Hidden Layer

Discussion in 'General' started by Xeen, Jun 10, 2018.

  1. Xeen

    Xeen New Agent

    I haven't seen any talk about this for awhile (as per search results).

    I'm tempted to write a brute-force script to break into the hidden layer to find this encrypted access parameter.

    Btw, I just started playing yesterday, cleared the demo mission and all .hvm networks except for the bugged starcode.hvm that returns no results (forum search revealed this .hvm has been bugged for quite awhile as is one other, innocence.hvm I believe returns no asset node, but I found a way around that).

    If there weren't so many possible combinations, I might try to crack into starcode as well... but I would seriously have to write my own pseudo-hacking assist scripts to even begin running the combos.

    Anywho, I wish someone would drop me a hint if it is even possible to break into the hidden layer or if NO input will ever get you there (because there is nothing there :p ). Analytics implies that it may be accessible (94% at 32 of 33 public layer and 0 of 1 hidden layer, 32/34 = 0.9411) I'm kicking myself for not making note of the node patters for each of the visible external networks. Starcode.hvm is a cross pattern external network.

    PS - Not having much luck with intel trading (I was able to find ONE trade for the starter-mission completion intel I received).

    Mega-Spoiler Warning: My notes for all assets. Incomplete, but more than enough to get the job done/fill in gaps

    Name: Matilde Correia (Systems Technician)
    Age: 25
    U/N: Kinatim88
    P/W: Kios1queezah
    D/B: Gmail & Hotmail
    MAC: A9:F7:95:13:CE:01
    -Football OR Soccer (Message about sports game)
    -Battlefield (Message about WWI video game)
    -Rio de Janeiro (Message about party at Rio)
    -Neymar (da Silva's nickname)
    -? (Fosfobox?? Rio party club)

    Name: Donald Powell (SSE Officer)
    Age: 36
    U/N: dpowell
    P/W: MattyIce
    D/B: John the Ripper
    MAC: DD:1D:39:DF:6B:BA
    -Matt (??? From password)

    Name: Stephanie Meyer (Corporate Lawyer)
    Age: 28
    U/N: SMeyer
    P/W: H3rcul3p01r0t
    D/B: LinkedIn
    MAC: 32:EC:2A:03:95:0C

    Name: Berta Adamcyzk
    Age: 26
    U/N: Squititch1990
    P/W: j4mn1k
    D/B: RockYou
    MAC: DB:17:85:84:42:B2
    -Fiat (Italian Car)

    Name: Stephen Gao
    Age: 27
    U/N: SteveGao
    P/W: DTonguesquad
    D/B: Social Media
    MAC: 95:FB:32:DC:8B:9F
    -Mount Tai (Immortal Bridge)
    -Hip Hop (SHFT Fest)
    -Tongji University
    -Yang Shao

    Name: Minh Lam
    Age: 31
    U/N: lamm
    P/W: Ahb3vedi0o
    D/B: LinkedIn
    MAC: 08:C0:C5:B4:96:0C
    -UNC (University of North Carolina)

    Name: Peter Bar (Divorce) (this is the guy on the bugged innocence.hvm, PWA /server/MSexchange)
    Age: 53
    U/N: pbar
    P/W: Einbecker1351
    D/B: RockYou
    MAC: A0:06:47:74:B0:F1
    -Football (BMFC)

    Edit: Forced my way in through the bugged starcode network... partially. Still need to blind-crack FoxAcid connection.

    append .starcode.hvm to other known subdomains
    fairly uncommon subdomain and technology

    Edit: Vulnerable subdomain located.

    Anyone know if I need the correct technology AND port at the same time in order to succeed? Or will I get a separate error if port or tech is correct but not both?

    Hmm, apparently the target URL and Port will generate the same message and I have them both correct. The only thing I'm missing is the correct tech to attack (and I've been generating/running through an exhaustive list).

    Starcode.hvm access granted :)

    My only regret is that now I have hacked all the hivemind networks and there are none left to show my gf...

    Update on Intel: Able to obtain 40/47 before cracking starcode.

    Arkham SOAP report has 2 entries in the intel collection review screen and can be obtained by trading with anshel... or not (It's bugged, doesn't seem to give credit)

    BlueCrush is impossible to get (wanted in several places, offered in none)
    Same with MS 408 Key

    Khopesh Key seems entirely off the radar.

    Starcode is the ONLY place to get Presolar Grain, which you can then trade for NSA ANT in ONE place.

    Final Analytics:
    Hivemind control at 97% (33 of 33 public, 0 of 1 hidden)
    Intel at 89% (42 of 47, impossible to get MS408/Khopesh keys or Blue Crush, Arkham Soap has 2 entries and the trade @ Anshel bugs)

    If anyone has higher completion or if some of those intels were some kind of promotional/closed testing only type of deal, let me know!
    Last edited: Jun 11, 2018
  2. Xeen

    Xeen New Agent

    So... Writing a brute force script to try to break into the hidden layer (no clue if its possible or implemented or if we are supposed to go there or if there are hints elsewhere in the game)

    It would take 30B Years to crack a 10 character password with my weak tech. If I could stabilize it at full speed, that would give me a 10x boost, bringing the time to crack down to only 3B years!

    I'm not very good at this :p
  3. zaelong

    zaelong Moderator

    please dont bruteforce it with a script, were not supposed to get in the hidden layer yet. if we were, then the devs wouldve dropped some hints how to get there
    bruteforcing it, could make the servers unstable, and leaving even more work for the ddevs
  4. Xeen

    Xeen New Agent

  5. deadbeatsaint

    deadbeatsaint Active Agent

    Yeah if the game were self-contained that would a fine thing to do (I would personally try to leverage some EC2 instances for a couple hundred bucks) but since you're having to connect to their servers for authentication, you'd essentially be committing a [D]DOS attack on them.
  6. Enoch52

    Enoch52 Active Agent

    So I've basically done a manual sfuzzer attack (appended every subdomain and variation I could think of to .starcode.hvm), and even did a 30-sec sfuzzer search on just about all of the other hiveminds to build a list for my check. No vulnerabilities, although I did identify 8 subdomains that had services running on them. I tried running an alpha exploit against those services, but no dice.
    Last edited: Nov 5, 2018

Share This Page