Open in app

Sign in

Write

Sign in

Iscariot.net Chapter 00: Red Hat Hacker — write-up

pogo
10 min readSep 25, 2020

Iscariot.net is a new puzzle project that aims to release 12 puzzles as “chapters” over a period of a year (with the expected release rate of one per month). In order to participate on the puzzles, users have to hold $BLZ, an ERC-20 token created by the team. The purpose of these tokens is to unlock the trail path for each puzzle, as well as to be used for unlocking hints and submitting the final answer.

The first puzzle, Red Hat Hacker, was launched on September 21 and held a prize of 1.2 Eth. It only required that the solver link a wallet holding any amount of $BLZ in order to submit the final answer. The final form of the answer was known to be comprised of 4 words totalling 32 characters.

The puzzle’s starting page can be found at https://iscariot.net/chapters/00/.

Following the trail

From the starting page we can see that the trailhead is hinted at:

Below this, there is also an image of an apple. If one checks the image for Least Significant Bit (LSB) Steganography, there’s a hidden message:

LSB of the apple image

I’m not sure if this message should have hinted at anything, but I never found any use for it. Anyway, coming back to the trailhead “symbols”, there is no need to do any decoding, since the decoded link isalready present in the source code of the page. If the message is selected, copy and pasted somewhere else, the link reveals itself:

https://txt.fyi/-/20258/34df0991/

The the next step is a big binary wall of text (much longer than the image i’m posting)

https://txt.fyi/-/20258/34df0991/

This can be decoded quite quickly by selecting all the binary text and using, for example, https://www.asciitohex.com/. The decoding will give

Two roads diverged in a yellow wood,
And sorry I could not travel both
And be one traveler, long I stood
And looked down one as far as I could
To where it bent in the undergrowth;Then took the other, as just as fair,
And having perhaps the better claim,
Because it was grassy and wanted wear;
Though as for that the passing there
Had worn them really about the same,And both that morning equally lay
In leaves no step had trodden black.
Oh, I kept the first for another day!
Yet knowing how way leads on to way,
I doubted if I should ever come back.I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I-
I took the one less traveled by,
And that has made all the difference.https://telegra.ph/Well-done-traveler-09-14

A cool poem by Robert Frost which hints at divergent paths and a link. So visiting the link we see

https://telegra.ph/Well-done-traveler-09-14

Now, in order to find the correct path to take, we have to turn to the image and again find a message hidden inside it, which can simply be found by increasing the image contrast or looking at the LSB data

LSB of the spaceman image

So let’s follow the Red Hat, which is a thematic choice. We get to imgur:

https://imgur.com/a/UNMfXmK

Now, in the image there’s a long string of numbers which are digits of Pi (starting at position 6318). Buuut, if we look closely, somewhere in the string of numbers, there’s a link:

Following that link, we get to

https://bit.ly/3mg9XIZ

So we’re looking for a password. Now if we look again at the imgur link containing the pie image, the first part of the description “Take the whole pie with you” hints at the password that we need. There’s also a broken link in there, but that comes into play later. In the image, the pie is split into 10 slices, so the “whole pie” would be the value of Pi to 10 decimal points. Well, I didn’t get this reference and I ended up (locally) bruteforcing the password, by trying increasing number of decimals for Pi. For the password 3.1415926535 I got a good hit. Looking back at the hint, it made sense, but it’s not always that easy when you don’t know what you’re looking for.

So the correct password gets us a link to a new imgur image:

https://i.imgur.com/r181Ru0.jpg

I knew what this was instantly, as I have encountered this kind of encoding before. It is the type of encoding that was/is used in punched cards. Now, that’s a lot of letters and since I don’t know the encoding by heart, it would take a while to decode. So instead I looked around and found an online tool capable of decoding this automatically: http://laighside.com/punchcard.htm

Now, it’s a bit of guesswork to find the correct settings in order to decode this, so here they are:

Settings for http://laighside.com/punchcard.htm

If everything went well, hitting that Submit button and scrolling to the bottom of the page should reveal

THE FILE FOR LAST NAMES BEGINNING WITH SA THROUGH ST HAD VANISHED

This is the part where I got stuck on for the longest time. Searching for this text with quotes will reveal that it is taken from a book called “Chaos: Charles Manson, the CIA and the Secret History of the Sixties”. The only thing we have to go on is that we should probably continue that link from the pie image: https://telegra.ph/Tu. So I downloaded the book, read the whole chapter that contains the text and spent ages trying to find connections to something that starts with “Tu”. There’s not a lot of common words in English that start that way. A big coincidence that made me waste way too much time on this path is the fact that the next chapter in the book is called “Tusko Goes Down”. I was certain that the whole link had to be some sort of variation to that. Dead stuck.

So I went to visit a friend and decided to show my progress, maybe she’d have some ideas. After showing all the steps and doing a google search for the text, the same 10ish familiar results appeared. Just to prove that it’s not the right path, I clicked the one result that was from reddit,

https://www.reddit.com/r/AltLeftWatch/comments/fm9mkg/a_closer_look_at_jimmy_shavers_trial_social/

It looks like nothing of interest is there. I had looked at it before. Except this time I figured I’d also check the comments to show her there’s nothing hiding there either. Top few comments were 3 months old, so instead I filtered comments by “New”:

A good comment

Bingo! I instantly saw the end of the comment that has a format specific to telegra.ph links and knew I was back on the trail.

So now let’s see where the complete link takes us:

https://telegra.ph/turn-off-your-mind-relax-and-float-downstream-09-13

Very cool stamp/blotter! Reversing the image shows that there’s nothing extra hidden there except the 4 sets of numbers: 2:2:2 56:17:11 2:8:2 58:15:15. I instantly thought that these numbers are probably a book cipher, as that’s the most likely option when you get sets of 3 numbers (and the format being page:line:word).

There is also another bit.ly link in there, which leads to:

https://bit.ly/2DWyDoy

Hmm, another password page. So we need to find the book somehow. I tried searching for that stamp and telegra.ph title and linking them with various books. Most notably, Timothy Leary’s “The Psychedelic Experience”, since that’s where the title is taken from. But it’s just short of 58 pages, so it didn’t match.

So I went back to the reddit comment. I had not yet read the entire comment closely, instead just taking the piece of link that I needed. But the text actually hints at the book:

Mark David Chapman sat quietly and read after he shot Lennon. Why would someone do that? I'll tell you, these dark state agents are the Judas Iscariots of America. Uzika put a pdf online. It's a good thing to have in your backpack. On this long, confusing journey, it helps to have the right book

This Uzika was my next source of pain. I could find no author by that name. I scraped a lot of pdf hosting sites, notably scribd, but also looked through research papers. It was all too vague. I tried anagrams of that name, tried to Vigenere decrypt it (remember the apple at the start of the riddle? that could’ve been a keyword).

I had mostly given up on finding an author named that way, so instead I started looking if that name comes up in books. I searched for the name in the Chaos book. I searched for it in The Psychedelic Experience. Finally, I looked up what Mark David Chapman was reading after shooting Lennon. The Catcher in the Rye. So even if it was a long shot (since I read the book and didn’t remember a character with that name) I found a copy of the book online and searched for it. Nothing. And as my mouse was heading towards the “close” button for the tab, and my eyes were following it, my brain registered the link I had opened:

https://www.uzickagimnazija.edu.rs/files/Catcher%20in%20the%20Rye.pdf

Oooooh yes! I had the correct book and didn’t even realize it!

Now, solving the book cipher is pretty straightforward. First of the three numbers points at the page number (of the pdf, not of the book), 2nd points at the row number, 3rd at the word number.

The password for https://bit.ly/2DWyDoy ends up being “Iamthekey” (since the page states that we have to discard spaces).

Follow the link.  Three red-tongued gold lion heads will speak to you. When you  understand correctly, you will have completed the first phase of your  journey.

Finally, close to the end.

The image itself is a reference to Holden Caulfield, the protagonist of Catcher in the Rye.

The image, as it turns out, contains nothing useful, no steganography or messages.

Except that it has EXIF data. EXIF is data that can be added to an image for various purposes, such as storing program specific info, gps coordinates, creator notes and any number of other things. There are tools online that can display the EXIF data of images, one of which being http://metapicz.com.

Uploading the image there, we find

EXIF data for holden.jpg

Well that serial number looks like ciphertext! And it’s 32 characters long, which matches the requirement for the answer! Let’s go back to the text that brought us to this image:

Three red-tongued gold lion heads will speak to you. When you  understand correctly, you will have completed the first phase of your  journey.

Googling “Three red-tongued gold lion heads” we get to https://en.wikipedia.org/wiki/Giovan_Battista_Bellaso and it seems like this invented some ciphers. Digging up a bit more info, it turns out that he actually pioneered the Vigenere cipher! (I didn’t know that until now)

Now, knowing the ciphertext and that it’s a Vigenere, all that remained was to find the key. I only tried a few things like “apple” or “holden” before getting the correct one: Iamthekey again! The ciphertext decodes to:

nihilismconqueredrememberrosebud

or, since the answer box required spacing,

nihilism conquered remember rosebud

Now I just went back to the starting page and input the password. Boom!

Acknowledgements

A big thanks to the Iscariot team, this was a great puzzle with a long and convoluted journey. The narrative aspect of this was great. And each time I got stuck, I thought “well this step makes no sense” but after passing each part, it all made clear sense in retrospect. I feel like the difficulty was perfect and I appreciate the fact that it avoided requirements of heavy technical skills, which makes the whole experience easier to approach and more enjoyable for everyone. I really hope this project will be successful and we’ll get to see and enjoy all the other 11 chapters that are planned over the next year.

Feel free to follow the Iscariot project to catch the next puzzles (which might have larger prize pots): https://twitter.com/iscariotcoin

Also, thanks Luigy for memeing on this with me :D

Finally, for some great and active puzzle-filled communities, check out:

Crypto_puzzles: https://discord.gg/bSn85h5

ARG Solving Station: https://discord.gg/uYAXsww

Cryptopuzzle
Treasure Hunt
Image Steganography
Cryptocurrency

--

--

pogo

Written by pogo

51 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams