API tools faq
paste
Ku7ahzae

The complete story of onion 5

Ku7ahzae
Jan 31st, 2014
1,995
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.85 KB | None | 0 0
raw download clone embed print report
  1. ===============================================================================
  2. ONION 5
  3. ===============================================================================
  4.  
  5. onion5 is http://q4utgdi2n4m4uim5.onion/
  6.  
  7. Data dump (including GPG signature): https://infotomb.com/ooxyo
  8.  
  9. data named as onion5.dat
  10.  
  11. gpg --verify onion5.dat
  12. gpg: Signature made Sat 18 Jan 2014 02:03:57 AM CET using RSA key ID 7A35090F
  13. gpg: Good signature from "Cicada 3301 (845145127)"
  14.  
  15. Extracting hexdump (remove signature) and writing as onion5.hex
  16.  
  17. xxd -r -p onion5.hex onion5.bin
  18.  
  19. file onion5.bin
  20. onion5.bin: Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo
  21.  
  22. mv onion5.bin onion5.mp3
  23. onion5.mp3 is a valid mp3 and plays a ~277 sec track.
  24.  
  25. ID3 tag says
  26. Title: "Interconnectedness"
  27. Iterpreter: "3301"
  28. Encoder: "LAME 3.98.2"
  29.  
  30. -------------------------------------------------------------------------------
  31. XORing the mp3 with whatever we got
  32. -------------------------------------------------------------------------------
  33.  
  34. XORed all three 58152 byte non ascii outguesses from onion4 with the onion5.mp3
  35. at all possible offsets. I scanned for file headers but found no readable
  36. files. The minimum entropy is around 7.9 in all cases.
  37.  
  38. -------------------------------------------------------------------------------
  39. Frequency and Fourier analysis of the bytes in onion5.mp3
  40. -------------------------------------------------------------------------------
  41.  
  42. Fourier analysis: http://imgur.com/ou0MHoB
  43. Frequency analysis: http://imgur.com/gV9qMMq
  44.  
  45. I have done the same analysis on some mp3 files from my music library and did
  46. not see the patterns in the Fourier analysis that show up in onion5.mp3.
  47.  
  48. -------------------------------------------------------------------------------
  49. onion5 back online, more data and leads to onion 6
  50. -------------------------------------------------------------------------------
  51.  
  52. Onion5 came back online and gave us the image onion5.jpg. This can be
  53. outguessed. The outguess is a bzip compressed file, containing a GPG signed
  54. message.
  55.  
  56. onion5.jpg
  57. outguess -r onion5.jpg onion5.outguess.dat
  58. file onion5.outguess.dat
  59. --> onion5.outguess.dat: bzip2 compressed data, block size = 900k
  60. mv onion5.outguess.dat onion5.outguess.bzip2
  61. bunzip2 onion5.outguess.dat --> onion5.outguess.dat.out
  62. mv onion5.outguess.dat.out onion5.outguess.dat
  63.  
  64. onion5.outguess.dat is GPG-signed:
  65.  
  66. gpg --verify onion5.outguess.dat
  67. gpg: Signature made Sun 19 Jan 2014 07:28:06 AM CET using RSA key ID 7A35090F
  68. gpg: Good signature from "Cicada 3301 (845145127)"
  69.  
  70. onion5.outguess.dat contains three different hexdumps (onion5.part01.hex,
  71. onion5.part02.hex,onion5.part03.hex). It further contains what appears to be a
  72. bookcode with another onion adress.
  73.  
  74. Converting all three hexdumps to binary:
  75. xxd -r -p onion5.part0X.hex onion5.part0X.bin, X in {0,1,2}
  76.  
  77. file onion5.part01.bin
  78. onion5.part01.bin: JPEG image data, JFIF standard 1.01, comment: "Created with GIMP"
  79.  
  80. file onion5.part02.bin
  81. onion5.part02.bin: JPEG image data, JFIF standard 1.01, comment: "LEAD Technologies Inc. V1.01"
  82.  
  83. onion5.part03.bin
  84. onion5.part03.bin: MPEG ADTS, layer III, v2, 24 kbps, 24 kHz, JntStereo
  85.  
  86. Renaming binary files appropriately according to their filetypes:
  87.  
  88. mv onion5.part01.bin onion5.image01.jpg
  89. mv onion5.part02.bin onion5.image02.jpg
  90. mv onion5.part03.bin onion5.audio01.mp3
  91.  
  92. -------------------------------------------------------------------------------
  93. Magic square in onion5.mp3
  94. -------------------------------------------------------------------------------
  95.  
  96. Using the Windows-only steganograpic tool OpenPuff people have discovered a
  97. hidden message in the mp3 file. Apparently the message contains a 7x7 magic
  98. square with row/column/diagonal sums = 1033.
  99.  
  100. 7 375 236 190 27 17 181
  101. 351 223 14 47 293 98 7
  102. 456 232 121 114 72 23 15
  103. 16 65 270 331 270 65 16
  104. 15 23 72 114 121 232 456
  105. 7 98 293 47 14 223 351
  106. 181 17 27 190 236 375 7
  107. Apparently the key '33011033' is needed for that.
  108. I don't have Windows, therefore I cannot reproduce this.
  109.  
  110.  
  111.  
  112. -------------------------------------------------------------------------------
  113. THE BOOK CODE
  114. -------------------------------------------------------------------------------
  115.  
  116. Clues leading to the book are in the jpgs and the mp3:
  117.  
  118.  
  119. onion5.jpg: ?
  120. onion5.audio01.mp3: [05:41am] onecool: Bach: Trio Sonata in G Major, BWV 1039: I. Adagio
  121. onion5.image01.jpg: Equation is from Goedel incompleteness theorem
  122. onion5.image02.jpg: M. C. ESCHER: 1946 Eye
  123.  
  124. ==> Book is Douglas R. Hofstadter, Goedel, Escher, Bach
  125. GEB.pdf
  126.  
  127. 3PI:6:1:3
  128. LML:1:1:1
  129. 3
  130. ETOATS:19:9:1
  131. ...AF:5:3:1
  132. AMO:13:10:1
  133. CC:8:6:1
  134. CBIA:3:7:2
  135. CFAF:5:23:6
  136. SPR:1:8:1
  137. 7
  138. C[1]:4:5:3
  139. AWDV:6:2:1
  140. C[2]:2:17:5
  141. SC:3:17:1
  142. AOGS:2:8:1
  143. ONION
  144.  
  145. 1. The lettercodes in the beginning correspond with chapters in the book
  146. (e. g. LML == Little Harmonic Labyrinth)
  147. 2. All chapters mentioned are dialogues between characters.
  148.  
  149. So we interpret the book code as follows:
  150. Chapter:Dialogue line:word:letter
  151.  
  152. 3PI:6:1:3 Three-Part Invention 29 (u)
  153. LML:1:1:1 Little Harmonic Labyrinth 103 (t)
  154. 3 (3)
  155. ETOATS:19:9:1 Edifying Thoughts of a Tobacco Smoker 480 (q)
  156. ...AF:5:3:1 ... Ant Fugue 311 (t)
  157. AMO:13:10:1 Introduction: A Musico-Logical Offering 3 (z)
  158. CC:8:6:1 Crab Canon 199 (b)
  159. CBIA:3:7:2 Canon by Intervallic Augmentation 153 (r)
  160. CFAF:5:23:6 Chromatic Fantasy, And Feud 177 (v)
  161. SPR:1:8:1 Six-Part Ricercar 720 (s)
  162. 7 (7)
  163. C[1]:4:5:3 Contracrostipunctus 75 (d)
  164. AWDV:6:2:1 Aria with Diverse Variations 391 (t)
  165. C[2]:2:17:5 Contrafactus 633 (v)
  166. SC:3:17:1 Sloth Canon 681 (z)
  167. AOGS:2:8:1 Air on G's String 431 (p)
  168. ONION
  169.  
  170.  
  171. ==> ut3qtzbrvs7dtvzp.onion
  172.  
  173.  
  174. -------------------------------------------------------------------------------
  175. List of uploaded data from onion 5
  176. -------------------------------------------------------------------------------
  177.  
  178. https://infotomb.com/ooxyo --> onion5.dat (GPG signed hexdump of mp3)
  179. https://infotomb.com/kjag2 --> onion5.jpg (when onion5 came back online)
  180. _______________________________________________________________________________
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!