[ARG] The Pizza Code Mystery

I’ve managed to get a look inside the dossier on Dr. Horn’s desk while nocliping. There’s also another one on the taco-hut with the same pages inside. They have the following text

Dear (Mr. Horn?)

Black Mesa Research Facility regrets to inform you that 

the Founder’s Grant for Independent Research was not awarded to
you this year. Despite your amazing ??? (efforts?) in the
field of biochemistry, we feel that the work of (Tanya Granger?)
and (Dilan?) Yu better represent Black Mesa’s vision of the
future. We ask that this not discourage you, as you are free to
re-apply for the grant next year provided your team shows
significant progress.

Sincerely.
Black Mesa Biochemistry Labs
Director M.(Brans?)

Don’t know if it has any importance for the ARG, but there are more dossiers around the QE chapter. I’ll try to look inside them too, but it’s really hard to do. In the brown/red one I managed to read “vccts1: Citrix Terminal server”.

I’ve spent a lot of time taking screen shots of these documents. If you look at the header following ATTN: I believe it says Karen Ploth*. It also says Las Cruces NM. I’m pretty sure Dear is followed by Mrs.
Plath*?
There is a Karen Laur who was an art director for the 98’ version & opposing force
This is her contact link “Contactum Immediatmentius Con Aplumbo Et Schmoozmagnus Pronto” @ https://karenlaur.com/

So nothing to do with the ARG

Edit: As flavrans9 noted “?OTR,3,4” changed from “?OTR,1,3”, so it may be of significance. After reading the wiki again, there are multiple references to the CIA and the kryptos statue, so it may be referencing the third Kryptos message. It was solved by several transpositions. Here it’s the proper explanation https://math.ucsd.edu/~crypto/Projects/KarlWang/index2.html
Now, is this the case? if it is which transpositions need to be made? Am I completly nuts? No need to answer the last one, it would be rude.

Very clever Mr. 0418_08151814, or should I say… MR BOND!, no, wait… MR HORN! I’ll explain 04=d 18=r _ 08=h 15=o 18=r 14=n. Just the positions of the letters in the alphabet. I was reading the thread from November 2012 till March 2013, because aparently, the solution was close on those months, and I saw his name, and remembered that somebody said that “seek code out” might be a reference to code_ in IRC, who went by 0418_08151814 in the forums… So I checked the name, he claims that he’s an expert on ARGs, but he doesn’t have time to help, still, he logs on pretty frequently just to read, since he hasn’t posted in one year. It’s also quite peculiar that in the wiki dr. horn was the one who created the storyline page the same day he had created the Tempus omnia revelant one, and just some days after 0418_08151814 suggested to write the story. I was tempted to send him a private message before posting this, asking for advice, since 0418_08151814 stated that he has experience on ARGs, but I thought that doing it would be against the spirit of the ARG.

Now, I think this pretty much confirms that he is Dr. Horn and not just somebody who was creative choosing a name related to the ARG. Read his 6 posts. In one of them he replies to this:

“Devs need to give us a lil nudge in the right direction either through a “troll” account or something on this site.”

With

“Pretty sure he has already. It is not usually the way of ARGs to have the creator pop in and tell you what to do next. Look harder, and think outside the box. I’m sure the terminal site will have something to do with it.”

In other one he says that the relation about J.D.Welsh should be investigated.

His last post is about a post in which flavarans9 tries to make some sense of the cryptic clues, and says “That is some impressive work flavrans9. It would be interesting to find out how the Niobium isotopes relate to AI.”

Second time he hints towards the Niobium, this time he points to it’s relation with the AI. Looking on wikipedia, the only plausible relation would be superconductors, specifically superconductor type 2, since the other are related to structural capabilities and extreme temperature resistances. They’re used on medical devices, like magnetic resonance imaging equipments, particle accelerators like the LHC, and detectors in radiotelescopes. If I had to bet, I would say the first. HALOS could very well be some kind of man-machine, maybe some kind of OS using brains as hardware, or the oposite, using computers to store human minds. Therefore they had to build some kind of machine to either “write” information in the brain, or to read information from the brain.

Now, about the 752 hex code. The Tempus Omnia Revelant seems to hint towards Time, at first I thougt One-Time-Pad, I tried to do it using BENALOHPAILLIER, BenalohPaillier and benalohpaillier. No luck, but maybe I did something wrong. Also, it could be a reference literally to time, either the time in wich the page was created,“Authorised for release 12.12.12”, or some other time reference. In one of the whiteboards it is written 9:00, but maybe it’s just a reference to the test with the Xen crystal, it was scheduled for 9:00 AM.

On the “Raphèl maí amèche zabí almi”. As far as I understand this was said by Nimrod on Dante’s Divine Comedy. Nimrod was responsible for the multiple languages in the world, so humans can’t understand each other. So it may point out either to the fact that HALOS has communication problems, or, if it’s a direct clue about the code, that we are looking for a message in the wrong language, maybe it’s not English.

It’s very late and I cannot think properly. Sorry if I made typos or other mistakes. English it’s not my native language.

PS: Sorry for the double post, I know it’s bad manners, but I think that this post is just too big for an edit.If there is a problem with it, feel free to merge it with my last one, or PM and I’ll do it.

Son of a-
How did we not notice 0418_08151814 became dr_horn before?
Alright, so we need to take a look at everything we have an piece together the story.

Confirmed it is stormseeker, 0418_08151814 commented that he had participated in an ARG called torment by Grngecko.

https://forums.unfiction.com/forums/viewtopic.php?t=19001&start=45

There is an user called stormseeker, also, it seems that he draw some inspiration from that ARG, since in one of the puzzles the solution was the coordinates of the kryptos statue. The problem with that ARG is that some participants decided to hack into the email of the ARG maker, so he shut it down. Also, people on the forums could not post solutions, only hints.So it might be difficult to find the puzzles, at least I was not able to find them, but there’s an article in wikipedia which says that the ARG was full of Red Herrings, so maybe this is the case with the current 752 hex code.

It may be worth looking into the relation between kryptos and the story, since 0418_08151814 said that actually the coordinates correspond to a point at the south of Kryptos.

Back to the code, after doing what it seems to me a 101 cryptography course, arrived to the conclusion that it has to be a 64bits block cipher with a key security of at least 80bits, which is the minimun key security recommended to avoid bruteforce attacks. It could be a cipher with a longer block size but in stream mode, it’s just that it would be weird, the code is exactly the size of a 64bits block size ciphertext.

In this page there is a list of 64 bits block ciphers.
https://en.citizendium.org/wiki/Block_cipher/Catalogs/Cipher_list

User 0408_08151814 also pointed out while people were trying to solve the code D, that people should focus on the clues already given and not going looking for hidden clues, and that maybe on one of the whiteboards that were near the ones with direct relation to the code, there was something that was needed to solve the code. Indeed, the key was in the very same whiteboard. So, it seems he was very straightforward about were to look. Now, we think the password may be BENALOHPAILLIER, so maybe finding the relation between the Nb and the AI we will discover the algorithm and mode used, or maybe an initialization vector. Looking on the whiteboards, there’s one about solenoids producing a magnetic field, the 13th on this page https://imgur.com/a/YEVxZ
That’s exactly the application that Niobium might have as a type II superconductor. Also, note the Do not wipe the board on the whiteboard signed by Dr. Horn. There’s only a handfull of them with that annotation. Other interesting whiteboards are the 10th, with the XVL 1456 schematics, and the last one, which mentions niobium directly.

After reading again 0418_08151814 posts, he must have laughed a lot. “…often the best way to find the answers is not to look for clues everywhere, but to put your self in the creators shoes, which I have tried to do with this.” Oh, the irony… :lol:

Now that you’ve all figured this out for yourselves, I can share with you the last private message I received from 0418/Code/Stormseeker. I didn’t want to share this before, as I didn’t want to ruin whatever he had brewing. Now that you’ve figured it out, it shouldn’t hurt anything, and the cat’s out of the proverbial bag anyway:

[b][i]"Apologies for the time delay, things have been hell here for the last month or so.

I ran the code through a few programs that analyze entropy via auto-correlation, the n gram results indicate a weak encryption, but one that results in highly entropic data (which I correlated against a similar data set size from a randomness extractor) when decoded via Hex, which I suspect is a secondary encode, as most encrypted data sent via communications is encoded in order to avoid corruption. This may have skewed the block size analysis done previously (resulting in 376bytes or 64bits).

Code:
³+�:5ºÝfW|$ÁOÉCFÑ1§ÅK¸/þà"aWw?$y#Ü!ö,Ô.‘ògµE«Êí¯aQ
Nê‡Í3ÇÇ?q10œÄ(´$=TðDùÏb–Ù¿÷9~C˜æ2Ú
?äx³¥O]Üiuú÷I„žbYZŸc•‘=à>:¬?8ŒEû…þ‘5AÖÀƒ˜òȃ2¨/ß�(büÜOçäj?éQÅÈ´dã:¹,–†.‹À™¸8�Úy¶?ä¢Y›mHǹSŒîc‘Dôaº’äþu$,Ø?QÖ•Q˜‡j|ª½{@I"A0©f̳Á9F:?~š7ª†?²xü—1ÀœŒy~y“
@eF²Lšb›&Â?Î*KäXš7_ësÄ«"\„Œøž)²q3—6G?J‰(í֏TiŒ^[PgFövZo%Þ¤Ú@þ¶e?E$i6•ˆ=Ë!æûþû¸Z)‘”€6¥+]Thinking in a non linear way, I’ve tried to classify the OTR message header with its increasing scale as the puzzles moved on.

[CLASSIFIED INFORMATION LEVEL 8][OTR//4.0]

working from that basis and the other messages I have developed this list.

Level 0 - 2 = Non Encrypted or Encoded (similar to private and confidential?)
Level 3 - 4 = OTR 1 - Base 64 or Base 85 encoded
Level 5 - 6 = OTR 2 - Hyper-encrypted (layered) Pen and Paper Ciphers
Level 7 = OTR 3 - Hyper-encrypted (layered) One Time Pad
Level 8 = OTR 4 - ???
Level 9 - ?? = OTR 5 - ???

Considering a flawed OTP (which it was, considering the ability to analyze it), when done properly should be information-theoretically secure, the next level should be either hyper-encryption using random bits (which is unlikely considering the difficulty in making that crackable and for the fact it’s usually used on hardware encryption chips), or some form of Block Cipher (from which if we assume the scale of Levels goes up to 10), can be extended into simple block ciphers with small block size, which analysis seems to indicate it is not, up to triple cascaded ciphers with high block sizes, salts and perhaps even key files to add additional strength.

It is just an assumption, but one using the available evidence, OTR 4.0 is either a 128bit or 256bit block cipher with an unknown mode and key length. I would assume AES or Rjindael as candidates to allow for the most commonly used (also as Off the Record encryption uses AES as its base algorithm, that may be a hint). So to modify the list -

Level 0 - 2 = Non Encrypted or Encoded (similar to private and confidential?)
Level 3 - 4 = OTR 1 - Base 64 or Base 85 encoded
Level 5 - 6 = OTR 2 - Hyper-encrypted (layered) Pen and Paper Ciphers
Level 7 = OTR 3 - Hyper-encrypted (layered) One Time Pad
Level 8 = OTR 4 - 128bit/256bit block cipher (AES or Rjindael or Twofish or Serpent)
Level 9 = OTR 5 - Cascaded Block Ciphers with salt (SHA 512 or Whirlpool etc)
Level 10 = OTR 6 - Cascaded Block Ciphers with salt and possible key file additions (to increase password strength)

For the moment therefore, I will continue to try and analyze the non Hex code and work out the block size, algorithm basis, key length etc.

If it is a block cipher, then algorithm cracking is pointless, and as such key forcing may be necessary.

If I were a betting man, I would say this is a 256bit encryption, probably of the AES or Rjindael cipher algorithm (not that you can tell from the code, but its pretty common) .

The password will probably be hinted at, perhaps in a less than obvious way. We can assume this much as it is almost impossible to analyze a cipher text with only one message and nothing to confirm patterns. Once I’ve got a rough estimate of what mode/algorithm it uses, I can dedicate some run time to rainbow table attacks on the key. I have a feeling this is a holding puzzle, designed to allow time to construct further aspects of the ARG or work on whatever is behind their NDA.

Recently there was a problem with the computer systems at work, so I may not have access to all the analytical machinery I usually do, it may take a bit longer to get more information, if i find anything interesting I’ll let you know. I may have access to some more specialist equipment at a later date, so more progress will likely be made then. I think we can rule out SSH or OTP though."[/i][/b]

I really hope this helps the ARG. I apologize that I didn’t share this before, but I knew as soon as I read some of the PMs that 0418/Code sent me that it was Storm in disguise, and I didn’t want to spoil the fun for everyone else. Now that his secret is revealed, we are all on the same page now, and you all have the same information as I. Most of it has been slipped into some of my other posts, anyway, although not spelled out in the same manner.

EDIT: Also, please believe me when I say that I’m not a part of this at all. I simply initiated conversation with “Code” when I believed he was just a user on the IRC channel interested in helping–0418 then noted on the forums that he was “Code” from the IRC Channel. I say this because I don’t want anyone to think I have pieces of the puzzle that everyone else is without, or that I am somehow involved with the game/ARG. All credit goes to those guys and gals–I’m a bystander like the rest of you.

I know Las Cruces! It’s a smallish city not far from here. It’s right by White Sands, the closest thing to Black Mesa that exists IRL, and according to Wikipedia it’s the largest employer there. I’ve been to both the trinity site and Holloman AFB, but I don’t think I can add anything based on that.

Since I have no idea what’s going on ARG-wise, I’m going to suggest, based on nothing whatsoever, that HALOS stands for Human Analog Logistical Operating System.

I’m confused now, so, BENALOHPAILLIER it’s not the password, but it is subtly hinted… cryptographers maybe? Also, that code sent by 0418_08151814 has half byte less than the 752 code, it’s 751 hexadecimal characters long.

I will try with OpenSSL again, keeping all this in mind… but there’s something off, at first he talks about weak encryption with high entropy, then about AES an RJINDAEL… so… ecb mode? ecb mode is weak compared to other modes, but yields a high entropy text.

Also, is NDA non-disclosure-agreement? or what it stands for? Anyway, I’m going to be on the IRC channel for a while, although it seems dead, just in case somebody wants to join now that there is new information.

Hey, something in this thread I can help with! Yes.

I was just reading about another hex code puzzle - EFF’s Encryption T-Shirt Puzzle made for DEF CON 21 (https://www.eff.org/deeplinks/2013/07/encryption-key-t-shirt-and-puzzle-def-con-21). Apparently, that puzzle was much easier to solve than the 752 Hex Code and was solved within days (the solution is described here: https://www.eff.org/deeplinks/2013/08/effs-encryption-t-shirt-puzzle-solved). The thing about that puzzle was that all you needed to figure out was which encryption tool they had used and the right key. The cipher and mode was encoded in the file header by the tool, so you didn’t have to figure out the encryption specifics. The tool would recognize the file even if you didn’t have the right password, so you could pretty much confirm that you were using the right tool.

The problem with the 752 Hex Code is that it doesn’t appear to have any recognizable file header, which means we have to treat the whole code as raw encrypted data and most likely have to figure out the exact cipher and mode used (as well as the key of course) in order to decrypt it.

About BENALOHPAILLIER, it is possible that this is not literally a password, but some kind of code in a similar vein as “Victor would like this extension”, like some kind of key/password hint. We know that Benaloh and Paillier are references to two different, but similar, partially homomorphic cryptosystems. Perhaps the key word here is homomorphic (or homomorphism), again not literally, but something related to the definition of the word. Perhaps we need to apply the idea of homomorphism to something related to the story or found in the clues in order to figure out the key.

The other thing to consider, as Angel noted in a PM, is whether or not the whole hex code is simply an illusion, a red herring to throw us off the real path. This thing has technically gone in a couple different directions–who’s to say the hex code isn’t the wrong one, and the other parts aren’t actually leads to the right path?

Oh, sorry, I must have written something wrong, I meant the messages that 0418 sent you, not the whole 752 hex code. But now that you mention it… :o
After converting the code he sent you and deleting the returns of line presumably due to copy-paste, it does not have 752 hexadecimal characters, it has 747, if the returns of line are not deleted, it’s 751 characters long. Some chars are changed, for instance, on the original hex code you could find this string 131309cc4280e, and in the new one 13130153c4280e, it can be seen clearly at the start of the code, the original was b32b003a35 and the new one b32bfffd3a35. Note that somehow 9c got turned into 153 and 00 into fffd. Like those changes there are at least 20. I’ll look tomorrow all the hex characters that change, maybe is a clue. Or maybe I’m overanalyzing things and the text he sent you was just to inform that the hex code should be looked at as a text.

I want to think that either it’s a clue, I made a mistake or that somehow due to converting the hex code to text and then again to hex it “loses or changes” information. Maybe somebody could comment if this is something possible or even typical.

If the 752 hex code was actually a red herring it would be a real disappointment

Edit: The changed characters don’t spell anything, I tested for the first 10 and nothing. Whenever I turn the original 752 hex code to text and then back to hex again, some hex chars change, so the fact that the new code is different it’s just a byproduct of it being in text form. The changes are dependant on how you divide the hexadecimal characters to get text. If the converted strings are 8 hex chars long, nearly everything changes, if you take 2 characters strings, the “00” strings disapear.

Maybe the hex code is encoded/encrypted similar to Stormseekers fake username. Perhaps we take two hex digits, convert to decimal, modulo by 26, and maybe a message appears.

I have no idea if this is possible, given the entropy, but it’s a theory. I can’t test it right now, but maybe someone else can.

EDIT: On niobium and AI: https://singularityhub.com/2013/06/05/google-buys-quantum-computer-for-artificial-intelligence-lab-at-nasa/

Nice found, so Dr. Horn was building an AI with quamtum computers. Well, at least now we know that. If it’s the only AI specific use of niobium it has to be that.

About turning the hex code to decimal and then mod 26, the first 3 pairs of hex code spell wqf. If it’s not a red herring, and right now I want to believe is not, it has to be a block cipher, just because it’s what stormseeker pointed at in his messages to gunsrequiem. If it is AES or RIJNDAEL, it has be in stream mode, since the minimum block size is 128 bits and the hex code does not have a number of bits multiple of 128. Unless something has to be padded to the hex code, but that padding has to be 8 bytes long, and there doesn’t seem to be any clue pointing in that direction. I’m probably repeating things that have already been said.

Edit: By the way, the OTP code solved with the Giordano Bruno quote… it was bruteforced, but how was it suposed to be solved without bruteforce? Were there any clues that pointed to Giordano Bruno? or was it suposed to be bruteforced in the first place?

Could it be that the higher levels refer to some type of quantum encryption?
https://en.wikipedia.org/wiki/Quantum_key_distribution

No, they refer to cascade ciphers, i.e. one cipher encrypts the message, other cipher encrypts the ciphered message etc. I think that for the quantum encryption a quantum computer would be needed.

The salt is a string to make the ciphertext non-deterministic, that is, make the ciphertext that comes out of the cipher algorithm different even when encrypting the same text with the same password.

The key file additions, I guess is random data added to the file to avoid attacks by somebody guessing the plaintext, but of this one I’m not completly sure.

Besides, there’s no reason to use quamtun encryption at this level, everything above DES is impossible to crack, the only AES encryption mode that could be cracked by us is cbc, using an oracle padding attack, but that would require that the mode used to encrypt the 752code was cbc, and a block with padding added, but there is not a block with padding since the last block is not even complete if the block size is 128 bits :S
The only way to decode this is getting the password from the clues or maybe the same message where the code was or the webpages or the game. If what 0418 said is correct:

“The password will probably be hinted at, perhaps in a less than obvious way”

Then the password should be something that we have to guess, it should be safe to take BENALOHPAILLIER as the clue, but maybe it is a redherring.

I’m gonna install a Linux distro when I have the time, and try every password I can come up with. Doing everything by hand, since the freaking batch files are a nightmare to code in, just takes ages for every password to test in the different modes and password digests.

Also, on the 0418 messages to Gunsrequiem, he metions rainbow tables, the rainbow tables for AES-256 would fill more hard drive space than the entire internet, exactly 3.06499108 × 10^54 Yottabyte at least that’s what I found in Google.

I work at a bank, and I have to calm customers down since that Target credit card fiasco–when they are worried that their pin number has been compromised, I tell them that it would take a computer the size of an airplane hangar to even come close to decrypting the encrypted info. They often look at me funny.

EDIT: Not to mention that it would take billions of years, lol.

Hehehe, with the current technology, it won’t be decrypted before the Sun blows up and destroys the Earth.

I looked a bit into the working of the modes, and apparently, it should be safe to delete the last half block and make the code 736 characters long, for some of the modes at least, ecb and cbc for sure:

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

EDIT: Something new appeared in the comments section of the 752hexcode wiki article:

Aug 09

W### has been p########## well on the L#### O####### L######## Can####, other#### kn### as the T## Cann##. My t##### to the #####etic
induction coil have reduced the likelyhood of overcharge by 200%! I still cannot fathom why the fuse we introduced continues to fail
however, perhaps the leptons have a mi7s6d0976)(&^A)S()F ()A^SF) A()&^ ^)(AS&^ (^6097^)(76)(")")(")(!")(!")(!"*)(… … …

The IP of the poster is 84.9.122.59
The message was posted 5 hours ago. So, around 4 AM in England Time?
My take on it:
Welsh has been progressing well on the Lepton Optronic Linearity Cannon, otherwise known as the Tau Cannon. My toying to the magnetic induction coil have reduced the likelyhood of overcharge by 200%! I still cannot fathom why the fuse we introduced continues to fail however, perhapts the leptons have a…

I don’t know how to continue, it doesn’t seem to be base64 or base85 and certainly it’s not hex, maybe just the numbers on the right are hex.

Edit 2: With this information this points to the 10th and 13th whiteboards here
https://imgur.com/a/YEVxZ
The 10th has the diagram of the Tau Cannon and the 13th has formulas about the tau leptons decay
https://en.wikipedia.org/wiki/Tau_%28particle%29

I’d suggest that W### stands for Work and not Welsh. I guess the real content of the message is between the lines though.