INTERESTING CODING HINTS LEFT BY DEVELOPERS OF A VIDEOGAME

in code •  8 years ago 

 On July 12, 2016, a video for the new Overwatch hero named Ana was released. By pausing the video at the 1:16 time mark, a bunch of hexadecimal numbers were discovered:

2E 2E 2E 7B 76 20 66 62 72 20 63 7E 72 79 72 20 7B 76 20 7E

79 71 78 65 7A 76 74 7E D4 A4 79 2C 20 63 7E 72 79 72 20 72

7B 20 67 78 73 72 65 2E 2E 2E 7B 76 20 66 62 72 20 63 7E 72

79 72 20 7B 76 20 7E 79 71 78 65 7A 76 74 7E D4 A4 79 2C 20

63 7E 72 79 72 20 72 7B 20 67 78 73 72 65 2E 2E 2E 7B 76 20

66 62 72 20 63 7E 72 79 72 20 7B 76 20 7E 79 71 78 65 7A 76

74 7E D4 A4 79 2C 20 63 7E 72 79 72 20 72 7B 20 67 78 73 72

65 2E 2E 2E 7B 76 20 66 62 72 20 63 7E 72 79 72 20 7B 76 20

7E 79 71 78 65 7A 76 74 7E D4 A4 79 2C 20 63 7E 72 79 72 20

72 7B 20 67 78 73 72 65 2E 2E 2E 64 78 7A 75

A simple Hex to ASCII translation gave us

...{v fbr c~ryr {v ~yqxezvt~Ô¤y, c~ryr r{ gxsre...{v fbr c~ryr {v ~yqxezvt~Ô¤y, c~ryr r{ gxsre...{v fbr c~ryr {v ~yqxezvt~Ô¤y, c~ryr r{ gxsre...{v fbr       

c~ryr {v ~yqxezvt~Ô¤y, c~ryr r{ gxsre...dxzu

Using an XOR Cipher with the constant 23 on the above text, we got

..la que tiene la información; tiene el poder...la que tiene la información; tiene el poder...la que tiene la información; tiene el poder...la que tiene la  

información; tiene el poder...somb

The Spanish translates to

She who has the information, has the power...

A second frame of hexadecimal numbers was discovered at the 2:11 time mark of the video:

65 76 2E 2E 2E 7B 76 20 66 62 72 20 63 7E 72 79 72 20 7B 76

20 7E 79 71 78 65 7A 76 74 7E D4 A4 79 2C 20 63 7E 72 79 72

20 72 7B 20 67 78 73 72 65 2E 2E 2E 7B 76 20 66 62 72 20 63

7E 72 79 72 20 7B 76 20 7E 79 71 78 65 7A 76 74 7E D4 A4 79

2C 20 63 7E 72 79 72 20 72 7B 20 67 78 73 72 65 2E 2E 2E 7B

76 20 66 62 72 20 63 7E 72 79 72 20 7B 76 20 7E 79 71 78 65

7A 76 74 7E D4 A4 79 2C 20 63 7E 72 79 72 20 72 7B 20 67 78

73 72 65 2E 2E 2E 7B 76 20 66 62 72 20 63 7E 72 79 72 20 7B

76 20 7E 79 71 78 65 7A 76 74 7E D4 A4 79 2C 20 63 7E 72 79

72 20 72 7B 20 67 78 73 72 65 2E 2E 2E

When put through the same process, the same string of Spanish was revealed, but with the letters ra at the start. These letters were combined with somb from the other cipher to create sombra, the name of an unreleased hero that has been hinted at by Blizzard in the past. This led us to believe that this ARG was related to Sombra. The ARG was named accordingly.

Dev Update Video

The vertical barcodes found at the end of the Ana Dev Update videoAt the end of this video, a series of vertical barcodes were discovered. The barcodes were found to be binary, a dump of which is available here, credit of redditor /u/zapu.Discord user Crauss turned the ones and zeroes into black and white pixels, which formed a QR code:Scanning this QR code yielded the following message:

"¿Estuvo eso facilito? Ahora que tengo su atención, déjenme se las pongo más difícil." 

And translated from Sombra's native language of Spanish into English:

Was that easy? Well, now that I have your attention, allow me to make things much more difficult.

Welcome to the Summer Games Video

The base64 cipher in the Summer Games videoOn August 2, another cipher was discovered in this video - this time, the ciphertext was in base64:

U2FsdGVkX1+vupppZksvRf5pq5g5XjFRIipRkwB0K1Y96Qsv2L

m+31cmzaAILwytX/z66ZVWEQM/ccf1g+9m5Ubu1+sit+A9cenD

xxqkIaxbm4cMeh2oKhqIHhdaBKOi6XX2XDWpa6+P5o9MQw==

Using a tool to decode the Base64 results in the following output:

Salted__���ifK/E�i��9^1Q�*Q�t+V=�

                               /ع��W/

                                     �_����V��?q����f�F���"��=q�������[��

                                                                         z��*����Z����u�\5�k�C

(Note: copy/pasting this string will not work; some of the characters will not paste properly)

Decrypting the Encryption

The "Salted__" header at the start of the string indicates that the remainder of the text is encoded in an OpenSSL cipher, which requires a key and a known cipher. Salts are added to encrypted data to ensure uniqueness.Since we know the salt, and we know the input data, all we need to decrypt is the password and cipher method. Since OpenSSL has been around for ages, there are many different cipher methods.A Cipher is a mathematical algorithm to convert data into unreadable binary data.A Password is key to the box, if you know it you can easily decrypt the data.

Narrowing Down Ciphers

Hex view of the encrypted stringThe Cipher used has been narrowed down by looking at a Hex Dump of the encrypted string. There are two major types of ciphers, stream ciphers and block ciphers. Stream ciphers encrypt only the data fed into them, whereas block ciphers will always be a set chunk length.A byte is roughly a single character, but special characters can take up multiple bytes. We know that OpenSSL Salted Encryption uses the first 8 bytes of the output for Salted__ and the next 8 bytes for the actual salt. The rest of the information is the encrypted message.The immediately interesting thing here is that the encrypted message data stops 3 bytes short of a full chunk. This is a excellent indicator that the cipher used is a stream cipher (or a block cipher in CTR/OFB/CFB mode). This narrows our cipher list down significantly. This also means that the final string that Blizzard encrypted is less than 93 bytes!At the time of writing, this cipher remains unsolved; it's speculated that Blizzard moved us past the cipher by giving us hints.

Directions & Letters

There are references to directions that are present in the North American version of the video. These references are conspicuously absent from other versions of the trailer. These references are shown below, with the relevant heroes and timestamps:

Directions

  • East - Mercy - Route 66 - 0:17
  • Center - D. Va - Temple of Anubis - 0:19
  • North - Torbjorn - Nepal - 0:21
  • South - Genji - Hanamura - 0:22
  • Southeast - McCree - Hollywood - 0:24
  • West - Symmetra - Watchpoint: Gibraltar - 0:30
  • Southwest - Bastion - Hollywood - 0:34
  • Northeast - Winston - Volskaya Industries - 0:46
  • Northwest - Tracer - King's Row - 0:47

Album of full screencapsHere are the screencaps, arranged according to their directions.

Dorado Photo

On the Overwatch media page, a new photo of the attacking spawn in Dorado was added. This photo was "datamoshed", which means it concealed a hidden message while also taking on a distorted appearance. (Here is an example of purposely data moshing the image manually to achieve similar effects)

  • The datamoshed image
  • The original image

After comparing the images via difference checking tools, it was found that certain English and Spanish characters were replaced with exclamation points, producing a Spanish sentence out of the replaced characters.

"Por que estan mirando al cielo? La respuesta no esta sobre sus cabezas, esta detras de ustedes. A veces, necesitan analizar sus logros previos."

Translated into English, this phrase is

"Why are you looking at the sky? The answer isn't over your heads, it's behind you. Sometimes, you need to analyze your previous achievements."

The phrase "Why are you looking at the sky?" is most likely a reference to a strange artifact that was discovered in the sky of the Dorado map, but various processes of decryption were fruitless.

Analyzing Achievements

"¿" Achievement, comment in source codeThe phrase "you need to analyze your previous achievements" led us to look at the achievements on the Play Overwatch Website. We noticed that if you logged in and viewed the achievements on your player profile, a mystery achievement appeared. Viewing the source code of the image lead us to a new phrase:

Vientos, nada mal. No obstante, me aburro. Intentemos algo nuevo en la misma dirección.

uczihriwgsxorxwunaarawryqhbrsfmeqrjjmu 5552E494 78T3 4VM9 OPL6 IS8208O913KRlrx

Translated, it says:

Damn, not bad. However, I'm getting bored. Let's try something new in the same direction.

uczihriwgsxorxwunaarawryqhbrsfmeqrjjmu 5552E494 78T3 4VM9 OPL6 IS8208O913KRlrx

Volskaya Datamosh

The following instructions explain the process of how the ASCII Skull and "little games" quote were found:1. Take the following section of code from the "?" achievement hint above.

uczihriwgsxorxwunaarawryqhbrsfmeqrjjmu 5552E494 78T3 4VM9 OPL6 IS8208O913KRlrx

2. Run it through a Vigenére Cipher3. Use heroes in the order of their positions on the compass (further above) to get hero names for the passphrase:

tracertorbjornwinstonsymmetradvamercybastiongenjimccree

4. The code received will result in the following url which, when formatted in to a proper URL, becomes the following picture:

blzgdapiproaakamaihdnetmediascreenshot 5552E494 78B3 4CE9 ACF6 EF8208F913CFjpg

blzgdapipro-a.akamaihd.net/media/screenshot/5552E494-78B3-4CE9-ACF6-EF8208F913CF.jpg

  • The datamoshed image
  • The original image

The distortion on this picture indicates that it, too, is "datamoshed", and that it conceals hidden information. A difference check between the new and original image resulted in an interesting message.

ASCII Skull #1

The diff from the datamosh resulted in the following output:

Parece que te gustan estos jueguitos... por que no jugamos uno de verdad?

                         :PB@Bk:

                     ,jB@@B@B@B@BBL.

                  7G@B@B@BMMMMMB@B@B@Nr

              :kB@B@@@MMOMOMOMOMMMM@B@B@B1,

          :5@B@B@B@BBMMOMOMOMOMOMOMM@@@B@B@BBu.

       70@@@B@B@B@BXBBOMOMOMOMOMOMMBMPB@B@B@B@B@Nr

     G@@@BJ iB@B@@  OBMOMOMOMOMOMOM@2  B@B@B. EB@B@S

     @@BM@GJBU.  iSuB@OMOMOMOMOMOMM@OU1:  .kBLM@M@B@

     B@MMB@B       7@BBMMOMOMOMOMOBB@:       B@BMM@B

     @@@B@B         7@@@MMOMOMOMM@B@:         @@B@B@

     @@OLB.          BNB@MMOMOMM@BEB          rBjM@B

     @@  @           M  OBOMOMM@q  M          .@  @@

     @@OvB           B:u@MMOMOMMBJiB          .BvM@B

     @B@B@J         0@B@MMOMOMOMB@B@u         q@@@B@

     B@MBB@v       G@@BMMMMMMMMMMMBB@5       F@BMM@B

     @BBM@BPNi   LMEB@OMMMM@B@MMOMM@BZM7   rEqB@MBB@

     B@@@BM  B@B@B  qBMOMB@B@B@BMOMBL  B@B@B  @B@B@M

      J@@@@PB@B@B@B7G@OMBB.   ,@MMM@qLB@B@@@BqB@BBv

         iGB@,i0@M@B@MMO@E  :  M@OMM@@@B@Pii@@N:

            .   B@M@B@MMM@B@B@B@MMM@@@M@B

                @[email protected]@MBB@B@B@@BM@::B@B@

                B@@@ .B@B.:@B@ :B@B  @B@O

                  :0 r@B@  B@@ .@B@: P:

                      vMB :@B@ :BO7

                          ,B@B

Translation:

"It seems you like these little games... Why don't we play a real one?"

This is the python2 script to extract modified bytes from datamoshed volskaya screenshot, https://gist.github.com/synap5e/27635d2ff6f0e3b15f0c902dca2974a9The ASCII image of the skull seemed to be a dead end, however, as no further progress was made until August 23rd.

Overwatch Forums Glitching Page/ "Skycoder"

A Discord user named 'Majesty' was tipped towards an ominous topic on the official Overwatch forums, posted by a user named 'Skycoder.'The name of the topic, if translated from binary, says "23"; a reference to Sombra, who is the 23rd character in Overwatch. The time posted on the forums was set at 23h and has since been counting down rather than increasing; it seems to be a countdown to something.This topic's page soon begins to glitch and distort, turning a hue of purple before opening a text box stating:

"la que tiene la información; tiene el poder"

and typing another code:

ICAgICAgICAgICAgICAgICAgICAgICAgICA6UEKPQms6CiAgICAgICAg

ICAgICAgICAgICAgICAsakKIQEJAQkBCQEJCTC4KICAgICAgICAgICAg

ICAgICAgIDdHlkKTQpVCTU1NTU1CQEJAQkBOcgogICAgICAgICAgICAg

ICA6a0KSQpCIl01NT01PTU9NT01NTU2MQphCQEIxLAogICAgICAgICAg

IDo1kUKNQphCiEJCTU1PTU9NT01PTU9NT01NipJuQm5CQEJCdS4KICAg

ICAgICA3MG6GlUKIQpJClEJYQkJPTU9NT01PTU9NT01NQk1QQphCiEJA

QkBCQE5yCiAgICAgIEeYlpdCSiBpQohCh4ggIE9CTU9NT01PTU9NT01P

TZYyICBCj0JAQi4gRUJAQkBTCiAgICAgIJKWQk2HR0pCVS4gIGlTdUKI

T01PTU9NT01PTU9NTZdPVTE6ICAua0JMTYhNhkKXCiAgICAgIEKMTU1C

mUIgICAgICAgN4hCQk1NT01PTU9NT01PQkKWOiAgICAgICBCh0JNTYhC

CiAgICAgII2YiEKKQiAgICAgICAgIDeSlkBNTU9NT01PTU1AQkA6ICAg

ICAgICAgQEBCQEJACiAgICAgII+ST0xCLiAgICAgICAgICBCTkKPTU1P

TU9NTY9CRUIgICAgICAgICAgckJqTYRCCiAgICAgIJBAICBAICAgICAg

ICAgICBNICBPQk9NT01NQHEgIE0gICAgICAgICAgLkAgIEBACiAgICAg

IISVT3ZCICAgICAgICAgICBCOnWMTU1PTU9NTUJKaUIgICAgICAgICAg

LkJ2TUBCCiAgICAgIIRCkUKYSiAgICAgICAgIDCRQpdNTU9NT01PTUKV

QkB1ICAgICAgICAgcUBAQEJACiAgICAgIEKETUJCjHYgICAgICAgR4+L

Qk1NTU1NTU1NTU1NQkKINSAgICAgICBGhEJNTUBCCiAgICAgIIdCQk1/

QlBOaSAgIExNRUKFT01NTU2PQoNNTU9NTYpCWk03ICAgckVxQodNQkKE

CiAgICAgIEKYloRCTSAgQm1ChEIgIHFCTU9NQpBChUKEQk1PTUJMICBC

QEJAQiAgQEJAQkBNCiAgICAgICBKlm2GhFBCj0KEQplCN0eIT01CQi4g

ICAsQE1NTUBxTEJAQkBAQEJxQkBCQnYKICAgICAgICAgIGlHQpUsaTCE

TZZCbk1NT4tFICA6ICBNQE9NTUBAQEJAUGlpQEBOOgogICAgICAgICAg

ICAgLiAgIEKXTZBCj01NTUBCQEJAQkBNTU1AQEBNQEIKICAgICAgICAg

ICAgICAgICBAQkBCLmlATUJCQEJAQkBAQk1AOjpCQEJACiAgICAgICAg

ICAgICAgICAgQkBAQCAuQkBCLjpAQkAgOkJAQiAgQEJATwogICAgICAg

ICAgICAgICAgICAgOjAgckBCQCAgQkBAIC5AQkA6IFA6CiAgICAgICAg

ICAgICAgICAgICAgICAgdk1CIDpAQkAgOkJPNwogICAgICAgICAgICAg

ICAgICAgICAgICAgICAsQkBCCg==

ASCII Skull #2

The code was recognized to be Base64, which was then translated to a new ASCII image:

                         :PB.Bk:                          

                     ,jBˆ@B@B@B@BBL.                      

                  7G–B“B•BMMMMMB@B@B@Nr                   

              :kB’B.ˆ—MMOMOMOMOMMMMŒB˜B@B1,               

          :5‘B.B˜BˆBBMMOMOMOMOMOMOMMŠ’nBnB@BBu.           

       70n†•BˆB’B”BXBBOMOMOMOMOMOMMBMPB˜BˆB@B@B@Nr        

     G˜–—BJ iBˆB‡ˆ  OBMOMOMOMOMOMOM–2  B.B@B. EB@B@S      

     ’–BM‡GJBU.  iSuBˆOMOMOMOMOMOMM—OU1:  .kBLMˆM†B—      

     BŒMMB™B       7ˆBBMMOMOMOMOMOBB–:       B‡BMMˆB      

     .˜ˆBŠB         7’–@MMOMOMOMM@B@:         @@B@B@      

     .’OLB.          BNB.MMOMOMM.BEB          rBjM„B      

     .@  @           M  OBOMOMM@q  M          .@  @@      

     „•OvB           B:uŒMMOMOMMBJiB          .BvM@B      

     „B‘B˜J         0‘B—MMOMOMOMB•B@u         q@@@B@      

     B„MBBŒv       G.‹BMMMMMMMMMMMBBˆ5       F„BMM@B      

     ‡BBM.BPNi   LMEB…OMMMM.BƒMMOMMŠBZM7   rEqB‡MBB„      

     B˜–„BM  BmB„B  qBMOMB.B…B„BMOMBL  B@B@B  @B@B@M      

      J–m†„PB.B„B™B7GˆOMBB.   ,@MMM@qLB@B@@@BqB@BBv       

         iGB•,i0„M–BnMMO‹E  :  M@OMM@@@B@Pii@@N:          

            .   B—M.B.MMM@B@B@B@MMM@@@M@B                 

                @[email protected]@MBB@B@B@@BM@::B@B@                 

                B@@@ .B@B.:@B@ :B@B  @B@O                 

                  :0 r@B@  B@@ .@B@: P:                   

                      vMB :@B@ :BO7                       

                          ,B@B                            

After some cleanup, taking the difference between ASCII skulls #1 and #2 yielded these hex characters:

8F 88 96 93 95 92 90 88 97 8C 98 91 8D 98 88 8A

92 6E 6E 6E 86 95 88 92 94 98 88 98 96 97 88 87

88 96 8F 92 96 87 88 97 88 86 97 8C 99 88 96 87

88 8D 98 88 8A 92 96 8F 92 8F 8F 84 90 84 95 8C

84 91 98 91 97 95 84 8C 8F 8B 88 84 87 7F 85 8F

83 8A 87 84 98 96 84 6D 84 90 85 84 96 6D 86 84

8F 84 99 88 95 84 96 6E 8B 97 90 8F

By subtracting from each character (67 for ASCII, 64 for Symbols, Z loops from 0x40), we got:

piwtvsqixmyrnyiksgvisuyiywxihiwpswhixigxmziwhinyikswpsppeqevmeryrxvempliehfpdkheyweeqfewgepezivewlxqp

When running a Caesar Cipher and shifting by 22, the resulting string was:

lesprometiunjuegocreoqueustedeslosdetectivesdejuegoslollamarianuntrailheadblzgdausaambascalaverashtml

This translates to:

Les prometi un juego...creo que ustedes los Detectives de Juegos lo llamarían un trailhead? BLZGDUSA-AMBAS-CALAVERAS.HTML

I promised you a game...I believe you Game Detectives would call it a trailhead? BLZGDAUSA-AMBAS-CALAVERAS.HTML

"USA-AMBAS-CALAVERAS" translates to "USE-BOTH-SKULLS".With that said, you may also notice "BLZGDAUSA-AMBAS-CALVERAS.HTML" is familiar looking. It was assumed there is a page on their CDN that contained more information, in the Skull Video section, you can see that it was true.

Skull Video

BLZGDA is Blizzard's server for hosting media, using full URL we get:

https://blzgdapipro-a.akamaihd.net/media/screenshot/usa-ambas-calaveras.html

This link leads to a video which clearly shows an image of a skull, along with a dossier of info:In the video properties you can find:

Parecen estar muy interesados en estos "héroes". ¿Tal vez les interese conocer algunos detallitos que he averiguado sobre ellos?

You seem to be very interested in these "heroes". Maybe interested to know some details that I found out about them?

There is also a heartbeat monitor in the video - by looking at which lines it "pings" on, and by assigning letters to these lines, we get:

momentincrime

amomentincrime E-mail

'momentincrime' appeared to refer to the Roadhog and Junkrat video A Moment in Crime, which came out months before the release of Overwatch. A site: amomentincrime.com was also found, where you can find information about configuration made to automatic mail response:

...Estableciendo conexión...

...Protocolo Sombra v1.3 iniciado...



...Infiltrando la respuesta automática del email de pistas...



...Terminando conexión...

Majesty and Crauss immediately discovered that sending an e-mail to [email protected] resulted in an automated response via email:

Thank you for contacting A Moment in Crime's anonymous crime line!



We have analyzed your submission and forwarded the information to the relevant parties. Your help could be vital in apprehending these cri



...Estableciendo conexión...

...Protocolo Sombra v1.7 iniciado...





01:07:47 02:02:02 01:08:06 02:13:43 01:18:32

01:18:21 02:10:19 01:06:21 02:05:18 01:04:02

01:07:08 02:18:25 01:13:04 02:19:20 01:23:02

01:16:40 02:16:35 01:23:04 02:17:16 01:06:42

01:13:29 02:18:06 01:05:02 02:15:41 01:08:34



j.7F57O,NLv:qj.7B:,1qv@B1j5ivB:,



...Terminando conexión...



minals and bringing them to justice. These fugitives are responsible for a string of robberies, arson, and other crimes stretching from Sydney to  King's Row.



Authorities believe that they have set their sights on crossing the Atlantic to America.

If the timestamp-looking numbers are taken as AA:BB:CC, where AA is the number of skull, BB is the row and CC is the column (as illustrated here), the 5x5 table would look like this:

S j G B L 

. @ M O k

i , v : 0

E 7 r q N

J P 5 F 1

(although, note that these symbols are the same in both skulls).If this is used as the key for the Bifid cipher for the string below the table:

j  .  7  F  5  7  O  ,  N  L  v  :  q  j  .  7  B  :  ,  1  q  v  @  B  1  j  5  i  v  B  :  ,

12 21 42 54 53 42 24 32 45 15 33 34 44 12 21 43 14 34 32 55 44 33 22 14 55 12 53 31 33 14 34 32



1 2 2 1 4 2 5 4 5 3 4 2 2 4 3 2 4 5 1 5 3 3 3 4 4 4 1 2 2 1 4 2

1 4 3 4 3 2 5 5 4 4 3 3 2 2 1 4 5 5 1 2 5 3 3 1 3 3 1 4 3 4 3 2



11 24 23 14 43 22 55 45 54 34 43 23 22 42 31 24 45 55 11 52 35 33 33 41 43 43 11 24 23 14 43 22

SOMBr@1NF:rM@7iON1SP0vvErrSOMBr@

This phrase is leet-speak, when translated, it becomes

Sombra Information is power Sombra

Meanwhile, the countdown on the Blizzard forum post approached zero... 


source for all of this is here: http://wiki.gamedetectives.net/index.php?title=Sombra_ARG

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @recurvez! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!