During the 2012 puzzle, 3301 offered a second chance for those who did not manage submit an email to the Onion site.
The puzzle authors announced it in a PGP-signed message:
There is a second chance to get your own RSA message and key. Follow the "Numbers dot TK" hint to find it.
To know more about the discovery of the second chance, read this page.
The whitespace message
On January 12th,
845145127.com's content changed from coordinates to whitespace: archive
which when interpreting this as tabs/spaces for binary yielded a PGP-verified message:
The numbers were found to correspond to image URLs on the website (
http://845145127.com/<number>.jpg), which when OutGuessed, would provide the same messages as the QR codes gained previously from real-world coordinates. This list include the previous known URLs obtained through QR codes.
Numbers dot TK
Some time after emails were sent out to participants who put in their emails on the first Onion, a user posted the domain
1853143003544.tk in a chat room on n0v4, although there is no direct indication this website was created by 3301.
This URL was the sum of the largest picture name for each bookcode:
29-vol: 162667212858, 316744223127, 414974253863, 427566844663, 598852142735, 889296759263 fading death: 644169769482, 876873892385, 935691396441, 963846244281
The TXT record for the website said “Go to my largest part”. The largest prime factor of the number in the URL was 33091839349, so solvers went to
Depending on the source, the website's DNS entry either contained no TXT, and the site itself was some HTML with a black background and this picture: http://i.imgur.com/NHYLD.jpg or it instead had a TXT DNS entry containing the Imgur link.
The image, when outguessed, provided the following PGP-verified message from Cicada:
Solving this bookcode (using this page as a source) led to another Onion similar to the first one where participants were asked to enter their email addresses:
Users who either submitted their email through either
sq6wmgv2zcsrix6t.onion (as seen previously) or
cginiziglyaobyph.onion (from this path) would eventually receive the same RSA-encrypted message.
Please see Part 2 for that message and what happened after this.