Skip to content

Latest commit

 

History

History
552 lines (341 loc) · 23.6 KB

readme.md

File metadata and controls

552 lines (341 loc) · 23.6 KB

Overview

Contents

Solved

Phase I - MonstersOS

Phase II - ComtekOS

Phase III - ComtekEnterprises

Unsolved

  • Significance of 06.07.2022 (July 6th) mentioned in Comtek.Life update
  • Significance of 05.08.2022 (August 5th) mentioned in MONSTERS OS page
  • Album Artwork code
  • Whether or not 'sail on in my memory' from avalanche.jpg is anything of value
  • If there is a meaningful order to the BFL filenames
  • The missing 2 rows?

PHASE I

Twitter user @lost_boy84 posted a burning heart emoji, the first tweet since 2020

Users viewed website previously used for ARG.

It had been updated, showing a Unix interface. The interface needed a specific update command to be entered to get the right output.

Original home screen

sudo apt full-upgrade -y

This command runs an update package that provides an error message

Updated home page

A riddle was provided

First Riddle

One of the final lines of the page was a riddle

https://183010165.com/mdnght/I'm at the centre of your blue heart. A drink will kill me. What am I? mp4-include InRelease

There are two clues to the answer here

I'm at the centre of your blue heart

Refers to the Change Your Heart Or Die vinyl record, which is blue, and has the word 'fire' etched into the center

CYHOD Vinyl Center

Image courtesy of Discord user cpsedmonds

A drink will kill me. What am I?

Is an old riddle. Adding water to fire will kill it, giving the answer 'fire' again.

The solution was to add 'fire.mp4' to the clue URL (clueRL?)

https://183010165/mdnght/fire.mp4

fire.mp4

note: Is now at https://183010165.com/fire.mp4, not clear why it was moved

fire.MP4

Opening fire.mp4 in a text editor reveals metadata (information about the file)

  • Audio is 01_Golden Gate (Instrumental)_24bit_96kHz_Final_Master_3.18.22_LS_Edit.wav
  • heroes-bg-notext.png is referenced

Fire.mp4 metadata

Golden Gate is a song by Tyler Lyle, and the audio in the video sounds like a synth cover of that. The Midnight has covered Lyles music before, with Brooklyn (Lyle, The Midnight) and Lost & Found (Lyle, The Midnight). The cover of Golden Gate* was included as a secret track in the Change Your Heart Or Die vinyl release

heroes-bg-notext.png is not a known reference like this, but is suspected to be named in designer shorthand for the background art (bg) of the next album (Heroes, not confirmed), and might be important

Phase II - June 1 2022

The old website has an update available, and the text has changed slightly from 'New Release' to 'Hot Fix'

Monsters page prompting to run update

This is a unix command used to upgrade packages on a system

Running the command takes you to a new website advertising an unknown upcoming release by The Midnight

Comtek Life homepage

Several things were found in here

Comtek Homepage Info

Main Gif

The gif on the page is seen glitching stylistically Glitching Gif

Using the 'inspect element' feature of the browser, the name of this gif can be seen as gifshuffle_talian_holds_the_key.gif

Gif in inspect element

Talian here is a reference to Discord user Talian, who was the first to find the metadata in fire.mp4 and alert the chat. The team behind the ARG are known to monitor the Discord, explaining the inclusion of this.

Talian finds the metadata

Gifshuffle is the name of a command line utility, included in Ubuntu (more info here). Gifshuffle is used to hide messages in gif files, and the inclusion of it in the name here suggests it needs to be used to extract the message.

Part of the metadata is 'heroes-bg-notext.png', which seems unrelated to anything seen so far.

Running the command gifshuffle -C -p "heroes-bg-notext.png" gifshuffle_talian_holds_the_key.gif (you need to download the file from the website, then run this command in the same directory as where it is saved) reveals the hidden message

/heroes/48-65-61-72-74-62-65-61-74.png

Adding this to the comtek.life URL provides you with an image

Decyphering Image

By inverting the colours on this image and rotating 180 degrees, it becomes slightly more legible, and 'heart beat' can be slightly made out

The name, 48-65-61-72-74-62-65-61-74, is also a hexadecmial string that translates to 'heartbeat'. This decoding can be done using online tools.

Decoding the hex

The LostBoy account tweeted a hint that something was yet to be discovered

LostBoy hint

Tyler Lyle tweeted a clue out to assist in the next step of this clue

Tyler Tweeting

The use of 'stego' here is a hint at 'steganography', the process of hiding content within other content, much like the Gifshuffle tool earlier.

OpenStego is a free tool available to extract data hidden in images, but it needs a password. The text in the image, as well as the filename, are both 'heartbeat' which is worth trying

Using openStego

This succeeds, and reveals the hidden image; a full resolution copy of the 'Heartbeat' image. This will be saved to the output folder, the desktop in this case.

LostBoy then replies to their earlier tweet, confirming this was solved

LostBoy confirmation

Presave Link

By clicking the Presave bar in the middle of the screen, a long string is output to the browser console. This can be viewed through inspect element Console Output

The text of this is

l1GIk5WYgU3b5BicvZkCgKManV3buVGIlZ3bsBycpBSZyVGaUpAoCfmbp92ZgAXZltGI0NXdKpAoCTXZ5BSZu9GZgQ3buBSZylJgiX3bZpAoCTXYlJGdyFWZoBic19WegwWZlZGIuF2YgU3b5BiZJpgCl1GIk5WYgU3b5BicvZkCgKManV3buVGIlZ3bsBycpBSZyVGaUpAoCfmbptmcvdHIzlJgiTXagwyc0JXdoBCdpBiZJpAoCXmYgQXmAKubhNGI19WWKAqw0VWegUmbvRGI09mbgUmcZCo419WWKQXYlJGdyFWZoBic19WegwWZlZGIuF2YgU3b5BiZJpgCgK8ajFmYg82ZgQXmAKubhNGIldHIlNXdhNGmAKOIn5WavdGIwVWZLpwajFmYg82ZgQXmAKubhNGIldHIlNXdhNGmAKOIn5WavdGIwVWZLpwajFmYg82ZgQXmAKubhNGIldHIlNXdhNGmAKOIn5WavdGIwVWZLpgCodWdv5WZgUmdvxGIzlGIlJXZoRlCgKMZlVmbgIXdvlHIn5WayJGIk5WYgUWbvNEIk92bsZGIlhGdgMHduF2dgQXYoRHI0JXYlhGI0JXZzVGZgknclZXRKAqwuV3cgEGI0NXZndWdzByc39GZhh2cgIXdvBCbsFkCgKMLzVHIm9GI0V3bgUGZh1GIzlGIkxmcvdHIlhGdgYWSKoQZtBCZuFGI19WegI3bGpAoCj2Z19mblBSZ29GbgMXagUmclhGVKAqwn5WavdGIwVWZrBCdzVnSKAqw0VWegUmbvRGI09mbgUmcZCo419WWKAqw0FWZiRnchVGagIXdvlHIsVWZmBibhNGI19WegYWSKoQZtBCZuFGI19WegI3bGpAoCj2Z19mblBSZ29GbgMXagUmclhGVKAqwn5WarJ3b3BycZCo40lGIsMHdyVHagQXagYWSKAqwlJGI0lJgi7WYjBSdvllCgKMdllHIl52bkBCdv5GIlJXmAKedvllCgKMdhVmY0JXYlhGIyV3b5BCblVmZg4WYjBSdvlHImlkCKAqwlRWayBSYgY2bgwGblhGIhBCbslGdzBycpBib39GZgcmbp12bDpAoCnXY3BiclhGdpVkCgKcesZGIuF2YgkXZoRHIlZXZpxWZiBycs92bGpwcl1Wa0VWbvNHI5F2dhByasF2dg8GdgMHduF2dgkHZvJWeyVmdFpgCgKManV3buVGIlZ3bsBycpBSZyVGa0BSZtByb0BiZv9mcwBSZoRHIlJXmAKedvllCwV3YgIXdvlHIkVmchh2cgU3b5Biblh2dgQWYlRGI5xmchVmbgMXY3BSSKAqwl52b55WYg4WagU2ZuFGajBibhNGI0JXYlhGIhBiblhGVKAqwlZ3bsBiZvBCd19GIlRWYtBycpBCZsJ3b3BSZoRHImlkCKAqwl1GIk5WYgU3b5BicvZkCgKManV3buVGIlZ3bsBycpBSZyVGaUpAoCfmbptmcvdHIzlJgiTXagwyc0JXdoBCdpBiZJpAoCXmYgQXmAKubhNGI19WWKAqw0VWegUmbvRGI09mbgUmcZCo419WWKAqw0FWZiRnchVGagIXdvlHIsVWZmBibhNGI19WegYWSKoQZklmcgEGIm9GIsxWZoBSYgwGbpR3cgMXag42dvRGIn5Wat92QKAqwskXY3BiclhGdpVkC5xmZg4WYjBSelhGdgUmdllGblJGIl12bTpwcl1Wa0VWbvNHI5F2dhByasF2dg8GdgMHduF2dgkHZvJWeyVmdFpgCgKManV3buVGIlZ3bsBycpBSZyVGa0BCd19GIuVncgQXmAKubvdHI19WWKAXdgUWbgU2c1BibhNGI19WegkHdw1WZgUmcZCo419Weg4WZodlCl52bkBCdZCo4uNXagQXagQXYoRHIm92byBHIzlGIulWYwBSZoRHIuVGaUpAoCXmdvxGIm9GI0V3bgUGZh1GIzlGIkxmcvdHIlhGdgYWS

This text can be reversed, and decoded as Base64 (online tools can do this)

Decoding the text reveals song lyrics

If the world is made out of love
Then the pain is proof that it isn’t done
When you’re empty you can use me up
You won’t run out there is love enough

Everybody wants to walk away sometimes
Some believe they can fly
Either way,
Coming down is still a hell of a ride

If you can feel your heartbeat
You’re not done yet
You can’t be
If it hurts, it’s working
There is love enough
For you and me

If the world is made out of love
Then a heart can change in anyone
I was nearly dead when you shared your cup
You’re the proof to me there is love enough

Everybody wants to walk away sometimes
Fools believe they can fly
Either way
Coming down is still a hell of a ride

If you can feel your heartbeat
You’re not done yet
You can’t be
If it hurts, it’s working
There is love enough
For you and me

If you can feel your heartbeat
You’re not done yet
Just keep going
There is love enough
For you and me

If the world is made out of us,
All our shadows suggest a sun
Every desert heart that wants the flood
Come and bring your need
There is love enough

Keep going ‘cause we can’t go back
Keep going ‘cause we can’t go back
Keep going ‘cause we can’t go back

If you can feel your heartbeat
You’re not done yet
You can’t be
If it hurts, it’s working
There is love enough
For you and me

If you can feel your heartbeat
You’re not done yet
Just keep going
There is love enough
For you and me

Heartbeat release

June 6th, LostBoy tweets a link to comtek.life, with an attached video

lostboy_june6_tweet.mp4

After several days of, the comtek.life page updated to link to the Heroes album information page, and now redirects to this automatically

LostBoy Video

Yet to be understood:

  • If the 'Comtek X-MP' is a significant reference to the Cray supercomputer
  • If the repeated 'I <3 NY' images are relevant
  • What the audio is Backing track is Heartbeat
  • What is coming on June 8th. Suspected to be Heartbeart, given the cover & lyrics revealed so far Heartbeat was released

Heartbeat

The new single, Heartbeat is released on streaming platofrms, and a video is uploaded to YouTube. This video features a TV frequently changing channels, visible in the top-right corner:

48 12 07 55 36 55 36 07 12 48 36 48 36 19 12 03

It is unclear what, if any, significance these numbers have at this point

Update: They are used to decrypt a file released in Phase III

Phase III

Homepage Update

The Comtek.life homepage has been updated, featuring a new version number and a new release date. The new date is for July 6th, and the version number is a youtube video ID

updated home

YouTube Video

The ID can be added to youtube.com/watch?v= to view

comtekvideo The name, 01000001 01110110 01100001 01101100 01100001 01101110 01100011 01101000 01100101, can be decoded from binary to read 'Avalanche'

Avalanche decode

Extracting the audio from the video and viewing it through a spectrogram, you can do this with Audacity, reveals the message 'Who Are Comtek Enterprises"

Spectogram

Following this, LostBoy tweets asking to know more about this 'organisation'

lostboy tweets

the '.org' top-level domain (TLD) is used for organisations. Using this, the website 'comtekenterprises.org' is found

ComtekEnterprises Website

The homepage is just a gif

comtek homepage

Inspecting the page, in a browser like chrome, reveals a comment.

comment on homepage

Adding this to the URL gives an image, avalanche.jpg

The bottom right corner of the image holds a QR code

QR Code

When scanned, this gives the URL https://comtekenterprises.org/6176616C616E636865/avalanche_intro.enc

The directory used here, 6176616C616E636865, is the Hexadecmial equivalent of 'avalanche'

Avalanche_Intro.enc

This file is encrypted. Running the file utility on it, in Linux, reveals it is an OpenSSL file with salted password

File Output

OpenSSL requires a key to decode files. LostBoy tweets a hint about 'staying on the one channel'

Channel Hint

This refers to the channel numbers seen in the previous stage, in the Hearbeat video

The command to decrypt the file is

openssl enc -aes-256-cbc -md md5 -d -in avalanche_intro.enc -out avalanche_intro -pass pass:48120755365536071248364836191203

A breakdown of this is:
openssl - the command line tool
enc - working in enc mode
-aes-256-cbc - specifying the cipher to be used1
-md md5 - the md flag is the 'message digest', which we set to md52
-d - set to decrypt mode -in avalanche_intro.enc - specify the input file, the encrypted one
-out avalanche_intro - specify where the output should be saved
-pass pass:48120755365536071248364836191203 - specify the password, the pass: part is to tell the program you're using a passphrase, rather than a file or certificate\

  1. This is the default cipher for OpenSSL, and was an educated guess\
  2. This was a quirk of luck. A discord user just happened to be using a version of OpenSSL where md5 was the default, and it wasn't specified. Nothing, to date, indicated this was needed, as the default is SHA256

Running this command gives no errors.

First decrypt

Running file on the output reveals it has MP3 header information

File Output

The .mp3 extension can be added to view the song properties and play it in your choice of MP3 Player

Avalanche properties

bfl.zip

On July 29th, the homepage was updated, with the avalanche comment replaced with the path for a zip file, bfl.zip

New Comment

This file can be opened, revealing 231 image files and 231 mp3 files.

Each of the images is a 2796x12 pixel strip. Each of the mp3s is a small snippet of audio. The file names appear random, 3 characters of numbers, uppercase letters, and lowercase letters. Each png has a corresponding mp3, suggesting they are related. Each mp3 has metadata with the name of 'Brooklyn, Friday, Love (Instrumental)'

By painstakingly assembling the strips like a sadistic jigsaw puzzle, the cover art for 'Brooklyn, Friday, Love' is revealed, seemingly with 2 rows missing. Image courtesy of Discord user MysteryPotatoGuy.

BFL Cover

The order of the pngs can then be used to combine the mp3s to get the final audio track

bfl_temp.mp4

Note: I have filled in the missing rows using Photoshop for this video

At this time, the LostBoy twitter account was updated to have the ComtekEnterprises image as a banner Banner Update

TODO: GET LSIT OF FILES AND FFMPEG COMMAND

Phase IV

This phase started on August 24th and contains a series of YouTube videos with characters hidden in spectrograms

The videos appear to be the artwork for the suprise release single 'Heart Worth Breaking', with various glitch effects

Videos

1 - UMae9o

The comtek.life website has been updated with a new video ID

Comtek Update

tPy3swBXYLc

Which can be added to the standard YouTube video URL to get

https://www.youtube.com/watch?v=tPy3swBXYLc

This video, when viewed as a spectrogram, reveals

Spectro 1

stu3

The description for this video provides a link

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbG5SczlaaERKMFMyakZwQm8wNWQ0SUVMMmRfQXxBQ3Jtc0trSnNKdWVqNElVRWE2OWtubS1PV29xZVJWdzR1ZURMalh4SVpRSEFmV3dUNllLOF9HaVcwalVwdTBPMy1qSjBUWUpfUThMejNuQ3ZQWkg3dmZhenhEcXExUG01UHMyRGdkUllfdzR1Z1JmYzFVUDNvbw&q=https%3A%2F%2Fcomtekenterprises.org%2F786F666569676874%2Fhwb.data&v=tPy3swBXYLc

Which downloads a file, hwb.data, from the comtek enterprises website (see below)

2 - Xaeng9

Lostboy tweets a link to an unlisted YouTube video on the Comtek channel

Tweet

This video, when viewed as a spectrogram, reveals

Spectro 2

hujo

3 - theeP2

Following this, viewing the Comtek youtube channel homepage reveals a third video is available

https://www.youtube.com/watch?v=vSzdPt2_mgg

Viewing this as a spectrogram reveals

Spectro 3

tuwr

4 - Eijah0

Viewing the 'About' section of the Comtek channel provides a link to a fourth video

https://youtu.be/lLWfltAyrck

Which when viewed as a spectrogram reveals

Spectro 4

frlf

5 - aiP8er

The 'links' section of the Comtek channel provides a link titled "???" which directs to a fifth video

https://www.youtube.com/watch?v=wPUDg9Pf2jo

The spectrogram for this video reveals

Spectro 5

asto

6 - eir4Oo

It was discovered that the SoundCloud page for The Midnight contains a "???" link, to another YouTube video

https://www.youtube.com/watch?v=FtxkpUi0CCc

The spectrogram for this video reveals

TODO

gitu

7 - ieCah7

Viewing the developer console of The Mindights website provides a youtube link in the console output

Console Output

https://www.youtube.com/watch?v=Kto3QRV0QiY

The spectrogram of this video reveals

TODO

uguc

8 - aix0lb

The description for the previous video contains

ItYMCVZHXL0

Which can be added to the Youtube URL to obtain another video

https://www.youtube.com/watch?v=ItYMCVZHXL0

The spectrogram for this reveals

TODO

rlhi

hwb.data

The encrypted data file can be decrypted using the information in the spectrograms

The order is fairly random, but the permutations can be generated using a wwebsite like https://www.dcode.fr/permutations-generator to use elements in a list for the permutations

The command to decrypt the file follows that in the BFL puzzle

openssl enc -aes-256-cbc -md md5 -d -in hwb.data -out hwb.mp3 -pass pass:stu3ugucrlhifrlfastohujogitutuwr

This reveals an instrumental version of Heart Worth Breaking, which was released as a surprise single in early September.

Tech Info

The URL

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbG5SczlaaERKMFMyakZwQm8wNWQ0SUVMMmRfQXxBQ3Jtc0trSnNKdWVqNElVRWE2OWtubS1PV29xZVJWdzR1ZURMalh4SVpRSEFmV3dUNllLOF9HaVcwalVwdTBPMy1qSjBUWUpfUThMejNuQ3ZQWkg3dmZhenhEcXExUG01UHMyRGdkUllfdzR1Z1JmYzFVUDNvbw&q=https%3A%2F%2Fcomtekenterprises.org%2F786F666569676874%2Fhwb.data&v=tPy3swBXYLc

Contains mostly technical aspects which are probably irrelevant. The core part is

q=https%3A%2F%2Fcomtekenterprises.org%2F786F666569676874%2Fhwb.data

Where the location for the link lives

This contains some formatting, the %2F for example is a way of representing the forward slash

Game Info

The directory, named in hexadecimal as always, is

786F666569676874

Which decodes to readable text as

xofeight

It is unclear what this refers to

The file itself is an encrypted data file, like what was given in the previous stage.

Misc

Hidden Message

The album artwork has a secret code visible in it, which was decoded to 'see you on this other side'.

Hidden Message

This has yet to come into play, but LostBoy responded to it when tweeted at

LostBoy Tweeting

Avalanche Release

The release of Avalanche is teased with a video in a tweet, and subsequent video posted to YouTube

Avalanche Thumbnail

Information in the video:

  • CH03
  • 'PLAY SLP' -> Super Long Play or Slow Play on VHS players
  • Date is 06/21/88 (June 21st 1988)
  • Final runtime in the video is 4:32:02
  • 'Sail On In My Memory' appears before the video plays
  • Video shows an ocean scene at sun up/down
  • Various colour distortions, getting more intense as the video goes on
  • Video ID is mg0RAEZ-Md0
  • A spectogram of the audio contains nothing of note Avalanche Spectogram

ComTek

Not much is known about this entity/organisation. What we do know is:

  • comtek.life was the first website found for them. This had hidden files relating to Heartbeat, the second single from Heroes. It now redirects to the presave information
  • comtekenterprises.org was the second website discovered. This currently has a gif for a homepage, and hidden files relating to Brooklyn, Friday, Love, a released song from Heroes. The source code has been used to provide files at various stages thorughout the ARG
  • A YouTube channel was discovered, which hosts a series of unlisted videos and one public video