4 18 8 15 18 14 9 19 23 1 9 20 9 14 7 6 15 18 25 15 21= “DR HORN IS WAITING FOR YOU”
BMRF.us is back up, with same old Steam release video, so nothing new. 
I also checked terminal.bmrf.us, and it is still not available.
So yeah, domain expired, now it is back up, without anything new (I think, didn’t check source, but I suspect it is still same)
I get the feeling he’s gonna keep on waiting.
Well, according to his sig, he’s expecting us.
“Dr Horn will see you now…”
Hmm, on Black Mesa Steam trading card “Paging Dr. Horn”, there is description: “He’s ready to see you now…”, while he is probably Dr Horn.
The picture of trading card is from Questionable Ethics chapter, one of Storm’s and ARG’s main chapters.
These are just shoots in the dark, but it might be something.
Well, I looked up that quote (“Dr. Horn will see you now . . .”), and I came up with this. Keep in mind, however, that the last name “Horn” isn’t exactly uncommon, so this may be coincidence.
This post on Instagram24 (not associated directly with the real Instagram) is an exact replica of the quote: Doctor Willow Horn
It references a bunch of different doctors, and deals with the Black Death.
Probably just happenstance, but I figured I’d put it out there (since we’ve got everything else under the sun included, already).
EDIT: BTW, just something funny I noticed. I revisited the “/thepizzaisalie” portion of Storm’s portfolio site, and I automatically typed in the password of “1001085139140914” without batting an eye. I’m certain those numbers will be with me until the day I die.
EDIT 2: Just some thoughts–after revisiting the “1001085139140914” image, I remembered that we got this after solving the image’s binary code: “congratulationsyouwonthePIZZA.” The message afterward says:
“They stole the lie, as if that matters to me, HALOS is far too complete to stop now. They can’t hide there, not now, not now I have this, this holds the key to all things… they CAN’T hide from me. I will follow them, I’ll set up a link and this to remind me. Perhaps I should hide it on the secure site, perhaps that would be best. I’ll find them though and they will pay, they will definitely pay. Dr Marcel was right when he said, “When you’re building a cage for Satan, you don’t ask him to wait around whilst you put the doors on.” Welsh is probably behind this, but he won’t get away with it.”
I feel like we’ve kind of looked past this. Aside from the HALOS.txt file, this is the only thing that we know for certain is important because it was directly uploaded to the site. All the IRC chat messages are great, but they do nothing to assist us with what this message is clearly telling us is the next step. We have yet to find a link that is specifically related to the ARG–we’ve seen some possibilities, but they seem to be related to the Steam release. Everything redirects us there, so I have the feeling that those websites were simply part of promoting the game. I could be wrong–I’ve been wrong many times before–but this, to me, seems to be the most important thing that we have generally overlooked.
As for the yellow text, this rang some bells. Remember the “LIES.jpg” image? It said “STEALS IT, EATS IT.” This seems to be a direct reference to that image.
I definitely think we have overlooked many things in this ARG, so it would be a good idea to revisit them.
Edit: Maybe that is what 404 is trying to tell us, to revisit older clues.
snip
Nope. Nope.
No thanks.
I’ll wait for official word from Storm, cause this shit is going too far.
Be careful with this, folks. Files from random users on random sites = bad mojo.
User error404notfound/CitadelCore has nothing to do with me or the ARG, neither are any of the links posted. I warn people to be careful visiting any links posted.
Thank you, sir. You may have just potentially saved someone from getting a lovely visit from a Greek-operated machination. The site he linked to is actually owned by him, too, which is extra shady.
Stop being shady, Core. Not cool.
…
FUCKING DEVS HACKED INTO MY ACCOUNT!
Next comment like that gets you banned.
Ban him!
No, they used the administration control panel to alter some things related to your account, most likely in an effort to prevent you from completely derailing the conversation(s) at hand or luring unsuspecting players into a web of deceit.
Now that the unpleasantness of these last few days has been dealt with, let’s move on.
Referring back to this post, Storm mentioned that the HALOS.txt file is encrypted, but not with OpenSSL tools. If we take that at face value, it can mean two things–either he simply didn’t use those tools to do the encryption, or the method of encryption has nothing to do with ciphers used by OpenSSL. Pulling from the wiki page on OpenSSL, this includes:
“OpenSSL supports a number of different cryptographic algorithms:
CiphersAES, Blowfish, Camellia, SEED, CAST-128, DES, IDEA, RC2, RC4, RC5, Triple DES, GOST 28147-89[sup][6][/sup]Cryptographic hash functionsMD5, MD4, MD2, SHA-1, SHA-2, RIPEMD-160, MDC-2, GOST R 34.11-94[sup][6][/sup]Public-key cryptographyRSA, DSA, Diffie–Hellman key exchange, Elliptic curve, GOST R 34.10-2001[sup][6][/sup](Perfect forward secrecy is supported using elliptic curve Diffie–Hellman since version 1.0.[sup][7][/sup])”
If this is the case, then that still leaves Rijndael on the table:
“After all, Rijndael was the winner of the NIST competition to select the algorithm that would become AES. However, there are some differences between Rijndael and the official FIPS-197 specification for AES.
Namely, Rijndael allows for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in fact have to match the block size). However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually . . . .”
In other words, although AES is a variant of Rijndael, Rijndael is a bit more flexible and differs from AES. This is backed up by the PM from Storm posing as 0418/Code:
"If it is a block cipher, then algorithm cracking is pointless, and as such key forcing may be necessary.
If I were a betting man, I would say this is a 256bit encryption, probably of the AES or Rjindael cipher algorithm (not that you can tell from the code, but its pretty common) .
The password will probably be hinted at, perhaps in a less than obvious way. We can assume this much as it is almost impossible to analyze a cipher text with only one message and nothing to confirm patterns. Once I’ve got a rough estimate of what mode/algorithm it uses, I can dedicate some run time to rainbow table attacks on the key. I have a feeling this is a holding puzzle, designed to allow time to construct further aspects of the ARG or work on whatever is behind their NDA."
Actually that was a failed attempt at being a troll. I apologize.
I’m not ‘some shady user’, you can check the link, it goes to my SSL-enabled site, scan the files with VirusTotal if you like, nothing will come up.
The public key I linked to is my actual public key; you can check from a keyserver, it’ll be there.
My Steam profile is here: steamcommunity.com/id/Cryosim and I own Black Mesa on Steam.
(and Black Mesa is literally my favourite game). So, um, the forums are important to me.
I do admit, it was really late, and I was being a dick. (So tired :/)
Thanks.
It looks exactly the same to me.