Sign in to follow this  
mundanename

HacknSlashAnnounce

Recommended Posts

By the way, the genre of the theme tune is "aes-256-cbc"

Mean anything to anyone?

Also, under comments: passwords read like incantations when spoken in all capital letters

That's the encryption method, once we find the password AND the encrypted dataset (which I believe is the one in the announcement) you can run the dataset through openssl using the encryption method aes-256-cbc and with the password you'll get the actual content.

Would the encrypted dataset be the audio for the video?

The encrypted section of the press release is AES 256 CBC, so I assume it's that

Could be more than one thing...

Share this post


Link to post
Share on other sites
Hot off the presses from my friend:

"open up Outdoors.mp4 in a hex editor

search for "Salted"

delete everything before that

save it

then run this on it:

openssl aes-256-cbc -d -in outdoors.bin -out payload.bin

the password is MOST

and it will decrypt, but I'm pretty sure the dataset is wrong

like there's extra stuff in there

but that is the dataset entry point because it will decrypt"

Trying that on my computer (OS X 10.9) after removing everything preceding 'Salted' in HexFiend, I get "wrong final block length"

I guess it turns out the password is wrong, but that is at least the start offset of the encrypted data in the mp4.

Share this post


Link to post
Share on other sites

Wouldn't the "first observed glyph" incantation be 'THE FIVE BOXING WIZARDS JUMP QUICKLY' or 'THE FIVE BOXING WIZARDS JCMP QCIUKLY'? Although neither of those (with or without spaces) worked for me as the decryption password for the cropped Outdoors.mp4 file. Maybe something with that sneaky apostrophe?

Share this post


Link to post
Share on other sites

Has anyone tried a brute force using the words from the eye puzzle? I was thinking since MOSt was recognized it might be a part of the data string for the trailer we're trying to unlock.

Share this post


Link to post
Share on other sites

gotta imagine the comment on the theme tune mp3 tags, "passwords read like incantations when spoken in all capital letters" is a clue to the password somehow.

Share this post


Link to post
Share on other sites

I noticed another strange thing about the video

If you open it using mediainfo you could see this


Writing library                          : ÌãÑ¥@¦ò

on hex

CC E3 D1 A5 40 A6 F2 8F

t0ut.png

maybe an hint for the aes key

EDIT: OPS, there's another character

Share this post


Link to post
Share on other sites
Hot off the presses from my friend:

"open up Outdoors.mp4 in a hex editor

search for "Salted"

delete everything before that

save it

then run this on it:

openssl aes-256-cbc -d -in outdoors.bin -out payload.bin

the password is MOST

and it will decrypt, but I'm pretty sure the dataset is wrong

like there's extra stuff in there

but that is the dataset entry point because it will decrypt"

Trying that on my computer (OS X 10.9) after removing everything preceding 'Salted' in HexFiend, I get "wrong final block length"

I guess it turns out the password is wrong, but that is at least the start offset of the encrypted data in the mp4.

Hmm, to me it sounded like the offset was incorrect. You'd expect the final block to be the same size as those preceding it if the offset was correct.

Share this post


Link to post
Share on other sites

The reasons I think that it's a trailer are as follows.

A) Every new game needs a trailer which we don't have yet

B) Brandon must have been paying attention to the news about the Fallout 4 site hoax (which was going to release a CGI Trailer)

C) Assuming the file was compressed the 12.3 mb seems about right for a compressed trailer.

Share this post


Link to post
Share on other sites

When you use the password "THE FIVE BOXING WIZARDS JUMP QUICKLY" you get an EXE it seems, with strings from Double Fine. Unfortunately I run Linux so I'm SOL.

I did find this in the decrypted file though:

One last puzzle brought to you by Double Fine Productions, and a very special Hack n Slash character Ida

Share this post


Link to post
Share on other sites
When you use the password "THE FIVE BOXING WIZARDS JUMP QUICKLY" you get an EXE it seems, with strings from Double Fine. Unfortunately I run Linux so I'm SOL.

I did find this in the decrypted file though:

last puzzle brought to you by Double Fine Productions, and a very special Hack n Slash character Ida

upload the exe somewhere and post here

Share this post


Link to post
Share on other sites

So just to note if you Google crackme.enc the third result in search is the page for Hack N Slash

Share this post


Link to post
Share on other sites
When you use the password "THE FIVE BOXING WIZARDS JUMP QUICKLY" you get an EXE it seems, with strings from Double Fine. Unfortunately I run Linux so I'm SOL.

I did find this in the decrypted file though:

One last puzzle brought to you by Double Fine Productions, and a very special Hack n Slash character Ida

What did you put the password into?

Share this post


Link to post
Share on other sites
When you use the password "THE FIVE BOXING WIZARDS JUMP QUICKLY" you get an EXE it seems, with strings from Double Fine. Unfortunately I run Linux so I'm SOL.

I did find this in the decrypted file though:

last puzzle brought to you by Double Fine Productions, and a very special Hack n Slash character Ida

Nice! I'm on a mac :(

 $ openssl aes-256-cbc -d -in outdoors.bin -out payload.bin

enter aes-256-cbc decryption password: THE FIVE BOXING WIZARDS JUMP QUICKLY

bad decrypt

29122:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/evp/evp_enc.c:323:

alex@alex-silvercar:~/Desktop $ file payload.bin

payload.bin: PE32 executable for MS Windows (console) Intel 80386 32-bit

If you trust me, here's a dropbox link: https://www.dropbox.com/s/cf4fv9zfo34b9tj/payload.exe

Share this post


Link to post
Share on other sites

What did you put the password into?

I used openssl:

openssl enc -d -aes-256-cbc -pass "pass:THE FIVE BOXING WIZARDS JUMP QUICKLY" -in file.mp4 -out test.txt

file.mp4 was the Outdoors.mp4 file with the start removed until "Salted" as described earlier. OpenSSL exists for Windows as well and I think can use the same syntax. Obviously I discovered that test.txt is not a text file.

[edit] Too slow [/edit]

Share this post


Link to post
Share on other sites

I've decrypted the EXE. Running it on my Windows box pops up a text console with the prompt "YOUR INCANTATION:"

What's next?

Edit: I've already tried the obvious "THE FIVE BOXING WIZARDS JUMP QUICKLY" which comes back with "UNKNOWN INCANTATION" and then the application closes.

Share this post


Link to post
Share on other sites

So I ran the exe and after it loads the incantation thing the program disappeared and my system hung browser was stuck in load loop etc. I tried to kill the process and it wouldn’t do anything. Thoughts?

Share this post


Link to post
Share on other sites
well that sucks for you. So does it automatically add a code to your clipboard?

I'm not sure how would I check?

Share this post


Link to post
Share on other sites
well that sucks for you. So does it automatically add a code to your clipboard?

I'm not sure how would I check?

Ctrl+V

Share this post


Link to post
Share on other sites
well that sucks for you. So does it automatically add a code to your clipboard?

I'm not sure how would I check?

Ctrl+V

Doesn't do anything.

Share this post


Link to post
Share on other sites

Yeah, the readable stuff in memory looks like the message when you put in the successful incantation, just read the messages backwards:

SUCCESSFUL INCANTATION

Congratulations! You are a true reverser. It does my heart good that you

were willing to put in the effort to solve this series of puzzles. I want

etc.

I note at the beginning there's a string that looks like another Base-64 encoded message:

MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMeqDCPIoPMd8CSnjGI96lJG3ijSEMDFuJCG4yaWUgbzpHijnyhQtAWn8PXhWOeie0v56AcqjXtKuSeSeLalrZsCAwEAAQ==

Perhaps that's either the incantation, or an encrypted version of the message sent to clipboard (the readable incantation is a bit long for a tweet afterall!)

Share this post


Link to post
Share on other sites
Yeah, the readable stuff in memory looks like the message when you put in the successful incantation, just read the messages backwards:

SUCCESSFUL INCANTATION

Congratulations! You are a true reverser. It does my heart good that you

were willing to put in the effort to solve this series of puzzles. I want

etc.

I note at the beginning there's a string that looks like another Base-64 encoded message:

MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMeqDCPIoPMd8CSnjGI96lJG3ijSEMDFuJCG4yaWUgbzpHijnyhQtAWn8PXhWOeie0v56AcqjXtKuSeSeLalrZsCAwEAAQ==

Perhaps that's either the incantation, or an encrypted version of the message sent to clipboard...

Yeah, pretty sure that something must be put in the clipboard one the correct incantation is entered.

Share this post


Link to post
Share on other sites
Opening the running exe using HxD i found this

http://pastebin.com/KUGyj3rq

so wait is everybody else getting this?

Ayup, if you can get it decrypted and running on a windows box, and open the in-memory exe in a hex editor, you can find the top of that section by searching for the encrypted string I posted just above.

Share this post


Link to post
Share on other sites

Ya guys this is the furthest I can go every time I run the exe my browser hangs and I can't end the process without restarting my computer so keep me up to date!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this