[ARG] The Pizza Code Mystery

In regards to the hex code, there is something that is really bothering me, and it took me down a very crazy path.

First and foremost, I analyzed the occurrence of bytes in the entire hex representation. My result was 196 unique byte instances. In other words, B3 has 3 instances, 2B has 2, etc.

Needless to say, this took quite a bit of time (about 2 hours), but I was nonetheless surprised by the results. First of all, 196 unique instances seems kind of low for something that we are assuming is some sort of AES-like cipher. Considering that the total possible unique instances of bytes in hex representation is 255, the number of unique bytes in our code is 59 shy of the total possible number of unique hex bytes. That’s an offset of about 23%. Now, I don’t have the keenest mind when it comes to cryptography, but that seems a bit odd to me. Nonetheless, it could simply be how the encryption method turned out–luck of the draw, as they say.

Anyhow, I wasn’t convinced, so I did a bit more digging. I recalled that Storm mentioned in May of 2013 that someone was close to finding an answer. So, I went ahead and looked through all the posts between the time we discovered the hex code and when he said that. This post stuck out to me as one that was seemingly brushed over without much discussion: Go to post

In the post, the user Jess notes how this ARG has been very similar to the Cyber Security Challenge that was sponsored in the UK. Well, I obviously knew that Storm was from the UK, so I went ahead and checked out the contest.

The part that interested me was the very last decryption attempt, in which the solver was given a hex code with 56 distinct hex pairs. Since the solution included numbers and other symbols, it’s likely that the puzzle only included one alphabet of 26 letters, those letters that were capitalized in the message (they have distinct hex codes), and then the additional characters and numbers filled in the remainder.

Now, if we apply the same technique to our puzzle, we have a bit of an issue. We can assume that only capital letters are included in the message, which is the form of the last gate solution and some of our IRC decryptions, but this leaves us with at least 7 different alphabetical representations in hex bytes. If we instead assume that the solution to this puzzle is like the one mentioned in that contest (this is possibly backed up by the capitalization included in the IRC clue that led to the HALOS file: “ThEpIzZaIsaLiE”), we still have a problem. Even if every single capitalized forms of each letter are used, we are still looking at almost 4 different alphabetical representations in hex bytes.

This definitely discouraged me, but there are two other clues that still lead me to believe this could be a lead.

First, the message we received on the “grilledpizza” puzzle was “congratulationsyouwonthePIZZA.” If you read that description of the Cyber Security Challenge, the author distinctly notes the following:

“Substituting in the space characters meant that the first word would have to be 15 characters long! At this stage, I guessed that this was probably the ‘real’ part of the challenge, and so the encrypted text was likely to be some kind of congratulations message… hang on, “Congratulations” has 15 characters!”

That is a very uncanny coincidence in my book. Furthermore, the author eventually realized that, even though he had figured out the puzzle using substitution methods, he could have simply used a bitwise rotate-left on each byte three times. This reminded me of all the references to Latin we have received throughout this stage of the ARG, especially those noted on the Tempus page. A Caesar shift is similar to what we are dealing with here, and Latin was the language of the Romans. Furthermore, the Tempus page that was provided to us as an aid was posted only five days after Jess posted the forum response regarding the Cyber Security Challenge. Perhaps Storm noticed that it was passed over without comment, and wanted to help point us back in the right direction. Also, he did say at one point that encryption may have nothing to do with this, in response to complaints that you had to be an encryption guru to solve these puzzles.

Now, I have attempted to perform a bitwise rotation on the first few bytes, to no avail. I don’t think it’s going to be as simple as that if it truly is some sort of substitution cipher, but it does add up. Not only could using multiple representations make the puzzle challenging, but it would also create high entropy, which the hex code seems to have.

To assist with the puzzle, we could assume that “congratulationsyouwonthePIZZA” is the first part of the message, as it was in the case of the Cyber Security Challenge.

On a final note, I get that this completely goes against what we have assumed thus far. However, it has been four years since we’ve made any progress, and this seems to fit with the multiple clues given to us like a glove.

Nice deduction, Guns. What do you need from us to help solve it?

Well, if it is a substitution cipher, then it’s really all about guess-and-check. Someone will have to get extremely lucky, however, especially if there are 2 or more alphabet substitutions throughout.

Like the Cyber Security Challenge “Congratulations” section, though, all that’s needed is to find an alphabet substitution that logically fits the best. I’m certain that we’ve got everything we need for that, and if we don’t (and this is the right direction), Storm will swoop in with another clue.

In fact, maybe the most recent set of clues has the final pieces of the puzzle.

The only thing that makes me think the “congratulationsyouwonthePIZZA” might not apply here is that the capitalized “PIZZA” may have in fact been to allow us to figure out the OTP puzzle.

So does “…password to HALOS files: BenalohPaillier”.
I don’t know though, I’m just brainstorming here…

From who came the idea to add this in the game?

How much time was spent to make this extra stuff?

Is there really a solution?

What do u try to find?

A little bit of a problem though here Guns is while the Cyber Security Challenge only had 52 unique byte instances, we have 196. 52 is an easily manageable amount to convert into characters, 196 is not. Even if we take the 26 Latin alphabet letters, multiply that by 2 for all the capital letters, add 10 for 0-9, and 1 for any spaces to show up, that adds up to only 63 characters we’d have to be able to use for each unique byte. There’s a few more we could add in such as brackets, colons, etc, but a coherent english or latin message would be made up those 63 characters only. It’s not out exactly out of the question that your idea would be the correct solution, but I find it very unlikely considering that fact alone.

Yeah, that was something I noted in the original post–it seems like 196 unique instances is far too many to manage. Even if all 63 characters that you mentioned are used, this is still three or more alphabets to consider. Like I said, very difficult to figure out unless we have a goodly chunk of the message already.

Whether or not this is a potential solution, I do think that we should review each and every post between the discovery of the hex code and Storm’s comment about someone being close. Around page 64 of the forums is a good place to start. There will obviously be clues here.

I wouldn’t necessarily say it’s a good idea for us to search for the exact solution that someone was close to on those pages, rather instead we should go back and read and try and build upon what people already theorized back there in general.

I would suggest starting with the wiki and the blog I created (although, admittedly, it hasn’t been updated in a while due to the current stalemate). These should get you up to speed and answer all of your questions.

I agree. On top of his comment about someone being close, Storm has also told us multiple times (at least once as Code_ and on the wiki) that collating the pieces of the “story” will help us in some way. I’ve had a hard time figuring out just how building a story will help us, but perhaps something will click with someone if we devote time to it.

The 196 character problem (actually 197 by my count) could be explained by it not being a simple character substitution problem. For example, f1 could equal the letter E but so could b2 and others depending on the grid used.

That’s why both me and Guns think it’s a possibility but that its incredibly time consuming and laborious to solve.

Correct. We are looking at multiple alphabets–at least three, upwards of seven or eight. Very difficult.

EDIT:

A couple of other things we might try working on:

1. The bmrf.us site originally had port 37 open, which is related to the “Time Service” (“time reveals all things”)–when the wiki user Cyrillic originally tried to connect, he found an SSH listing. I’m not too savvy with SSH, but if anyone is, might be worth a shot. Furthermore, the user Panic, who only posted once, also apparently attempted to connect with multiple usernames and passwords to no avail. Perhaps we ought to try again. You’ll notice, too, that he seems very keen on collating a story to progress the ARG. Of course, he could have just been speculating how important it would be based on his exploration of the ARG wiki, but it’s an interesting coincidence to say the least. Based on what Storm has told us in the past, however, perhaps we should heed his advice.

2. The username Cyrillic (notice how he, too, has posted only once), who I mentioned above, gave me another idea regarding the ASCII conversion of the hex code. Storm mentioned that it was a secondary encoding, and pasted the ASCII version of the code into our conversation back when I thought he was the user Code_:

³+�:5ºÝfW|$ÁOÉCFÑ1§ÅK¸/þà"aWw?$y#Ü!ö,Ô.‘ògµE«Êí¯aQ
Nê‡Í3ÇÇ?q10œÄ(´$=TðDùÏb–Ù¿÷9~C˜æ2Ú
?äx³¥O]Üiuú÷I„žbYZŸc•‘=à>:¬?8ŒEû…þ‘5AÖÀƒ˜òȃ2¨/ß�(büÜOçäj?éQÅÈ´dã:¹,–†.‹À™¸8�Úy¶?ä¢Y›mHǹSŒîc‘Dôaº’äþu$,Ø?QÖ•Q˜‡j|ª½{@I"A0©f̳Á9F:?~š7ª†?²xü—1ÀœŒy~y“
@eF²Lšb›&Â?Î*KäXš7_ësÄ«"\„Œøž)²q3—6G?J‰(í֏TiŒ^[PgFövZo%Þ¤Ú@þ¶e?E$i6•ˆ=Ë!æûþû¸Z)‘”€6¥+]

Now, although this seems to be a random jumble of ASCII code, there are a lot of Cyrillic symbols included within. Cyrillic happens to be the “third official script of the European Union, following the Latin script and Greek script” according to the wiki. There we go again–that reference to Latin.

We could look at this two ways–either the Cyrillic needs to be removed, or perhaps we could attempt a translation of those symbols included.

These are both long shots, but at least it’s something for us to work on that might actually lead us somewhere.

Another thing to mention in regards to SSH. When Storm responded in that message as the user Code_/0418, he mentioned something at the very end about SSH and OTP:

“Recently there was a problem with the computer systems at work, so I may not have access to all the analytical machinery I usually do, it may take a bit longer to get more information, if i find anything interesting I’ll let you know. I may have access to some more specialist equipment at a later date, so more progress will likely be made then. I think we can rule out SSH or OTP though.”

Now, I never said a word to him about that. Perhaps he was just saying that because people had attempted it before, or perhaps he was trying to throw a red herring my way because he may have thought I was on to him or that the message would be relayed at a later date. Or, perhaps this was his way of calling attention to it without seeming like he was calling attention to it, in order to help us.

This may tie in with the other clue we were given a while back, the “21 goes into 1” clue–port 21 is often used to connect to FTP servers, at which point a secondary connection is made with the client. Port 21 isn’t actually used to transfer files, but that second connection is. We have received a lot of clues about a “site,” so perhaps we are getting into some of the more nitty-gritty of server control.

Again, this is all just speculation, but I’m trying to keep the wheels turning while I have the time to submit ideas.

Over the next few days, I’m going to try to think outside the box in terms of the story and post something new to the wiki. Hopefully, I’ll be able to come up with a more intricate version of the plot, using the clues we have been given. If we can figure out where each character fits in the puzzle, maybe Storm will “prompt” the next portion of the ARG, and we can get out of this stalemate.

Don’t think that’s the way to go. See this post: [ARG] The Pizza Code Mystery[/size][/size][/size][/size]

Ah, I missed that. Back to the drawing board, I suppose. I’ll continue working on the new story for now.

EDIT:

I’ve been looking at the “21 goes into 1” clue lately, trying to fit it in terms of the ARG.

One thing I came across was this: The significance of 21

One thing that I found interesting was that it mentions how it is an important number in the Bible. This would tie in with many of our Satan, Dante’s Inferno, and someone being “evil” references.

This section was especially enlightening: “In his Second Letter to Timothy, Saint Paul lists 21 sinful behaviors of wicked people. The final behavior, described in the third chapter, is inward denial of God’s power.”

This could definitely tie into our ARG, as we have had numerous references to God. Furthermore, the “21 goes into 1” could relate to the 21 sinful behaviors exhibited in wicked people. This could potentially convey two messages about the ARG, messages that aren’t mutually exclusive. First and foremost, Dr. Horn may think that someone is exhibiting these sinful behaviors. Furthermore, the whole AI thing could be related to the denial of God’s power. Perhaps someone thinks they can play God, and that is what all of this hubbub is about.

EDIT2:

Something else I noticed about our IRC messages is the “¬” symbol used near the end of all of the messages. First and foremost, I looked up what it means–it appears as though it is simply used as negation in the context of formal logic. That’s all fine and dandy, but the interesting part to me wasn’t the logic it possibly references, but the type of terminals that used to use them. In other words, it’s related to the old IBM terminals that utilized Programming Language One (PL/I). A lot of the words on that page are very similar (if not direct matches) to what we are seeing in our IRC clues. Now, this could simply be Storm’s way of making the clues feel more realistic, but I’m not adverse to spending some time reading over that wiki and the messages to determine any hidden meanings.

Besides, there’s not much else I can do to be constructive except rehash old clues and hope for the best

On a final note, I noticed something very interesting in IRC clue 5, the one with the message: "“This is a message left for Dr. Horn. Just to remind you in case of emergencies that the password to the HALOS files is BENALOHPAILLIER. I have programmed HALOS to send in level seven cases. You should bring pizzas.”

This is the full message:

[[Proxyhost@-84-9-123-155.dslgb.com//closed.proxy.accepted//?OTR,1,3,?OTR:[INCOMING TRANSMISSION UNKNOWN SOURCE]LEAK SOURCE DETECTED. TRIANGULATING…MIX CASCADEHOP DETECTED…ATTEMPTING TIMING ATTACK…[TERMINATED] CANNOT CONNECT TO HOST…ATTEMPTING CONNECT TO USER H… SENDING DATA. SECURITY LEVEL 7 ALPHA.[OTR//3.0]QkFRS1ggSk9BSkcgWEFIRUQgSUZHSVogRlpEUEIgVVNYTEcgR1hIRkEgVUFVV00gSEJRQU0gV0FYVlkgTFFRUlkgV1JVV1YgRVRRT0sgQkFDQkUgSldITVMgSFZPTlogSUFIUEEgU09XQ00gTEdBVFggVUVYT1EgRFJRRUogQlZMQk8gREpJSEUgQ1pUSE0gWktISUUgTk9NTFMgQVhWVlcKRVRXSVMgRVRJR00gUlhFVkYgUVlBVUIgVkZDRUIgUFdCVUsgRU1OT0wgVw==[/][End Transmission]|¬[Terminal.] ~~ [Transmission Ends]]

Note the part that says "MIX CASCADE HOP DETECTED . . . ATTEMPTING TIMING ATTACK . . .

As it turns out, a timing attack is “a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.”

Furthermore, a MIX cascade might indicate that the adversary (programming jargon for someone attempting to prevent the sender from achieving their goal) was able to prevent the message from being sent anonymously by using the timing attack. This would be possible if there wasn’t enough padding or buffering.

Is this what Storm means by “time will reveal all?” Have we missed something? Perhaps we’re not meant to find a key at all, but to use the knowledge we have to simply bruteforce this thing. Isn’t that what we did with the OTP? Why not simply take the time to try and bruteforce it rather than plugging in countless passwords? Maybe that’s the key to all this–time . . . and patience.

Here is an example of someone who used a timing attack to find a decryption key: Paul Kocher

I suppose implementing such a thing on a single message is a little silly, but I can’t help but feel that this is important somehow. Most of the other suggestions I’ve made have been mostly hopeful, but this just feels right somehow. Maybe it’s not the method we are supposed to use, but the whole concept has to be important in some manner. To be honest, I don’t really think we can perform a timing attack on something that has no timing to begin with, but the whole bruteforcing methodology seems to fit in with what we’ve had before.

In fact, Storm said that very thing in his message to me:

“If it is a block cipher, then algorithm cracking is pointless, and as such key forcing may be necessary.”

Again, trying to determine the algorithm through any outside means is likely pointless, but we might be able to totally bruteforce this thing.

On a final note, this IRC clue seems to indicate that someone else is on our side, trying to decrypt the messages that Horn (or the antagonist, if Horn is on our side) is sending or receiving. Perhaps we should figure out who?

My theory regarding that last point Guns is that HALOS is some sort of AI meant for cryptography that might be trying to resist Dr. Horn. Notice how it says that the operation was terminated. There was no reason given for why it was terminated at all, just that it was terminated, likely meaning that it wasn’t terminated due to whatever process was trying the timing attack to run into some sort of trouble, but because someone intentionally stopped it. Someone like Doctor Horn, because he doesn’t want other people to see what it said. This brings up either 2 suggestions for why we saw that IRC Clue.

Either

A. HALOS is accidentally leaking it’s messages onto the internet. This seems to make sense as the actual message in the IRC Clue is something that is obviously from before the Black Mesa Incident, and we know for sure that chronologically we are past the Black Mesa Incident in the ARG. As such, HALOS is for some leaking all it’s files onto the internet, whether it be to damaged systems, emergency protocols or something else we don’t know about.

or

B. HALOS is intentionally leaking the files onto the internet. Perhaps HALOS is actually an AI intelligent enough to have fully developed into a self-aware intelligence, and it hasn’t taken too fondly to Dr. Horn and whatever he’s doing. As suggested by the Dante’s Inferno quote in Tempus Omnia Revelant, the AI is trying it’s hardest to gain attention and get help from other people, but it is not fully able to communicate with humans, so the only thing it can do is leak these cryptic messages and files onto the internet to try and get someone to notice.

Both suggestions fit pretty well into my theory for what the story of this ARG is supposed to be.

I know we have discussed Kryptos as a potential lead before, and while I am constructing my fresh take on the story (or trying to), I’ve noticed some striking similarities between the ARG and the Kryptos statue.

First and foremost, Kryptos had an encoding “error” in its second passage, and we too found an “error” in the IRC clue regarding BON AMI and KONAMI–although Storm later hinted that it was possibly intentional, the same as Sanborn did.

Secondly, we have received three IRC clues that are likely directly tied to the solution to the HALOS file. In the case of Kryptos, Sanborn specifically stated that the three previous passages would assist in solving the last passage.

With this in mind, I have printed off a copy of all of the clues and will be examining them for any unnoticed similarities or anything else of note. I’m not sure if this likeness was intentional, but it’s something to work on while we continue down this long stretch of road.

konami, bon ami, how it was “encoded” wrong? SFTE, BON AMI …which was determined to be site, guess what… It was, but it also might means something else. LEAVING A MESSAGE FOR DR HORN… SFTE= SELF, hes schizo, hes dr horn, and dr horn. ," ill leave this to remind me and put it on secure site, SFTE SELF and SITE…BON AMI=BIPOLAR AMI CODING, or alternate mark inversion coding. HALO HORN?

https://en.wikipedia.org/wiki/Bipolar_encoding

and one other odd thing, in parts of the game, it has 2 pizzas,left to right with an “OCTODOG” in the middle. There are 53 pieces of pepperoni on each pizza, so the really odd part… so we have 53 8 53… , 752 divided by 21 = 35.8, now think of it in the way I mentioned above, you 53.8 8.53, weird eh? Now for my favorite part.
35.8= 8.2E on a digi clock 7 segment font
2101…with the same logic, 1015…

Write from right to left with characters reversed. This technique is also used by old dot matrix printers to get rid of the. End of line and carriage return problems.
Leonardo da Vinci wrote this way, as did ancient Greeks. Example,
I took a screen shot of the words compared forwards and backwards, so you get a better idea of what I’m talking, alice in wonder land, UP IS DOWN DOWN IS UP LEFT IS RIGHT…look at parts of the game, in the lab, theres the bloody foot prints that split and each go in an opposite direction,
parts of the pizza is a lie, is inverted and spelled backwards, while having a left hand print, and a right hand print. check this out.

Boustrophedon…

https://en.wikipedia.org/wiki/Boustrophedon

redrum.jpg1024×835 156 KB

Happy Holidays all you crazy ARGers!