Suspicious Origins

Discussion in 'Fan & Sandbox Missions' started by Santiak, Jan 21, 2015.

  1. Santiak

    Santiak MIA

    Fellow Agents,

    I recently came across a highly unusual file in the HQ archives.
    I've checked the logs, but from what I can find, the file itself was not created, nor sent - as such. Instead, the source IP would seem to indicate that the file originated from, and was sent to, the same place; namely the TBW communications archives.

    However, due to responsibilities elsewhere, I unfortunately do not have enough time to work on it, and considering this file was only "received" this past week, I thought it prudent to tackle it sooner rather than later.


    Urgent.png
     
    3 people like this.
  2. Zerosh

    Zerosh Sleeper Agent

    Who the **** is this man? I don't know, but I can tell you who he's not.
    I think the type of habit he's wearing is typical of friars and so I have looked for famous friars with little success. He's none of the Distinguished Franciscans nor a Medieval or Renaissance catholic philosopher. And unfortunately the image is too distorted for Google Images :/
    I can't date the painting style but I guess it's post-medieval.


    Any ideas?
     
    3 people like this.
  3. bljkr

    bljkr Gold Member

    I don't know should I provide a name... shrugs. I haven't dug much beyond finding out who it was.

    Marin Mersenne
     
    6 people like this.
  4. Bats

    Bats Division 93: Covert Grammatical Ops Battalion

    Well, that's some prime information right there.


    -Bats
    (err... sorry.)
     
    3 people like this.
  5. Zerosh

    Zerosh Sleeper Agent

  6. riningear

    riningear Division-79

    How recent did this appear? Do you have any data on the dates/etc. attached to it, when it was sent, when you found it, how often you check the place you found it in?
     
  7. nikel

    nikel Lab 1852 - Neurals

  8. Santiak

    Santiak MIA

    The date of entry for the file was not available, nor was the date of creation - unfortunately.
    However, the database wherein I found it is checked daily, but there's no saying for how long the file's been overlooked, as the lack of dating may well have caused it to be prioritized comparatively low. Although I suspect it couldn't have gone unnoticed for more than a week - but again, no way of saying.

    Interesting find by bljkr, by the way. Makes me wish I could be of more help myself.
     
  9. Zerosh

    Zerosh Sleeper Agent

    So... has anyone tried something? Like Steganalysis?
    I've looked into Steganalysis a bit but no results for the moment.

    Edit:
    Assumig this is the orginal image, I've run some Steganalysis tools and all of them say almost the same:
    C:\Users\zerosh\TBW\Steganalysis\StegExpose-master>java -jar StegExpose.jar ..\..\Suspicious_Origins
    1_2ca74cb88c3779d91562a5b4af61c93b.png is suspicious. Approximate amount of hidden data is 56044 bytes.
    Marin_mersenne.jpg is suspicious. Approximate amount of hidden data is 4638 bytes.


    It seems this image Santiak found has something within.
     
    Last edited by a moderator: Jan 24, 2015
    2 people like this.
  10. Zerosh

    Zerosh Sleeper Agent

    And...
    [​IMG]
    Using this tool and with the password "Mersenne" I have extracted a file called Observe.txt from the image.
    Said file contains the following text: "XRFFAMEEKHAMEEKALGDOLWZKAVVKLWLTFMOIEOFGIIZOCWLVS"
    According to this it's Bifid cyphertext.
    Using the info here I may have determined that the period is 6 or 8. Here is the spreadsheet I've used.
    I have used the C program in that page but I've been unable to crack the cyphertext u_u
    That's how far I've come and now it's past 5AM and I should go to sleep...

    EDIT 28/01/15:
    The C program doesn't work. I've tested it with a known ciphertext and it's not capable of cracking it.
    I'm going to try to make my own cracker but I'm short on free time so it'll take me a while.
     
    Last edited by a moderator: Jan 28, 2015
    8 people like this.
  11. Zerosh

    Zerosh Sleeper Agent

    I've been trying to crack this but I've been unable. I don't know what else I can try. If anyone is following this and wants more info you can poke me.
     
  12. Santiak

    Santiak MIA

    Sorry for the lack of updates, Agents - I've been rather busy of late.

    I believe the cipher you've encountered is, with the lack of structural hints, likely one that needs a key, but not any additional information - such as a distinct polybus.
    Not sure which one it may be, but perhaps it is somehow related to the person depicted?
     
  13. Zerosh

    Zerosh Sleeper Agent

    Thanks to the hint provided by Santiak I've been able to advance and I think I've found the origin of this file.
    In the following spoiler I'll do a step by step walkthrough:
    The first step is finding out who is the man depicted in the image. This man is Marin Mersene, and the orginal image seems to be this one.
    Various steganalysis tests comparing both images seems to indicate that there is something hidden within the distorted one.
    C:\Users\zerosh\TBW\Steganalysis\StegExpose-master>java -jar StegExpose.jar ..\..\Suspicious_Origins
    1_2ca74cb88c3779d91562a5b4af61c93b.png is suspicious. Approximate amount of hidden data is 56044 bytes.
    Marin_mersenne.jpg is suspicious. Approximate amount of hidden data is 4638 bytes.

    Since the image is a .png the more feasible steganography tool used is OpenPuff.
    Using this tool and the password Mersenne a hidden file called Observe.txt is revealed.
    The content of this file is the following string:
    XRFFAMEEKHAMEEKALGDOLWZKAVVKLWLTFMOIEOFGIIZOCWLVS
    That string looks a lot like ciphertext. Ignoring false positives and using the hint provided by Santiak, the possibilities can be narrowed to two ciphers contemporaneous to Mersenne: Porta-Bellaso and Vigenere.
    Keeping in mind the name of the mission and the name of he hidden file, you may notice that there is a line in the Wikipedia article of Mersenne that reads: "Marin Mersenne (pronounced Mehr-SENN) was born of peasant parents near Oizé, Maine (present day Sarthe, France)."
    Using Sarthe as the key of the Vigenere and the ciphertext previously discovered, the following message is uncovered:
    FROM TIME TO TIME THE CLOUDS GIVE REST TO THE MOON BEHOLDERA
    (the trailing A is an S, so maybe the trailing S in the ciphertext is not part of the ciphertext)
    If you ask Google about that text you'll find somthing like this:
    https://oldpondcomics.wordpress.com...clouds-give-rest-to-the-moon-beholders-basho/
    http://enloehs.wcpss.net/projects/west42002/basho3/review.html
    http://katieyamasaki.com/work/moon-...onal-museum-little-tokyo-los-angeles-ca-2014/
    The text is a haiku by Matsuo Basho or Matsuo Munefusa.

    Since OpenPuff gives you the opportunity to hide a decoy, maybe the Mersenne message was a decoy and the real message is still hidden. Working with this idea and using Munefusa (found in the second link) as the new password a new message is revealed.
    Using the password Munefusa in OpenPuff with the distorte image of Mersenne you get a file named TL Fate.txt with the following message inside:

    To all Moon-Beholder Agents; we must be brief.
    Patient Tau have reached a critical state. He is no longer within our control.
    Our application of the Mersenne sequence was a success; too much so.
    Achieved contact with inumerous TL iterations, all containing Patient Tau (MMS-TL).

    Resonance unforseen.
    Multiple Ruptures across visible space are emerging; we believe the links established amplified the fledging abilities of all Tau.
    We estimate complete TL merger within the hour - we suspect recursive derivation time-state will follow; time will cease to flow.
    We believe only active Tau TLs will be affected; but expect bleedthrough to all TLs where Tau may occur.


    To all Agents in Tau-Potential TLs:
    Beware the Harlequin Artefact.


    A cicada shell;
    it sang itself
    utterly away.

    Farewell.
    - - -

    I think TL stands for Time Line and so I suspect that this file Santiak found is the result of the time-space distortions described in the message. That would explain the Suspicious Origin of this file.

    Miscellaneous bits:
    Mersenne sequence
    Harlequin Artefact
    A cicada shell;
    it sang itself
    utterly away.

    I give you thanks @Santiak for this cool mission :), it was as maddening as interesting :p
     
    Last edited by a moderator: Mar 1, 2015
    3 people like this.
  14. Santiak

    Santiak MIA

    Well done, Agent Zerosh.

    What do you make of the message?

    Not entirely sure what to make of it myself, if it means what I think it does - sounds a bit outlandish, even for our standards.

    With this mission, I attempted to make something where one couldn't really rely on tools - be it reverse image search or cipher identification tools.

    My motivation for doing so, was that I know from myself, that I tend to rely more and more on automized tools when handling missions, and I wanted to pull away from that trend just a bit - as one might potentially get irrevocably stuck on a mission if one relies too heavily on said tools.
    At the same time, because the mission relies more heavily on acquired knowledge rather than on discovering knowledge, I hoped it would encourage - if not outright force - communication/cooperation in order to solve it; another trend I feel has been going in the slightly wrong direction - and I am, of course, only speaking on my own behalf. ^^

    In other words, a mission where the individual steps wouldn't be all that difficult, but conversely, where the "penalty" for going at it on your own would make them feel nearly impossible.

    Unfortunately, it seems I inadvertently ended up torturing Zerosh instead - sorry about that ;)

    Let me know if you want a reasoning behind the somewhat superficial story involved, or if you'd rather leave it open for interpretation. ^^
     
    3 people like this.

Share This Page