Cicada-3301 Vol.1 TryHackMe Writeup

From TryHackMe Cicada-3301 vol:1

Cicada-3301 Vol.1

I had two files to solve this challenge, an .wav audio file and a .jpg picture.
The indications were “Use Sonic Visualizer to analyze the audio”. But using an online spectrum analyzer is easier for me.
So I used decode’s spectrum analyzer but… it uses a logarithmic frequency scaling.
So, I decided to use Audacity, because no one of the tools on the internet worked (Yes, Sonic Visualizer vas recomended, I know…).

Cicada-3301 QR Code

(Audacity->Sprectrogram->linear->adaptative zoom)

A Pastebin

I played a little bit with the zoom and spectrogram settings and then I could scan it with my phone, and get this link :
https://pastebin.com/wphxxxxx

This paste contains a passphrase and a key:

Passphrase: SG01Ul8K——–2
Key: Q2ljYWRh

The first thing I tried was decode it from base64, and I was right. Now I have this :

Passphrase: Hm5R_4_——–!
Key: Cicada

But I have to decode that passphrase, with that key (that’s what I thought… ).
I tried a lot of Vigenere cipher decode tools online, but I had nothing interesting.
And… why not encode the passphrase with the key ? Indeed, that’s what I had to do.
Now I have the “final passphrase” :

Ju5T_4_——–!

Now it’s time to work with that picture I had at the beginning.
Cicada-3301 Message

It will be easier, I thought…

First of all, check the exif data.
Nothing.
Then I opened it with Notepad++ and I saw that the picture has a strange ending, so I tried to extract something from it with steghide, and why not use that passphrase from the audio file ?

Cicada-3301 Steghide

The invitation

Allright, now I have a text file, it is an Invitation !

Cicada-3301 Invitation

With another link insite, it was a link to a picture on imgur.

After download, I did the same checks as before. But this time I don’t have any passphrase anymore. I searched the tool used in the original cicada challenge as mentionned in the Hint (outguess).

As output I have another text file now.

The hash was easy to crack, and it gave me a pastebin link to a text from an Egyptian book.

Cicada-3301 Hash

And now it’s interesting, I never saw that before.

We can see an “I”, for “Chapter I”, and then two other numbers.
This one was particularly complicated for me. I knew how to solve it, but I didnt know if the line numbers are part of the text or not, and same for special characters for example.

Book cipher

Cicada-3301 Book Cipher

Finally, after the 5 first letters I found the pattern and I was able to solve it easily.
The final link redirects to a very nice SoundCloud music.

This challenge was easy, but it is one of my favorite.