Titanpad Archive

    THINGS WE TRIED

    http://titanpad.com/uIxPrBCsN4 -- the other TP with the other stuff. courtesy of Mothwing

Zoanthal
RC4:
-using decimal representation of the bytes of each of the strings as the starting table
-using a variety of phrases as the key
RSA:
-in a large variety of approaches, keeping in mind as noted below that all of the strings have fairly low prime divisors

Eve57

[Frequency and autocorrelation analysis of the three strings to check if they are random, result not documented, but strings were not distinguishable from random byte sequences.]
--  See nazgul besides autocorrelation.  This is pointless in my eyes

XORed onion2, onion3, onion4, onion2^onion3, onion3^onion4, onion4^onion2, onion2^onion3^onion4 and all seven sequences byte reversed agains 3301.iso and all contained files - recursively unpacked - at every possible offset and calculated the entropy every time to find low entropy messages like English text. Also included the 2013 Twitter messages coverted to a binary file. The result was negative, lowest entropy found was 6.743 bit.

Source code: https://anonfiles.com/file/eb338023f1fd3a10fa67fe5a88d3260c
Output: https://anonfiles.com/file/5c17a4bb5d12a2196c0ab0cd4045140c

[XORed and added, subtracted and multiplied modulo 256 the three strings and the three strings reversed against themselve and checked if the result has lowentropy.Result not documented but negative.] --reproduce this part? Code should still be somewhere; just have to find the right machine. OK

Multiplied a few - mostly three at a time - of the numbers we have - 57, 761, 1033, 3301, numbers from thematrix, image dimensions, ... - to form a large number and added .com, .net, .org or .tk to form a URL; this was a puzzle in 2012. I did this manually and not systematically, may be worth to automate. --anything good? Found some web sites, for example 1033.com, but nothing Cicada related. Must be automated to get good coverage. -- any volunteers for that? There was somebody who wanted to do it, but can not rember and don't know if he did. Can probably do it sometime this week. OK gjvc was it, looked in the log file.

// WE SHOULD PROBABLY INTRODUCE A "VOLUNTEERS NEEDED" TAG OR SOMETHING

Split the three strings and the three strings reversed and all combinations XORed into 80 bit pieces - granularity was one byte - and scanned if any of the pieces was a valid onion address. Gave around 5k addresses, non was reachable. TODO: Upload and link the code. Rerun the code, output not saved.

Tried to use the numbers we have - 57, 761, 1033, 3301, numbers from the matrix, image dimensions, ... - as character indices into Self-Reliance to form a kind of book code. Never completed that because I concluded that it would be very hard to code a onion address into the highly symmetric matrix this way. Maybe we should try it anyway.
-- check with the square matrix properties below?

*Eve thinking and looking at source code written*

nazgul

Three 256 byte strings

XORed all combinations of the 256 byte strings, their byte order reversed versions and the inverted (masked each byte with 0xff). No readable file/text was found.

A frequency analysis was done on each string and the distribution of the byte values is flat.
onion2.frequencies.png: http://imgur.com/W1dNzOY,Ajm6s5K,4JELVfy#0
onion3.frequencies.png: http://imgur.com/W1dNzOY,Ajm6s5K,4JELVfy#1
onion4.frequencies.png: http://imgur.com/W1dNzOY,Ajm6s5K,4JELVfy#2

Fourier analysis confirms that all three strings are random noise, without a signal.
onion2.fourier.png: http://imgur.com/FHdIkPp
onion3.fourier.png: http://imgur.com/nFrpKWG
onion4.fourier.png: http://imgur.com/GeqITZt

I searched for repeating patterns of 3,4 or 5 bytes in all of the strings and found nothing. Also no repating patterns in the concatenated strings.

One further thought on the three 256 byte strings: With only 256 bytes they are too short to encode any GPG/PGP signed hint. Even if all three strings are concatenated (768 bytes) any GPG signed ASCII message hidden in them would have to be compressed.
-- anyone really motivated can have a look at ASCII compression at his leisure

XORed all three strings against binary of each Cicada signature we got, following 2) under "Things we should try". The minimum entropy is 6.9 and I found no text/image/compressed file that is readable.

Interpreting each of the strings as a number and testing for primality reveals that all are composit numbers with the first prime factor being small (13,3 and 79 for onions 2,3 and 4).
pastebin: http://pastebin.com/DWkTHcvD
Given the small prime factors, I think it is very unlikely that these 256 byte strings are RSA keys.

XORed all three strings at all possible offsets against all four onion4 images. No text/images/compressed files were found.

XORed all three strings in reversed order against all four onion4 images at all possible offsets. No text/images/compressed files found.


per X byte analysis of the hex strings + segment permutations + hex to int factors etc:
oh oh i had an idea .... it died young. but maybe inspires someone or you just always wanted to improve your shell skills: http://pastebin.com/uCM1Chbd
tried the same with hexstrings both character reversed and byte reversed but no luck

Page 6 outguess:

I have analysed the binary data that outguess returns when called without password by:
   i) Frequency analysis      --> flat distribution, see http://imgur.com/vNY8Mn7
  ii) Searched for file headers in the outguess, advancing byte by byte. No text/compressed files/ images found.
 iii) Fourier analysis           --> Only noise, see http://imgur.com/B8mjqob
 iv) Searching for repeating patterns of 3, 4 or 5 bytes  --> None found
  v) XORing with either of the three 256 byte strings at every possible offset. No readable text/compressed file found

On the theory that page 6 has an outguess that needs a password I tried all the words from all runepages, their gematria (and all primes < 5000) and found no results.

Page 4 Matrix/Magic square:

Tried to use the numbers as a book code on the runepages.
   i) Each number in the matrix refers to one letter in the runes  --> No result
  ii) The order of the numbers (i.e. 272 is the 10th largest number, 138 the 5th ...) encodes    words in the runetext. The resulting text is nonsense.


strange_tcyborg

// just messed about
discussed some philosophical implications.
was inspired to see if cicada is really cDc
tried to organise things a bit, probably without much success

for anyone wondering: this "//" starts a one-line comment, "/* */" contains a     multiline                     comment
                                this "A^B" means A XORed with B
                                OOB == out of bounds


                                did anyone try anything with "the instar emergence" song? i mean, anything not on the wiki? Eve57: Part of the XORing against Cicada OS. all right


                                SSSS = Shamir's Secret Sharing Scheme. I personally didn't try it, but i had a conversation with people who did. They should probably paste anything useful on this topic here.
                                As far as I can remember, the 3 strings turned out to not be shamir's shares. But perhpas we did it wrong

THINGS WE SHOULD TRY

Eve57

1) Systematically search for URLs formed by multiplying numbers we have available -  57, 761, 1033, 3301, numbers from the matrix, image dimensions, ... - to form a large number and adding .com, .net, .org or .tk as it was a puzzle in 2012.

2) Convert PGP signatures to binary and XOR with the three strings and look for low entropy or known file signatures.
  -- nazgul: Done that. minimum entropy 6.9, no readable files found

3) XOR all the images and what else we have against the three strings and see if something with low entropy or a known file signature appears. I (Eve57) can do the low entropy thing with the same code I used for Cicada OS. I currently have no file signature scan and did not perform a file signature scan when XORing against Cicada OS.

4) Less likely, but XOR the strings against the random garbage from failed OutGuesses (without password).
    -- nazgul: Done so for page 6 outguess, no readable text/compressed files found

5) Tried to use the numbers we have - 57, 761, 1033, 3301, numbers from the matrix, image dimensions, ... - as character indices into Self-Reliance to form a kind of book code. Never completed that because I concluded that it would be very hard to code a onion address into the highly symmetric matrix this way. Maybe we should try it anyway.

-brownsugarcube:
so I tried looking at the matrix in terms of what they say is sacred.  They said the primes were sacred so I took those and added them and then took the totient which they said was sacred and my result was the number 432.  I didn't really know if that could be anything or not but then someone posted this website in the chat and it says some pretty interesting things about the number 432:  http://www.biblegematria.com/number-216.html  Maybe the value of 432 could be used for something?  It looks like it would be most likely used for music but we havent had a musical clue yet this year.  This website also has some information on Euler's totient and how it can be used to build a code.  Maybe we could try to use that information somehow?

strange_tcyborg
    People keep asking about the Hill cipher. I have tried it a bit in Wolfram Alpha and didn't get anywhere sensible.  Anyone who has tried it and got something interesting should probably describe it here

UNUSED CLUES  - Please stick to clues from cicada

/*
my take on this is "clues from cicada" == "clues explicitly signed by cicada's PGP key" and their (==from these clues) proven derivatives
*/

2014

The  words used on onion 1 from the book cypher form this:
(always genius aquires among action experience justice truth and being) daily equality the corpse private
The part between () leads to the Experience essay by Emerson

Three hex strings from onions. http://pastebin.com/raw.php?i=qePehdKM
These 3 hex strings appear random -- see above but could contain encrypted data. We do not know.
Attempts have been made to combine them via XOR (forward/reverse/shifted/... ) without any discernable data appearing -- see above as well.

http://pastebin.com/HFnvXi8t
Pastebin referring to the 3 hex strings encoded into binary,hex, and ascii.

Images
Flipped cicada in 1033.jpg of onion1 -> 1033 is flipped and the whole image is flipped.
there are four images contained in this one image they are mirrored and rotated. the
pic size are, of course, primes. -- as discussed in #cicadaphilosophy (or was it my PMs? can't remember now), we should probably try interpreting the Blake-y picture as a whole, from artistic, philosophical, hermeneutic and any other reasonable standpoints They also have something curious to me. All of them, when seen on their own, present someone pointing down. Arm stretched and pointing down. Could be something.
in a way, true. Newton's pointing finger, Urizen, Nebuchadnezzar, straightedges, triangles, the golden ratio, &c -- philosophical musings go here or should be linked to from here
the runes covering the numbers in the magic 5x5 matrix on p4 jpg also form a hand with finger pointing left

1)
image of onion1
center top image is simply mirrored horizontally
center bottom one is mirrored vertically, resized ~+30%
right hand is from MTA Boston original, size almost doubled, turned 90° ccw, mirrored horizontally
2)http://titanpad.com/V00ib6b42r
left hand is from Tate London original, size more than doubled, turned 90° ccw
left side isn't mirrored
image size is  prime
both hands are the same part of the picture, but from different originals. the left side of our pic is taken from the tate London image, the right side from the MFT Boston one
folding the images, both the left and the right match, or geometrically congruent
so far no interpretation of the image content
3)
The left hand and the right hand image are identical, but from different
relief etched images (so that the appearance differs), mirrored hands
the central pictures are - different - mirrored circles adding up to a square (in the image) there
is also a half circle inside the square -. alternatively the square could be to half triangles (if the images are conisdered seperately) there is a finger holding the paper while drawing the triangle. the position of the finger could be a ration ~1:5 at this position is another image embedded
4)
there is a hidden image where the finger points at, while the content of this image couldn't be made exactly clear, assumption MMMCCCI (possibly a Roman numeral, 3301 in european decimals), which has count 283, which is a prime it could also be reversed/flipped which would than be WWWCCCI (apparently nor a Roman numeral) (wasn't his 3301/1033 in roman numerals?) -- probably
5)
From the onion 3 message there were two pic files and a OOB (out of bounds) message in between, a mobius would link the beginning to the end to produce  a repeat

Maybe the delays between the bytes on onion2 and onion3
> we lack full logs, logging couldn't be anticipated, therefore this is less likely --that we do, unless someone mircaulously turn up with them. That'd be greatly appreciated

Text of page 3, 4 and(half of 5 and) 6 of liber primus.
https://infotomb.com/fhxhe.txt

The Square matrix. -> 1033
OK, this is NOT a magic square in a really pedantic sense. But it does have certain qualities, which are:
[list them here]
i understand the square matrix has fixed elements and variable elements. please expand.

the date 6 Jan of the twitter post which started this year -> 61 = prime
http://en.wikipedia.org/wiki/Epiphany_(holiday) it was the 990 tweet on that account
the last tweet (only so far in this years campaign) was posted at 7:59 AM

Additional 0x35 0x37 / 57 on onion3-longString. It was 0x57 in my opionion <-- The server response grew by two bytes, 0x35 0x37. When viewed (as ASCII) this shows up as 57. If included in the hex-bin conversion it turns into W (0x57/87 decimal).
Primes in HTML comments - 761, 1033, 3301

Non-Prime Lines
six lines in the decrypted text of page5 & 6 which don't add up to primes
The primes:
http://uncovering-cicada.wikia.com/wiki/PRIMES_MENTIONED_IN_2014_PUZZLE#Page_5_and_Page_6

Apache Server Issues
</head> and <head> misformatting of the webpages of the onions
on onion 1 /head was not closed
and on onion 4 it started with /head
while onion 2 and 3 did not have head
-> could tie the onions together or give a structure for some other element
the only onion which contained "X-Cicada 3301" in the HTTP header was onion 4
"pattern" is 1-3:4
Onion3 header status changed due to DirBusting from misconfigured dynamic to cicada imposed static header with large traffic volume, specially formated timestamp

Apache Server faked status page after DirBustin (https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project):
 After a while cicada changed the status-page (it is believed [citation needed :-) ] that was a correction of cicada). It now contains a new hex string, and some numbers on the status page changed https://anonfiles.com/file/576f51c0563045bc4abaf38c4b777f43
date and time of the static server status don't add up - give day were Tuesday and Thursday while the date was a monday, same with current and server uptime
ports just go up w each onion was 5240 5241 5242 for first 3 onions

onion 2.3 extracted text "A Warning believe nothing ..." has not been used so far -- UPD this?

2013
Wisdom/folly https://infotomb.com/bjzdi (This is a copy of Folly, but they're identical)

The parable  http://uncovering-cicada.wikia.com/wiki/Instar_emergence_(mp3_and_hidden_poem)#Meaning_of_Parable_1.2C595.2C277.2C641

and the parable number: 1,595,277,641

560.17 from CicadaOS DATA folder -- new ideas about the CicadaOS should probably go here

2012
The ps string -- from the Cicada "game-finished" message from year 2012:  http://static2.wikia.nocookie.net/__c

so  I tried looking at the matrix in terms of what they say is sacred.   They said the primes were sacred so I took those and added them and then  took the totient which they said was sacred and my result was the  number 432.  I didn't really know if that could be anything or not but  then someone posted this website in the chat and it says some pretty  interesting things about the number 432:  http://www.biblegematria.com/number-216.html   Maybe the value of 432 could be used for something?  It looks like it  would be most likely used for music but we havent had a musical clue yet  this year.  This website also has some information on Euler's totient  and how it can be used to build a code.  Maybe we could try to use that  information somehow?
b20

so  I tried looking at the matrix in terms of what they say is sacred.   They said the primes were sacred so I took those and added them and then  took the totient which they said was sacred and my result was the  number 432.  I didn't really know if that could be anything or not but  then someone posted this website in the chat and it says some pretty  interesting things about the number 432:  http://www.biblegematria.com/number-216.html   Maybe the value of 432 could be used for something?  It looks like it  would be most likely used for music but we havent had a musical clue yet  this year.  This website also has some information on Euler's totient  and how it can be used to build a code.  Maybe we could try to use that  information somehow?
130930065411/uncovering-cicada/images/4/49/VjuNp.jpg

"
P.S.:
10412790658919985359827898739594318956404425106955675643739226952372682423852959081739834390370374475764863415203423499357108713631
"

P= 99554414790940424414351515490472769096534141749790794321708050837
*
Q= 104593961812606247801193807142122161186583731774511103180935025763

totient(n)=
104127906589199853598278987395943189564044251069556
756437392269521685340472494124095242890677377795454
81745541679121601854465637032 (unconfirmed)
--you mean eulerphi (<PS number>) is this? You delete this I was told this was incorrect, or you can check it yourself and confirm.
tot(PSnumber) = (P-1)*(Q-1)

from this you can use multiplicative modular math to derive 'd'   what will you decrypt with it though...?

Has there been any recent activity form the CICADA?