A quick listing of all the bits from the Wiki that don't appear to have been sufficiently explained (as far as the current extremely clueless author is aware).
Note: The following is pure speculation and almost certainly drivel that should not be taken seriously.
- Note: Possibly resolved? THIS IS ONLY EXMAPLE THIS IS ONLY EXMAPLE THIS IS ONLY EXMAPLE THIS IS ONLY EXMAPLE (2014-XORed)
</head>: Headless Onion 4 Edit
</head><body><!--3301--> bf1d5574ca36efd524e6c34c26cbd628b19aa835aceb94ea7f2ca7f33d1b8f51476bc597d4bf9ad5111d8f39ef5351b3b090bce47f023002fe69928e79f6f8147f6fe051f2f159041f932f5190308d7441fc3cecead0851662d3217485827e640a4183fa5bc8cef5ff7d1473d2746a37fbc8b94318ff0d3aeb467017c0ea5cb33b3e6967453986e1450b35ad47861f679cf7db5a6c170bcfb67544983ec1e36b27ee8c5721da39d27dbfa0cdc15ba3cbaa425e8a8b96b81ab665f3ebc41563a0e9270695d3d68887cfab2c07b290718307f764afba684b17fcfd71323f64206e5fa378b4ee89e80885733080065dd34a5c838898906b8d43de9f1d8eb6922bad <hr> <address>Apache Server at 127.0.0.1 Port 5243</address> </body> </html>
- The Liber Primus has a reference to John being beheaded which seems a little intriguing. (Salome was the daughter of Herodias and the step-daughter of King Herod. In Matthew 14 and Mark 6, John the Baptist had told King Herod that it was unlawful for him to be married to his brother's wife, and Herod put him in prison. Salome (who is not named, but simply called the daughter of Herodias) danced before Herod on his birthday, and he promised to give her anything she wished for. She requested the head of John the Baptist, who was then beheaded.)
- Likely not relevant (https://uncovering-cicada.fandom.com/wiki/Ports_of_Cicada_onions) the ports increased from 5240 to 5243 from onions 1-4 but stopped at 5. Oddly could also be interpreted as making it more relevant.
- Grasping at straws: Could the port number be a reference to the order on which the hashes may be solved 5 (the mp3) followed by 2, 4 and 3 (unresolved hashes)
- Grasping at straws: Find it hard to believe Cicada would make this typo given their attention to detail.
The 9133 at the end of the message to the 5th Onion (2014-P1,2014-Extra ) Edit
TO BELIEVE TRUTH IS TO DESTROY POSSIBILITY Q4UTGDI2N4M4UIM59133
- Unlikely since most references are to q4utgdi2n4m4uim5.onion.
Could also be 59133 (at least one reference in the Wiki indicated Q4UTGDI2N4M4UIM as the URL.
127.0.0.1 - - [02/May/2014:10:**:** +0200] "GET /key.asc HTTP/1.1" 200 * "-" "Cicada/33.01 CicaDOS 1.033 E Edition"PP 127.0.0.1 - - [02/May/2014:10:**:** +0200] "GET / HTTP/1.1" 200 * "-" "Cicada/33.01 CicaDOS 1.033 E Edition" 127.0.0.1 - - [02/May/2014:11:**:** +0200] "POST /cgi-bin/upload HTTP/1.1" 200 * "-" "Cicada/33.01 Cic/DOS/ 1.033 S Edition"
127.0.0.1 - - [02/May/2014:10:**:** +0200] "GET /key.asc HTTP/1.1" 200 * "-" "Cicada/33.01 CicaDOS 1.033 E Edition"PP
- Assuming an Apache log format, uncertain why remote address is localhost, timing is masked and how PP surfaces without a space.
- Extreme grasping at straws here but PP seemed to be used to indicate pages at least once in the Liber Primus (Oscar Wilde, and Franz von Stuck, featuring in many works. See Bram Dijkstra, Idols ojPerversity: Fantasies ojFeminine Evil in Fin-de-Siecle Culture (New York: Oxford University Press, 1986), pp. 379-98)
Server: thttpd/2.25b 29dec2003 Last-Modified: Wed, 02 Apr 2014 08:33:19 GMT Date: Fri, 02 May 2014 11:32:45 GMT Content-Type: text/html; charset=iso-8859-1 Connection: close Accept-Ranges: bytes
- Original disclosure (unsure if public) was on 19th May 2013 (https://cxsecurity.com/issue/WLB-2013050155)
- Uncertain if Cicada patched their version or this was by intent.
UNKNOWN 400 BaO'[d Request Server: thttpd/2.25b 29dec2003 Content-Type: text/html; charset=iso-8859-1 Date: Fri, 02 May 2014 11:46:39 GMT Last-Modified: Fri, 02 May 2014 11:46:39 GMT Accept-Ranges: bytes Connection: close Cache-Control: no-cache,no-store
- 0'[ is 4F 27 5B. In Little Endian would be 0x5B274F (5973839) whose prime factors are 1033 * 5783, which probably means nothing if not for the 1033 reference.
- Inclined/biased to believe there's relevance tucked away in the code or possibly the PRNG implementation since if there wasn't the need for functioning code, the datasets, mp3 could have been shared some other way.
- Grasping at straws: Wisdom/Folly in /tmp (temporary), `Patience is a virtue` and `The key is all around you` could with a significant stretch of the imagination be interpreted to deal with time.
- Grasping at straws: If interpreted as a Unix timestamp would be 2020-07-20T20:40:41+00:00 which could be relevant as at least the time portion of the seed for the PRNG.
- Assuming these exercises were made for solvers to build the skills required for future challenges (at least Base29 being a foreshadow of the Base-X encoding in the LP) the Rand could be indicative of a PRNG generated one time pad being used to encrypt other pages.
- The reference Koan also seems to suggest surmounting this `mountain` being the `way`.
- The unsolved 512 character long hex-strings could possibly be reference values from the PRNG.
P.S. 1041279065891998535982789873959431895640\ 442510695567564373922695237268242385295908173\ 9834390370374475764863415203423499357108713631