Good observation, CPU!
Additionally, 6300f25 from the ham radio description is a hexadecimal form of 103812901, which is a prime too! Amazingly, if you take 70232009 as a hexadecimal number (which is the number from the ham display), it’s 1881350153, which is also a prime.
So we have an additional pair of hex primes, both from the ham radio.
Awesome stuff here. Perhaps if we are confident that these are parts of the key, which they very well could be, the next step would be to determine how they are aligned. This could be based on the order on the website, or it could be hidden in the puzzles. I’ve attempted the numerical/hexadecimal versions in all sorts of combinations, and nothing has hit yet, so it’s possible we’re missing some pieces.
I don’t understand what you mean when you say that the next step would be to determine how they are aligned.
Can you explain?
I guess a better description would be the mode in which they are used.
Storm said someone was close a long time ago. The appearance of prime numbers in the KXBM article just last month doesn’t change anything. For some time, I’ve been entirely confident that the file is using a symmetric encryption. Furthermore, I’m certain that it is a single, non-cascaded block cipher of a 128 or 256 bit block size. I site as evidence the hypothetical OTR list from Code_'s PM:
The HALOS file specifically states the protocol as OTR 4.0. Furthermore, seeing as this PM was the end result of the “Seek code out” hint from the T.O.R page, I consider this to be a hint specifically addressing the HALOS file. In contrast, the QE whiteboard mentioning cascade ciphers could very well be referring to later puzzles in the ARG, seeing how cascade ciphers are directly mentioned in Level 9 and Level 10. By this same reasoning, I doubt that a hash function was used in this puzzle, since those are first mentioned in the higher levels as well (SHA 512 and Whirlpool are hash functions).
Additionally, the PM seems to strongly indicate that the encryption is NOT 64-bit, but rather 128 or 256-bit. I had a story-related theory a few pages back on this, but some more concrete evidence comes from an oddly worded portion of the PM:
It’s even possible that the key or the initialization vector are hidden within the cipher text, and this might be what is throwing of the block size. As for those who insist it is a 3DES encryption, try to recall Storms infamous post regarding whether or not this has anything to do with encryption.
Seriously, try. I couldn’t find it and Storm’s account seems to be MIA.
Thinking outside the box, the intent of the hint may be that “encryption” literally has nothing to do with the solution. In Triple DES, the plaintext is encrypted, decrypted, and then encrypted again using three keys. Thus, the decryption process would involve an encryption.
All things considered, the PM seems designed to resolve many of the uncertainties surrounding the HALOS file, leaving us with only the key to guess at (It is entirely possible that the initialization vector, if one is needed, is just a second key in hex form). All the other hints, which we keep interpreting as referring to the method of the encryption, might just be thematic elements, or otherwise hints pointing to the key.
To summarize:
128 of 256-bit block cipher
Single, non-cascaded encryption
To be totally honest, coming to the conclusion that we should use ECB because you can sort of piece it together from words related to some of the data does seem to be grasping at straws. I mean, one of the whiteboards contains a picture of a dopefish. Dope and blow are both drugs (heroin and cocaine, respectively). Have we checked out Blowfish yet?
In my opinion, the hint that “There is an answer, but you can’t brute force it, the CIA couldn’t brute force it” sounds at least as important as the information in the wiki clue. If you look up ECB on wikipedia, it’ll basically tell you that it sucks. Additionally, DES can be bruteforced, so that’s out. The best known attack against Triple-DES “is not currently practical”. While I’m not sure that would stop the CIA, I agree that might be an option. Still, as mentioned before, AES sounds like a far more likely candidate to me. Based on the extended OTR table in that PM and the explanation around it, plus the fact that (according to Snowden’s leaked information) even the NSA is still trying to find a way to break it.
… then again, who was close, to what, on or before May 22, 2013?
[edit2:]
Read up some more. Found multiple suggestions we look at the story side of things, right about the time people got stuck on the HALOS file. So…
Question: if Dr. Horn is Code_, Code_ is AI, and the AI project is named HALOS, what does that make Dr. Horn? A Portal 2 like human-consciousness-to-AI, similar to what Cave Johnson tried to do? Is HALOS simply pretending to be Dr. Horn for… reasons?
Btw, what’s up with all these religious references? Bibles lying around, multiple references here (vox populi vox dei, Dante’s Inferno, the Star Wars reference regarding a god-like entity (Edo god))…
[/edit2]
It was said a while ago that we thought that the Halos Code was incomplete in some form, and that the initial message which lead to it was also incomplete, is it possible that those 2 values are intended to be added to the start or the end of the Halos Code?
It was also Star Trek not Star Wars, but the references are probably due to the line “When you’re building a cage for Satan, you don’t ask him to wait around to put on the door” which is a line from Bugs spoken by the Character JD Marcel, this goes into the whole AI, Niobium, thing and where part of the ARG was taken from.
Oops. I knew that, but I messed up because I’m dumb. My mistake. Sorry to the trekkies out there. The “where part of the ARG was taken from” part interests me, though. I mean, the idea of releasing an evil AI is not new, and as far as I know it wasn’t back in 1996 (original air date for S2 of Bugs). What makes you say that part of the ARG was “taken from” there, rather than just referencing it (like it seems to be doing with the other references I listed)? Am I missing something?
I also noticed triangulation was mentioned a few times, and there’s the NW coordinates, but I haven’t found any reports of anyone doing anything that lead to useful stuff with that. I guess it’s considered fluff? (Mostly because the coordinates point to pizza places etc.?) I swear, all these half-described things on the wiki are so confusing to me.
I realize that piecing words together != ECB. It is an old post (when Storm said someone was close) and I am just throwing that out there.
On a different note, I support the notion that we need to do multiple forms of decryption in order to crack it. We have a few large prime numbers which are needed for Benaloh and Paillier. Has anyone tried using those cryptosystems. The Hex code might not be complete either.
The key might be in one of the PM’s or Stormseeker’s hints because in one of the PMs 0418_08151814 says “The password will probably be hinted at, perhaps in a less than obvious way.”
EDIT: In response to DeathTBO I could only find an implementation of Paillier but not one of Benaloh. I’ve tried with Paillier but without Benaloh I have no idea if I’m decrypting anything real.
Hello There
I’m in this ARG quite a few weeks and reconstructed some of your discoveries so that I’m on your level.
I have a question: What is with this Terminal: https://terminal.blackmesasource.com/public/index.php
Is this just a red herring or is this helpful.
There is a Username “bmesaroot”.
My Idea is: Dr Horn says the Password for the HALOS File is “BENALOHPAILLIER” and the Username is “bmesaroot” The wiki says, that the Terminal appeared one Day after the HALOS File was found.
Perhaps Login and Username have something to do with the DALsystems Login in this Terminal https://terminal.bmrf.us/
Here is a Theory about the HALOS File, the File is an Input code for a Testpattern for the HALOS AI but the transmission was aborted shortly before it was completed. I think the Encryption was done with two keys: the “BENALOH” Key for the first half and the “PAILLIER” Key for the second half. the Problem is, I don’t know which Cryptosystem is behind that.
Excuse my Typo I’m Swiss German and I don’t write Englisch that much.
Just for the record, when I wrote that post about clues => ECB, we didn’t have the PM, nor did we have the “CIA couldn’t brute force it” comment. All we had were the IRC clues and the T.O.R. page. At the time, I was probably looking (too) hard for anything that might be in the same vein as “Victor would like this extension”.
That being said, the reason ECB “sucks” is that, for a given key, the same block of plaintext will always encrypt to the same block of ciphertext. This can reveal patterns in the data, like long continuous sequences of the same byte values (e.g., the dots in the LOL Cannon message). If the attacker has enough of the ciphertext available, and if some of the unencrypted data is known, or can be guessed, it can be used to crack the encryption.
The whole point about the IV-based modes is to avoid the problems described above. If you use a different IV for each encryption, the ciphertext will always be different, even if you are encrypting the same data with the same key.
However, in our case, since the HALOS code is such a short message, Dr. Horn might as well have used the ECB mode as long as every block in the plaintext was different from one another. But, if we assume Dr. Horn was following security best practice guidelines, he would not have been using ECB mode.
EDIT:
Remember, Storm also said: “I wouldn’t give you an unsolvable puzzle, just a really hard one.” If the numbers didn’t exist before kxbm.net, and the puzzle was solvable, then it would mean that we would have had to brute force them.
JD Marcel in name is mentioned on one of the whiteboard probably as a external source of information, the ideal of the AI aka Cyberax and the Niobium are a few plot elements in the Bugs Tv Series, the ARG has taken the idea of the creation of a AI and the use of the niobium was used to help create the device that would have held the cyberax and help it be developed. At the end of the series it was being transfered to a larger place to store it and help it develop more than a standard computer ever could of, releasing it to the internet to let it feed.
I know, I’m not saying you’re wrong per se (and I’m no stranger to grasping for straws), hence my comment about wondering who was close doing what, and when - but in hindsight, I believe the amount of arguments against outnumber the arguments for it. Trust me, at the time, I would probably have applauded you for the insight.
Right now however, I’m thinking we shouldn’t focus on the method, but the password. Dozens of pages ago, people already tried tools that simply threw tons of encryption methods using various keys at the HALOS code. Obviously, without satisfactory results. I’m not sure Benaloh / Paillier were tried, because it seems harder to find an implementation for those (they’re not in CrypTool’s default set, I believe?) and apparently they need big primes. But I doubt that’s the answer: for one, it goes against the OTR 4.0 description in the PM (OTR 5.0 fits better). Second, if “someone was already close”, how could they have been if the primes were only just made public? I guess having the right key and method, just not the right IV is “close”… but I dunno.
Regarding my earlier comment, noting how Storm repeatedly hinted we should look into the story more: I’m still not sure if we’ve done a proper job of writing out the storyline. The wiki page on it seems rather limited. If you look up the one post made by Gameblossom, and the two blog posts she wrote, I’d say there’s a lot more we could add, story wise.
As for the terminal /index.php: I’m far from an expert on these kind of things, but isn’t it possible to spoof your IP? Has anyone tried going there while pretending to be from one of the IPs mentioned in the messages, or the logon server (1.192.12.156:2828)? Is that even possible? Man, I should look into it some time. I’m a programmer, I should know this stuff. >_>
Cryptools only contains Paillier , not Benaloh
Ok, so I was looking at the Storyline page on the wiki and I saw one of the hints it talked about, “And then we come to the latest clue. It appears to be sent by the HALOS AI, stating that the primary site is offline and the primary servers are overloaded. It then mentions that a user activation is required–PASSCODE INPUT FOR SITE ACTIVATION REQUIRED, and the final test pattern has been set.” The comments are disabled on KXBM.net because of (you guessed it) server overload (Well, it actually says unusually high server load, but as far as I can tell that’s the same thing.) and the only ad that leads to a different site is the local desert singles ad which leads to localdesertsingles.com . This is also down because of, “EXCESSIVE SERVER LOAD”. This also appears to relate to this. It also says that just the primary servers are overloaded. So what I’m thinking here is that this is another site relating to the main site where we’ll enter the codes, and so is kxbm.net . I think we should keep any eye out for any other domains purchased by this user, or any other known ones, or even any other users that have names related to Black Mesa. (Is that even possible? I’m not sure…) I think there’s a lot more to the kxbm site than meets the eye, and that we’re drawing in to the final site. Or, we might be really far off from the finale.
I wholeheartedly agree with efforts to clarify the story. Storm keeps suggesting that would help us. And, considering this is the guy who expanded the QE chapter to being on of the highlights of the Black Mesa mod, and showed his work, I’m disinclined to leave gaping plot holes or write off several pieces of the story as just outside references.
J.D. Marcel, for example, may not be just a reference to a 90s BCC show, but also a researcher at Black Mesa who wanted to get in touch with Bottomley, administrator of the Biodome labs, in order to get Niobium for an AI project. I made a post about this a few weeks ago. From this interpretation, I was concluded that Niobium was already in use at the Biodome, probably as a superconductor for use in particle accelerators like the tau cannon. It also has other applications that might make it suit the needs of Lab D Optronics. This was also how I was able to establish a stronger connection between Niobium and a quantum computer, rather than a standard issue sci-fi supercomputer.
I concluded that Horn and Bottomley were smuggling additional Niobium into the Biodome to work on a computer to house the HALOS AI. To avoid questions regarding why they needed so much Niobium, they hid their actions using pizza. Hence, “the pizza is a lie.” Either they bought Niobium and wrote of the expenses as pizza orders, or they literally smuggled the Niobium in with the pizzas. I’m inclined to go with the latter theory, silly as it is. It would help rationalize Horn’s anger over any theft or unauthorized consumption of the pizza. It also matches Welsh’s diary entry with the theft mentioned on the budget whiteboard, which was attributed to Dr. Stone, and the text below the grilled pizza image on Storm’s website.
My remaining questions are about what happened next.
Who are “they” from the grilled pizza text? What exactly did they steal, and where are they hiding? IRC Clue 1 points at it being Welsh, but the message could be interpreted as them asking Horn to not let some other entity find them.
Who was behind the acquisition of Niobium and the continuation of the HALOS project mentioned carried out in the other IRC clues? What was the result of their efforts?
How did Horn go from the vengeful man who wrote the grilled pizza highlight text to the man who wrote the Tempus omnia revelant, with the hidden message that seemed to warn us about an AI that is watching us?
I also can’t shake the feeling that our progress in the ARG is a driving point of the story, since HALOS.txt only appeared after possible login credentials were found inIRC Clue 5, and possibly 4. Also, Clue 4, which came out right after the /thepizzaisalie extension was accessed, mentions an access being detected to a personal site.
Also, on that note, who might have put HALOS.txt there, and possibly reactivated the AI?
Any thoughts?
Could someone make a list of all the possible passwords they found/know?
All the “terminal” subdomains, and bmrf.us are hosted on the same device, which has port 22 open. I got banned by fail2ban, but I’m sure it’s an hour long ban, so I want to try the passwords and usernames to log-in to the SSH.
Founded in 2004, Leakfree.org became one of the first online communities dedicated to Valve’s Source engine development. It is more famously known for the formation of Black Mesa: Source under the 'Leakfree Modification Team' handle in September 2004.
