyFAuxJMh2AY2y5ksiqDRJdACBdvVNJqlaKHKTfihiYW75VHb+RuAbMhM2nN C78eh+xd6c4UCwpQ9vSU4i1Jzn6+T74pMKkhyssaHhQWfPs8K7eKQxOJzSjpDFCS FG7oHx6doPEk/xgLaJRCt/IJjNCZ9l2kYinmOm7c0QdRqJ+VbV7Px41tP1dITQIH /+JnETExUzWbE9fMf/eJl/zACF+gYii7d9ZdU8RHGi14jA2pRjc7SQArwqJOIyKQ IFrW7zuicCYYT/GDmVSyILM03VXkNyAMBhG90edm17sxliyS0pA06MeOCjhDGUIw QzBwsSZQJUsMJcXEUOpHPWrduP/zN5qHp/uUNNGj3vxLrnB+wcjhF8ZOiDF6zk7+ ZVkdjk8dAYQr62EsEpfxMT2dv5bJ0YBaQGZHyjTEYnkiukZiDfExQZM2/uqhYOj3 yK0J+kJNt7QvZQM2enMV7jbaLTfU3VZGqJ6TSPqsfeiuGyxtlGLgJvd6kmiZkBB8 Jj0Rgx/h9Tc4m9xnVQanaPqbGQN4vZF3kOp/jAN5YjsRfCDb7iGvuEcFh4oRgpaB 3D2/+Qo9i3+CdAq1LMeM4WgCcYj2K5mtL0QhpNoeJ/s0KzwnXA+mxBKoZ0S8dUX/ ZXCkbOLoMWCUfqBn8QkQ =zn1y -----END PGP SIGNATURE-----
When that date rolled around, the website updated with coordinates along with the image itself updating to decode to a new message:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 52.216802, 21.018334 48.85057059876962, 2.406892329454422 48.85030144151387,2.407538741827011 47.664196, -122.313301 47.637520, -122.346277 47.622993, -122.312576 37.5196666666667, 126.995 33.966808, -117.650488 29.909098706850486 -89.99312818050384 25.684702, -80.441289 21.584069, -158.104211 - -33.90281, 151.18421 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPChn7AAoJEBgfAeV6NQkPZxMP/05D9TkSpwRaBXPqYthuyqxx uo+ZDyr/yVIlAdurTBiWb3aGxKJjtWg/vlcHcatK0TGL2qaHwB/FFZQAaqOyU7Zf DXdpWr8PWoWhpWNYUK8IrOaYu1SmWlJnkTdUSzGrX0lbwjwMmJJoPNS7CJuO6MaA 2GIwpv2G7lYqnH3xeX3kzGlPMsVb/wucKRjobsbdbreh1SNuQuRnhfe4s+oHTTqs XjtGL/VhBI0DUAdfLqW7z4C+Gvbx6okC8x5Sj2N2UTJOiyMYXz5+QyHoA6fo9g5V 6zodNpx/RvxuZP2Ssc9TqERgTo5FjRBpON1vjDalHgg0H2Fus2LK3gh+NZfj1i5b Oqa4Cqd9epI2pe+glXn86j9crS+2BEAr1cguqAFepvI9sdFEornDja4VXwDtUdM8 9hMVkU5NiTUYfvxZbL6W7rHIF7wxjGUwpe1ViuixG+cKNfv0enrt60PrtDByBOWI 9LLIUE0cB5HDT1xrczZ/55CtuM3Zf07/l0nLFdmgR0oa8KUA9gWcPs6S1EpBa185 VcyOTqbpIPiT8neiJEkXarbJeFk15m1P73Fr8XZxdj7EHK0aOwGYcc8e4PmW/dSh gcrSNXiePCbcRVRD2n9L47C0LkNyRpoBkmjvtpcRyp5ISe+0xcx/QI+gc1lkSijC 89qV+ymCHae1RiSDxVbd =ZJ37 -----END PGP SIGNATURE-----
These coordinates once visited in the real world, like the below video resulted in a QR code attached to a piece of paper.
These QR codes resulted in two of the same message:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In twenty-nine volumes, knowledge was once contained. How many lines of the code remained when the Mabinogion paused? Go that far in from the beginning and find my first name. 1:29 6:46 the product of the first two primes 2:37 14:41 17:3 27:40 the first prime 2:33 1:1 7:45 17:29 21:31 12:17 the product of the first two primes 22:42 15:18 24:33 27:46 12:29 25:66 7:47 You've shared too much to this point. We want the best, not the followers. Thus, the first few there will receive the prize. Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPB1luAAoJEBgfAeV6NQkP9oAP+gLu+FsRDf3aRcJtBkCOU2MX r/dagOTvCKWtuV+fedy0enWUZ+CbUjXOr98m9eq2z4iEGqKd3/MBXa+DM9f6YGUE jPum4wHtQDSJlZMazuYqJOVZGw5XmF25+9mRM6fe3H9RCiNDZpuXl3MzwdivYhcG B5hW14PcdHHteQf3eAUz+p+s06RDs+q1sNGa/rMQIx9QRe71EJwLMMkMfs81kfJC tCt21+8ud0Xup4tjUBwul7QCcH9bqKG7cnR1XWsDgdFP6a4x9Jl2/IUvp1cfeT7B YLS9W3lCM8thMemJr+ztQPZrpDlaLIitAT2L0B3f/k4co89v5X2I/toY8Z3Cdvoi hk0AdWzMy/XLDgkPnpEef/aFmnls53mqqe9xKAUQPMrI73hiJ+5UZWuJdzCpvt+F BjfQk15EJoUUW16K2+mBA1cSd+HJlnkslUTsjkq0E36XKChP+Cvbu/p6DLUMM2Xl +n3iospCkkHR9QDcHzE4Rxg9A435yHqqJ/sL2MXG/CY8X4ec6U0/+UCIF9spuv8Y 7w66D05pI2u9M/081L7Br0i0Mpdf9fDblO/6GksskccaPkMQ3MRtsL+p9o6Dnbir 6Z2wH2Kw1Bf0Gfx4VcpHBikoWJ5blCc6tfvT+qXjVOZjWAL7DvReavSEmW1/fubN C3RWcjeI4QET2oKmV2NK =LWeJ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A poem of fading death, named for a king Meant to be read only once and vanish Alas, it could not remain unseen. 1:5 152:24 the product of the first two primes 14:13 7:36 12:10 7:16 24:3 271:22 10:7 13:28 12:7 86:17 93:14 the product of the first two primes 16:7 96:4 19:13 47:2 71:22 75:9 77:4 You've shared too much to this point. We want the best, not the followers. Thus, the first few there will receive the prize. Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPB/nmAAoJEBgfAeV6NQkPEnEQAKl5qtb3ZE5vs+c08KuzAi4a tQEE71fvb65KQcX+PP5nHKGoLd0sQrZJw1c4VpMEgg9V27LSFQQ+3jSSyan7aIIg SDqhmuAcliKwf5ELvHM3TQdyNb/OnL3R6UvavhfqdQwBXCDC9F0lwrPBu52MJqkA ns93Q3zxec7kTrwKE6Gs3TDzjlu39YklwqzYcUSEusVzD07OVzhIEimsOVY+mW/C X87vgXSlkQ69uN1XAZYp2ps8zl4LxoaBl5aVtIOA+T8ap439tTBToov19nOerusB 6VHS192m5NotfQLnuVT4EITfloTWYD6X7RfqspGt1ftb1q6Ub8Wt6qCIo6eqb9xm q2uVzbRWu05b0izAXkHuqkHWV3vwuSfK7cZQryYA7pUnakhlpCHo3sjIkh1FPfDc xRjWfnou7TevkmDqkfSxwHwP5IKo3r5KB87c7i0/tOPuQTqWRwCwcWOWMNOS7ivY KQkoEYNmqD2Yz3Esymjt46M3rAuazxk/gGYUmgHImgcu1zzK7Aq/IozXI7EFdNdu 3EoRJ/UL9Y0l0/PJOG5urdeeTyE0b8bwgfC2Nk/c8ebaTkFbOnzXdAvKHB03KEeU PtM6d6DngL/LnUPFhmSW7K0REMKv62h9KyP/sw5QHTNh7Pz+C63OO3BsFw+ZBdXL hGqP6XptyZBsKvz2TLoX =aXFt -----END PGP SIGNATURE-----
These messages were another book code, this time only vaguely hinting at the books required for the code. One message was a poem and quickly discovered, the code was applied and this resulted in an onion URL.
The other puzzle took actually 6 years to figure out (in the public space) so it presumably was solved in private and kept out of the public space. This much like the other puzzle resolved in an onion URL.
These onion URLs must be visited over TOR and this is where the puzzle gets unverified. It is guessed that initial visitors were required to create an email and a private/public key pair. The public key was to be sent to Cicada so future communications could be encrypted.
This rumors for this was to trim down the list of those to strictly those who were capable of solves and not just those that were benefiting from other's work. The trail went cold because the information was no longer being put in the public space.
Puzzle 1 officially ended with an image uploaded to the subreddit by Cicada themselves.
I will be discussing this puzzle in person, at Tampa Bay Bar Camp 2019. A future blog will go into Puzzle 2 and 3 from Cicada.