Welcome to the Loki Christmas puzzle write-up, one of the most interesting, fun and original puzzles that I have ever competed in. This puzzle was published at the beginning of December 2018, together with the new Loki website layout and the service node 2.0.0 release (codenamed Festive Freya). The initial announcement, although I can not find it, said simply that the puzzle has a 1000 LOKI reward, starts somewhere on their new website and whoever solved should send a tweet to @Loki_Project with the winning phrase.
Big thanks to silver_anth agreeing to team up right from the start!
The path
So as I mentioned, the start of the puzzle was located somewhere on the https://loki.network/ website. Unfortunately, because it took us more than 8 months to solve, the exact layout of the website has changed, meaning that at some point the link you had to find was not there anymore (but is there now, only in a different place and format). But at any rate, if my memory serves me right, it was a tiny little hidden text that you had to click and which would redirect you to
Note that at the moment this link redirects you to a 2019 reupload of it which seems to be identical to the original. It includes a QR code which should only link you to the main Loki Discord channel but also gives clues that you have to talk to Santa, who was a bot on that discord with id Loki Santa Bot#5822.
Writing anything to the bot would just give you the message
Sorry you don’t sound like a familiar person at all
which obviously further hints that the bot is expecting some special phrase. A closer look on the above webpage reveals that another message is hidden with a html_mask, namely
Santa! I received 1 cookie and 1 glass of milk, but not enough for Freya and Loki, what shall I do?Using this phrase on the bot helps refresh his memory and he replies with the next step of the puzzle:
Yes, yes! It’s that time of the year, Loki has disappeared again. I have a few notes for you that have been scattered around the internet. I don’t quite recall what Loki is up to again this year. Would you remind me of the 4 sentences that I’ve left around the internet? It might have the answer you’re looking for. Loki has been mischievous and jumbled the sentences into each of his own stories.
I think he’s hidden those stories here,
loki.network/wp-content/uploads/2018/12/chris_scared_loki_away.html
joshalosh.github.io/loki-docs
Loki’s blog
Loki’s youtube channel.
Please find them and remind me-
So now we needed to find 4 phrases hidden in various parts which are hinted at and tell them to the bot!
Well, the first link that’s already supplied to us has a nice little story which, upon closer inspection, has a paragraph that’s in white font,
One day he hoped that people would be able to protect themselves the same way he could and he was sure that a group of people who cared about privacy the same way he did would come up with a solution. Until then, he would shapeshift into Simon in the hopes of remaining forgotten and seldom talked about as a Christmas Leprechaun.Supplying this to the bot gets us the reply
1 of 4 sentences found
Yes that seems to ring a bell, now what about the other sentences?
as well as a Santa image, which I’ll mention a bit later. Very importantly, each correct phrase gave a seemingly identical Santa image with a different 16 hex char name.
Two other phrases were found in a similar fashion but I won’t go into details because I didn’t document the exact sources. The last phrase was taken from yet another long story, but each letter was collected from the first letter of a sentence. All in all, the other 3 are:
There is a god of tricks who is known to be a fabulous shapeshifter.He turned into Simon, the easily forgotten and seldom talked about Christmas leprechaun.THE REASON WAS TO HIDE HIS REAL IDENTITY FROM PEOPLE WHO WERE LOOKING TO USE THIS INFORMATION AGAINST HIM.
Once all 4 sentences were found, the bot further said:
You’ve found all 4. It doesn’t quite make sense, but I’m sure if you put the 4 sentences together in the right order and say it all at once, I ought to remember something useful!
So rearranging the phrases and supplying them together as such:
There is a god of tricks who is known to be a fabulous shapeshifter.
He turned into Simon, the easily forgotten and seldom talked about Christmas leprechaun.
THE REASON WAS TO HIDE HIS REAL IDENTITY FROM PEOPLE WHO WERE LOOKING TO USE THIS INFORMATION AGAINST HIM.
One day he hoped that people would be able to protect themselves the same way he could and he was sure that a group of people who cared about privacy the same way he did would come up with a solution. Until then, he would shapeshift into Simon in the hopes of remaining forgotten and seldom talked about as a Christmas Leprechaun.Finally, sending this to the bot gives us the final useful bit of information:
That sure does bring back memories. That’s right, Loki left you this, I think you might be interested in this Soundcloud thing. You young whipper-snappers and your Soundcloud, Santa here was busy leaving presents on the Blockchain back when I was young.
https://soundcloud.com/user-614097681-355897030/dawg-1/s-3KLhd
Dimi’s midi diary
At this point I felt like we entered the next phase of the puzzle, since interaction with Discord was no longer required, and challenges stopped being Christmas themed. Also, personally, I enjoyed this phase very much!
We are sent to a strange Soundcloud track. Listening to it, it’s very obvious that the left and right channels contain completely different data. The left channel contains a synthesized voice which tells us some technical specifications of something, with very spicy and fun additions. I loved this part! Trying to reverse what’s going on, we find that the voice is actually describing the MIDI specifications, which would act as a hint further down the path.
On the other hand (or rather, channel) we have a very ambiental sort of track which doesn’t make much sense. Well, turns out it’s just a normal voice recording, but slowed down 25x. Downloading the Soundcloud file and opening in Audacity (or other audio software), we can isolate just the right channel and increase the track speed by 25x, to reveal that the audio is actually saying
Inside the pastebin link we can see a looong list of hex values, with the first 4 bytes in ASCII range. Transforming just these 4 gives us “MThd”, and with a simple google search we learn that it’s a header for a chunk in the MIDI standard. So that’s a MIDI file’s hex contents. Using a tool like HxD we can just copy-paste the pastebin data into a new file and instantly recreate the .mid file.
Now we need to see what’s contained inside the .mid file. We can do this quickly online using a site such as https://onlinesequencer.net where we just upload our recreated file and we’re given:
So that cute little logo on the left is the github logo, and it seems like we’re supposed to find DDY-LEE there, and something about 44C330706 which seems like part of a commit hash. Looks relatively straightforward but it’s not *that* easy in practice, or at least wasn’t for us. First of all, there is no DDY-LEE on github, but instead there is a DOY-LEE, a dev in the Loki team. Then, we didn’t have much luck searching for that hash. Instead, we managed to find the correct repo and only afterwards confirmed it was correct because it had same commit hash. We don’t know if there was an easier way to find it, but it took us like 2 hours of rummaging through Doy-lee’s projects to come up with this:
which contains only these 4 lines:
The end is near,
the answer you seek
is nearby here
dimi@116.203.31.9
Well, we confirmed almost immediatelly that this is a ssh box, but we were still short of a password.
When we reached this point it was still day 1 of the puzzle, around 10 hours in. We tried a lot of things as password, we ransacked everything on github, but never found anything that worked. We were stuck on this point for around 5 or 6 months.
The password
Remember that I mentioned earlier that Santa Bot gave us 4 images, one for each correct phrase that we input? Well, they were all identical except for some snowflakes. These snowflakes give us an order (see image below), so we figured we have to put the file names together to get a hash. The hash we get is:
5ab371e80fac15e02F59c378fd373d283f77eb2d7d2e4142B8f5d918d1b6ddd0
The last thing that Santa Bot told us was something mentioning the blockchain, so we figured that this hash would probably be a transaction id. Note that the hash contains 2 uppercase letters, an F and a B, which were probably put there just to mess with the solving process a bit, since the blockchain explorer is case sensitive and only uses lowercase letters. At any rate, we had this part sorted out on the first day as well. But it didn’t work.
So as I mentioned, we got all of this on the first day, but not any bit further. Then, 5 months later, we progressed using the exact same hash. Turns out the reason for this has nothing to do with the puzzle, but instead with the development of Loki. The Loki dev Doyle (Doy-lee on github) confirmed after we solved the puzzle, that initially the hash was supposed to be used on the testnet. For the life of me, I can’t remember if we didn’t try the testnet at all or if we tried it but forgot to switch to lowercase letters. Apparently, sometime in March there was a big testnet restart, so they were forced to move clue onto the mainnet, which is the reason why we found it when we started looking again in May.
So basically, if you searched for the above hash on the blockchain explorer, https://lokiblocks.com/search?value=5ab371e80fac15e02f59c378fd373d283f77eb2d7d2e4142b8f5d918d1b6ddd0
you get a nice message telling you the next clue,
Ho ho ho, back in my day, we didn't have presents, it all started for Loki and Freya. With the inception of time, I left myself the answer to it all- it's been many years now maybe it's time to go back to where it all began, on the 3rd of March, 2018. I took some rest early in the dayObviously, this message is pointing at the beginning of the Loki blockchain (but there’s a mistake in there because Loki’s beginning is on the 3rd of May!). It doesn’t state if it’s a blockchain clue or a blockchain explorer clue, but with patience, browsing all the first blocks and their transactions, one finds the next clue on the block explorer’s Miner Transaction of Block 10 :
https://lokiblocks.com/tx/fff1d35d8c6dfc150fb04c8d53590fd9272a8da69eeef8b7d71249009cc41e23
saying
Ho ho ho, to future viewers, I leave this behind in hopes that one day you can make use of it to find the last secret for Loki and Freya.
Address: LCyM7T5z2zbFGMbEMgor8cSZ6mVpcSfGFBXEyLnszXHxJpzTS8CsEo44FbxkT11ADHPdYwR7S1WkCJazLdzyxyhTSVHsbwB
View Key: bd628cf8ecb8fcf600e8e0e41fd322888a7d9f6274315b0e50b63e4864c89f00
Address: L8ULn5dBiAeTWN7c83UbKQLFQXVFiEnYb5PgjYVzzRyaUvNQuPFZ7aK38rbLpz54oNTbhBkY1uEEy277ZPvv4Yt3RiqLU6h
View Key: 7e059dea2c052f4b0997ccf462c854f64b5a45e15fd9becf2dc53fa59ce69d00Okay so now we got a couple of addresses and their view keys. The only thing that these help you with is to see any transactions that went into the addresses and the amounts. Loading both view-only wallets, we see that each address only had a single incoming transaction:
Address: LCyM7T5z2zbFGMbEMgor8cSZ6mVpcSfGFBXEyLnszXHxJpzTS8CsEo44FbxkT11ADHPdYwR7S1WkCJazLdzyxyhTSVHsbwB
Tx hash: b6b63179e6c1355a89099e5278db22699f968dd059fa714c64ca6506587195bf
Block Hash (height): f66fa04df9d88ebd50b02977815880eae1668234861cef0b898de7dd7acdb786 (229435)
Amount: 1.597463007Address: L8ULn5dBiAeTWN7c83UbKQLFQXVFiEnYb5PgjYVzzRyaUvNQuPFZ7aK38rbLpz54oNTbhBkY1uEEy277ZPvv4Yt3RiqLU6h
TX Hash: 3c269a3962ca2d6e39bd37d7edcb19b45d0c434e4c6ecb80d86bbf44a0506d46
Block Hash (height): 49521c7dda3b572ce26eb7f18098980aeab747faab21156f24758e8def423e64 (229447)
Amount: 0.000085612
The first thing we tried was to look at the blocks where the transactions took place, since there’s only 12 blocks between the two. Well, the transactions were in March. That confused us for a while, until Doyle confirmed that the actual dates were not relevant and merely a byproduct of something else.
We couldn’t find anything else of note between the two blocks even though we checked every transaction really carefully, so for 3 more months we were stuck once again.
Finally, we found what we needed to move forward. Looking back, it seems like we should’ve tried this way sooner. Maybe we were just sloppy.
All that was needed, was to google the amount of the first transaction, 1.597463007 but without the period, so 1597463007. This instantly leads to https://en.wikipedia.org/wiki/Fast_inverse_square_root since apparently it’s a very interesting “magic number”, used as a constant to calculate a very hacky but good approximation of an inverse square root for a float number, first implemented in the game Quake III Arena (great game!).
Once we got here, it was absolutely clear that this was what we were supposed to find. So then, we implemented this algorithm ourselves and tried to calculate the inverse square root for 0.000085612 giving us something in the ballpark of 108. It didn’t make much sense, since there was nothing on Block 108 and no other way to derive a next step. So instead, we used the exact implementation from above, giving us the value “107.973816”. Using this as the password for the ssh “dimi@116.203.31.9" we realized it actually works! Still, we didn’t get in, just got the error
This service allows sftp connections only. Connection to 116.203.31.9 closed.
Finally, using a tool like WinSCP or anything that allows sftp, one can access the server, where there’s a single file, named congratulations.txt :
Congratulations! You’ve solved the 2018 Loki Christmas Puzzle. Thank you for participating.
Please tweet @Loki_Project the secret phrase “Loki and Freya: Dead Rabbit, Electric Boogaloo 2, cd768ff3a153efcf”
Aaaand that’s the end of our journey! If you actually bothered to read the entire write-up, kudos to you. Btw, Doyle mentioned that the “Dead Rabbit” part is a reference to a previous puzzle that Loki hosted, solved by the ARG Solving Station and with a write-up here: https://argss.org/arg/loki-puzzle
Acknowledgements
A big thank you to the team @Loki_Project for putting together this awesome and fun puzzle, with a lot of twists and original ideas! We’re certainly hoping to see more puzzles in the future :D
Thank you to @silver_anth for teaming up and pulling this off together!
For some great and active puzzle-filled communities, check out:
Crypto_puzzles: https://discord.gg/bSn85h5
ARG Solving Station: https://discord.gg/uYAXsww
Neon District: https://discord.gg/RB7pKHz
