Cicada-3301 Vol:1 — TryHackMe Walkthrough
Imagine that you are back in 2012 and you are browsing through the internet. You came across this image.
What would you do? This was the case for the people back on 4/01/2012 as this image was uploaded to 4chan and that was the beginning of one of the coolest scavenger hunts to ever exist. Thanks to Cryillic, we can try and solve parts of this great puzzle ! Let’s get started,
Step 1. Download the task files to your local machine.
Step 2. Unzip the downloaded file using the command:
unzip Cicada3301.zip -d /xyz/abc/
unzip : To unzip the file
-d : To specify the directory for the Unziped file to be stored
We can see, that the zip file consist of an image and an audio file. This challenge consists of tasks, so let’s go through and complete them one by one.
Step 3. To find a link inside the audio, we can use a Sonic Visualizer tool. you can download it using these commands:
sudo apt update
sudo apt install sonic visualizer -y
Once the application is ready to run. Open the application and go to file > Open. Select the 3301.wav file and play it. It sounds creepy but unique.
We are going visualize this sound in the form of spectrogram. we can go that by clicking on Pane > Add Spectrogram.
Damn ! look at that. We can see a QR code. Let’s scan it and see what we get.
Scaning this QR code gives us this link:
Task 2 completed.
Now let’s see where that link takes us,
Step 4. We got a passphrase and a key here but we have to decrypt them. In order to do that we have to know what algorithm was used to encrypt them. Lucky for us, the hint button shows that they are encrypted using base64 algorithm. We can decrypt them using the command:
echo “SG01Ul80X1A0NTVtaHA0NTMh” | base64 -d
echo : Used to display
base64 -d : Decrypts the passphrase
same but with the key between the “”
We still couldn’t understand the decrypted passphrase and the hint says “French Diplomat Cipher”
Let’s google it and see what comes up. French Diplomat Cipher, in other word Vigenère cipher is a polyalphabetic encryption algorithm developed by a french cryptologist called Blaise de vigenère. Alright that explain the name. Let’s try to decrypt it using the key.
Still not understandable, let’s try encoding it.
Brilliant ! We got our final passphrase and task 3 is completed.
While searching for the term steganography, I came across this kali document, stating that a tool called steghide that can be used to collect the hidden metadata.
We can install the tool steghide, using the command:
sudo apt install steghide -y
Step 5. Using the steghide tool, we can extract the hidden data from the welcome.jpg by typing the command:
steghide extract -sf welcome.jpg
extract : To extract the metadata
sf : Selecting the stegano file
and entering the passphrase
Opening the invitation.txt file using the cat command gives us a website link.
Task 4 completed. Now let’s go and open that link.
The website contains an image that is similar to welcome.jpg. Alright, Let’s download it and change the extension from jpeg to jpg. Just in case, so it is more compatible with the tools.
By doing a little bit of googling, we found out that the tool that was used to find the hidden file was called Outguess.
We can install the tool Outguess by using the command:
sudo apt install outguess
Step 6. By using the tool Outguess, we can extract the hidden file by typing the command:
outguess -r 8S80aQw.jpg outputmessage
-r : To extract
outputmessage : Name of the extracted file
Task 5 completed. Now let’s move on to task 6.
Let’s open the extracted file using the cat command.
Here we have a code that can be used with a book but we don’t know which book. We can crack that hash to find out. To crack a hash, we need to know what encryption algorithm is used to hash it in the first place. we can find that out by using the command:
hashid (hash)
This gives us the possible hash algorithms that could have been used to hash it. Let’s this start from the top (SHA-512)
Step 6. Go to this website and select SHA-512. Paste the hash and click on calculate hash. This may take some time.
The hash gives us a website link, let’s go there !
We found the book that was mentioned in the hidden file and it also contained some codes that we use with this book.
These are the rules, when the integer is positive. we go forward.
1:6 means 6th character in the line 1
Keep marking down the characters according to the given codes and when it comes to the negative numbers.
For positive, we go forward and of negative, we go backwards.
in I : 23 : -1, we go behind one character (:) and get 3
This may take some time but be patient and do it. It definitely adds to the feeling of solving an intriguing puzzle.
It finally forms an URL, which looks like it was shorten. Let’s see where this mysterious URL takes us.
It takes us to the Soundcloud website, where a wonderland song made by the Cicada 3301 group plays. With this our task 7 is completed.
This machine was extremely clever and fun. Makes you feel like you are in the verge solving a puzzle from a mysterious group. If you want to know more about the Cicada 3301 group and the history behind this machine. Watch this youtube video. Thank you for going through my walkthrough, it means a lot to me. I hope you find this useful. Until next time, take care and keep up the good work.