Uncovering Cicada Wiki
Advertisement

During the 2012 puzzle, 3301 offered a second chance for those who did not manage submit an email to the Onion site.

The puzzle authors announced it in a PGP-signed message:

There is a second chance to get your own RSA message and key. Follow the "Numbers dot TK" hint to find it.

To know more about the discovery of the second chance, read this page.

The whitespace message

On January 12th, 845145127.com's content changed from coordinates to whitespace: archive

<html><head><title>845145127</title></head><body><pre>
		 	  	 		 	  	 		 	  	 		 	  	 		 	  	 	 				 		 			 	 	 			   	 		 		 	 		   			 						 	 					 			   	 	 						 						 	 		  	 		 		 	 			   	 		   		 			 	 	 			 				 						 		  	 	 			 	 	 	 		  	 	 		  	 					 	 			   	 			 	 		 	  	 		 	  	 		 	  	 		 	  	 		 	  	 
	 		 				  				 	   		  	  	 					   	 			 						 	 		  	 		 				 					 		  			 

		  			 		  	  			  		 			  	  			  	  			  	   		  		 			  			 		  		 			   					  	 	 		   					 					
		  	 				  			 		  	 				   		 		  	   		  	 				  		 			  	 	 		  		  		   					  	  			  		  
		  	 	 		   		 		   					   					  	 	 		  		 			  			 		  	 				  		 			  	   		  		  		  	 	 
		   					  	   		  	  			   					  	   		  		  		   					   		 		  		 			  		  		   					  	 	 
		   		 		  		  		  	 	 		  	  			   		 		  			 		  		  		   		 		  	  			  	 				  	 				  			 
		  		  		  			 		  	  			  	   		  	 				  	 				  		 			  		 			  		  		  			 		  		 			  	   
		  	 				  		 			  	   		  	 	 		  	  			  	  			   					  	 				  	 				  	  			  	  			  		  
		  	  			  	 				  	 				  			 		  	  			   		 		  	   		  	  			   		 		  	 				   					  		 	
		   					   					   		 		  		 			   		 		  	  			  	   		  	 	 		   		 		  		 			  	  			  		  
		   		 		  	  			  		  		   					  	 				  	  			  		 			  	 				  	 				  		 			   					  			 
		 	  	 		 	  	 		 	  	 		 	  	 		 	  	 	 				 		 			 	 	 			   	 		 		 	 		   			 						 	 					 			   	 	 						 						 	 		  	 		 		 	 			   	 		   		 					 	 	 	 			 	 	 	 	 	 		 		 			 	 		 	  	 		 	  	 		 	  	 		 	  	 		 	  	 
	 	 	  		  		 	 	   		 		   		  	  	 		 	  	    	  	   			   	 			 						 			   	  	   		   	 	 	 	 					 			   		 						   	  			  			 		 	   			  	 				 	   			  			 		  			 		 							 	 				 			   	 		   		 	 	 	 		 	    	 		  			  	 		 	  	   		   	 	 	    					 	 		 

	  	 		 	 	 			 	 		 		 	  			  	 				 		 					 	 			 	 	 				 		 					 	  		   	 					 	 			   	 				 		 	 			 	 		 	 		 	 					 			 			 	 		 		  	 	  	   	  		 					 	 					 	  	    	 		 	 		 			 	 	 				 		  		   	  		  		 					 	  		 	 	 	 	  			  	  		 		   		 	 			 	  	 	  	 	 					 	 	  		   	 	 	 		  	 	 	 						 	    		  		  	 	  	 		    		 	 					 	  		   	   	   	   		  	  	 	  	  	    		 	    	 				 			  		 		 	 	 				   		 	 			 	 	   	   		  			 	    		 	   			 	 					 	 		 	  	 	 	  		    		 
	 		 	  		   		 		 	    		 	    	   	   	 		 		 	 	 	   	 				  	 	 		 		   	  		 		  	 	    		 	 	  	 			  	 			  	 	  		  	   		   		 	 					 	   					   			 	   	  		 		    	 		 	 		 					 	  	  			  		 	 	    	 		  		   	 		 				 	 	 			   		  	 					 	 		  	 		   				 	  				 			   		 	    	 		 		 		  	   		  			 	  			 		 					 	 			   		 	 	  		  		 		   	   	 		  	 	 		    	 	  				 		   		 		 	 		  		  		 	 	 			  	 	 			 	    	 	 		  	 			  		 		    	 		   		 			 	 	 			 	 	  			 		 	 		  		  	 	 
	 				 		 		    	   						   		 	 	 	 	 	 	 						  	   	 		  			 		 				  	   			  			 	  	 	 			  		  	 		   		 		 	  	  	    	 			 	 	 	 		  	   		 		 			 			    	 		   		  	 		 	  	  		 				 	 	  	   	 	 		  		  	  	    	 		 				  	    	 		   		  	   		  	 				   		  		  	  			  		 			   				  				 	 		  			   		 		  			  		   				   	 	 	 			 			   			 	  			 		  	   			 	    		  	  		 			 			 		   		 	 	 	 	  	   		 		    	  			 		   	 	 		  	 	 	 	 	 			  	   			  		  	   	 	 	  	   		   	 	 		  				
	    	 		 	  	 			  		  	 		   		  	 	 		 	 		  	   		  		 	    	 					 		  	 	 	 	 			 	 	 			 	 	  					   				 		    		  	 	 		  	  		 	 		 		   		  	 		 	  		   					  			 	  		 	 	 	 		  	 		 	 			  		 		  		  		  	 		 	  		  		  			 		   		 			  	 			 		   		 	  		 	  		  		 		 				 				 		  		 	 	 	 	 	 	 	 	 			  		 	 	 	 	  		  		 	 		  			 		  	   	  	   		   		  	   		 			  	 				   				 	 	   	 	 			 	 		 		 		  	   	   			 	  			  		   		 	 	 	 	 	 	 	  		 	 	   	  	  			 	 					   		  	 		  	 
		   		 		  			 	 			  		 	 	   	   		  	   	  		  	 				 	  					 	 	  	 	 	   	  	    	  	 				 	  					   				 			 			    		 	 			  		 	 	   	 		 	 		  	  	 	   	 			    	 			  					  	  			 		  			   	  		  	  	 	  	 					  		  	  	 	 		 		   			 	 	  	  	    	 			 	 		   				 	 	   	 			  		 	 					 	 	 			 	 	  		  			 		  			  	 	 	  		 				  	 		  	 		 	 	  	  		 	 	  	 		 	 			 			   	 				  					 	 	 			   			 	  	 	  	 	 	 	 	 		   		  	  			  	  	 	   			 		 	    	  		  		    				  			 		  		 		
	 	  					  		 		 	 		  	  			 		   		  		   				    	 		 		  	 	    				 			 			 	  				 		   		 	 			 	 	 	   	   		 		   	   		  	 	 		   				 	 	 			  			  	 	 		  	 				  		  	  		  	    	 		  			  		  		 	  				 	 		  	 	  				 	  	 		  	   		  	 	 		  	 					   				   	 	 	 	 	 			 		  	 	   	   	   		 		 	 			 		  					   	 			 		   		  		 			 	 		 		 	  				 		 				 			 			  	   		  		 			  		   	 	 					  	 		 	   	 	 	   		 		 	  				    	 			  	  			  		 		 	  				  	 	 		 	 	  		  	 	 		  		  	
		  	 			 					 	  	 				 	 		  	 	  				 				 		  	    	 	  				 			  			   		 	 				  	 		 				 	 	 			 		    	    		 	 			   	 			   	 			 	 	   			 	   	  		  		  		 		   		   	  		 			  		 		  	 	 		 	  	    		 	    	 			   		 		  	  			   				  	 		 	 		  	 	 	  	 		 			 			 	  				 			 			 		   		 				 		   		 		 		  	 		   				   					  	 	  	    				    					  			 	    				 				 		 		 				  	 				 					 	  	   		  	    	 			 	 	    	 		  	   		 	 	  		   					  		 	 	 		  	 	  	 				 		 		 	 		 		 
		 	 	  	 		 		 	  		  		 				 		 	 	 			  	   		 	 	  			   				    					   		 	  	  			 	 		  	 		   		  		   	 			  		  	 				  	  	 	  	 				  				 	  	  	 		  	 	 	  		 	 	 			 	 	 	  	 		  	  			 	 	   	   	  		   			 	 	 		 		  	 		 	  		 			   			 	  		 	 	   		  		   				 			 	 	 					 	   		 		  	 		 	   			 	 			   	 					 		  	  		   	 	 	 	  	 		  	    	  	 	  	 				  	   			 		  	   	 	  					  			 	 		 		 	  		 	 	 		  	 	 		 				  	    		  	 	 		  		 		 					 	 				  	 	 	   	  	  	 	 	 				
		  		 		  			 		 		 	 		   		  	 				  	 	 	  			  	 	 	   	   	 	  	 		 			 			  			  		  	 	 		  		 		  			  		  		  	 		 	 		  	   		   	   	 		 	  	  		 	 		 	 	  	  			  	 					 	  			  	  			 		   		  	 					 		  	 			 		    	 	 	   	 				  	 		   		 			 	 	 		 					  		 			   		 	  	  			 					 	   		  	  		   	 			  		   	   		  	 	 		  						  	   		   		 	 				 		 	 						   				  	  			  	 	  	   					 	  		 		  		  	 					 	 		 					  		 			 	 	  		   				  	 	  	   			 	   		  		  					 	  			
	 	 			 	   	  		   			 	   		  	  				 	 		  	 	   	 	 	 	 	 	 	   			 		  	 	 	 	  	 		 		 				 			 	 	  				 	 	  	 		 		  	 	  		   	  		 			 			 				  					 	 	  		 		 	  	 	  		 	  	  			 	 		 		   		 		 		 	  	  		 			  	 				 		    	  	 		 	 			 			  	 	 		   	 			 		 	 		 	 	  		    				  	    	 	  				  	 	  		  			 	  			 			  	   	 	  		 	 				 		 		    	 	 	  			   				  		 			 	  	 		 	  	 		 				 		 	  				 		 	 		  			 		 			 	 	 		 		 	  			 		 	 	 			   	  		  				 	  	    	  		  			  	 		
	    		 	  	 				  		   	 	 	 	 	 		    	  			 		  	    	   	  		    					 	    	 	 	  		 			  		 			   	  	  	 	   		  	  		 	 	  	   		   						 	 	  	  	 	 			  		  	  	   		 				 		 				  	    				  		   	 			 	 	 		    		  		 			  		 		 	 		  	  		   	 		   		 	 	   		  		  	 				 			  		  	   					 		   			  					    		 	   	 	 	 		 		 	 		  	 	 				  	   			 	  			  	  			  	 	 	   	 			 	 	 	  	 			  			 	  	   		 		  	 	 			 	 		 	    	 	 			 	 		    	   	   	 		  			  				 		   					  	 	 	  	   	
	 		 				 		    	  	  	 	 			 	 	  	  			 		 		 	 	  				   	  		 		 	  		  			 		  		  	 	 			 		   		 	  	  	 		  	 	 		  	 				  	 	 	 	 		 		   	 			 	 				
		    	 	 	 			 		  			 	 			  		    		 
		 	  	 		 	  	 		 	  	 		 	  	 		 	  	 	 			 	 	 		   		 			 				 						 	 					 			   	 	 						 						 	 		  	 		 		 	 			   	 		   		 					 	 	 	 			 	 	 	 	 	 		 		 			 	 		 	  	 		 	  	 		 	  	 		 	  	 		 	  	 
</pre></body></html>

which when interpreting this as tabs/spaces for binary yielded a PGP-verified message:

PGP-Signed Message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
162667212858
414974253863
598852142735
876873892385
935691396441
316744223127
427566844663
644169769482
889296759263
963846244281
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
 
iQIcBAEBAgAGBQJPDRkvAAoJEBgfAeV6NQkPVuMP/3ZyAgwsko/B2T9Ew1yqAKVy
K9//wIWCRvMyZ4k79ApqvOJAlezgHTsAM8XG/I71bAG+2wMOXNJfTj/SFONEEbS5
BOp9UP7LHn1j3NKoESrDzsKd+u3oHoNnhs628aLrc8uDqbn/6DNUnObu5Tn3unu0
zZ3NjSs/A5QQX8O56RsK81eSJ2fifbr4NYfHBeUTeVe17nsr48WQI7qc9UVWlPsM
91FWsvhX+WohX8DyFWJmtz0lLvmh3jN+oE8WFPTVbcVCM+eiDt0TqkUNlmq/fxbd
X2Sbs8zMxDXNQWrw58TcSC6oLfXSXZnjh8uTMwrQ0tNdRXHDndgPiurXz62XjVjf
4AhSXBoXF9CHTOyGGEqvfNvFMKyz968iMZDXDNBrM8pkxx1xBHhAnoEznVpeMhII
+IfBTnV8x9lSNgFhmham5eEZlWvqRidqes8EAriqGA6uZokCq7X1IeMHo52ACWmP
2bJsCV5wZDc52c3JnwKe+cAcbsA4OWCNEH29lAsgFw5079BP8lkpY3AH2+8kqs0X
QvqsaMuUq5ZHEaZMgdD0VKYlRrKdhOiDjtJVxoXk1b7YBOV8dZZBXJbEIbTvaof4
yhgUObovx/VFGmsenp+j3nBCxgEO22SgNW3B3pN0yuIMCqccWEZ1nME/QOwLa85n
HOmElIXvK13Q9m545RtP
=Q1Fy
-----END PGP SIGNATURE-----

The numbers were found to correspond to image URLs on the website (http://845145127.com/<number>.jpg), which when OutGuessed, would provide the same messages as the QR codes gained previously from real-world coordinates. This list include the previous known URLs obtained through QR codes.

Numbers dot TK

Some time after emails were sent out to participants who put in their emails on the first Onion, a user posted the domain 1853143003544.tk in a chat room on n0v4, although there is no direct indication this website was created by 3301.

This URL was the sum of the largest picture name for each bookcode:

29-vol:
162667212858, 316744223127, 414974253863, 427566844663, 598852142735, 889296759263

fading death:
644169769482, 876873892385, 935691396441, 963846244281


NHYLD.jpg, "The Lady of Shallott" by John William Waterhouse

The TXT record for the website said “Go to my largest part”. The largest prime factor of the number in the URL was 33091839349, so solvers went to 33091839349.tk.

Depending on the source[1], the website's DNS entry either contained no TXT, and the site itself was some HTML with a black background and this picture: http://i.imgur.com/NHYLD.jpg or it instead had a TXT DNS entry containing the Imgur link.


The image, when outguessed, provided the following PGP-verified message from Cicada:

PGP-Signed Message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Miss round 1?  
Care for a second chance?
http://i.imgur.com/hkdgl.png
1:22
3:33
3:40
6:19
4:7
4:8
4:7
9:23
12:12
4:16
16:7
11:16
1:7
5:14
3:35
2:2
4:26
1:12
3:11
3:28
4:23
18:18

Good luck.
3301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPDTiqAAoJEBgfAeV6NQkPytAP/1UQeylwYBjQWuzr8pbERN04
wlZVCG5SjGanqfQKxSa5Z8YOVR9LRlT6sHBKgfOEDztj+6RM2SvX7Y2Mw9mA4g90
7bizXi8IkP5K3tMvNxcA6uEy0rSchJt4D93zzjPvS7lm6jGO1gJQXrwMUd4fACs1
hxZ3Cxva0MIS+r8MxRJbU/mKbDvnEr6fwUaB6m1vFgYW6wTM4qS2ES04ic+mlkbR
0/eRPnFIBb06XjQpijDAGiisgVORaUUrUJGX+Wnp61CVobBmKwUdw3n0AxbKRC3/
Nja0HYvXexWDiRgxE2YjZyq0Pk4TnZoXxTnyS6NKZ1i1Qxysu4xUfuLO3L6zrnQP
TT4EsqDxzMAKQuJS6qo/pLsdCqyXO1Jr4wIlaG5AGYKMjt9k61Y12WLiqhpLTgzd
AtUTejZzThXqbhmm4wPCVk+Vsik8PLs/Ts6DooB3Ki3AtRtldmeCXdo+mid3Og+A
IKw9+KtB2JDd4a6DbsNbRDIt1pZmyPA3xmmksc8ogx/CEPATPwL7JaN5UwVNSZKM
6MiJ1+b39Kx9ckQ8vSuYa5cALDiUwZPddopl29zbVmKciW+sDGfSiSroXw7khNJs
dzmJ4hR2R7Bbv23Ngxt/M/J5/udOd0AaeDKMxfLNnaLqm8FiaWqnL5TwkzMFnad7
RKpOZq9TkllIE6NBB4wc
=mGcB
-----END PGP SIGNATURE-----

William Blake's "The Marriage of Heaven and Hell" as cropped by Cicada

The image link referred to in the message is related to William Blake's The Marriage of Heaven and Hell[2], which is the book used in this book code.

Solving this bookcode (using this page as a source) led to another Onion similar to the first one where participants were asked to enter their email addresses: cginiziglyaobyph.onion.

The Onion

Users who either submitted their email through either sq6wmgv2zcsrix6t.onion (as seen previously) or cginiziglyaobyph.onion (from this path) would eventually receive the same RSA-encrypted message.

Please see Part 2 for that message and what happened after this.

References

Advertisement