unforum

[Obes]

It's obviously a complex and devious plot to make our alphabet 32 times longer.

Actually, I'm out of ideas, resorting to just watching again for now.

Obes.

[thelsdj]

Here's an idea someone can check if they have time, are there any letters or numbers you can't get from the md5's that come up on the site?

[GIIRyudo]

http://www.eon8.com/security/

This might help to give a key or something. I found it using IntelliTamper.

[Jiroe]

Good find. Those appear to be hex numbers. Here are the first four translated into decimal. I don't know if this will help or not.

[MageSteff]

Hmmmm...

Anyone else notice how this map

has a similar distribution to the unFiction Frapper map?

[rose]

heh . The second time I went to the site from the link here I got this first page. I didn't keep the font color intact.

[chippy]

[Jiroe]

That manual is strange only because the rest of the site seems so professional. If they can do that, why would they leave the manual there?

Also, this is strange. Until now, all of the hidden hashes have been equal lenght. They've always been 8 rows of 32 characters and they've all resolved to a number or an uppercase letter.

The hidden hashes on the "HTTP Referrer Approved" welcome page don't follow that pattern when broken down into 32 character sets (required for an MD5 hash). Not only that, but some of the hashes appear to be offset. The first half matches another hash exactly, but the second half doesn't. I've been having trouble with www.md5lookup.com this morning, so I can't decode them right now. Anyone else want to give it a try? I refreshed the page a few times to get a few different sets.

You'll also notice that the leftover string on one set matches up with the leftover string on another set, to make a complete string. I wonder if this is a way to arrange the sets in a specific order.

[GIIRyudo]

[Jiroe]

[MageSteff]

[paganmist]

Hmm.

[Jiroe]

True.

Well, back to the codebreaking... any ideas? I'm stumped at the moment.

The incomplete sets don't return anything on md5lookup.com, so either they're not common strings, or they're broken...I have an idea...I'm going to check it out and I'll let you know if it's a dead end. It probably is, but I'm willing to try anything at this point.

EDIT: Yup, dead end. I thought maybe the halves that matched strings that resulted in letters would spell something out, but the matches are pretty rare.

[Rogi Ocnorb]

There was a short period, a couple of nights ago, when the logs were doing this, as well. After a couple of hours, it started displaying complete MD5s, again.
Note: The MD5 Reverse Lookups page can only give you a hit about 50% of the time. The reason we've had such good luck, so far is that all the resolutions were simple strings that the website owner had run at some point in the past.

And on the CIA thing... There are any number of reasons that their systems could link to the site. Scanning the web for MD5 hashes and spidering those pages (and leaving their referrer sig) wouldn't be totally out of the realm of possibility.

[Jiroe]

Interesting. I wonder if it's on purpose. But yeah, you're right. There's got to be a key or something, otherwise we're out of luck. MD5 can't be broken. It's odd that most of the hidden hashes were letters except for the one set that was numbers.

*sigh* I'm stumped at the moment. I'll keep looking, though. I'm too curious now.

EDIT: Maybe they're not MD5 hashes on those pages...