If you want to analyze it for yourself and want to waste some time than watch a video of an edit of it that i made.
When i wrote that i realized later that it wouldn’t work, as you would need one that allows the full alphabet/numbers which HEX will not allow.
However there is a alternate version to the method used to decrypt Kyptos. It used a similar thing using the alpha bet but not adding anything to the rows of characters.
The Vigenere uses a standard table with the characters in a set rotation, line 1 would go say A to Z, where line 2 would be B to A.
Then using the key as the length of row you would need, you then work your way across the table character by character from the Hex Code,
finding the character going up to the top which would have the standard hex lengh unedited (0-9,A-F) and that letter/number is the decoded Hex Code.
EDIT : I found this video how to find a KEY using the Vigenere Cipher, wonder if its possible to do this with the HALOS.TXT but rather than using the Alphabet using HEX - youtube.com/watch?v=LaWp_Kq0cKs
I meant to go through the files, not the actual video.
I did an experiment to see how a hex variant of the standard Vigenère cipher would work, using “0123456789abcdef” as the alphabet instead of “ABCDEFGHIJKLMNOPQRSTUVWXYZ”.
I used this as plaintext:
[[Proxyhost@-84-9-123-155.dslgb.com//closed.proxy.accepted//?OTR,1,3,?OTR:[INCOMING TRANSMISSION - LOC 2 LAYER 2 SUBSTRATA 3 X01/X02 HALOS PROJECT INITIATED]] 41Nb recovered [STOP] HAFB Compromised [STOP] Transfer to site complete, project HALOS underway. Further INFO [Classified] [STOP]CODE BASE 64 compromised, [STOP] [End Transmission]|¬[Terminal.] ~~ [Transmission Ends]]It’s IRC clue 3 trimmed down to 376 characters, the same length as the raw HALOS code. The entropy is 5.44473852357 bits/byte.
Converted to hex:
5b5b50726f7879686f7374402d38342d392d3132332d3135352e64736c67622e636f6d2f2f636c6f7365642e70726f78792e61636365707465642f2f3f4f54522c312c332c3f4f54523a5b494e434f4d494e47205452414e534d495353494f4e202d204c...For a hex Vigenère we also need a key in hex, so I used BENALOHPAILLIER converted to hex: 42454e414c4f485041494c4c494552
This resulted in the following ciphertext:
9d909eb3abb7b1b8a0bcb08c667d866f7e6b727e726581767e6aa0bca1b9a463a1a0a96e67b3ada8bfa1ad63c2b4a4b6ba6aa0abb3a6b9b0a1ad647171849293687064836d788b909b7fad8b83818089888697619d9e8d87989f8b98918a8b8d687d6185...Converted to ASCII:
ž³«·±¸ ¼°Œf}†o~kr~rev~j ¼¡¹¤c¡ ©ng³¨¿¡c´¤¶ºj «³¦¹°¡dqq„’“hpdƒmx‹›‹ƒ€‰ˆ†—až‡˜Ÿ‹˜‘Š‹h}a…‹iwrŽ†—†žozp”žŽŸ—“–†ntl—x`‘|~i“Ž„‘aœ‘‡š†Œl‚ƒ›–Ž•ƒ•a}}Š«eħ¨·¡±´a”Ÿˆ•¯b‡Žo‹¿®¹¾«¦®Å§©nœŸ“‡ ži¾ª£Å¨ª°a°®h꽡l¬¤¿²¡£µ¡khÀ³¨¦¡¬¹rŠ†Š€Ÿo½¾¥®¾³ª¾pb‹³³°§Âa‚Š‚ˆe…¡¯´¿¨®¹¦™l”˜¦•›„‹ƒpƒŠŸi{†b¨®¼±§½ª¼¡ ee•™‘™o“•¯l»¦°µ¢§´¿¨§¾žµè—ªÄ¯®¬¢¨m•p¿·l—·³ ¸«ª¿²¡¿¯iª¸¯ŸEntropy: 6.32447361105 bits/byte.
So, the entropy has increased, but it’s still much lower than the raw HALOS code, which has an entropy of 7.42812720165 bits/byte.
Finally, I tried decoding the HALOS hex code using the same method and key as above, and got this:
71e6c2f9f97b95161633e8850684c7c40e0890f5688dfb77e6b2c7a7ed1f1532e638e79de9a6eb9bdce2588e602570076a8eae67b22018c102a1d9358bfe898635f2f84c83efc278ebf8cf12bb06b883235e897ebefd320a5b463da1f4c29eceacb2377a...ASCII:
qæÂùù{•3è…„ÇÄõhûwæ²Ç§í2æ8çé¦ë›ÜâXŽ`%pjŽ®g² Á¡Ù5‹þ‰†5òøLƒïÂxëøÏ»¸ƒ#^‰~¾ý2
[F=¡ôžά²7zi—3µÆ¶
EVÊ!S*ƵS\ÿ¯Ùÿò\÷C ¿T@º¼\÷�šKH±GöoêÎãß!°—£!À€vÄÓ#§ûqÜUMâÊBÇÄŽTRwüÛÈŠ8Üz3«m½VÁÚ! ÑÆp@¥.O¿× ~S¬®4ÔÒèã“=‘W\HÛ;Ünq2²íÃ�ôj×ÇÎ-€wˆôôø9RYûkNïq?É°^ü~ZG;Å2:[º,
vUYá„î¬?Qû¢>Í‚fäÕED¨]àÓv8þEÊÁø×AØÀ¤šC$:&
·>
.6Öé•oˆß°uÃ&ÏõãÓ-ú\Cë‰ì¨º²¼p
èXXDý`Ù
The entropy of this is 7.47549255116, which is even higher than the original HALOS code.
If this type of cipher was used, the plaintext must be something that already have much higher entropy than ASCII, like, for example, compressed data.
EDIT:
I redid the experiment, but this time I used a better key, a randomly generated key from random.org, same length as the BENALOHPAILLIER one I used earlier: 3389e0c5bd769bfdf51749c3fb7325
Ciphertext:
8ed430371cee0455548abd0318ab5950b20df6efa9b82e2a4c67276edf8c95a743241a95ba505176bc285f9195a5e8583edbd7fe505a87bd285f924462c83417d9a7b720114688174dad707cc72304fabfd934156b9b0439c6627cdc330efcb4bb1a1553...ASCII:
ŽÔ07îUTŠ½«YP²
ö喝.*Lg'nߌ•§C$•ºPQv¼(_‘•¥èX>Û×þPZ‡½(_’DbÈ4Ù§· FˆMp|Ç#ú¿Ù4k›9Æb|Ü3ü´»Sˆ¥EÊ9
–ÍHl‹OÅf‡Ê�øÝÎË.oyõ»fÈ3å
ÈÚ7:Zã4±n‡Â!òºèJKz]“—˜ìO;èðQbœ:ÃrSÁ!ÿ–Þ\R‡»"Xܘ˜í��ÊÚMB75\ј™îRå!Õ»`^‹®ã^Ò‚£åE9’»mgv£(^çE{Ê,�–�[Y|»:\ìCSÏU7!ÞðoP‡ :“pvåA8 ßñVZ{–ãFÆyrÙ=üºÐ7Xœ©YSìO"-èúZ^Š®'“p†Ý/
–æ2S{imÔƒ¦æI8 ßú[BƒåOØ—âN&”èc…iO冑üM. éô\S7Ž!_ær€
The entropy this time around is 7.31535159529 bits/byte, which is much closer to the entropy of the HALOS code! Also, the bit ratios of 0s to 1s have gone from 1646/1362 in the plaintext to 1523/1485 in the ciphertext, which is a more even bit distribution.
So, this type of cipher might produce something like the HALOS code as long as the key is strong (random) enough.
Nice work, man! I definitely think that the entropy was created purposely, either through a very complex key or an extra, somewhat simpler layer of encryption. I say “complex key” because I hesitate to use “random key”–a random key would be nigh impossible to crack, as I’m sure Storm is aware. However, it is one of the simplest ways to ensure high entropy.
I believe Storm even mentioned at one point that the ciphertext was designed to look random.
Good stuff.
Well, that doesn’t sound very hopeful. How in heaven are we supposed to solve for a key with that tidbit in mind?
Again, Storm is playing “guess what’s in my head” with us.
It depends on the encryption method. We should keep in mind that a modern cipher like AES (used correctly) will produce high-entropy output regardless of the complexity of the key.
But yes, it is certainly possible that the high entropy may have been created through something other than a modern cipher. The problem is figuring out a method of encoding/encryption that makes sense in relation to the clues we have, as well as anything that was discussed around the time when someone was supposedly close to the answer.
Maybe this can only be solved in hell. 
Joking aside, when Storm said that tidbit, he was refuting claims that the HALOS code was just a red herring and nothing but random bytes. So, he said that it was not random bytes, but it was definitely designed to look that way. He went on to say that he wouldn’t give us an unsolvable puzzle, just a really hard one.
Might be a dumb question but, don’t the duplicates in the hex keyword need to be removed?
Instead of [42 45 4e 41 4c 4f 48 50 41 49 4c 4c 49 45 52]
You would use [42 45 4E 41 4C 4F 48 50 49 52]
?
Also, why wouldn’t you use a Vigenère table that’s HEX?
It would convert the current Hex code we have to a totally different Hex code that might be readable.
0 1 2 3 4 5 6 7 8 9 A B C D E F
1 2 3 4 5 6 7 8 9 A B C D E F 0
2 3 4 5 6 7 8 9 A B C D E F 0 1
3 4 5 6 7 8 9 A B C D E F 0 1 2
4 5 6 7 8 9 A B C D E F 0 1 2 3
5 6 7 8 9 A B C D E F 0 1 2 3 4
6 7 8 9 A B C D E F 0 1 2 3 4 5
7 8 9 A B C D E F 0 1 2 3 4 5 6
8 9 A B C D E F 0 1 2 3 4 5 6 7
9 A B C D E F 0 1 2 3 4 5 6 7 8
A B C D E F 0 1 2 3 4 5 6 7 8 9
B C D E F 0 1 2 3 4 5 6 7 8 9 A
C D E F 0 1 2 3 4 5 6 7 8 9 A B
D E F 0 1 2 3 4 5 6 7 8 9 A B C
E F 0 1 2 3 4 5 6 7 8 9 A B C D
F 0 1 2 3 4 5 6 7 8 9 A B C D E
No, duplicate letters in a Vigenère key don’t need to be removed. You are probably confusing a Vigenère keyword/keyphrase with an alphabet key in a keyed Vigenère cipher (Quagmire III), which can’t have duplicate letters because you can’t have duplicate letters in the alphabet you are using.
Another thing, which is related to your next question: While the hex key shown above is the ASCII representation of BENALOHPAILLIER, the letters in the keyword, as far as the enciphering method is concerned, aren’t groups of two-digit hex, they are single hex digits. That’s because I used the 16 hex digits as the alphabet instead of the 26 letters of the English alphabet.
That’s exactly what I did and exactly the tableau I used in my experiment.
The tableau is easier to work with if you add column and row headers:
[code] | 0 1 2 3 4 5 6 7 8 9 A B C D E F
0 | 0 1 2 3 4 5 6 7 8 9 A B C D E F
1 | 1 2 3 4 5 6 7 8 9 A B C D E F 0
2 | 2 3 4 5 6 7 8 9 A B C D E F 0 1
3 | 3 4 5 6 7 8 9 A B C D E F 0 1 2
4 | 4 5 6 7 8 9 A B C D E F 0 1 2 3
5 | 5 6 7 8 9 A B C D E F 0 1 2 3 4
6 | 6 7 8 9 A B C D E F 0 1 2 3 4 5
7 | 7 8 9 A B C D E F 0 1 2 3 4 5 6
8 | 8 9 A B C D E F 0 1 2 3 4 5 6 7
9 | 9 A B C D E F 0 1 2 3 4 5 6 7 8
A | A B C D E F 0 1 2 3 4 5 6 7 8 9
B | B C D E F 0 1 2 3 4 5 6 7 8 9 A
C | C D E F 0 1 2 3 4 5 6 7 8 9 A B
D | D E F 0 1 2 3 4 5 6 7 8 9 A B C
E | E F 0 1 2 3 4 5 6 7 8 9 A B C D
F | F 0 1 2 3 4 5 6 7 8 9 A B C D E[/code]So, lets work through my example:
This was the sample plaintext I wanted to test this encryption method with:
[[Proxyhost@-84-9-123-155.dslgb.com//closed.proxy.accepted//?OTR,1,3,?OTR:[INCOMING TRANSMISSION - LOC 2 LAYER 2 SUBSTRATA 3 X01/X02 HALOS PROJECT INITIATED]] 41Nb recovered [STOP] HAFB Compromised [STOP] Transfer to site complete, project HALOS underway. Further INFO [Classified] [STOP]CODE BASE 64 compromised, [STOP] [End Transmission]|¬[Terminal.] ~~ [Transmission Ends]]
Converted from ASCII into hex:
5b5b50726f7879686f7374402d38342d392d3132332d3135352e64736c67622e636f6d2f2f636c6f7365642e70726f78792e61636365707465642f2f3f4f54522c312c332c3f4f54523a5b494e434f4d494e47205452414e534d495353494f4e202d204c...
In order to encipher this message by hand, we start by writing out the key repeatedly above the plaintext message:
42454e414c4f485041494c4c49455242454e414c4f485041494c4c49455242454e414c4f485041494c4c494552...
5b5b50726f7879686f7374402d38342d392d3132332d3135352e64736c67622e636f6d2f2f636c6f7365642e70...Next, starting with the first letter we will be enciphering, which is ‘5’, we find the row for ‘5’ in the the tableau by locating it in the leftmost column (not to be confused with the line numbers inserted by the forum software), then move along this row until we reach the column with the letter ‘4’ in the top row (‘4’ being the letter from the key above the plaintext letter ‘5’). The letter at this position, where the row and the column intersect, is ‘9’, which will be the first letter of the ciphertext. Write it down under the plaintext letter ‘5’.
We repeat this procedure for each letter of the plaintext and end up with this:
42454e414c4f485041494c4c49455242454e414c4f485041494c4c49455242454e414c4f485041494c4c494552...
5b5b50726f7879686f7374402d38342d392d3132332d3135352e64736c67622e636f6d2f2f636c6f7365642e70...
9d909eb3abb7b1b8a0bcb08c667d866f7e6b727e726581767e6aa0bca1b9a463a1a0a96e67b3ada8bfa1ad63c2...To decipher the message we do the procedure in reverse.
In case you are wondering, no I didn’t do this by hand, I used a script.
decided to take a look at something else,… i know nothing of site administration . At this point, i find it very hard to believe that this site is down for any other reason, than the arg. i also took another look at the teams wiki page. i think they are trying to tell us something.
The page cannot be found[/size]
I think
Warning: file(): It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in /usr/share/nginx/blackmesagame.com/404.php on line 31
Warning: file(names.txt): failed to open stream: No such file or directory in /usr/share/nginx/blackmesagame.com/404.php on line 31
Warning: shuffle(): It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in /usr/share/nginx/blackmesagame.com/404.php on line 32
Warning: shuffle() expects parameter 1 to be array, boolean given in /usr/share/nginx/blackmesagame.com/404.php on line 32
is a pretty cool guy. eh
Warning: file(): It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in /usr/share/nginx/blackmesagame.com/404.php on line 40
Warning: file(actions.txt): failed to open stream: No such file or directory in /usr/share/nginx/blackmesagame.com/404.php on line 40
Warning: shuffle(): It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in /usr/share/nginx/blackmesagame.com/404.php on line 41
Warning: shuffle() expects parameter 1 to be array, boolean given in /usr/share/nginx/blackmesagame.com/404.php on line 41
and doesn’t afraid of anything.
at the bottom of the page, it says this.
HTTP Error 404 - File or directory not found.
Intertube Infomation Services (IIS)[/size]
Technical Information (for support personnel)
- Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
now, ive seen stuff like this all over, but i just cant believe that this is not intentional. it talks about solutions to the problem. talking about virtual drives and finding a missing file. i also thing that at the top of the page, where it is talking about time and date references… i don’t know enough about web design to make any sense of it. i really think all this is related though.
anyone that knows what the Microsoft page is talking about, is there something that WE could do on stormseekers page, or the team wiki page? i wouldn’t call that hacking, it would just be following instructions?
i also think that the constantly changing picture at the bottom of the page every time you refresh or visit the page is there to draw our attention.
again, this stuff could be nothing, just asking for input.
It’s a custom HTTP 404 error page. The direct URL of the page is: https://www.blackmesagame.com/404.php.
It’s existed for ages, but it didn’t have those warning messages before, so the page is basically broken. The error page is based on the default 404 error page of the Microsoft Internet Information Services (IIS) 5.0/6.0 webserver, hence the link to Microsoft.
At the top of the page, you are supposed to see this: “I think ______ is a pretty cool guy. eh ______ and doesn’t afraid of anything.”
It’s a variation on an old meme: “I think halo is a pretty cool guy. eh kills aliens and doesn’t afraid of anything.” But instead of “halo” the script is supposed to fetch a random name from the file “names.txt”, which no longer exists on the server, and instead of “kills aliens” it’s supposed to fetch a random action line from the file “actions.txt”, which also no longer exists on the server.
In addition to the warnings about the missing files, the PHP script engine is also issuing warnings about the timezone not being set. The script probably uses a time value returned by a date/time function as a basis for picking a name and action randomly from the .txt files.
The warning messages probably started appearing after a server upgrade, or after a move to a new server. At first, there were only the warnings about the missing files, the timezone warnings came later.
I believe most of the jokes on the page are very old, and only make sense to the devs and forum members who were active on the forums (5+) years ago.
before I spend the next week of my life doing this, has anyone tried this? and or does anyone have a script that could speed this up?
I actually started a thread on that here and the answer i got made me conclude that it is not part of the ARG.
agreed, thank you for showing me that. that didn’t seem like it would lead anywhere. so, now something else. I need help with something.
I want to beat the dead horse that is the grilled pizza image and I want to also beat the pizza is a lie photo. they are small file size, the more and more I read about all this stuff…its like I’m back in school again, thrilling most of the time. but at times…frustrating beyond all belief. but I’m not broken…not yet!!! its going to happen! were going to win! right, so my point. I need help with these images …I have been reading about reversible data hidden encryption that is a step up from norm image hiding that has been in pictures. I want to get to a point where I know there is no question that there is nothing there. right now, my thinking has moved on to the main code being related to spread spectrum type stuffs. something like cdma , was wondering if anyone had the means or tools to be able to find the reversiable data in those images if it exists, not the normal change the /b file and combine type stuff, its a little bit more intense than that, I’m just learing or trying to learn how to find it, so if someone has a leg up on me here, please have iat it! I could use the help.
I was checking out some of the pizzalie graffiti locations and came across this in Lambda Core:
[attach=4518,none,1920][/attach]
In the middle, between the pizzas, there’s this strange object:
[attach=4519,none,1920][/attach]
Apparently, it’s an octodog (also called a Frankfurter Converter).
Is it an easter egg? Or something else?
The octodog is only found in two locations: 1. The location in Lambda Core seen in the screenshot above (bm_c3a2c -802.095 2896 276.252), 2. On a shelf in an office in dm_subtransit (dm_subtransit -218 974 676.25).
welp, I would say that something has to do with the number 8
This could just be a coincidence, but this thing crossed my mind:
Actually, I’d say THIS has to do with the number 4:
[spoiler][attach=4520,none,800][/attach]
Residue Observation Tank – Four
ROT-4 ???
[/spoiler]
–
That’s actually probably not a coincidence. Storm wants us to look at the TOR page again. As usual.
–
Also:
A bit of unfortunate foreshadowing…
They were tempting fate with this.
