[ARG] The Pizza Code Mystery

I decided to give my cipher theory one more try.

First, let’s talk a little bit about entropy (Shannon entropy). It’s an indicator how random the text is. If we take data as sequences of bytes, the entropy is in range 0 to 8.
For example the halos file has entropy 7.43, the random data from my previous post has entropy 7.42, but eg. Gunsrequiem’s last post has entropy only 4.57 (converted to ASCII).

So I took my php code from my last attempt, rewrote it in c++ to have more ciphers available and complete control over all details.

The block ciphers used:
DES, 3DES, DESX, Blowfish, IDEA, RC2, RC5, CAST128, SAFER_K, SAFER_SK, SKIPJACK, TEA, XTEA, GOST, SHARK

And I try all these modes:
ECB, CBC, CBC_CTS, CFB, OFB, CTR

And just in case, I also try these stream ciphers:
Panama, Sosemanuk, Salsa20, XSalsa20, RC4, SEAL, WAKE_OFB

And as Keys and IVs I try all combinations of these phrases (truncated if too long, padded with zero bytes if too short):

vector<string> Phrases { "", "BenalohPaillier", "Niobium", "Niobium5", "NiobiumV", "NiobiumFive", "NiobiumPentachloride", "Terminal", "Abortive", "ThEpIzZaIsaLiE", "Halos", "HalosProject", "HalosAI", "TempusOmniaRevelant", "BMRF", "BMRF.us", "BlackMesaResearchFacility", "congratulationsyouwonthePIZZA", "Pizza", "Pizzas", "GiordanoBruno", "Kryptos", "KryptosStatue", "BonAmi", "KONami", "KONamiCode", "DrHorn", "DrWelsh", "DrMontero", "VoxpopulivoxDei", };[/SIZE]
Also, these phrases are uses multiple times with modified letter cases (eg. “thepizzaisalie”, “ThEpIzZaIsaLiE”, “THEPIZZAISALIE”, even “Thepizzaisalie”), so the phrase should always be in its “natural” casing.

I think the most likely mode is the ECB mode which uses no IV (initialization vector), but I try all modes and all phrases as IV, because I can.

Out of millions of decoded plaintexts, none of them had entropy lower than 7.2, this means that either there’s still some phrases to be tried or it just isn’t a symmetric cipher, which I find hard to believe.

Maybe it’s just completely random nonsense data to keep us busy until the Xen release?

Anyway, if you think of any more phrases I should try, just post them and I’ll try them.

Also, you can try limited ciphers manually here https://symmetric-ciphers.online-domain-tools.com/ I used it to test my program.

I would also try things like “YoushouldbringPizzas”, “Dantesinferno”, “Nimrod”, “superbusviainscientae”, among others.

I like the idea that this is a holding puzzle until we get more information, designed to allow Storm and anyone else working on the ARG to have time to work on Xen. If that’s the case, I would expect us to perhaps find more clues in the actual Xen chapters.

Added.
Also I added 1001085139140914 in hexadecimal, because it could be an initialization vector (it’s 8 bytes).

I’ll keep watching this thread and if I see more things to add posted, I’ll add them too.
If anything works, I’ll post it here.

intresting stuff about that entropy, do you got any example or a good website that show how to calculate the entryopy of a binary[];

I don’t know of any website which lets you input bytes.
My function is here (note that in c++, string can contain any bytes, even zero bytes):

[code]double ShannonEntropy(string String)
{
if (String.empty())
return 0;

size_t Counts[0x100] {};

for (size_t i = 0; i < String.size(); ++i)
	++Counts[(byte)String[i]];

double result = 0;

for (size_t i = 0; i < 0x100; ++i)
{
	double frequency = (double)Counts[i] / String.size();

	if (frequency)
		result -= frequency * log2(frequency);
}

return result;

}[/SIZE][/code]

ah tanks ill just convert it to c# and use it in my own BM Arg project

I hope you’re not really expecting to draw inspiration from one of the most infamous unsolved cases in history?

Edit: So while you’re looking at element and things, has anyone considered that it might be encoded in the periodic table? Like, match all those numbers up to the atomic mass or number and see if the element shorthand spells anything.

Yeah, this was one of the first things I tried when I converted the hexadecimal to decimal format. It doesn’t work, even with a combination of atomic mass, atomic number, and excluding some of the letters. For example:

179 - No element with this atomic number, but atomic mass of Hafnium is about 179

Hafnium = HF

43 - No element with this atomic mass, but atomic number of Technetium is 43

Technetium = TC

Obviously, the buck technically stops here because you can’t make anything of the HFTC combination, but to take it one step further:

0 - The only thing with 0 mass would obviously be mass-less, and nothing on the periodic table can be mass-less or else we wouldn’t be able to measure its mass and therefore appoint it to the table. The closest thing would be light, but the point is nevertheless moot.

It was definitely a good idea, though, especially in regards to the niobium issue. I wouldn’t be surprised if we do discover a scientific element to the solution down the road, either in regards to the elements or to the purported uses of some of those elements (such as niobium utilized in AI technologies, etc.)

Keep in mind that these observations do exclude isotopes, but that’s a whole new ballgame, and the 0 thrown in there leads to the same conclusion.

Wait a minute, BMRF.us isn’t down anymore…

EDIT: And this is in the HTML, if it means anything:

                 ?MMMI                  
            MMMMMMMNNNNNNNN             
         OMMMMNNN.  . ONNNNNNN          
        MMMMN.            .DDDD+        
      NMMNN                  DDD8       
     NMNN      DDDDDD         D888      
    MNNN         8888.         ,OOO     
   .NNN           8OOO          OZOO    
   NNNO           OOZZ.          $ZZ    
   NNN           ZZZ$$$          777    
  .NDD          Z$$$7777         :II=   
   DDD         $$77 III?         ,??~   
   DD8        $77I.  ??++        =++    
   D888      77II.    ===.       ~~~    
   =88O     7II?      ~~~~~::   ::::    
    8OOZ   7I??.       ::::,.. ,,,,     
     OZ$$              .      ,,,,      
      $$7I?                  ....       
       :I?++=             ......        
         +==~~::,,    ........          
            ::,,............            
                ........     

EDIT2: Was digging around some more in the HTML, and found this commented-out code:

			<!--ul>
				<li><a class="selected" href="index.html"><img src="img/home.png"></a></li>
				<li><a href="#"><img src="img/#esearc#.png"></a></li>
				<li><a href="#"><img src="img/#areer#.png"></a></li>
			</ul-->

If you replace it with this, it adds 2 new menu items to the top bar (they don’t lead anywhere though):

			<ul>
				<li><a class="selected" href="index.html"><img src="img/home.png"></a></li>
				<li><a href="#"><img src="img/research.png"></a></li>
				<li><a href="#"><img src="img/careers.png"></a></li>
			</ul>

lol i find that picture of the dam just epic

terminal.bmrf.us is still forbidden, however, so there’s no way to access the employee login…
hmmm…
EDIT:

We were using phone extensions before, right?

“DALsys employees login”
This option is in the BMRF site.
When I open it though, this shows up:
"
403 Forbidden

nginx"

I think this site went online along with the redesign. It may actually have nothing to do with the ARG though.

If any of you remember DALsystems.com from back in the day, it’s back online as an actual page now, and it still has a login.

Ok this is getting weirder and weirder… https://terminal.bmrf.us/ works now lol:

 ____    _    _                   _                     
|  _ \  / \  | |    ___ _   _ ___| |_ ___ _ __ ___  ___ 
| | | |/ _ \ | |   / __| | | / __| __/ _ \ '_ ` _ \/ __|
| |_| / ___ \| |___\__ \ |_| \__ \ |_  __/ | | | | \__ \
|____/_/   \_\_____|___/\__, |___/\__\___|_| |_| |_|___/
                        |___/                            

DALsystems remote terminal module 
Copyright 200X, version 1.65 

licensed to: Black Mesa Corporation 

.......
.......
.......
.......[CRITICAL FAULT]: CANNOT CONNECT TO LOGON SERVER '1.192.12.156:2828' 


AUTOMATIC SYSTEM RECOVERY ENGAGED 

.......
.......[SYS MESSAGE]: Please try again later.

Well, it seems to be true. I can’t load 1.192.12.156:2828. I guess we need to try again later. Either this was part of the plan all along, to make us wait before some sites get set up, or Stormseeker is implementing a contingency plan to give us a new hint for the current riddle.

The site is meant to look legit–could this be the next phase of the ARG, and Storm just needed some time to get things up and running?

This just reinforces the idea that the HALOS.txt file is a holding puzzle.

About that lambda symbol–what if our hex code is meant to be converted into an image through ASCII? Perhaps we should be looking for data results that seem like random assortments to the naked eye in line format, but if there are repeats of characters, perhaps there’s a way to space them. Just a thought.

Or maybe it means the release of Xen is drawing closer oO
Dun, Dun, Dun…

Login option now accessible

[align=center][/align]

Probably means nothing, but it’s interesting that most (or all) the icons on https://bmrf.us/ are dated back to “09/19/12” (opened them in a hex editor). HTTP says “Last-Modified: Mon, 04 Nov 2013 09:09:13 GMT” which means the site was probably uploaded on Monday.

“whois 1.192.12.156” says this is an IP in the “CHINANET henan province network”, though maybe the authors of the site assumed this was an invalid IP range, or is any BM team member from China? “telnet 1.192.12.156 2828” doesn’t want to connect, the IP pings back though.

https://bmrf.us/ is “Last-Last-Modified: Thu, 07 Nov 2013 00:49:24 GMT” and https://terminal.bmrf.us/ “Last-Modified: Thu, 07 Nov 2013 00:50:03 GMT”.

The modification dates hardly a surprise, we know for a fact the website’s just been updated.