Today we’re going to be exploring the image in the post that Verum Inveniri made after agents compiled the nominus dead drops.
If you’re just here for the passcodes, here they are:
4zc2codes7u7u 2wa2cipherv6r9q 6pd4transpositionz9x2p
There are three codes to solve in the image and we’ll highlight them in the image. We adjusted the brightness/contrast to reveal 2 and 3.
The passcodes are in the following format:
Code 1 (3/5 difficulty)
==-- ~ --- + =- := :=--+ - - -. =- - ++ + ~ == =-:= ;= - = - - = +- ~ ~== ~=+;- - = ?-= += -?'+ -= =" -+ -?-~ -- ~- --
The technique to solve this one wasn’t covered in the previous post but it was covered in one of our previous tutorials: Binary.
The spaces will be ignored and we’ll use only the symbols for the solve.
The length of the string is 80 characters which is divisible by 8 and is a candidate for binary conversion.
As mentioned in the Binary tutorial, we’ll need to figure out which characters represent 0 and which represent 1.
These are the unique characters that make up the string:
Carefully looking at these characters, some of these are written out with 1 stroke and the others are 2.
Trial and error with deciding which one is 0 and 1:
binary: 00111111001000011011110110001000100001011001110010001100100010101000101011111111 ASCII: ?!½ ÿ hex: 3f 21 bd 88 85 9c 8c 8a 8a ff decimal: 063 033 189 136 133 156 140 138 138 255binary: 11000000110111100100001001110111011110100110001101110011011101010111010100000000 ASCII: ÀÞBwzcsuu hex: c0 de 42 77 7a 63 73 75 75 00 decimal: 192 222 066 119 122 099 115 117 117 000
Neither of the two give us anything useful though an interesting result came from the second blok of information: c0de (code) is spelled out for us, let’s assume that’s the keyword.
[2-9][p-z][a-h][2-9]c0de[p-z][2-9][p-z][2-9][p-z]binary: 0100001001110111011110100110001101110011011101010111010100000000 ASCII: Bwzcsuu hex: 42 77 7a 63 73 75 75 00 decimal: 066 119 122 099 115 117 117 000
The last 5 ASCII characters (zcsuu) fits the character requirements of the passcode nicely.
[2-9]zc[2-9]c0des[2-9]u[2-9]ubinary: 010000100111011100000000 ASCII: Bw hex: 42 77 00 decimal: 066 119 000
That just leaves the numbers, reading the 4 hex characters that remain as numbers (ignoring the zeros):
Code 2 (2/5 difficulty)
Separating the lowercase and uppercase characters:
Reversing the uppercase characters reveals a hint:
Vigenere is a type of cipher that applies a Caesar cipher but the amount shifted changed after every letter. That amount is determined by a key.
For example, applying the vigenere cipher to the word ingress with key decode:
i + d = i + 3 = l n + e = n + 4 = r g + c = g + 2 = i r + o = r + 14 = f e + d = e + 3 = h s + e = s + 4 = w s + d = s + 3 = v
A few things to point out: once the key is depleted, it repeats itself. Like caesar cipher, once the letter goes past z, it cycles back to a. Decrypting a vigenere cipher is the same process but subtracting the key values from the encoded string.
So we have smcprinmfdbnqiojkp but we don’t have a key. Typically for these types of codes, the key is normally a known keyword used in previous passcodes and it is related to the uppercase character word. For this code, the key is cipher.
Decoding smcprinmfdbnqiojkp with cipher:
smcpri nmfdbn qiojkp cipher cipher cipher qeninr leqwxw oazcgy
Reversing it, we see nine but the rest of the code does not make any sense. Vigenere has a variant called Vigenere Autokey. With Vigenere Autokey, once the key is depleted, it starts encoding with the original string. In this example, we’ll vigenere autokey encode decodeingress with xmp:
dec ode ing res s xmp dec ode ing r aqr rhg wqk zry j
And the decoding process:
aqr rhg wqk zry j xmp dec ode ing r dec ode ing res s
Back to our original code:
smcpri nmfdbn qiojkp cipher qeninr xisvow qeninr xisvow tawowtqeninrxisvowtawowttwowatwovsixrnineq2wa2v6r9q
It matches the prefix and suffix portions of the format but needs a keyword, cipher works.
Code 3 (1/5 difficulty)
puaoinxp xorptzeo iftsinnw sdrnsoit
This code is a transposition but needs to be read down-to-up:
In the next post, we’ll be exploring the post Cheshire Cat made about the #niantic IRC channel and we’ll reveal 3 more passcodes.