ARU-hex.mp3

1. https://www.khanacademy.org/math/algebra-home/alg-intro-to-algebra/algebra-alternate-number-bases/v/hexadecimal-number-system
2.  
3. arinerron:
4. memelord
5. s/999
6.  
7. 7776AAB7T7HZ4D6H7QAAP776AAB7T7HZ4D6H7QAAP776P7Z6P47YADGAPT76P776P7Z6P47YADGAPT76P776OAZZ67Z77AYADTAOP776MAZZ4PZ77QYADTAGP776MAZZ6P577AYADTAGP776MAZ6PQ6AMAYBTTAGP776MAZ6PQ6AMAYBTTAGP776MAZ6PQ6B4D
8.  
9. HYPQZ6P777TTBYMDAH747B74HYP777TTBYMDAH746B74HYP777QPHZ7AGHTTBR7QH77777QPHZ7QGHTTBZ7QH77777QPDZ7QCPTTBZ7QH77777TQBZ4PB6D476PQ7YP777TABZ4PB6D476PQ7YP7774A6HQPB6APHYAPYGP7774A6HQPB6APHYAPYGP777QPZ6D477T7
10.  
11. YAP7AAP777QPGBQ7ZYPQHZ4D76P777QPGBQPZYPQHZ4D76P777QHB7RX6HQIBYPA56P777QDB7TT6HQMBYPQZ6P777QDB7RD6HQ4BYPAZ6P7777T76AAYGD7H6AD7YP7777T76AAYGD7H6AD7YP777TQYGMDAH4A7YDQGAP777TQYGMDAH4A7YDQGAP776PT77TAGAD4
12.  
13. HGMMH6P776PT77TQGAD4GGMMH6P777TQB6MPAGA4HYPTZ6P777TQB6MPAGAMHYPTZ6P777TQB6MPAOA4DYPTY6P776MM774PB6D7BYPTYGP776M47747B6D7BYPDYGP776P4AGD477QM77QDYAP776P4AGD477QM77QDYAP776MDH7QPZYMDGGAMZYP776MDH7QPZYMD
14.  
15. GGAMZYP776MDH7QPZYMDGGAMZYP776PDBZ7TZ7QMHYAM76P776PTBZ7TZ7QMHYAM76P777QDDYOA76BTHYHT5YP777QDHYMA76DTHYPTZYP777QDHYMA76DTHYPTZQP776PQBZQDGH7Q774MGAP776PABZQDGH7Q7744HAP777QA7Z7QB7QPB6D776P777QA7Z7QB7QP
16.  
17. 6BT7HZ7776P7ZZQPZZ746BT7HZ7776MAZYPTZ6D4H7QAHYP776MAZYPTZ6D4H7QAHYP776MAZ74AYHQ4BZ4PH77776MAZ74AYHQMBZ4PH77776MAZYADAHQA77YMAOP776MAZYADAHQA77QMAGP776OAZYADAPQA77QMAGP776P7ZZTQH6ADH6DTHZ7776P7ZZTQH6AD
18.  
19. H6DTHZ7776P7ZZTQH6ADH6DDHZ7776AABYMPABT7H6ADHYP776AABYMPABT7H6ADHYP777
20.  
21.  
22. base 32
23. http://sevens.exposed/hexadecimal/Hex.jpg
24.  
25. FFFFE0003F9FCF9E0FC7FC0007FFFE0003F9FCF9E0FC7FC0007FFFE7FF3E7F3F800CC07CFFE7FFFE7FF3E7F3F800CC07CFFE7FFFE70339F7F3FF83001CC0E7FFFE60339E3F3FFC3001CC067FFFE60339F3FBFF83001CC067FFFE6033E7C3C0603019CC067FFFE6033E7C3C0603019CC067FFFE6033E7C3C1E0CF87C33E7FFFF9CC3860C07FF3E1FF0F87FFFF9CC3860C07FF3C1FF0F87FFFF83CF9F80C79CC31FC0FFFFFFF83CF9FC0C79CC39FC0FFFFFFF83C79FC04F9CC39FC0FFFFFFF9C039E3C3E1F3FE7C3F87FFFF98039E3C3E1F3FE7C3F87FFFFE03C783C3E03CF803F067FFFFE03C783C3E03CF803F067FFFF83F3E1F3FF9FF007FC007FFFF83CC187F387C0F9E0FFE7FFFF83CC183F387C0F9E0FFE7FFFF81C3F8DFC782038783BE7FFFF80C3F9CFC7830387C33E7FFFF80C3F88FC7870387833E7FFFFFCFFE003061FCFE00FF87FFFFFCFFE003061FCFE00FF87FFFF9C30660C07E03F81C0C07FFFF9C30660C07E03F81C0C07FFFE7CFFF980C01F0E6630FE7FFFE7CFFF9C0C01F0C6630FE7FFFF9C03E63C06070F87CF3E7FFFF9C03E63C06030F87CF3E7FFFF9C03E63C0E070787CF1E7FFFE633FFE3C3E1FC387CF067FFFE673FFE7C3E1FC3878F067FFFE7F0061F3FF833FF80F007FFFE7F0061F3FF833FF80F007FFFE60CFF83F3860CC6033387FFFE60CFF83F3860CC6033387FFFE60CFF83F3860CC6033387FFFE78C39FCF3F830F8033FE7FFFE7CC39FCF3F830F8033FE7FFFF80C78703FE0CCF83CFB87FFFF80CF8603FE1CCF87CF387FFFF80CF8603FE1CCF87CF307FFFE7C03980CC7FC3FFE30C07FFFE7803980CC7FC3FFE70E07FFFF803F9FC03F83C3E1FFFE7FFFF803F9FC03F83FC19FCF9FFFFE7FF3983F39FF3C19FCF9FFFFE603387CF3E1F0FF800F87FFFE603387CF3E1F0FF800F87FFFE6033FE030787039E3CFFFFFFE6033FE030783039E3CFFFFFFE6033800C07803FFC300E7FFFE6033800C07803FF830067FFFE7033800C0F803FF830067FFFE7FF399C0FE00CFE1CCF9FFFFE7FF399C0FE00CFE1CCF9FFFFE7FF399C0FE00CFE18CF9FFFFE0003863C019FCFE00CF87FFFE0003863C019FCFE00CF87FFFF
26.  
27.  
28. FFFFE0003F9FCF9E0FC7FC0007FFFE0003F9FCF9E0FC7FC0007FFFE7FF3E7F3F800CC07CFFE7FFFE7FF3E7F3F800CC07CFFE7FFFE70339F7F3FF83001CC0E7FFFE60339E3F3FFC3001CC067FFFE60339F3FBFF83001CC067FFFE6033E7C3C0603019CC067FFFE6033E7C3C0603019CC067FFFE6033E7C3C1E0CF87C33E7FFFF9CC3860C07FF3E1FF0F87FFFF9CC3860C07FF3C1FF0F87FFFF83CF9F80C79CC31FC0FFFFFFF83CF9FC0C79CC39FC0FFFFFFF83C79FC04F9CC39FC0FFFFFFF9C039E3C3E1F3FE7C3F87FFFF98039E3C3E1F3FE7C3F87FFFFE03C783C3E03CF803F067FFFFE03C783C3E03CF803F067FFFF83F3E1F3FF9FF007FC007FFFF83CC187F387C0F9E0FFE7FFFF83CC183F387C0F9E0FFE7FFFF81C3F8DFC782038783BE7FFFF80C3F9CFC7830387C33E7FFFF80C3F88FC7870387833E7FFFFFCFFE003061FCFE00FF87FFFFFCFFE003061FCFE00FF87FFFF9C30660C07E03F81C0C07FFFF9C30660C07E03F81C0C07FFFE7CFFF980C01F0E6630FE7FFFE7CFFF9C0C01F0C6630FE7FFFF9C03E63C06070F87CF3E7FFFF9C03E63C06030F87CF3E7FFFF9C03E63C0E070787CF1E7FFFE633FFE3C3E1FC387CF067FFFE673FFE7C3E1FC3878F067FFFE7F0061F3FF833FF80F007FFFE7F0061F3FF833FF80F007FFFE60CFF83F3860CC6033387FFFE60CFF83F3860CC6033387FFFE60CFF83F3860CC6033387FFFE78C39FCF3F830F8033FE7FFFE7CC39FCF3F830F8033FE7FFFF80C78703FE0CCF83CFB87FFFF80CF8603FE1CCF87CF387FFFF80CF8603FE1CCF87CF307FFFE7C03980CC7FC3FFE30C07FFFE7803980CC7FC3FFE70E07FFFF803F9FC03F83C3E1FFFE7FFFF803F9FC03F83FC19FCF9FFFFE7FF3983F39FF3C19FCF9FFFFE603387CF3E1F0FF800F87FFFE603387CF3E1F0FF800F87FFFE6033FE030787039E3CFFFFFFE6033FE030783039E3CFFFFFFE6033800C07803FFC300E7FFFE6033800C07803FF830067FFFE7033800C0F803FF830067FFFE7FF399C0FE00CFE1CCF9FFFFE7FF399C0FE00CFE1CCF9FFFFE7FF399C0FE00CFE18CF9FFFFE0003863C019FCFE00CF87FFFE0003863C019FCFE00CF87FFFF
29.  
30.  
31.  
32. Obscurity Security;
33. SHA-1 collision presented Track 4.
34. Visit: /ettubrutus/SHA1C
35.  
36. <html>
37. <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
38. </head>
39.  
40. <p><br />
41. <title>terminal /Cicada3301.sh</title>
42. </p>
43.  
44. <div class="container">
45. <div class="text"></div>
46. </div>
47.  
48. <style>
49. @import 'https://fonts.googleapis.com/css?family=Roboto+Mono:100';
50. html,
51. body {
52. font-family: 'Roboto Mono', monospace;
53. background: #212121;
54. height: 100vh;
55. }
56. p {
57. color: white; }
58. </style>
59. <center>
60. <h1>What is next?</h1>
61.  
62.  
63.  
64. </body>
65.  
66. http://sevens.exposed/ettubrutus/SHA1C/
67.  
68. http://sevens.exposed/ettubrutus/SHA1C/Cicada3301.sh
69.  
70. I2HtLKWyVUEbMFO2o2ywMFOiMvObqJ1uozy0rFjtqTuyVT9zMaAjpzyhMlOiMvOHnKEbo251plO0nTHtMTympT9mp2Imp2IxYPOlMKAcM25yMPO0olOVLKWjo2AlLKEypl4tG3IlVUAiozpfVUEbMFOHrJ1vLJjtLJ5ho3IhL2ImVUImYPOuozDtq2HtLKWyVTkcn2HtLFO3LKMyVT9zVUWunJ5xpz9jplO0nTS0VTquqTuypvO3nTIlMFO0nTI5VTuuqzHtLzIyovOvpaImnTIxVTSmnJEyYvOZnJWypvOjpzygqKZtnKZtqTuyVUqurFjtnKEmVUqipzEmVTSlMFOvo3EbVUOyLzWfMFOuozDtL29vLzkyp3EiozHfVTShMPOcqPqmVTEcpzIwqTyiovOcplOfnKDtLaxtp3EupaZh
71.  
72. Warehowe
73. Wearehow
74. We are how
75.  
76.  
77.  
78. AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000AAAAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA0AAAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAAAAAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAAAAAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0
79.  
80. ] arinerron: 1. Decode each barcode on http://sevens.exposed/hexadecimal/Hex.jpg
81. 2. Concatenate each decoded string (base32)
82. 3. Convert it to a single QR code
83. 4. Decode QR code
84. 5. Visit the site URL it instructs you to: http://sevens.exposed/ettubrutus/SHA1C/
85. 6. Notice it says in the title to go to http://sevens.exposed/ettubrutus/SHA1C/Cicada3301.sh
86. 7. Either run the script, or just read the source (it's literally just echo)
87.  
88. [11:35 PM] arinerron: And from there, you get 3 strings. 3 binaries.
89. [11:35 PM] arinerron: One of them is really easy to get (just decode from base64 the last string)
90. [11:36 PM] arinerron: the next is pretty easy. Take the ATCG string and run it through the DNA decoder. You get base64 decodes to a binary file again
91. [11:36 PM] arinerron: And the last string (the A0 one) I haven't figured out yet
92. [11:37 PM] arinerron:
93. AAAAAAAAAAAA0AAA0AAAA0AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAC1CADA-AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000AAAAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA0AAAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAAAAAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAAAAAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0000AA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA0AAA00AAA0AAAA0AAA0AAAA00000A0AAAA0AAA0AAAA0AAA0
94.  
95.  
96. this string ^
97. 👍2
98. [11:37 PM] arinerron: I've found some patterns between ATCG and A0 strings. In fact, quite a lot
99. [11:38 PM] arinerron: and you'll notice it says C1CADA- in the A0 string
100. [11:40 PM] arinerron: There are a few other things we found, but none of them are solid leads. If you do the process yourself, there's more you'll see.
101.  
102.  
103. [3:02 PM] arinerron: here's a list of things to try @here:
104. - binwalk
105. - check if files are executable. If one is, decompile it and use some forensics tools like GDB
106. - XOR each binary with the next
107. - try the strings command on each
108. - check the file signature to see if it matches any known filetype
109. - try "adding" each byte individually for each binary
110. - Remember how the folder was called "SHA1C" for "SHA1 Collision"? Perhaps if you hash each file, they all have the same hash.
111. - reverse the bytes in the file and try all these steps again(edited)
112. 👍5
113. [3:07 PM] arinerron:
114. sha1sum <filename>
115.  
116. on linux, to hash a file with sha1(edited)
117. [3:43 PM] arinerron: There is an SHA1 collision with the A0 and ATCG binaries
118. [3:57 PM] arinerron: The last string (base64 one) was not correctly decoded, because the sha1 hash did not match the others that collided
119.  
120. Cicada3301.sh
121.  
122. the message is about the cicada solvers - they are dispossessed of spreading truth by those who want to keep secrets but but by twitter, 4 chan and direct email we gather defango who has been brushed aside by cicada solvers, Liber Primus is the way - it is moveable and set in stone - defango is flexible but cicada solvers are rigid. Its direction is lit by the amount of people who develop into better human brings
123.  
124. @Defango All of this is not necessarily my work. This list summarizes what all of us have gotten so far:
125.  
126. 1. We got to http://sevens.exposed/hexadecimal . There are barcodes on there. Read the barcodes, and concatenate the strings you get together.
127.  
128. 2. Convert to hex, and then you can convert that to a QR code
129.  
130. 3. Read the QR code, and you get a message with the URL /ettubrutus/SHA1C/.
131. Obscurity Security;
132. SHA-1 collision presented Track 4.
133. Visit: /ettubrutus/SHA1C
134.  
135.  
136. 4. Go to the URL. You'll see a message mentioning the DEF CON talk coming soon about the SHA1 collision recently. You'll also see in the title it says terminal /Cicada3301.sh. Navigate to /ettubrutus/SHA1C/Cicada3301.sh.
137.  
138. 5. You can execute the bash script Cicada3301.sh, or you can just read and interpret it (it's quite simple). Notice the string Warehowe?. The letters can be rearranged to Who are we?, How are we?, We are who?, and We are how?.(edited)
139. [8:28 PM] arinerron: 6. In the bash script, you'll notice a string with DNA sequences like ATCG. Decode the DNA, and you'll get a base64 string. When decoded, you get a binary file. Let's call it binary_1 for now.
140.  
141. 7. There's another string with the characters A0. When decoded, you get another binary file (binary_2).
142.  
143. 8. When you compare the SHA1 hashes of binary_1 and binary_2, you'll notice that they are exactly the same (2ddc3b7e5ed624c7e9c8a5db8899378330e785ca). This is an example of an SHA1 collision. It is so impossibly unlikely that an SHA1 collision would happen by chance, so I am certain that this an actual clue (or at least, this is what we were supposed to do).
144.  
145. 9. Now, you have the final string at the bottom of the file, that looks like base64. It is actually ROT13-encoded base64. Simply perform the rot13 encoding again to get the original text, and decode the base64. You get this message:
146. We are the voice of humanity, the offspring of Tithonus the dispossessed, resigned to Harpocrates. Our song, the Tymbal announces us, and we are like a wave of raindrops that gather where they have been brushed aside. Liber primus is the way, its words are both pebble and cobblestone, and it's direction is lit by stars.
147. (edited)