API tools faq
paste
Guest User

Untitled

a guest
Jan 13th, 2014
577
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.41 KB | None | 0 0
raw download clone embed print report
  1. [wisdom http://codeseekah.com/cicada/wisdom CicadaOS : https://www.dropbox.com/s/r7sgeb5dtmzj14s/3301]
  2. [22:20] == MasterKey [5a23c576@gateway/web/freenode/ip.90.35.197.118] has joined #cicadaos
  3. [22:20] <@JustVisiting> Hola
  4. [22:20] == mode/#cicadaos [+o MasterKey] by JustVisiting
  5. [22:20] <@MasterKey> hey =)
  6. [22:20] == blackpit73 [~blackpit7@HSI-KBW-134-3-176-117.hsi14.kabel-badenwuerttemberg.de] has joined #cicadaos
  7. [22:20] <blackpit73> hi all
  8. [22:20] == mode/#cicadaos [+o blackpit73] by JustVisiting
  9. [22:20] <@MasterKey> hi !
  10. [22:20] <@JustVisiting> Hello. MK, BP. BP, MK.
  11. [22:20] <@JustVisiting> blackpit73, MK here has a VERY interesting idea.
  12. [22:21] <@JustVisiting> It's his, so I'll let him share.
  13. [22:21] <@blackpit73> ok, go ahead
  14. [22:21] <@MasterKey> I guess you remember the deciphered text on the second page
  15. [22:21] <@JustVisiting> We wanted to tell someone else, since we're stuck. That is, the idea is closer to what you can do than to what I can do.
  16. [22:21] <@MasterKey> Wisdom : bla bla bla an instruction command your own self
  17. [22:21] <@blackpit73> mk, yes i remember the text
  18. [22:22] <@MasterKey> Well I thought of a file which was is the Cicada OS from last year named wisdom
  19. [22:22] <@blackpit73> yeah, wisdom and folly
  20. [22:22] <@MasterKey> instruction and command made me thought a binary file
  21. [22:22] <@blackpit73> good
  22. [22:22] <@MasterKey> folly = wisdom actually
  23. [22:22] <@blackpit73> good
  24. [22:22] <@blackpit73> yes
  25. [22:23] <@MasterKey> the string of the onion has several bytes in common with wisdom
  26. [22:23] <@JustVisiting> I think soulseekah would be good for this too...
  27. [22:23] <@MasterKey> which leads to several null bytes when xoring
  28. [22:23] <@JustVisiting> Shall I engage him too?
  29. [22:23] <@blackpit73> sounds interesting!!!
  30. [22:23] <@MasterKey> JustVisiting: if he hasn't solved this yet why not =)
  31. [22:23] <@JustVisiting> LOL.
  32. [22:24] <@MasterKey> but still the issue I have right now is the length of the file
  33. [22:24] <@JustVisiting> Soulseekah, trebla, neferty and Lurker seem good at this type of thing.
  34. [22:24] <@blackpit73> i'll get these files
  35. [22:24] <@JustVisiting> CicadaOS is already on dropbox.
  36. [22:24] <@MasterKey> http://codeseekah.com/cicada/wisdom for wisdom
  37. [22:24] <@MasterKey> cicada os https://www.dropbox.com/s/r7sgeb5dtmzj14s/3301
  38. [22:24] <@JustVisiting> https://www.dropbox.com/s/r7sgeb5dtmzj14s/3301
  39. [22:24] <@JustVisiting> ^
  40. [22:25] <@MasterKey> wisdom is by far longer than all the onion strings combined
  41. [22:25] <@blackpit73> no, you forget the 7524 long file
  42. [22:25] <@MasterKey> maybe it has a link with the garbage from outguess which should be appended to it
  43. [22:25] <@blackpit73> I was analyzing this one and got one thing interesting
  44. [22:25] <@blackpit73> 7524 = 29*256+100
  45. [22:26] <@blackpit73> and I was looking at the file closer, and it seems the last 100 bytes have a very different entropy
  46. [22:26] <@blackpit73> all other parts before compress with about 9-10%
  47. [22:26] <@blackpit73> the last 100bytes compress to 21% --- very different
  48. [22:26] <@MasterKey> wow
  49. [22:26] <@MasterKey> indeed very different
  50. [22:26] <@blackpit73> I have the 3301_iso files here already, thanks
  51. [22:27] <@blackpit73> I just found that and wanted to look closer at this. but now the wisdom/folly looks very interesting too.
  52. [22:27] <@MasterKey> I still wonder if the other user account on the iso has a role in this
  53. [22:27] <@blackpit73> i xored about any file i could find from cicada, but not those files
  54. [22:28] <@MasterKey> the files in the DATA folder seem interesting
  55. [22:29] <@blackpit73> aberr empty file?!
  56. [22:29] <@MasterKey> yes i didn't understand this either
  57. [22:30] <@MasterKey> JustVisiting said something really inspired some minutes again : command your own self might mean command your OS thus asking for the root password
  58. [22:32] <@blackpit73> and then? it would have to start some file
  59. [22:32] <@blackpit73> 3301iso/
  60. [22:32] <@blackpit73> oops
  61. [22:32] <@blackpit73> root:x:0:0:root:/root:/usr/local/bin/cicada
  62. [22:32] <@MasterKey> the root password might be an onion url
  63. [22:32] <@blackpit73> if root is logged in, it starts /usr/local/bin/cicada
  64. [22:33] <@blackpit73> and cicada just does that prime number output from last year
  65. [22:33] <@MasterKey> that's right but it seems that the passwords for these account were not disclosed
  66. [22:33] <@MasterKey> users root and lp still have unknown passwords
  67. [22:34] <@blackpit73> no, they have NO password
  68. [22:34] <@blackpit73> root:*:13525:0:99999:7:::
  69. [22:34] <@blackpit73> lp:*:13510:0:99999:7:::
  70. [22:34] <@blackpit73> nobody:*:13509:0:99999:7:::
  71. [22:34] <@blackpit73> tc::13646:0:99999:7:::
  72. [22:34] <@MasterKey> oh. right
  73. [22:34] <@blackpit73> user tc can log in
  74. [22:34] <@MasterKey> my bad
  75. [22:35] <@MasterKey> i'm really dumb sometimes
  76. [22:35] <@blackpit73> no, dont worry
  77. [22:35] <@blackpit73> we all are dumb sumetimes ;)
  78. [22:36] <@blackpit73> which files did you xor that had many 00s?
  79. [22:36] <@MasterKey> xor the onion4 string with wisdom
  80. [22:37] <@JustVisiting> MK
  81. [22:37] <@blackpit73> 00000000: 00 4e 95 b8 55 50 7c 5b a4 a5 2b 88 98 54 f5 00 .N..UP|[..+..T..
  82. [22:37] <@blackpit73> 00000010: cb 1b 9a f2 29 bc 4b cb 64 cc f7 e3 e6 b9 72 03 ....).K.d.....r.
  83. [22:37] <@blackpit73> 00000020: 2a 0b b3 64 ad 1f 95 44 07 0a 18 ec 56 b5 b5 b2 *..d...D....V...
  84. [22:37] <@blackpit73> 00000030: 9d a5 35 ad 36 6a 5d d2 25 45 d2 15 eb 02 d7 35 ..5.6j].%E.....5
  85. [22:37] <@JustVisiting> what about ALL FOUR STRINGS?
  86. [22:37] <@MasterKey> four ?
  87. [22:37] <@MasterKey> i only have three
  88. [22:37] <@JustVisiting> O2, O3, O4 + Outguess
  89. [22:37] <@JustVisiting> Apparently there is an outguess string as wel.
  90. [22:37] <@JustVisiting> well.
  91. [22:37] <@JustVisiting> Let me ask masso.
  92. [22:37] <@MasterKey> i don't have it then
  93. [22:37] <@blackpit73> I tried all these files, I just added wisdom to my mega-xor-script
  94. [22:38] <@JustVisiting> Well, O2, O3, O4: http://pastebin.com/raw.php?i=qePehdKM
  95. [22:38] <@JustVisiting> Oh, OK.
  96. [22:38] <@JustVisiting> You have the outguess as well?
  97. [22:38] <@blackpit73> the outguess is the 7524 bytes file i told above
  98. [22:38] <@MasterKey> i have all of them but the outguess
  99. [22:39] <@MasterKey> then let's add the outguess
  100. [22:39] <@JustVisiting> 7524 bytes? 7KB? So small?
  101. [22:39] <@blackpit73> yes
  102. [22:39] <@blackpit73> MK: I added to outguess already
  103. [22:39] <@blackpit73> I can zip the results and send you, ok?
  104. [22:39] <@MasterKey> and so the results are ?
  105. [22:39] <@JustVisiting> So dead end with cicadaOS?
  106. [22:40] <@MasterKey> sure
  107. [22:40] <@blackpit73> I tried combinations of:
  108. [22:40] <@blackpit73> F1=../1_auqgnxjtvdbll3pv.onion/1033.jpg
  109. [22:40] <@blackpit73> F2=../0_twitter/zN4h51m.jpg
  110. [22:40] <@blackpit73> F3=../2_cu343l33nqaekrnw.onion/761.0.ipg
  111. [22:40] <@blackpit73> F4=../2_cu343l33nqaekrnw.onion/index_first.html.cut.bin
  112. [22:40] <@blackpit73> F5=../3_fv7lyucmeozzd5j4.onion/index.html-20140111-103033.cut.bin
  113. [22:40] <@blackpit73> F6=../3_fv7lyucmeozzd5j4.onion/next/onion3.html.cut.bin.0.rest.reverse.jpg.outguess
  114. [22:40] <@blackpit73> F7=../4_avowyfgl5lkzfj3n.onion/Bv6Pt5Td.txt.cut.bin
  115. [22:40] <@blackpit73> F8=3301iso/wisdom
  116. [22:40] <@blackpit73> C0=../3_fv7lyucmeozzd5j4.onion/xor/xor_ff.bin
  117. [22:40] <@blackpit73> C1=../3_fv7lyucmeozzd5j4.onion/xor/xor_1033.bin
  118. [22:40] <@JustVisiting> I'm afraid I'm not much help here, because i'm staring at the OS like a cat at the calendar: I don't really understand anything.
  119. [22:40] <@blackpit73> the C0 is a file with just 0xFF, so it's for XORing the file
  120. [22:42] <@JustVisiting> So what does this mean?
  121. [22:43] <@JustVisiting> You are a being unto yourself.
  122. [22:43] <@JustVisiting> You are a law unto yourself.
  123. [22:43] <@JustVisiting> Each intelligence is holy.
  124. [22:43] <@JustVisiting> For all that lives is holy.
  125. [22:44] <@blackpit73> MK: well I looked at those results with file and did not find any good hit. none of them is jpg or ascii or alike
  126. [22:44] <@MasterKey> no binary file either ?
  127. [22:44] <@MasterKey> with a PE or ELF header ?
  128. [22:44] <@blackpit73> well the result is always binary
  129. [22:44] <@blackpit73> no, no PE or ELF detection
  130. [22:44] <@JustVisiting> What I have is 22KB.
  131. [22:44] <@blackpit73> 86.xor: MPEG ADTS, layer I, v2, 176 kbps, 16 kHz, Stereo
  132. [22:44] <@JustVisiting> from the outguess. Not 7.
  133. [22:45] <@JustVisiting> http://pastebin.com/raw.php?i=TvSQ3E7i
  134. [22:45] <@JustVisiting> masso just provided me with it.
  135. [22:45] <@blackpit73> this is the only "detection", but the file is no MPEG of course
  136. [22:45] <@MasterKey> false positive indeed
  137. [22:45] <@JustVisiting> 176kbs is large enough for a sound file.
  138. [22:45] <@JustVisiting> Single channel
  139. [22:46] <@blackpit73> 00000000: 40 a4 79 d5 87 73 3d 7a 5a 12 f7 47 a2 fc 5c 85 @.y..s=zZ..G..\.
  140. [22:46] <@blackpit73> 00000010: 2c 15 bd 33 39 02 51 8a c9 f4 d7 88 f2 b7 6a 0a ,..39.Q.......j.
  141. [22:46] <@blackpit73> 00000020: f4 65 6f 0c 7f ed 1a c3 6a e2 76 87 20 38 8f 5b .eo.....j.v. 8.[
  142. [22:46] <@blackpit73> 00000030: fe ec 87 03 52 12 b7 cd 14 e4 0c ed 23 a3 66 3b ....R.......#.f;
  143. [22:46] <@blackpit73> yes, your pastebin is that 7k file
  144. [22:46] <@JustVisiting> So why do I get it to be 22K?
  145. [22:46] <@blackpit73> well you send a hexdump, I wrote it as binary file
  146. [22:46] <@JustVisiting> I wrote it as ASCII. Is that why?
  147. [22:46] <@blackpit73> yip
  148. [22:46] <@JustVisiting> Oh, yea!
  149. [22:46] <@JustVisiting> obviously hahaha
  150. [22:46] <@JustVisiting> LOL!
  151. [22:47] <@JustVisiting> Sorry, I only realised as I wrote "ASCII" that that's why.
  152. [22:47] <@blackpit73> but that interpretation command/instruction is very very good
  153. [22:47] <@JustVisiting> I am dumb sometimes. And I'm rusty.
  154. [22:47] <@blackpit73> command your OS (own self)
  155. [22:47] <@MasterKey> if you're interested I had another theory based on that
  156. [22:48] <@JustVisiting> Shoot, it's your game!
  157. [22:48] <@blackpit73> yes!
  158. [22:48] <@MasterKey> there is an actual computer architecture named epiphany
  159. [22:48] <@MasterKey> it exists in both 16 and 32 bits
  160. [22:48] <@MasterKey> and some parts of the onion string are actual instructions
  161. [22:49] <@MasterKey> it works even better considering a standard intel architecture
  162. [22:49] <@JustVisiting> What instructions are they?
  163. [22:49] <@JustVisiting> I knew I should've read that ASM book 15 years ago...
  164. [22:49] <@blackpit73> do you have a disasm?
  165. [22:49] <@MasterKey> http://onlinedisassembler.com/odaweb/#view/tab-assembly/offset/00000000
  166. [22:50] <@JustVisiting> Can that be coincidence?
  167. [22:50] <@MasterKey> just a hunch though
  168. [22:52] <@JustVisiting> Could those instructions be by pure coincidence?
  169. [22:52] <@JustVisiting> Have you tried the strings in reverse?
  170. [22:52] <@blackpit73> hm, i tried disassembling some of the outguessed files detected as 8086 file, and for some it looked like "real code" at first glance, but looking deeper it did not make any sense.
  171. [22:53] <@blackpit73> but of course that was before those words command/instruction/os, which really points in that direction
  172. [22:53] <@MasterKey> that is the main issue
  173. [22:53] <@JustVisiting> GUYS! Could those instructions be pure coincidence?
  174. [22:53] <@MasterKey> i tried with several xored files without success as well
  175. [22:53] <@blackpit73> i'll enhance my XOR-script and generate a bunch of xored files and zip them for you, ok=
  176. [22:53] <@blackpit73> i'll enhance my XOR-script and generate a bunch of xored files and zip them for you, ok?
  177. [22:53] <@JustVisiting> Calling MasterKey and blackpit73!
  178. [22:53] <@blackpit73> what?
  179. [22:54] <@JustVisiting> GUYS! Could those instructions be pure coincidence?
  180. [22:54] <@blackpit73> which instructions?
  181. [22:54] <@JustVisiting> The ones in ASM.
  182. [22:54] <@blackpit73> as for most plattforms, nearly all bytes are mapped to an assembler instruction, of course about any binary file can be disassembled
  183. [22:55] <@MasterKey> ^^this
  184. [22:55] <@blackpit73> the big question is, if the resulting code makes any sense
  185. [22:55] <@blackpit73> and this is not so easy to detect
  186. [22:55] <@JustVisiting> But can any binary file show clear instructions, like push, mov, pop and xor?
  187. [22:55] <@blackpit73> make a random file, dd if=/dev/random of=my_new.exe, and then disasm that. of course it will miss the PE/ELF header
  188. [22:56] <@blackpit73> yes, of course
  189. [22:56] <@JustVisiting> I got it.
  190. [22:56] <@JustVisiting> Thank you.
  191. [22:56] <@blackpit73> MOV, POP, XOR are just mnemonics for real numbers
  192. [22:56] <@JustVisiting> MasterKey, how private do you want this channel to be?
  193. [22:56] == mode/#cicadaos [+i] by JustVisiting
  194. [22:56] <@MasterKey> i don't care actually
  195. [22:56] <@blackpit73> example (just made out of my head!!): pop eax == 0xc1, pop ebx == 0xc2, ...
  196. [22:56] <@MasterKey> it's not my channel
  197. [22:56] <@JustVisiting> It's your idea.
  198. [22:57] <@JustVisiting> And it's nobody's channel
  199. [22:57] <@MasterKey> the more brain we have the better are our chances to find the answer
  200. [22:57] <@JustVisiting> OK.
  201. [22:57] <@MasterKey> brains*
  202. [22:58] <@blackpit73> will be back in 5min (smoking...)
  203. [22:58] <@blackpit73> but the instruction/command idea is great!!!!! very good, MK!!!
  204. [22:59] <@MasterKey> i'm doing what I can
  205. [22:59] <@MasterKey> it's not like i'm soulseekah or anything
  206. [22:59] == mode/#cicadaos [-i] by JustVisiting
  207. [23:00] == mdzhb [~mdzhb@unaffiliated/mdzhb] has joined #cicadaos
  208. [23:00] == mode/#cicadaos [+o mdzhb] by JustVisiting
  209. [23:00] <@MasterKey> more people coming in
  210. [23:01] <@JustVisiting> I told mdzhb your idea.
  211. [23:01] <@JustVisiting> I don't know what more to tell him cause this is over my head.
  212. [23:01] <@mdzhb> soo, i wasn't around previous years
  213. [23:01] <@mdzhb> but there was a leftover file apparently?
  214. [23:01] <@JustVisiting> Yes.
  215. [23:02] <@JustVisiting> http://codeseekah.com/cicada/wisdom OS is here.
  216. [23:02] <@MasterKey> that's wisdom file
  217. [23:02] <@MasterKey> OS is in dropbox =)
  218. [23:02] <@JustVisiting> https://www.dropbox.com/s/r7sgeb5dtmzj14s/3301
  219. [23:02] <@JustVisiting> Was on the phne.
  220. [23:02] <@JustVisiting> Saw htt and copied directly.
  221. [23:02] <@JustVisiting> Didn't bother to look further. :)
  222. [23:02] == MasterKey changed the topic of #cicadaos to: wisdom http://codeseekah.com/cicada/wisdom CicadaOS : https://www.dropbox.com/s/r7sgeb5dtmzj14s/3301
  223. [23:03] <@MasterKey> my point is the text tells us about wisdom : this file is still unused since last year
  224. [23:04] <@mdzhb> hmm
  225. [23:04] <@MasterKey> there are references to command and instructions = binary instructions might reference a binary file
  226. [23:04] <@mdzhb> apart from all the other loose ends
  227. [23:04] <@mdzhb> ! An Instruction ! Command your own self !
  228. [23:04] <@JustVisiting> And Command your Own Self
  229. [23:04] <@mdzhb> was about to say
  230. [23:04] <@mdzhb> heh
  231. [23:04] <@JustVisiting> Comand your OS .
  232. [23:05] <@MasterKey> interesting thing is that another file named folly is an exact copy of wisdom
  233. [23:05] <@MasterKey> it may have an interest for the next step
  234. [23:05] <@MasterKey> blackpit73 tried several xoring involving these files and the onions string and the outguess
  235. [23:06] <@MasterKey> so far nothing interesting
  236. [23:06] <@MasterKey> another lead was that those files might be a meaningful binary file
  237. [23:06] <@MasterKey> so far nothing interesting either
  238. [23:06] <@MasterKey> nevertheless a computer architecture named epiphany actually exist
  239. [23:06] <@MasterKey> so maybe it will matter in the end
  240. [23:07] <@mdzhb> hmm
  241. [23:08] <@mdzhb> ill grab the OS, seems interesting anyhow
  242. [23:08] <@mdzhb> hope we get one of those stages this year
  243. [23:08] <@mdzhb> that, and the global qr shenenigans
  244. [23:08] <@JustVisiting> OK, but until those stages...
  245. [23:08] <@JustVisiting> What do we do now?
  246. [23:08] <@JustVisiting> We have a blank hex code.
  247. [23:08] <@JustVisiting> 3 more blank hex codes
  248. [23:08] <@JustVisiting> An unsolved matrix.
  249. [23:08] <@JustVisiting> And that's it.
  250. [23:09] <@JustVisiting> Has anyone tried xor-ing the files in reverse against wisdom, MasterKey? I mean you or blackpit73.
  251. [23:09] <@MasterKey> actually I didn't
  252. [23:10] <@JustVisiting> Rev_hex XOR wisdom Rev_hex XOR Rev_wisdom sounds sensible to me.
  253. [23:12] <@blackpit73> back
  254. [23:12] <@blackpit73> yes, I xored all that
  255. [23:12] <@blackpit73> but without rev yet
  256. [23:12] <@blackpit73> will do that
  257. [23:17] <@JustVisiting> So, since everyone's silent, maybe this wasn't such a WOW idea? I'm simply asking because what I can do is throw ideas here and there, not much else in this respect, so lack of on-topic conversation = complete lockdown for me. :)
  258. [23:18] <@MasterKey> the fact is we tried a lot of things too
  259. [23:19] <@MasterKey> and until now nothing was discovered
  260. [23:20] <@MasterKey> plus it seems that the current trend is to solve the 5x5 matrix
  261. [23:20] <@JustVisiting> We have hex code that MUST be good for something.
  262. [23:21] <@JustVisiting> We have a byte, 57, which is alone, stranded and ignored.
  263. [23:21] <@JustVisiting> Which could point to something.
  264. [23:21] <@MasterKey> 57 is likely to be an error from what I heard
  265. [23:21] <@MasterKey> assuming that Cicada can do errors
  266. [23:24] <@JustVisiting> mdzhb, are you still with us?
  267. [23:25] <@mdzhb> yeah
  268. [23:26] <@blackpit73> xoring all files with reversing any would result in 6560 files.
  269. [23:26] <@mdzhb> the 57 thing.. i'd ignore that too
  270. [23:26] <@blackpit73> and all that XORed with 0xff doubles the result
  271. [23:26] <@JustVisiting> 6560? What?
  272. [23:26] <@JustVisiting> Xoring file_a with file_b doesn't simply give file_c?
  273. [23:27] <@blackpit73> JV: well if I calc all combinations
  274. [23:27] <@blackpit73> I have these files:
  275. [23:27] <@blackpit73> 1033.jpg
  276. [23:27] <@blackpit73> 3301iso_wisdom.bin
  277. [23:27] <@blackpit73> 761.0.ipg
  278. [23:27] <@blackpit73> onion2first.bin
  279. [23:27] <@blackpit73> onion3first.bin
  280. [23:27] <@blackpit73> onion3outguess.bin
  281. [23:27] <@blackpit73> onion4.bin
  282. [23:27] <@blackpit73> zN4h51m.jpg
  283. [23:27] <@JustVisiting> Why would you xor the outguess too?
  284. [23:27] <@JustVisiting> The image.
  285. [23:27] <@JustVisiting> That already served its purpose.
  286. [23:28] <@JustVisiting> Same for 1033 and 761 jpegs...no?
  287. [23:28] <@blackpit73> no, the outguess I mean was not used yet
  288. [23:28] <@blackpit73> it's that 7524 bytes file
  289. [23:29] <@blackpit73> does no one have that beside me?!
  290. [23:29] <@JustVisiting> One more connection to the previous rounds.
  291. [23:29] <@JustVisiting> http://www.gailgastfield.com/mhh/mhh.html
  292. [23:29] <@JustVisiting> The Marriage of Heaven and Hell was also used in round 1
  293. [23:31] <@MasterKey> true but right now it is based on a Journey Into Jung's Red Book
  294. [23:31] <@MasterKey> and it seems I can't find this book online for free
  295. [23:31] <@JustVisiting> I have that book at the corner bookshop.
  296. [23:31] <@JustVisiting> But it's friggin expensive. :)
  297. [23:32] <@MasterKey> are you sure it isn't Jung's Red Book instead ?
  298. [23:32] <@JustVisiting> Yes, that.
  299. [23:32] <@mdzhb> those guys know so much more about literature than i do
  300. [23:32] <@JustVisiting> Oh, Journey Into.
  301. [23:32] <@JustVisiting> Those guys = ?
  302. [23:32] <@mdzhb> cicada
  303. [23:32] <@JustVisiting> Oh.
  304. [23:32] <@MasterKey> they're good for sure
  305. [23:33] <@JustVisiting> But Jung's Red Book is Liber Novus
  306. [23:33] <@JustVisiting> And we're dealing with Liber Primus
  307. [23:33] <@MasterKey> but the question I ask myself is WHO wrote on the wiki that the book referenced was A journey into ...
  308. [23:33] <@JustVisiting> mdzhb, what do you make of cicadaos?
  309. [23:34] <@JustVisiting> It's true that a search for Liber Primus returns Jung.
  310. [23:34] <@MasterKey> liber primus is the first chapter of liber novus
  311. [23:34] <@MasterKey> it's actually in german but the english translation are not bad
  312. [23:35] <@JustVisiting> Oh.
  313. [23:35] <@JustVisiting> So how do we know that's the one?
  314. [23:35] <@MasterKey> I do'nt know.
  315. [23:36] <@MasterKey> you can't know the content of a journey into ... unless you own the book
  316. [23:36] <@MasterKey> i only found a 15% sample of the actual book
  317. [23:36] <@MasterKey> jung's red book is available for free but that one isn't
  318. [23:37] <@MasterKey> cicada is among us
  319. [23:38] <@JustVisiting> ?
  320. [23:40] <@JustVisiting> MasterKey, didn't you say at some point earlier that the bytes in the hex match the bytes in the wisdom file?
  321. [23:40] <@MasterKey> some of them do
  322. [23:41] <@MasterKey> thus creating a significant amount of null bytes when xoring
  323. [23:42] <@JustVisiting> If file1_byte_a is equal to file2_byte_a, result is a null in file3?
  324. [23:43] <@MasterKey> 0x00 byte
  325. [23:43] <@JustVisiting> Yes.
  326. [23:43] <@MasterKey> what's your point ?
  327. [23:45] <@JustVisiting> None.
  328. [23:49] * JustVisiting is annoyed.
  329. [23:49] <@JustVisiting> I don't know whether I should simply go to sleep or just sit and wait.
  330. [23:49] <@JustVisiting> Obviously nothing much I can do at this point.
  331. [23:50] <@JustVisiting> No cipher, no obscure reference, no arts = idle for me.
  332. [23:50] <@mdzhb> hmm OS is interesting
  333. [23:50] <@mdzhb> aberr is empty, weirdos
  334. [23:50] <@mdzhb> and they've used neither folly nor wisdom?
  335. [23:51] <@MasterKey> nope
  336. [23:57] <@JustVisiting> Where was cicadaos found?
  337. [23:57] <@MasterKey> on a dropbox
  338. [23:58] <@JustVisiting> Mhm.
  339. [00:00] <@JustVisiting> Ok, smoking my last cigarette.
  340. [00:00] <@JustVisiting> I doubt we'll come with anything WOW but... maybe tobacco hepls.
  341. [00:00] <@JustVisiting> helps.
  342. [00:03] <@JustVisiting> What about the two <head> and </head> ?
  343. [00:03] <@MasterKey> those are just html tags
  344. [00:03] <@JustVisiting> I know.
  345. [00:03] <@MasterKey> same for <hr>
  346. [00:03] <@JustVisiting> Could the three stitched together give a .htm file?
  347. [00:04] <@MasterKey> i don't understand what you want to do
  348. [00:04] <@JustVisiting> Those are bytes. Bytes make up files. Could our bytes make htm or html?
  349. [00:04] <@MasterKey> html are plaintext files
  350. [00:04] <@MasterKey> it doesn't matter what you put inside
  351. [00:05] <@MasterKey> there are no specific headers
  352. [00:05] <@JustVisiting> But viewed as hex they are not text files, are they?
  353. [00:05] <@JustVisiting> I mean plaintext files.
  354. [00:06] <@MasterKey> viewed in hex then you will see the codes for each character in the plaintext file
  355. [00:06] <@MasterKey> nothing more
  356. [00:09] <@JustVisiting> Mhm
  357. [00:15] <@blackpit73> ok, will upload a large mega_xor.zip now,
  358. [00:15] <@blackpit73> containing 2186 files generated by all current binaries xoring them together in all permutations
  359. [00:16] <@blackpit73> with each file either: ignored, xored or the reverse xored
  360. [00:16] <@MasterKey> that's nice
  361. [00:16] <@blackpit73> and one of the files included is ff.bin, that is a file containing only 0xFF, i.e. XORing the complete result
  362. [00:16] <@JustVisiting> Uh...
  363. [00:17] <@blackpit73> the ZIP is 63MB... so have a lot of fun analyzing the hell out of it -- but when that is done, we can surely say that file-xoring does not deliver results
  364. [00:17] <@blackpit73> or maybe we find the jackpot ;-)
  365. [00:18] <@MasterKey> at least a theory will be definitely proved wrong
  366. [00:18] <@MasterKey> or right
  367. [00:18] <@blackpit73> btw I started cicadaOs, analyzed the filesystem, watched the network while booting up. it only sends DHCP requests, nothing else
  368. [00:19] <@MasterKey> it's unlikely that cicada will install backdoors in such systems
  369. [00:19] <@MasterKey> unless it's a honeypot
  370. [00:22] <@JustVisiting> Someone say something wise.
  371. [00:22] <@MasterKey> command your own self
  372. [00:22] <@MasterKey> it's some wisdom
  373. [00:22] <@JustVisiting> Command prompt. OS.
  374. [00:24] <@blackpit73> mk: well anyone starting that 3301.iso would be wise enough to do that in separated environment (VirtualBox or alike), hopefully?? :-)
  375. [00:25] <@JustVisiting> I did it in a VM.
  376. [00:25] <@blackpit73> https://www.dropbox.com/s/o4kaxnyoumd46p6/mega_xor.zip
  377. [00:25] <@blackpit73> i'll post that to #cicadasolvers as well, ok?
  378. [00:25] <@JustVisiting> Aight.
  379. [00:25] <@blackpit73> or would you like to try here first?
  380. [00:25] <@MasterKey> sure go ahead
  381. [00:25] <@JustVisiting> XORing doesn't seem to be the key for anything until now.
  382. [00:26] <@JustVisiting> Brute-force was just the RSA. The rest was logic.
  383. [00:29] <@JustVisiting> I wonder what the others are up to
  384. [00:29] <@JustVisiting> Not the ones in solvers.
  385. [00:29] <@JustVisiting> The ones QUIET in solvers.
  386. [00:30] <@blackpit73> gotta go now
  387. [00:30] <@JustVisiting> Good night.
  388. [00:30] <@JustVisiting> i should too.
  389. [00:30] <@blackpit73> tomorrow I will be quite busy in job, unfortunately :-( but reach me at blackpit73@gmail if you have questions
  390. [00:30] <@blackpit73> c u
  391. [00:31] <@JustVisiting> Cu!
  392. [00:31] == blackpit73 has changed nick to blackpit73_away
  393. [00:34] <@MasterKey> see ya !
  394. [00:38] == blackpit73_away [~blackpit7@HSI-KBW-134-3-176-117.hsi14.kabel-badenwuerttemberg.de] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- Nine out of ten l33t h4x0rz prefer it]
  395. @JustVisiting@MasterKey@mdzhb
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!