• Announcements

    • Spaff

      These Forums are closing!   10/04/2019

      After more than a decade of serving this community well, these forums have finally run their course and it's time to close them down. That doesn't mean we want to close the doors on our community, quite the opposite!
      Our discord server grows ever busier by the day, and we encourage all Double Fine fans to meet us over there www.discord.gg/doublefine In a short time these forums will become a read only archive and will remain that way until they become needed again.
      You never know, it might happen.  There is... a prophecy. Thank you all for being part of these forums, and remember that the fun is definitely not over - so please join us on Discord! Love ya, Spaff, Tim, Info Cow, and all of Double Fine.
Sign in to follow this  
mundanename

HacknSlashAnnounce

Recommended Posts

I made the glyphs in the video a little more readable.

Nice. Working on that algorithmically myself. That's the old image, however; its missing a few lines. Check the updated version. :)

Share this post


Link to post
Share on other sites
I made the glyphs in the video a little more readable.

Nice. Working on that algorithmically myself. That's the old image, however; its missing a few lines. Check the updated version. :)

Isolating that color is tricky. If you get a complete image put together of all the glyphs, I can attempt to isolate them again. Otherwise, I think making an algorithm might be a better option. My method is pretty naive.

Share this post


Link to post
Share on other sites
I can't remember, are those the same glyphs from the original AF prototype? If so then we already have a complete alphabet.

So does anyone have this handy? Once we have this, we can start trying some "incantations" "in all capital letters" on the encrypted file (assuming it's one of the files in the zip).

Share this post


Link to post
Share on other sites
Here's my attempt to make the glyphs stand out (Sorry for making you scroll):

Ahh, much better. Thanks!

Share this post


Link to post
Share on other sites
I can't remember, are those the same glyphs from the original AF prototype? If so then we already have a complete alphabet.

Probably loosely, but it's considerably more elaborate. I tried comparing it to Brandon's signature and the last paragraph of the blurb on the AF DVD slipcase, but couldn't match them up with any confidence. Digging through to see if I still have the old font knocking around at the moment, but it may be easier to work from scratch.

Or maybe it's entirely to do with the symbol positions on the splash page - we'll see!

Share this post


Link to post
Share on other sites

A friend and I have been looking at this and I'll just share some of what we've figured out. The apostrophe in the text file is obviously suspicious, it shows as <92> in an editor, which could be a hex value or something else. Also, the glyphs in the main image, the apostrophe there shows up multiple times. That makes it so there are 32 unique glyphs. 32 is a convenient number when talking binary, but that doesn't really answer anything specific.

Anyway, that's it. Just wanted to share that info, even if it doesn't really lead anywhere.

Share this post


Link to post
Share on other sites
I can't remember, are those the same glyphs from the original AF prototype? If so then we already have a complete alphabet.

So does anyone have this handy? Once we have this, we can start trying some "incantations" "in all capital letters" on the encrypted file (assuming it's one of the files in the zip).

It's probably related to the announcement https call in the bottom: http://www.doublefine.com/news/comments/announcing_hack_n_slash_its_real_and_it_has_algorithms/

Share this post


Link to post
Share on other sites

So as I was saying I have 84 individual lines from the video message in my Dropbox. All you have to do is change the url.

EDIT: Removed dropbox links to individual lines

Once we have a clear alphabet we could split up decoding them.

Share this post


Link to post
Share on other sites

This is my translation from the video so far. It takes a while to go through the glyphs so I'm not done.

"most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

si?e up the medium you are observing and you may find it supports modes of expression ..."

That should give a pretty good alphabet to start on if someone wants to continue my work.

Share this post


Link to post
Share on other sites
This is my translation from the video so far. It takes a while to go through the glyphs so I'm not done.

"most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

si?e up the medium you are observing and you may find it supports modes of expression ..."

That should give a pretty good alphabet to start on if someone wants to continue my work.

Yeah, I was just about to post similar results

The way I'm going about it is to substitute each glyph for a letter, like so:

ABCD

BE

DFG

DHAG

IG

BJKL

CGG

DFG

DFHJMC

DFND

IG

GOPGQD

DB

And then run it through a solver like this which automatically attempts the frequency analysis stuff because I'm lazy:

http://rumkin.com/tools/cipher/cryptogram-solver.php

And from there it's pretty easy to derive the correct letter for each glyph. But I need to sleep soon.

Share this post


Link to post
Share on other sites

Has anyone taken a look at the encrypted part at the end of the announcement?

The part at the beginning is obviously a trace of an HTTP request whose response will be the announcement. You can reproduce the request by following this link: http://www.hacknslashthegame.com/download/hacknslashannouncement.txt

Here's the beginning:


> CONNECT host:www.hacknslashthegame.com port:80

> SEND ApplicationData

>> GET /download/hacknslashannouncement.txt HTTP/1.1

>> Host: hacknslashthegame.com

>>

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Connection: close

Content-Type: application/octet-stream

The part at the end is mostly likely an HTTPS request given the port number and the fact that it's using the TLS protocol. But maybe it's possible to decrypt it somehow? I think this is effectively a man-in-the-middle attack against TLS, which is basically impossible barring a few known attacks. I'm not sure if they apply in this case, though. Maybe someone knows more about it than I do.

Here's the end:


> CONNECT host:hacknslashthegame.com port:443

> SEND ClientHello suites:TLS_RSA_WITH_AES_256_CBC_SHA certs:x509 random:xIl3HWupPdsvwY94XV3UHtW04aE/wT4X8p7FmdSxW5w=

RECV ServerHello random:Up2+Rmzxa4CFywMpfAMCBn7wJHaiBnwEGslWPq4QaTQ=

RECV Certificate [verified]

RECV ServerHelloDone

> SEND ClientKeyExchange premaster:AwKV0UmxkA/iXZ4Y4NDn0P1Ju/m6GNL10FR7PuJae/83Ghy3Eo+6qDiJwQsNzjyB

... [encrypting provided premaster]

> ENCRYPT

... [computing master key]

... [sending ChangeCypherSpec]

> VERIFY

... [computing verify_data:Tcz7sewhNdF70Xmd]

... [sending Finished]

>SEND ApplicationData

>> ******************************************

>> ***************************

>>

... [sending ApplicationData encrypted_payload:9Uxik4wGjQEoga0gznSZM7H+x4gnbdG9iqVwCOucgvE=]

... [sending ApplicationData encrypted_payload:Z41sWWPE2pPTxXnfbb/ju+g9NGrE/7gMltSvCW2J5aLCjH0R5k8E1iHJydJ1OuguAyZqKPlUDOxVZ6I1dnIJkPBXre5y2wcZU5misdX8Hk+exdqsbpjeDRwQKxwxcOTm]

wqbzvEF9EWuIshMxNfrvhg75TbHD5/WY4dA8m73GW6kX6S7lszdMKCKr3QWz0/2EAwdkU51tyAqEMB1DR87/9PnAXnECqvbVZLWL8MBNgcyd4ri+YzRDF/R+XbJ3qXbRIfuaiJGqjB8AQSYTHdmBIqdcamc6404t5cw0Gx7oRyYmudXx4CZ1D2fpD801jKNOm/Zv0saw3XwF7j0gPvvKZBWmUzwGc9L8PNFkKzsliozmBUxyE3hdRu0L7G5fqviPejgjau3VBC3LI64nvNz8yQ27yoZKpaqAlAV69tnPkwqTGeXgFM6ev4w6CTFUYPHucogo5OJ3V0G0n69k8+aljaeeNTuVzmRML9bHJdzVB4s252NF2PrgPlzGQIgbih7P4unwshrtCLeg8zLF0AApCA==

—-TRACE END—- 

Share this post


Link to post
Share on other sites
The border around the image-zip is also a bit suspicious...

It's 105kb and PNG should pack that big, black rectangle way better. Also, the border has something that looks like jpeg compression artifacts but the file is a PNG...

I smell some steganography.

Yeah, there's something there for sure.

Share this post


Link to post
Share on other sites

Wow this is a pretty cool puzzle =D I'll definitely pay attention to what happens.

Since I haven't really had much experience with these things before I probably won't be much help. But just as a test I tried using filezilla to access www.hacknslashthegame.com

Since the announcement starts with accessing port 80, I tried putting that in filezilla but it said the formatting was wrong. So then I tried just the website itself and anonymous as the username and the server didn't connect. So my suspicion is that there is a server connected to the website (duh; I realized then I was probably barking up the wrong tree). I assume this isn't part of the *NOT* ARG, but figured I'd put it out there if anyone feels like trying to hack the server in order to obtain full access the website itself and see if there's any additional files related to the *NOT* ARG...

Just kidding of course =D I'm pretty sure its just me over thinking puzzles as usual.

Edit: sounds like edsrzf has the real solution to the meaning of the https at the top and bottom of the announcement.

Share this post


Link to post
Share on other sites
This is my translation from the video so far. It takes a while to go through the glyphs so I'm not done.

"most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

si?e up the medium you are observing and you may find it supports modes of expression ..."

That should give a pretty good alphabet to start on if someone wants to continue my work.

Yeah, I was just about to post similar results

The way I'm going about it is to substitute each glyph for a letter, like so:

ABCD

BE

DFG

DHAG

IG

BJKL

CGG

DFG

DFHJMC

DFND

IG

GOPGQD

DB

And then run it through a solver like this which automatically attempts the frequency analysis stuff because I'm lazy:

http://rumkin.com/tools/cipher/cryptogram-solver.php

And from there it's pretty easy to derive the correct letter for each glyph. But I need to sleep soon.

Sweet. I'll start on doing the first part automatically via image comparison. See if anyone beats me by hand, John Henry style.

Share this post


Link to post
Share on other sites
A friend and I have been looking at this and I'll just share some of what we've figured out. The apostrophe in the text file is obviously suspicious, it shows as <92> in an editor, which could be a hex value or something else. Also, the glyphs in the main image, the apostrophe there shows up multiple times. That makes it so there are 32 unique glyphs. 32 is a convenient number when talking binary, but that doesn't really answer anything specific.

Anyway, that's it. Just wanted to share that info, even if it doesn't really lead anywhere.

There are 4 glyphs that have repeats in the 6x6 grid. Assuming 0,0 is in the top left corner, {1,3} is also at {2,2}; {1,4} is also at {2,3}, {3,4}, {4,6}, and {5,5}; {1, 6} is also at {3,1}, {3,6}, and {6,2}; {5,2} is also at {6,1}. That makes 27 unique characters. Hrm...

Share this post


Link to post
Share on other sites
Has anyone taken a look at the encrypted part at the end of the announcement?

The part at the beginning is obviously a trace of an HTTP request whose response will be the announcement. You can reproduce the request by following this link: http://www.hacknslashthegame.com/download/hacknslashannouncement.txt

Here's the beginning:


> CONNECT host:www.hacknslashthegame.com port:80

> SEND ApplicationData

>> GET /download/hacknslashannouncement.txt HTTP/1.1

>> Host: hacknslashthegame.com

>>

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Connection: close

Content-Type: application/octet-stream

The part at the end is mostly likely an HTTPS request given the port number and the fact that it's using the TLS protocol. But maybe it's possible to decrypt it somehow? I think this is effectively a man-in-the-middle attack against TLS, which is basically impossible barring a few known attacks. I'm not sure if they apply in this case, though. Maybe someone knows more about it than I do.

Here's the end:


> CONNECT host:hacknslashthegame.com port:443

> SEND ClientHello suites:TLS_RSA_WITH_AES_256_CBC_SHA certs:x509 random:xIl3HWupPdsvwY94XV3UHtW04aE/wT4X8p7FmdSxW5w=

RECV ServerHello random:Up2+Rmzxa4CFywMpfAMCBn7wJHaiBnwEGslWPq4QaTQ=

RECV Certificate [verified]

RECV ServerHelloDone

> SEND ClientKeyExchange premaster:AwKV0UmxkA/iXZ4Y4NDn0P1Ju/m6GNL10FR7PuJae/83Ghy3Eo+6qDiJwQsNzjyB

... [encrypting provided premaster]

> ENCRYPT

... [computing master key]

... [sending ChangeCypherSpec]

> VERIFY

... [computing verify_data:Tcz7sewhNdF70Xmd]

... [sending Finished]

>SEND ApplicationData

>> ******************************************

>> ***************************

>>

... [sending ApplicationData encrypted_payload:9Uxik4wGjQEoga0gznSZM7H+x4gnbdG9iqVwCOucgvE=]

—-TRACE END—- 

I'm hoping someone can find a password or key so we can use this website to decode it by converting each base64 line using this into hex.

If anyone has Linux then this is the command line way to do it (and probably a lot simpler).

EDIT: and we already know the settings are aes-256-cbc from the mp3 in the jpg-zip-thing.

Share this post


Link to post
Share on other sites
This is my translation from the video so far. It takes a while to go through the glyphs so I'm not done.

"most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

si?e up the medium you are observing and you may find it supports modes of expression ..."

That should give a pretty good alphabet to start on if someone wants to continue my work.

Yeah, I was just about to post similar results

The way I'm going about it is to substitute each glyph for a letter, like so:

ABCD

BE

DFG

DHAG

IG

BJKL

CGG

DFG

DFHJMC

DFND

IG

GOPGQD

DB

And then run it through a solver like this which automatically attempts the frequency analysis stuff because I'm lazy:

http://rumkin.com/tools/cipher/cryptogram-solver.php

And from there it's pretty easy to derive the correct letter for each glyph. But I need to sleep soon.

Sweet. I'll start on doing the first part automatically via image comparison. See if anyone beats me by hand, John Henry style.

Oh yeah, that's be great. I got about 2/3 of the glyphs turned into letters, which includes all of the common letters, based on what I did above, so you should be able to figure out the rest by a bit of image comparison, and guessing the blanks.

Share this post


Link to post
Share on other sites
The border around the image-zip is also a bit suspicious...

It's 105kb and PNG should pack that big, black rectangle way better. Also, the border has something that looks like jpeg compression artifacts but the file is a PNG...

I smell some steganography.

Yeah, there's something there for sure.

I'm thinking red herring. There's a blurred border and a texture on the edge, which can mess with png compression. I tried looking at the file and couldn't see anything, but saving it back with high quality settings gives a similar file size.

Share this post


Link to post
Share on other sites
This is my translation from the video so far. It takes a while to go through the glyphs so I'm not done.

"most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

siZe up the medium you are observing and you may find it supports modes of expression ..."

Resize the image/video?

Share this post


Link to post
Share on other sites
Has anyone taken a look at the encrypted part at the end of the announcement?

The part at the beginning is obviously a trace of an HTTP request whose response will be the announcement. You can reproduce the request by following this link: http://www.hacknslashthegame.com/download/hacknslashannouncement.txt

Here's the beginning:


> CONNECT host:www.hacknslashthegame.com port:80

> SEND ApplicationData

>> GET /download/hacknslashannouncement.txt HTTP/1.1

>> Host: hacknslashthegame.com

>>

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Connection: close

Content-Type: application/octet-stream

The part at the end is mostly likely an HTTPS request given the port number and the fact that it's using the TLS protocol. But maybe it's possible to decrypt it somehow? I think this is effectively a man-in-the-middle attack against TLS, which is basically impossible barring a few known attacks. I'm not sure if they apply in this case, though. Maybe someone knows more about it than I do.

Here's the end:


> CONNECT host:hacknslashthegame.com port:443

> SEND ClientHello suites:TLS_RSA_WITH_AES_256_CBC_SHA certs:x509 random:xIl3HWupPdsvwY94XV3UHtW04aE/wT4X8p7FmdSxW5w=

RECV ServerHello random:Up2+Rmzxa4CFywMpfAMCBn7wJHaiBnwEGslWPq4QaTQ=

RECV Certificate [verified]

RECV ServerHelloDone

> SEND ClientKeyExchange premaster:AwKV0UmxkA/iXZ4Y4NDn0P1Ju/m6GNL10FR7PuJae/83Ghy3Eo+6qDiJwQsNzjyB

... [encrypting provided premaster]

> ENCRYPT

... [computing master key]

... [sending ChangeCypherSpec]

> VERIFY

... [computing verify_data:Tcz7sewhNdF70Xmd]

... [sending Finished]

>SEND ApplicationData

>> ******************************************

>> ***************************

>>

... [sending ApplicationData encrypted_payload:9Uxik4wGjQEoga0gznSZM7H+x4gnbdG9iqVwCOucgvE=]

—-TRACE END—- 

I'm hoping someone can find a password or key so we can use this website to decode it by converting each base64 line using this into hex.

If anyone has Linux then this is the command line way to do it (and probably a lot simpler).

EDIT: and we already know the settings are aes-256-cbc from the mp3 in the jpg-zip-thing.

I'm on Linux and have been trying some passwords, now I'm working on the alphabet. :)

Share this post


Link to post
Share on other sites
This is my translation from the video so far. It takes a while to go through the glyphs so I'm not done.

"most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

siZe up the medium you are observing and you may find it supports modes of expression ..."

Resize the image/video?

I think that's a hint for decyphering the secret message in the .txt file.

Once we get the alphabet finished, maybe the next step is translating the glyphs in the screenshot, and use that as a password for the press release code.

Share this post


Link to post
Share on other sites

The full message (lots of hints here):

most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

size up the medium you are observing and you may find it supports modes of expression you do not expect

images can contain words

words can produce images

something that appears to be a recording of life may actually be a container filled with the sequences of images and channels of audio that you expect but that container can hold

The message ends abruptly here...

Share this post


Link to post
Share on other sites
The full message (lots of hints here):

most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

size up the medium you are observing and you may find it supports modes of expression you do not expect

images can contain words

words can produce images

something that appears to be a recording of life may actually be a container filled with the sequences of images and channels of audio that you expect but that container can hold

The message ends abruptly here...

Nicely done!

Share this post


Link to post
Share on other sites
The full message (lots of hints here):

most of the time we only see the things that we expect to

often secrets are in plain sight but remain invisible to us

size up the medium you are observing and you may find it supports modes of expression you do not expect

images can contain words

words can produce images

something that appears to be a recording of life may actually be a container filled with the sequences of images and channels of audio that you expect but that container can hold

The message ends abruptly here...

The container for the video is Quicktime (at least my linux box detects it as qt), let's see if we can break its content.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this