Skip to content

Cicada 3301

Antonizoon edited this page Aug 20, 2014 · 3 revisions

ClevCode My life as a hacker


On January 5th 2012, an image was uploaded to various image boards, possibly originating at the infamous /b/ board at 4chan. When I came across it, I didn’t think much of it at first, but still decided to look into it just in case it turned out to be interesting. I have always had a hard time resisting a challenge. This is the image that was posted:


My first thought was that it used steganography to hide a message, and since it was a JPEG image I tried using stegdetect by Niels Provos in case one of the detectable schemes was used. Since stegdetect have not been updated in almost 7 years, I didn’t really get my hopes up that high though, but it is always worth a try. ;) The result can be seen below:

je@isis:~/3301/stage_1$ stegdetect 3301.jpg
3301.jpg : appended(61)<[nonrandom][ASCII text][TIBERIVS CLAVDIV]>

It did not detect any of the common steganographic schemes, but notified me of 61 appended bytes of ASCII text. Since my next move would have been to use “strings”, I would have discovered this anyway, but stegdetect was kind enough to tell me directly instead. :) So, let’s see what we have:

je@isis:~/3301/stage_1$ tail -61c 3301.jpg
TIBERIVS CLAVDIVS CAESAR says "lxxt>33m2mqkyv2gsq3q=w]O2ntk"

This is quite obviously a shift cipher of some sort (also known as a Caesar cipher), with “lxxt>33″ being the ciphered version of “http://”. A shift cipher replaces each letter in the plaintext with a letter (or in this case, arbitrary ASCII character) with a letter a certain number of positions down the alphabet. So, let’s compare the ASCII values for the cipher text with the ASCII value of the supposed plaintext to see what the shift value is:

je@isis:~/3301/stage_1$ perl -e 'print ord("h")-ord("l"),chr(10)'

In this particular case, this might have been a bit overkill, since we could just as well have manually counted the distance between h and l in the alphabet. ;) It is probably not a coincidence that Claudius happens to be the 4th Emperor of the Roman Empire, and the shift value happens to be 4, either. To decipher this, a perl oneliner is enough:

je@isis:~/3301/stage_1$ echo "lxxt>33m2mqkyv2gsq3q=w]O2ntk" | perl -pne 'chomp;s{(.)}{chr(ord($1)-4)}sgex;$_.=chr(10)'

The image at the URL above can be seen below:


It seems like the challenge is a bit harder than a caesar cipher after all. Note that the message contains the words “out” and “guess” though, which could be a hint that we are actually supposed to use the old OutGuess tool to extract the hidden message. Incidentally, OutGuess is also developed by Niels Provos and is available for download from the same site as stegdetect ( Unfortunately, it seems like stegdetect is only able to detect when the older OutGuess 0.13b has been used and not OutGuess 0.2 (from 2001!). :D

Using outguess 0.2 with the -r option immediately reveals the hidden message in the original image:

je@isis:~/3301/stage_1$ outguess -r 3301.jpg 3301.txt
Reading 3301.jpg....
Extracting usable bits:   29049 bits
Steg retrieve: seed: 228, len: 535

The hidden message can be found here.

Now things are actually getting interesting. Although the challenge have not been required any particularly advanced skills yet, someone has obviously been putting some work into it. The hidden message says that we should go to the following URL:

The hidden message also includes a so called book code, consisting of a number of lines with two digits separated by a colon on each. The book and more information should be found at the URL above. Book ciphers are ciphers that use a book or a text of some sort as the key to encode a secret message. Traditionally, they worked by replacing words in the plaintext with the locations of words from a book, but in this case it seems more likely that the two digits separated by a colon in the code refers to a line and column number.

When visiting the Reddit page, we can make a number of observations. Most notably, there are a number of posts by the pseudonym CageThrottleUs that seem to consist of encoded text, which we can assume to be the book. It looks like an ordinary Caesar cipher may have been used, but on a closer look no shift value results in readable text. It seems most likely that a key of some sort is required to decode the text.

Looking closer on the page, we can see that the title is “a2e7j6ic78h0j7eiejd0120″. The URL itself is a truncated version of this. To the right, below the “subscribe” button, the title text is repeated and “Verify: 7A35090F” is written underneath. We can also see pictures of some mayan numbers on the top of the page. Mayan numbers are quite logical, at least from 0-19. A dot equals one, and a vertical line equals five. Two lines thus equals ten, one line with two dots equals seven (5 + 2) and so on. There is also a symbol resembling a rugby ball that equals zero. :)

The number sequence that is written using mayan numbers is as follows:
10 2 14 7 19 6 18 12 7 8 17 0 19

Comparing this with the a2e7j6ic78h0j7eiejd0120 in the title, we can see that numbers below 10 in the sequence above is also found in this string, at the same positions. Also note that instead of 10 we have “a”, instead of 14 we have “e”, and so on up to “j” being 19. Since the title of the page contains 23 characters and there were only 13 mayan numbers is is quite likely that we are supposed to continue converting characters from the title to numbers. This gives us:

10 2 14 7 19 6 18 12 7 8 17 0 19 7 14 18 14 19 13 0 1 2 0

This could very well be the key required to decode the text. Regarding the “Verify: 7A35090F”, it may refer to any number of things. A PGP key ID is, however, a good assumption since it consists of a 32 bit value normally encoded as eight hex characters and since PGP keys can be used to verify the signature, and thus the authenticity, of messages signed with a PGP key. This could be quite handy, in case the challenge goes on and in case people decide to drop false leads to the people working on it. So, let’s try to import the public key with the ID in question from one of the common PGP key servers:

je@isis:~$ gpg --recv-keys 7A35090F
gpg: requesting key 7A35090F from hkp server
gpg: key 7A35090F: public key "Cicada 3301 (845145127)" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

The comment for the key mentions 3301, which was used as the signature in the original image. It also includes the word “cicada” and the number 845145127, which may turn out to be significant at a later stage. Note, for instance, that cicadas emerge from their hideouts under earth every 13 or 17 years depending on which kind. By emerging every N:th year, where N happens to be a prime number, cicadas actually minimize the possibility of scynchronizing with the life cycles of birds and other animals that prey on them. Also note that 3301 is a prime, and that 845145127 has 3301, 509 and 503 as its prime factors.

je@isis:~$ factor 3301
3301: 3301
je@isis:~$ factor 845145127
845145127: 503 509 3301

When taking a closer look at the lines of encoded text posted to the reddit page, we also find two images. One named Welcome and the other one Problems?. By using OutGuess again, we find another couple of hidden messages:

je@isis:~/3301/stage_2$ outguess -r welcome.jpg welcome.txt
Reading welcome.jpg....
Extracting usable bits:   326276 bits
Steg retrieve: seed: 58, len: 1089
je@isis:~/3301/stage_2$ cat welcome.txt
Hash: SHA1

- From here on out, we will cryptographically sign all messages with this key.

It is available on the mit keyservers.  Key ID 7A35090F, as posted in a2e7j6ic78h0j.

Patience is a virtue.

Good luck.

Version: GnuPG v1.4.11 (GNU/Linux)

je@isis:~/3301/stage_2$ gpg --verify welcome.txt
gpg: Signature made Thu 05 Jan 2012 04:46:03 AM CET using RSA key ID 7A35090F
gpg: Good signature from "Cicada 3301 (845145127)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6D85 4CD7 9333 22A6 01C3  286D 181F 01E5 7A35 090F
je@isis:~/3301/stage_2$ outguess -r problems.jpg problems.txt
Reading problems.jpg....
Extracting usable bits:   256999 bits
Steg retrieve: seed: 194, len: 1041
Hash: SHA1

The key has always been right in front of your eyes.

This isn't the quest for the Holy Grail.  Stop making
it more difficult than it is. 

Good luck.

Version: GnuPG v1.4.11 (GNU/Linux)

je@isis:~/3301/stage_2$ gpg --verify problems.txt
gpg: Signature made Sat 07 Jan 2012 11:07:51 AM CET using RSA key ID 7A35090F
gpg: Good signature from "Cicada 3301 (845145127)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6D85 4CD7 9333 22A6 01C3  286D 181F 01E5 7A35 090F

The messages verifies both our assumptions, since they are indeed signed using the key ID 7A35090F and since the second one specifically says that the key “has always been right in front of your eyes”. In other words, it is likely to consist of the numbers we discovered being encoded as characters in the title of the page. The first message also specifically states that all messages from now on will be signed using the PGP key with ID 7A35090F.

All that remains now is to figure out which encoding scheme has been used so that we can apply the key to the text. Since a shift cipher was used in the original image (although it was used as a decoy), perhaps the numbers are different shift values. In other words, for each line of text, shift/rotate the first letter ten steps in the alphabet, rotate the second letter two steps, the third letter 14 steps, and so on, to get the plaintext. Implementing this in C results in the following:

je@isis:~/3301/stage_2$ cat decipher.c
#include <stdio.h>
#include <ctype.h>

int main(void)
        unsigned char key[] = {
                10, 2, 14, 7, 19, 6, 18, 12,
                7, 8, 17, 0, 19, 7, 14, 18,
                14, 19, 13, 0, 1, 2, 0
        int c, i = 0;

        while ((c = getchar()) != EOF) {
                if (isalpha(c)) {
                        int base, off;
                        if (isupper(c))
                                base = 'A';
                                base = 'a';

                        off = c - base - key[i++ % sizeof(key)];
                        if (off < 0)
                                off += 26;

                        c = base + off;
                } else if (c == '\n')
                        i = 0;


        return 0;
je@isis:~/3301/stage_2$ gcc -o decipher decipher.c -O -Wall -ansi -pedantic
je@isis:~/3301/stage_2$ head -3 reddit.txt
Ukbn Txltbz nal hh Uoxelmgox wdvg Akw; hvu ogl rsm ar sbv ix jwz
mjotukj; mul nimo vaa prrf Qwkkb aak kau ww Ukpsf, ogq Kzpox vvl luf
yh Qsrjfa, hvu Ktp hzs lbn ph Kipsy; ttv Sdmehpfjsf tad igr
je@isis:~/3301/stage_2$ ./decipher < reddit.txt | head -3
King Arthur was at Caerlleon upon Usk; and one day he sat in his
chamber; and with him were Owain the son of Urien, and Kynon the son
of Clydno, and Kai the son of Kyner; and Gwenhwyvar and her

The file "reddit.txt" consists of the lines posted to the reddit page so far, in the order that they have been posted. Note that this is not in the exact order that they are shown on the reddit page. As you can see, our assumption was correct and we can now decipher every line of text that has been posted, and try to apply the book code that we got in the message hidden in the original image.

Using a small bash script, we can apply the book code to the text from reddit to retreive yet another hidden message:

je@isis:~/3301/stage_2$ ./decipher < reddit.txt > reddit-deciphered.txt
je@isis:~/3301/stage_2$ cat

while read line; do
        row=`echo $line | cut -d: -f1`
        col=`echo $line | cut -d: -f2`
        head -n$row reddit-deciphered.txt | tail -n1 | head -${col}c | tail -1c
done < bookcode.txt
je@isis:~/3301/stage_2$ ./
Call us at us tele phone oumBer two one four thsee nine oi nine si  oh  ihht

Although we can easily see which phone number is being refered to, it's obvious that the output is a bit garbled. For the sake of completeness, let's look into what the cause might be. The first letter that is garbled is the "n" in number that has been turned into an "o", then the "r" in three which have been turned into an "s" and so on. The upper case "B" may have been intended though, although it seems a bit off. There is actually a lower case "b" on the same line that is used for encoding the upper case "B", but the upper case one comes first.

When looking at the line corresponding to the "n" turning into an "o" (line 26, column 65), we can see that there is actually an "n" right before the "o" at column 65 (from the name "Kynon"). Looking further down, at the line corresponding to the "r" turning into an "s" (line 48, column 43), we can see that the expected "r" is right before "s" on this line as well (from the word "daggers").

Another thing in common for these particular lines of text is that they include a period somewhere before the character that has been decoded incorrectly. If we assume that periods, which end sentences, should count as two characters instead of one when applying the book code we get this, which looks a bit neater:

je@isis:~/3301/stage_2$ perl -i -pne 's/\./. /g' reddit-deciphered.txt
je@isis:~/3301/stage_2$ ./
Call us at us tele phone numBer two one four three nine oh nine six oh eight

So, to continue the challenge we need to call the (214) 390-9608, a Texas based phone number. Whoever is behind this challenge, they have obviously put some effort into it. :)

When calling the number, one is (or rather, was, the number has now been deactivated) greeted by the following message:
"Very good. You have done well. There are three prime numbers associated with the original final.jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com to find the next step. Good luck. Goodbye."

When examining the PGP key, we already noted that it included the number 845145127 in the description, and that this is the product of 3301, 503 and 509. When looking at the metadata for the original image, we also note this:

je@isis:~/3301/stage_1$ exiftool 3301.jpg | grep 50[39]
Image Width                     : 509
Image Height                    : 503
Image Size                      : 509x503

Seems like we've solved this stage as well, now let's head to to find the next part of the challenge. :) When I first arrived at the site, it just displayed an image of a cicada and a countdown. Using OutGuess again, the following signed message could be extracted from the cicada image:

Hash: SHA1

You have done well to come this far.

Patience is a virtue.

Check back at 17:00 on Monday, 9 January 2012 UTC.

Version: GnuPG v1.4.11 (GNU/Linux)


Just like before, the message is signed using the Cicada 3301 key. The challenge so far have been a quite fun, and rather different, experience and I'm looking forward to see what comes next.

When the countdown was finished, at 17:00 UTC January 9 2012, it was replaced by strings of digits resembling GPS coordinates. Also, the image of the cicada now contained another signed text containing the same GPS coordinates as on the web page, except for two that were only on the webpage (37.577070, 126.813122 and 36.0665472222222, -94.1726416666667):

Hash: SHA1

52.216802, 21.018334
48.85057059876962, 2.406892329454422
47.664196,  -122.313301
47.637520, -122.346277
47.622993, -122.312576
37.5196666666667, 126.995
33.966808, -117.650488
29.909098706850486 -89.99312818050384
25.684702, -80.441289
21.584069, -158.104211
- -33.90281, 151.18421
Version: GnuPG v1.4.11 (GNU/Linux)


Using Google Maps ( I could search for each of these locations, and in most cases even get a street view. The locations were spread out around the world without any obvious connection (USA, Poland, France, South Korea and Australia), except for perhaps each of them being home to some talented hackers. At this point I thought it would be the end of the game for me, since I am far away from all of these locations.

I was still very curious on how the challenge would continue though, and found that there are groups of people working on this from all over the world. One of these groups had set up an IRC channel at, and managed to get people to check out the locations at the specified GPS coordinates. What they found was notes attached to lightpoles, with the cicada image and a QR code. When scanning the QR code, they got image URLs with a black and white image of a cicada and the text "everywhere" and "3301". Each image also contained a hidden image, with a signed message. Even though there were 14 locations, only two different messages were used though.

One of them had with the following text at the top of the message (full message here):

In twenty-nine volumes, knowledge was once contained.
How many lines of the code remained when the Mabinogion paused?
Go that far in from the beginning and find my first name.

The other one had this text (full message here here):

A poem of fading death, named for a king
Meant to be read only once and vanish
Alas, it could not remain unseen.

They both also included a 22 line book code. Both of them included the text "the product of the first two primes" at line 3 and 15, and one of them also included the text "the first prime" at line 8. This probably means that the characters on these positions should be replaced with the numbers described. Note that the definition of a prime number is a natural number greater than 1, with no positive divisors other than 1 and itself. This means that the first two prime numbers are two and three.

The three lines of text in each message seemed likely to be a hint to which book/text to use as the key for the included book code. By googling for some keywords in the second message (poem fading death read only once vanish), the Wikipedia entry for a 300-line poem by William Gibson is among the first hits. The poem is called Agrippa (a book of the dead) and according to Wikipedia "Its principal notoriety arose from the fact that the poem, stored on a 3.5" floppy disk, was programmed to erase itself after a single use; similarly, the pages of the artist's book were treated with photosensitive chemicals, effecting the gradual fading of the words and images from the book's first exposure to light.". This fits the description perfectly.

When googling for william gibson agrippa, the first hit is Taking this text, including line breaks, as the key for the book code results in the following:

je@isis:~/3301/stage_3$ cat

while read line; do
        if [ "$line" = "the product of the first two primes" ]; then
                echo -n 6
                row=`echo $line | cut -d: -f1`
                col=`echo $line | cut -d: -f2`
                head -n$row agrippa.txt | tail -n1 | head -${col}c | tail -1c
done < agrippa-code.txt
je@isis:~/3301/stage_3$ ./

Judging by the ".onion" at the end of the string, this is actually an anonymous hidden service in the Tor network. Unfortunately, by the time I arrived at this stage the Tor service was not available anymore. 3301 had concluded the last couple of messages with "You've shared too much to this point. We want the best, not the followers. Thus, the first few there will receive the prize.", so it was probably first come first served. The ones who were lucky enough to arrive in time (most of which did not solve much or any of this challenge themselves, since people were sharing their solutions) got to enter their e-mail addresses and were informed that they would be contacted in few days.

By this time, someone noticed that the DNS entry for had been removed. By using the IP ( it was found that the page that recently had GPS coordinates had changed yet again, to a seemingly empty page. On a closer look it turned out to consist entirely of spaces, tabs and linebreaks. Since every line contained a multiple of eight spaces/tabs, it seemed likely to be a plain binary code. This was confirmed by:

je@isis:~/3301$ wget -q -O- > 3301.html
je@isis:~/3301$ perl -pne 's/[^\s]//g;s/\t/0/g;s/ /1/g;s{([01]{8})}{chr(oct("0b$1)"))}sgex' < 3301.html

Hash: SHA1

Version: GnuPG v1.4.11 (GNU/Linux)


The message simply contains ten different 12 digit numbers. As it turns out, each of these correspond to image URLs such as:

Each of these images contains a hidden message that can be extracted with outguess, and it turns out that it's the same messages that could be extracted from the images found through QR codes on notes at the GPS-coordinates mentioned earlier. Turns out we didn't have to be at one of those locations after all. :)

Regarding the remaining code, it is very likely to refer to the same .onion site as before. Just to be sure, and not to leave out any piece of the puzzle, it would be nice to solve that one too though.

My thoughts so far are these:

"In twenty-nine volumes, knowledge was once contained" may refer to the 11th edition of Encyclopedia Britannica, which consisted of exactly 29 volumes and that is now in the public domain and available for download since it was released back in 1910-1911.

Regarding "How many lines of the code remained when the Mabinogion paused?", note that the text posted to the reddit page is from "The Lady of the Fountain", which is the first out of eleven stories from medieval Welsh manuscripts in the collection called the Mabinogion. Also note that there was a pause for about 24 hours after the 65:th encoded line of text was posted to the reddit page. After that, new encoded lines have been posted about every 6th or 7th hour.

Assuming the code will continue until "The Lady of the Fountain" is finished, we will need to figure out the total number of lines in that story. To do that, we need to find the text that 3301 uses as their source, so that line breaks are placed on the same positions. After a bit of searching around it turns out that the source that 3301 uses is from Project Gutenberg (here). Blank lines are discarded, and lines with only one word on them are being appended to the preceding line. Applying those rules to the entire text of "The Lady of the Fountain" results in a total of 833 lines. Thus, the number of lines of code that remained when the Mabinogion paused is 833

  • 65 = 768 (which also happens to be 512+256, but I guess that may be a mere coincidence after all).

Finally we have "Go that far in from the beginning and find my first name", which could mean a number of things. My guess is that we should go 768 words, sentences, word definitions, characters or pages into the 11th edition of Encyclopedia Britannica. Question is where we are supposed to go from there, since it ends with "and find my first name". By this, I assume we should only find a certain name at this particular position, and then from this name find the actual text to use as the key for the book code.

I also noticed that the code for this part only use 27 lines, with columns ranging from 1-66 and many columns being above 30-40. This rules out most poems, that usually don't have long lines. It could very well be a text straight from the Encyclopedia Britannica, however. Due to the large number of possibilities I have not looked into it much further than this, and so far I don't think anyone have come up with the solution for this particular puzzle. So, anyone up for it? :)

16 Responses

  1. image


    Contact me :)

    2012-01-14 at 11:11 \


  2. image

    The Doctor

    Im working on it….

    2012-01-16 at 21:15 \


  3. image


    I love your work.

    2012-01-19 at 10:15 \


  4. image


    I have no clue about anything, but I just came up here and I want to congratulate you on your shocking skills and intelligence. Great work, sir.

    (do not suspect, this comment is not a hint xD )

    2012-01-19 at 10:38 \


  5. image


    if there is anything i can do to help please let me know, it would be a shame not to see this through seeing how much effort you have put i

    2012-01-19 at 13:42 \


  6. image


    It´s sad that this requires Internet/Coding skills, the search for highly intelligent people should not be limited for those which have this skills, but for everyone.
    But maybe they search that kind of people, who ever “they” are.
    My guess is that they are from 4Chan,Reddit or something similar.
    Irc Channels, Coding and things set up at different places on the earth which is kind of easy if you ask the right people on the internet:
    Anyway it kind of motivates me, i will try to solve it even without greater knowlege this matter.

    2012-01-19 at 14:13 \


    • image

      Marcus Wanner

      Janus, every thing here can be done by hand (aside from the PGP verification and outguess). Je’s use of UNIX utilities to solve this is a convenience, not a necessity. The same can be done with almost any file; manipulating text in a shell is one of the most fun and easy ways to do so.

      Now I will concede that later in the puzzle, things do get more technical. To the point at which this narrative terminates, however, there is little need of the skills you mention.

      2012-01-25 at 00:09 \


  7. image


    “Thus, the number of lines of code that remained when the Mabinogion paused is 833 – 65 = 768″

    Don’t know if it’s important, but the first edition of Encyclopedia Britannica was published in 1768. So maybe we shouldn’t be looking at 11th edition, but first. The question – where to find it? :D
    I just found out about this today, so I still haven’t worked anything up.

    2012-01-24 at 04:30 \


  8. image


    In the preface of the first edition, in the place of 768th word is a sign for repetition, since the essay was written by the same author as the previous one. The name of the author is Charles Alston. Don’t know if I’m helping or spamming, tho.

    2012-01-24 at 04:57 \


  9. image


    Will you update this post if you find out more about this? Who do you think are “they”?

    2012-01-25 at 00:49 \


  10. image


    Do you know anything about what happened from the point the e-mails have been sent on? The few people who got to the Tor site on time and submitted their addresses got an RSA encrypted message to decrypt. After that, I read there was a midi file with a hidden message to report back. What about after that? People suddenly got so secretive about sharing info. It’s like it’s really serious business. What the hell?

    2012-01-25 at 05:08 \


  11. image


    It is likely a government or Anonymous recruiting…. personally i would let go.

    [WORDPRESS HASHCASH] The poster sent us ’0 which is not a hashcash value.

    2012-01-30 at 14:29 \


  12. image


    You havnt heard anything more because the people who reported receiving those emails have dropped out of view/do not want to participate.

    It’s pretty suspicious of you ask me, there was one guy who was posting non stop about his progress, received the said email, and was never heard from again.

    It’s been speculated that it’s a hiring process for a highly funded hacker program that plans to permanent destroy Facebook…..they must have been paid a lot If they kept their mouths shut

    2012-02-01 at 14:30 \


  13. image


    Any update on this? What about the midi file?
    I was able to place my email on the 2nd TOR site after the first one was shut down…i never received an email tho :(

    2012-02-06 at 16:18 \


  14. image


    To those who have followed this game as I have from the beginning, I just wanted to take a moment and let you know that the “game” is over. Those who have made it in the end have received their final emails, which are confidential (however, if you search pastebin, you might just find some people who like to break the rules).

    As one of the players in this game, this has been an exciting experience. Now on to other things…

    2012-02-07 at 22:11 \


  15. image


    Is there anyone who can post a link to proof or speculation of where this originated?

    2012-02-22 at 03:55 \


Bibliotheca Anonoma

Note: This wiki has moved to a new website. Please update your links.


Check the Workroom for content we're still reviewing.





Website Archives


Clone this wiki locally
You can’t perform that action at this time.