Close
0%
0%

Lets Solve Hackaday.com/Space!

I figured I would start a project to crack the mystery that is hackaday.com/space.

Similar projects worth following
On April 1st (april fools day) Hackaday redirected visitors to a mysterious screen (seen at hackaday.com/space) that is obviously part of a prank/easter egg hunt/fun adventure. I figured we could log our progress cracking this mystery here. If you would like to be a project contributor, just let me know and I will add you.

Please post any new findings in the comments so I can make updates as we progress. I will also make you a contributor to help move this thing along!
  • Well that was fun :)

    John Boyd05/02/2014 at 16:14 2 comments

    For those of you who have not noticed, Hack A Day announced the Hackaday.io/prize competition to go to space! They have also been explaining in HaD posts how this whole hackaday.com/space ARG was a "pre-game party" for the announcement of their competition to go to space! Pretty sweet if you ask me. This will likely be the last project log, I just wanted to have one last update to conclude things for anyone reading this in the future.

    Hack A Day Official Explanations of ARG Transmissions:

  • Spoiler - Final Transmission - Major Tom's Diary

    mikeneiderhauser04/25/2014 at 14:58 0 comments

    For those who do not have Minecraft. (This was posted in the comments and taken from http://pastebin.com/JjmKfR6e)

    1:

    Herein are the

    Cronicles of

    Major

    Joshua

    Tesla

    Tom

    ----

    2: No sooner do I publish details about my launch vehicle do I get slapped with a patent warning. Really, having the engine on the bottom of the rocket is patented?

    ----

    3: I have come up with a brilliant solution. While the current situation prevents me from putting the engines at the bottom of the rocket, the language used in the previous patents say nothing about putting the engines at the top of the rocket.

    ----

    4: I have moved the engines to the top, and the capsule to the bottom. Of course the vehicle will be rotated for launch, but all is well. In keeping with the patent warnings, I have now rotated all diagrams 180 degrees.

    ----

    5: The new vehicle design works brilliantly. Unfortunately, the lawyers do not see my solution as unique, and have filed suit in east Texas.

    ----

    6: Although I'm building for personal use the cease and desist letters are getting more and more aggressive.

    ----

    7: Able to stand it no longer, I have launched my space station months earlier than planned. Out of the jurisdication of any nation I should be safe to build whatever I want.

    ----

    8: So far the microgravity environment has proven challenging for a number of simple tasks. There is now solder flux in the atmospheric recyclers and using the CNC router causes a slight rotation in the station around the forward axis.

    ----

    9: I feel I am getting the hang of working in a zero gravity environment. I have noticed a small fault in the vehicle's abort switch which I believe to be a loose solder joint. This must be fixed befire I can continue my research.

    ----

    10: I have come up with an elegant solution to the abort switch problem. If the computer is manually placed into an abort condition, I may continue using the flight computer as it will never trigger an abort. Genius.

    ----

    11: There has been a main bus fault. Thrusters are gone, as is the navigation computer. Main computer will require extensive repairs.

    ----

    12: ex appiars i hazi s{exchih xdi xderh anh joyrxd haxa leni.

    # (it appears I have switched the third and fourth data line)

    ----

    13: The previous situation has been resolved, altough I am currently dealing with several other mechanical problems on the ship.

    ----

    14: I have repaired as much as I can inside the ship, but the repairs now require me to EVA and fix the remaining systems. I do no like extravehicular activities. Last time the comms circuit died.

    ----

    15: The problem on the exterior has been resolved, thanks to a few comms from a good friend back on the blue earth. The defective component was a 709, luckily I had the spares. Bob will get back to me on the cause of the failure.

    ----

    16: Some readings from my transmission testing leads me to think others have been decoding my communications. Who would take the time to intercept and decode all of my messages?

    ----

    17: I grow weary of both waiting and worrying. If rescued I plan to start my search for someone to replace me. Maybe a more skilled soul can keep this place running, without interfering with their quest for discovery.

  • Final Transmission

    John Boyd04/24/2014 at 00:42 6 comments

    For those of you who haven't noticed, the final transmission was posted a few days ago. The transmission was simply this picture:

    The numbers in the picture represent the IP address and port number: 50.112.128.47:25565, which happens to be a minecraft server!

    On the server there is a myriad of puzzles for us to solve. It seems most of them have been solved, but it is still a lot of fun to go find them all!

    When a collection of photos has been gathered, I will post them here.

  • Transmission #03 Decoded: Launch site confirmed.

    John Boyd04/17/2014 at 18:45 0 comments

    Seems like the transmission has been decoded and we have a launch site confirmed. Its hard to keep track of who has done what, but the entire community has come together to solve this one. The words played back in the audio files listed below, were deciphered to reveal the geographic location of the Baikonur Cosmodrome Launch Facility.

    http://en.wikipedia.org/wiki/Baikonur_Cosmodrome

    These are the MP3 files extracted from each image:

    Here is what the mp3's say:

    • 1.mp3: Earth, Farad
    • 2.mp3: Joule, Circuit
    • 3.mp3: Amp, Gain
    • 4.mp3: Electron, Capacitor
    • 5.mp3: Dialectric, Diode

    Taking the first letter as a number starting with A=0 we get the following numbers:

    45 92 06 42 33

    AKA the GPS coordinates: 45.920N, 63.342E

    Ground Control confirmed the launch site here.


    They left us with a parting phrase (possibly clue), "Suit up!" Is this a reference to the space suit Minecraft skin we found earlier in the transmission? It might be worth our while to keep a look out for a HaD minecraft server in the near future.

  • Decoding Transmission #3

    Tyler Anderson04/16/2014 at 06:33 0 comments

    Each of the images for Transmission #3 contains a block of hidden data at the end. Fire up a hex editor and search for FF D9. This indicates the end of a JPEG file. Everything after this is extra.

    Rocket Picture

    We can tell there is a PNG file hidden in the rocket picture because the extra block starts with ".PNG........IHDR" and ends with "IEND.B`." Heres the extracted image:

    Turns out its a space suit skin for Minecraft! View it at http://minecraft.novaskin.me/

    Telescope Pictures

    In each of the telescope pictures, the extra data starts with "Salted__". So this means its encrypted with OpenSSL. After copying the data to it's own file, you can decrypt it with...

    openssl enc -d -aes-256-cbc -in 1.bin -out 1.mp3 -pass pass:"Im floating in a most peculiar way"

    These are the MP3 files extracted from each image:

    Here is what the mp3's say:

    •  1.mp3: Earth, Farad
    • 2.mp3: Joule, Circuit
    • 3.mp3: Amp, Gain
    • 4.mp3: Electron, Capacitor
    • 5.mp3: Dialectric, Diode

    Theres also more data hidden in these recording. The MP3 metadata has the following comments:

    1. Transmission received at T-1090800.0222786265106846
    2. Transmission received at T-1090800.0296872268554892
    3. No transmission
    4. No transmission
    5. No transmission

    Also, if you have ffmpeg, try...

    ffplay 1.mp3

    ...to get a Real Discrete Fourier Transform

  • What we know (recap) T#1, T#2, T#3

    mikeneiderhauser04/15/2014 at 23:02 0 comments

    Here is a log of the recap from the ##hackaday IRC

    <mdn15> Lets do a little recap shall we (and please feel free to fill in where I may miss)

    TRANSMISSION #01

    <mdn15> Transmission 1: [Input Sources] Coordinates of telescopes.

    <mdn15> Test Block 1: "I'm floating in a most peculiar way"

    <mdn15> Test block 2 was the QR code that led to the Major Tom Page

    TRANSMISSION #02

    <mdn15> --Transmission 2--

    <mdn15> Video on HaD Page

    <mdn15> IP of telnet server

    <mdn15> bob widlar (username and password of server)

    <mdn15> Various messages from MrWildard

    <emerica_> ^ ignoring those

    <mdn15> (thats what I'm thinking, but still needs to be noted)

    <emerica_> indeed

    <mdn15> On the telnet server

    <mdn15> we found a key file and a puff the magic dragon file

    <emerica_> AGC

    <mdn15> correct

    <mdn15> as of now.. I feel AGC was to throw us a curve ball

    <mdn15> The keyfile and openpuff led us to a message in the Transmission 2 Image

    <rawe_t30> status.jpg?

    <mdn15> yes.. status.jpg

    <mdn15> the message resulted in

    <mdn15> 

    "Current Status

     Inclination 52.3

     Altitude 439km

    O2 76.2%

    Could do with a lift guys.

    <mdn15> then we got this from ground control

    Major Tom, this is Ground Control. Message received.

     Rescue mission planned, crew selection progressing.

    Next communication at T-18180

    TRANSMISSION #03

    https://github.com/unlimitedbacon/Transmission3

    <mdn15> -- Transmission 3 (so far) --

    <mdn15> 5 images that (most likely) relate to T#1 on the main Hackaday page

    <mdn15> These images have some sort of SSL info embedded (files begin with Salted__)

    <mdn15> The pic on the T3# page had a PNG file embedded that contained a space suit as a minecraft skin

    <rawe_t30> this was the first image on static.projects.hackaday.com with embedded info

    <emerica_> I dont know if the post number 119822 is relevant

    <emerica_> the next 8 bytes are the salt

    <emerica_> 8 right?

  • Transmission #03 is here

    John Boyd04/15/2014 at 16:08 4 comments

    Transmission #03 has been posted on Major Tom's Page, along with images of the target radio telescopes decoded from Transmission #01. So far there doesn't seem to be much progress deciphering this message, but check it out for yourself and see what you can find!


    Here is what a few people have found:

    1. Green Bank Telescope (National Radio Astronomy Obervatory) 

    2. Arecibo Observatory 

    3. LOFAR Superterp (Netherlands Institute for Radio Astronomy) 

    4. Ratan-600 (Special Astrophysical Observatory of the Russian Academy of Sciences) 

    5. Effelsberg 100-m Telescope (Max Planck Institute for Radio Astronomy)


    Original GPS Coordinates:
    1. Arecibo Observatory
    2. Very Large Array (National Radio Astronomy Obervatory)
    3. Ratan-600 (Special Astrophysical Observatory of the Russian Academy of Sciences)
    4. Effelsberg 100-m Telescope (Max Planck Institute for Radio Astronomy)
    5. LOFAR Test Field (Netherlands Institute for Radio Astronomy)

  • (Almost) Complete HD Dump

    cadeldarkon97904/10/2014 at 01:21 0 comments

    I dumped most of the hard drive into a tar.bz2 file, as I could not get all of it (bob doesn't have all the needed permissions). If you would like to chroot into a copy of the computer, this dump is perfect for that! I have uploaded it to DepositFiles and Skydrive.

    Link 1: http://depositfiles.com/files/vyhn9x8ei
    Mirror: http://1drv.ms/1ksqGqd

  • Transmission #02

    Emerica04/10/2014 at 01:06 1 comment

    Transmission #2 - Solving the video

    http://hackaday.io/project/754/log/1301



    Transmission #2 - Server Contents

    http://hackaday.io/project/754/log/1303
    http://hackaday.io/project/754/log/1327


    Transmission #2 - Completing Decryption.

    Emerica:
    I had spent most of my evening watching Apollo Navigation Computer videos, preparing for possible use of DSKY. 
    It seemed most people were still stuck on trying to find data in the images and video expecting more, and I was starting to think that it was all just a ploy to side track.
    All the video is, in my opinion, is an attempt to gain more attention for the event, and to expose the IP and the AUTH clues.
    It was on the site all day/night, bringing much more attention to those who many have missed it. 
    More help is always good :) 
    I don't think you can really expect any visual stenography to make it through Youtube's encoding process, with reliability.
    Audio is another story, but too complicated in my opinion to try and have the public find it 'easily enough'
    Transmission #1 was pretty simple, there is little reason that  this challenge should be magnitudes harder.


    Many of us have thought these images have hidden data in one way or another.
    How are we going to decode stenography it we can't verify what was used to encode it, without the algo(s) and the key(s), it seemed like a moot point to me. So I focused more on the AGC app.
    When Ben mentioned the email about the decryption not being complete, I knew that we had to take another look at the transmission 2 image.

    I opened it with a hex editor, this gave me  a header with Ducky in it, some googling returned this to be an Adobe save for web file. Ok onto the metadata,

    <br><span><?xml version="1.0" encoding="UTF-8"?><br></span><span><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2"><br></span><span><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><br></span><span><rdf:Description rdf:about="" </span><span>xmlns:xmp="http://ns.adobe.com/xap/1.0/" </span><span>xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" </span><span>xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" </span><span>xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" </span><span>xmpMM:InstanceID="xmp.iid:CF0B160FBE6B11E38995D5ABC046E8AD" </span><span>xmpMM:DocumentID="xmp.did:CF0B1610BE6B11E38995D5ABC046E8AD"> <br></span><span><xmpMM:DerivedFrom </span><span>stRef:instanceID="xmp.iid:CF0B160DBE6B11E38995D5ABC046E8AD" </span><span>stRef:documentID="xmp.did:CF0B160EBE6B11E38995D5ABC046E8AD"/> <br></span><span></rdf:Description> <br></span><span></rdf:RDF><br></span><span></x:xmpmeta></span>



    Not much here of use.....that I can gather anyway.
    I remembered the other image being a png. This being a jpg, other tools might work.
    Well back to google,  "xmp jpg stenography"

    first result: 

    OpenPuff - Steganography & Watermarking - EmbeddedSW.net

    embeddedsw.net/OpenPuff_Steganography_Home.html‎

    I should have clicked I'm feeling lucky.
    I went back to IRC at this point and the chat log basically explains the rest.



    nope, currently trying to use the keyfile keys on the image in the transmission 2 page
    not sure which steno tool to use though
    ok
    any idea where that image came from?
    nope
    I tried reverse image search but it didn't turn up anything
    hmm, maybe original then?
    someone at HaD is not a bad artist then
    yeah its nice, but i'm growing tired of staring at it ;-)
    huh! looks like we're on the right track
    got an email from ground control
    Communication with Major Tom was initiated at 00:00 on 08/04/2014, transmission archive available here: http://hackaday.com/2014/04/08/119222/
    The following image was received from Major Tom at 00:01hrs this morning. Decryption is not yet complete. Please assist.
    followed by the image from the transmission 2 page
    cool
    just got the same
    I got the same email
    of course knowing that ii'm working on the right thing doesn't necessarily make it any easier for me to decode! :-)
    and the wife is calling, good luck guys.
    * Ben___ has quit

    http://vimeo.com/30680384...

    Read more »

  • Github Repository of Telnet Server

    John Boyd04/09/2014 at 06:05 0 comments

    Here is a Github repository with the home directory on the telnet server for those of you that would like easy access to all of the files.

View all 12 project logs

  • 1
    Step 1

    Review Previous Logs.

  • 2
    Step 2

    Join IRC channel ##hackaday on freenode. 

View all instructions

Enjoy this project?

Share

Discussions

mikeneiderhauser wrote 04/10/2014 at 02:32 point
Thanks for adding me as a contributor. Most of data I gathered from T2 is on the T2 page. (Possibly already copied into project logs)

  Are you sure? yes | no

cadeldarkon979 wrote 04/10/2014 at 00:20 point
I got the HD dump! This isn't everything, but everything "bob" could access is here. I tried it, it has enough for a chroot session.
Link 1: http://depositfiles.com/files/vyhn9x8ei
Mirror: http://1drv.ms/1ksqGqd

  Are you sure? yes | no

dmlanger wrote 04/09/2014 at 20:26 point
I just got an email from HAD with this: http://i.imgur.com/dUrLrVH.png
The numbers there (53:77:65:65:74!) are translated to S:w:e:e:t!
I dont think it's another clue but we never know?

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 20:31 point
Yeah im not sure if it is a clue or just a cool badge for our profiles.

  Are you sure? yes | no

rawe wrote 04/11/2014 at 06:42 point
I've got that 2nd badge too, but not the mail; The mail for the 1st badge (received twice with slightly different formatting once directly to me and once me in bcc (?!)) was similar (including 53:77:65:65:74! ).

If you go back on hackaday.io/feed there were 53 #1 badges and 29 #2 badges (numbers from memory, could be wrong +/-). First I thought only the ones who got the 1st badge can go on, but it looks like everyone who contributed to one of the challenges in a way got a badge. The intersection of those two badge-receiver groups could be interesting.

I wonder what mechanism is used to select who gets the badges... is contributing on the irc channel enough (how to deal with different nicknames irc/hackaday.io?)? Is it necessary to post comments on Majortom/T#2 hackaday.io pages? Someone on irc mentioned to work for hackaday some days ago, on telnet server there was an ssh session open to an ip owned by supplyframe...

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 20:23 point
A lot happened over the past day or so. It seems like much of the Transmission #02 clues have been discovered, so its definitely time for an update to this page. I have an exam coming up though, so I do not have time to collate all of this information into a project log. I have made many of you contributors, so if one of you would like to do that, feel free

  Are you sure? yes | no

mikeneiderhauser wrote 04/09/2014 at 16:45 point
Copy message from Ground Control: Transmission 2:
Major Tom, this is Ground Control. Message received.
Rescue mission planned, crew selection progressing.
Next communication at T-18180

  Are you sure? yes | no

Sy Bernot wrote 04/09/2014 at 07:40 point
493 km is on the edge of LEO, I'm convinced something to do with Apollo 11 and the open dsky project at this point (given the jpg and the source code and mission control profile pic) . Still looking for Apollo 11 flight plans and looking at Maj Toms profile pic, which I think remains unsolved and is probably a simple shift and subtract operation in gimp.
bed for me though, gl
Sy out.

  Are you sure? yes | no

Emerica wrote 04/09/2014 at 06:25 point
http://embeddedsw.net/OpenPuff_Steganography_Home.html
Keyfile should have the keys you need.
So far only transmission #2 image appears to decode.

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 06:26 point
Oh this is gold. Definitely onto something here

  Are you sure? yes | no

Emerica wrote 04/09/2014 at 06:21 point
See the transmission #2 page guys,
Puff is a fan of OPEN source.

  Are you sure? yes | no

Sy Bernot wrote 04/09/2014 at 06:17 point
Oh
Does this look familiar?
http://hackaday.io/project/294

  Are you sure? yes | no

Sy Bernot wrote 04/09/2014 at 06:02 point
Puff may be a ref to the space-x launch 14 April 2014
t -7 days

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 06:03 point
is this a full copy of the directory on the Telnet server? I will add it now

  Are you sure? yes | no

SickSad wrote 04/09/2014 at 14:24 point
It's not quite a full copy as I forgot to add the dot files, although I suspect they aren't too relevant.

  Are you sure? yes | no

Emerica wrote 04/09/2014 at 05:52 point
Puff the magic dragon, has led us to new information.

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 05:54 point
I have just made you a contributor, so feel free to post that information here or as a project log if you wish

  Are you sure? yes | no

Tyler Anderson wrote 04/09/2014 at 07:19 point
OpenPuff (http://embeddedsw.net/OpenPuff_Steganography_Home.html) decodes the Transmission #02 image. The keys from keyfile are passwords A,B, and C. Use maximum JPEG bit selection.

  Are you sure? yes | no

Sy Bernot wrote 04/09/2014 at 05:18 point
from a comment from "filmer" on one of my posts regarding the javascript page you get before you can plug in your email address

....The "input sources" in the /space page are coordinates for space telescopes/observatories:
Arecibo telescope, NRAO Very Large Array, RATAN-600 radiotelescope, Effelberg, and Exloo/Lofar....

wondering how that plots on a map but probably the telescopes themselves are the clue.

  Are you sure? yes | no

Sy Bernot wrote 04/09/2014 at 05:25 point

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 05:52 point
Interesting find! I will add you as a contributor to this project as well

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 02:06 point
Whoever Scott and Emi are, seriously change your FTP password.

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 01:54 point
@phreaknik I transferred by using SFTP to my Raspberry Pi (exposed to the world) then to my Windows box over FTP. Kinda a hassle. I tried netcat file transfer since it has netcat ("nc") but that didn't work for some reason.

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 02:01 point
Thats weird, I havent been able to get an SFTP connection through... are you connecting to port 23?

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 02:05 point
@phreaknik - I use SFTP from the HackADay computer to my Raspberry Pi

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 02:10 point
Ahh! tricky! Got it working, thanks!

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 02:12 point
Going to bed. Best of luck to you all.... you're doing God's work. =P

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 01:47 point
LMAO who is trying to write Hello Kitties everywhere??

  Are you sure? yes | no

cadeldarkon979 wrote 04/09/2014 at 01:32 point
Once my slow SCP command runs, we will have a complete hard drive dump of all the files that can be accessed by bob, easily enough for a chroot, if someone wants to find out more about what has been done with this machine. Other than that, I'd like to know what other people are doing.

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 01:36 point
I just took a peek at the Apollo32.png image in a hex editor and through a steganography detection program. Found nothing. EXIF data says it was created in GIMP. That is all. =P

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 01:41 point
Looked into the keyfile a bit. The codes aren't any known hash according to Hash Identifier (https://code.google.com/p/hash-identifier/) but there's a good chance it's a TrueCrypt keyfile. There could be a hidden TrueCrypt volume accessible somewhere on that drive.

  Are you sure? yes | no

tehaxor69 wrote 04/09/2014 at 01:50 point
I'd like to know what /AGC/doc/images/CodeBlocks.png is.

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 01:53 point
I was thinking a TrueCrypt directory also, but havent got around to figuring that out yet

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 02:39 point
@ tehaxor69

I got both of those pictures for you and posted them at the top of this page (until I have another project log I can put them into). One picture is a screenshot of codeblocks with the apollo guidance computer loaded, the other is a picture of the apollo guidance computer itself. Not sure if they are useful

  Are you sure? yes | no

jon.armani wrote 04/09/2014 at 01:23 point
The home directory contains a file "reminder.txt" which has the lyrics to Puff the Magic Dragon, a file "keyfile" with 3 x alphanumeric (looks hexadecimal) codes, maybe SHA-x or MD5 hashes, plus a directory "AGC" with a bunch of program files that looks like it's to install the virtual Apollo Guidance Computer, though the "configure" file doesn't work. Not sure where to go from here.

  Are you sure? yes | no

cadeldarkon979 wrote 04/09/2014 at 00:45 point
Just an interesting note, this is hosted on an amazon EC2 Instance. To be exact, ec2-54-241-0-25.us-west-1.compute.amazonaws.com. Full nmap report is at http://pastebin.com/j8weraCE.

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 01:04 point
Hmm, idk what to do there. Maybe someone finds this useful though

  Are you sure? yes | no

cadeldarkon979 wrote 04/09/2014 at 01:08 point
The only reason I thought this might be useful is it shows that this machine is not directly "ground control" to anything physical, it would have to be via ethernet. Most likely just set up to draw attention to transmission two, and amazon EC2 was used as HaD didn't want to waste their bandwidth. I will try to get a home directory dump soon, writing a custom script to transfer files through telnet.

  Are you sure? yes | no

John Boyd wrote 04/09/2014 at 01:52 point
Ok, how are you transfering the files. I have been banging my head against the wall for a while trying to figure that out

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates