Overview: Venona's 2012 ACTIVITIES

Discuss Geocaching and related topics here.

Overview: Venona's 2012 ACTIVITIES

Postby niraD » Wed Dec 28, 2011 11:49 pm

Welcome to the overview thread for Venona's 2012 ACTIVITIES. Before replying to this thread, please read the section ("This Overview Thread") at the end of this post.

Who is Venona? What are ACTIVITIES?
The dastardly Venona claims to be just an "average, everyday embassy employee", but we believe that he is a former Soviet KGB agent with a special interest in the GBA. Since 2002, Venona has led us on an annual multi-stage adventure, with ciphers, photo interpretation, musical clues, mathematical contortions, night hikes, red herrings, and just about anything else he can think of. Each year's ACTIVITIES last several weeks, and culminate in an event where Venona presents us one final challenge.

Here are some forum threads from past ACTIVITIES. Note that the main threads from 2009 and earlier are extremely long, with hundreds of replies.
Overview: Venona's 2011 ACTIVITIES
Venona Activities 2009 (and Venona 2009 for Dummies)
Venona 2008 (and Venona educational side thread)

See also Venona Redux at The Youd Zone.

On December 28, 2011, Venona advised us to prepare for the 2012 ACTIVITIES. I will update the following list of forum threads as this year's ACTIVITIES progress:
IS WELCOME ACTIVITIES 2012, Venona's Commentary
ACTIVITY 1: Solution Summary, Full Discussion, Contributor's Commentary, Cache: O VENONA
ACTIVITY 2: Solution Summary, Full Discussion, Contributor's Commentary, Cache: IS CURIOUS SERIES EVENTS
ACTIVITY 3: Solution Summary, Full Discussion, Contributor's Commentary, Cache: LETTING SNOW
ACTIVITY 4: Solution Summary, Full Discussion, Contributor's Commentary, Cache: OILER
ACTIVITY 5: Solution Summary, Full Discussion, Contributor's Commentary, Cache: IS WORK HARD MONEY
ACTIVITY 6: Solution Summary, Full Discussion, Contributor's Commentary, Cache: IS KEY LEARNING
ACTIVITY 7: Solution Summary, Full Discussion, Contributor's Commentary, Cache: IN SOVIET RUSSIA, GAMES PLAY YOU
ACTIVITY 8: Solution Summary, Full Discussion, Contributor's Commentary, Cache: FUGU-32
ACTIVITY 9: Solution Summary, Full Discussion, Contributor's Commentary, Cache: ANTHEM
ACTIVITY 10: Solution Summary, Full Discussion, Contributor's Commentary, Cache: GARMINOLOGY
ACTIVITY 11: Solution Summary, Full Discussion, Contributor's Commentary, Cache: I YEARN TO BE FREE
ACTIVITY 12: Solution Summary, Full Discussion, Contributor's Commentary, Cache: ACTIVITY CAPITALISM
ACTIVITY 13: Solution Summary, Full Discussion, Contributor's Commentary, Cache: TOPPINGS
ACTIVITY 14: Solution Summary, Full Discussion, Contributor's Commentary, Cache: ON MARK, GETTING SET, GRO!
ACTIVITY 15: Solution Summary, Full Discussion, Contributor's Commentary, Cache: YA NE GOVO'RYU PO RUSSKI
ACTIVITY 16: Solution Summary, Full Discussion, Contributor's Commentary, Cache: IS DUTY CALLING
ACTIVITY 17: Solution Summary, Full Discussion, Contributor's Commentary, Cache: INVICTUS, GO!
ACTIVITY 18: Solution Summary, Full Discussion, Contributor's Commentary, Cache: ONE LAP
ACTIVITY 19: Solution Summary, Full Discussion, Contributor's Commentary, Cache: VOID FREEDOM NULL
ACTIVITY 20: Solution Summary, Full Discussion, Contributor's Commentary, Cache: DEMOCRACY NEEDING SOCIALISM
ACTIVITY 21: Solution Summary, Full Discussion, Contributor's Commentary, Cache: LEGACY
ACTIVITY 22: Solution Summary, Full Discussion, Contributor's Commentary, Cache: GOLDEN CODE OF VENONA
Banner Recovery: Solution Summary, Full Discussion, Contributor's Commentary, Cache: is banner hostage
Order of Venona 2012
Venona 2012 ? Guess the Puzzle Creator
Venona 2012 bookmark list, published by Sadge!
Venona 2012 Codes
Venona 2012 - USB Deconstruction
Proposal for the date of Venona Final Activity 2012
Final Event: Solution Summary, Full Discussion, Contributor's Commentary, Cache: FINAL ACTIVITY EVENT 2012

This Overview Thread
This overview thread is intended to serve as an index and summary of this year's ACTIVITIES. As an index, it will include an easily searchable list of links to other information. As a summary, it will serve the purpose filled by past "educational" and "for Dummies" threads.

Please do not post detailed discussions of any ACTIVITY to this thread. Please do not post side comments or other chatter to this thread.

Instead, when a new ACTIVITY starts, create a separate thread titled "Venona's 2012 ACTIVITY n - cache name" (where n is 1, 2, 3, etc., and where cache name is the name of the mystery/puzzle cache for that activity) and post a short message here with a link to the new thread. All discussion of the ACTIVITY should take place in that thread. Finally, when an ACTIVITY has concluded, post a message here summarizing that ACTIVITY. Please target your summary to those who are interested in following this year's ACTIVITIES, but who are unable to follow (for either lack of time or lack of technical background) the detailed discussion in the separate threads. However, per Venona's request[1][2], do not include the solution coordinates in your summary. (He wants those who follow in our footsteps to read the discussion threads, rather than simply scraping all the solutions from a single overview/solutions thread.)

Thank you.
Last edited by niraD on Sun Aug 17, 2014 2:07 pm, edited 56 times in total.
niraD | Darin McGrew
Like puzzle caches? Try gimmick car rallyes!
Posts: 1600
Joined: Wed Jan 25, 2006 5:17 pm
Location: Mountain View, CA
Geocaching.com User Name: niraD

Postby niraD » Sun Jan 01, 2012 11:41 am

Venona posted a welcome message on January 1, so we could start the new year with ACTIVITIES!

The ACTIVITY 1 discussion thread is here:

The structure of this year's ACTIVITIES is different from past years. For one thing, Venona told us in advance that there will be 22 ACTIVITIES this year. Each ACTIVITY corresponds to a mystery/puzzle geocache published at Geocaching.com (unlike past years, when only a few ACTIVITIES involved published geocaches). Team Yofa posted this map of the V-shaped configuration of mystery/puzzle caches in the middle of the SF Bay:

For another thing, GBA members who received the Order of Venona in the past were invited to create this year's ACTIVITIES. Venona also invited us to create our own side game of guessing which GBA member created each ACTIVITY.

We still need to solve the ACTIVITIES in order, because the code in each geocache is required to solve the next ACTIVITY. We are still expected to work together online to solve the ACTIVITIES. However, Venona later clarified[1][2] that while we can post solutions online as part of the discussion threads, we should not copy all of those solutions into a single "puzzle solutions" thread.

To earn the Order of Venona 2012, one must make a substantial contribution to solving an ACTIVITY or help retrieve the code from an ACTIVITY solved by others. Group retrievals of codes is encouraged. Venona will penalize those who solve too many ACTIVITIES alone, or who solve an ACTIVITY and then FTF the corresponding cache.

To allow more GBA members to participate in each code retrieval, thelins suggested that we not schedule the clue retrieval for the same day as the ACTIVITY is solved. This suggestion met with unanimous support. Therefore, we will schedule clue retrievals no earlier than the day after the solution is posted to the ACTIVITY''s discussion thread.
Last edited by niraD on Mon Jan 02, 2012 10:46 am, edited 4 times in total.
niraD | Darin McGrew
Like puzzle caches? Try gimmick car rallyes!
Posts: 1600
Joined: Wed Jan 25, 2006 5:17 pm
Location: Mountain View, CA
Geocaching.com User Name: niraD

Re: Overview: Venona's 2012 ACTIVITIES

Postby Team Yofa » Sun Jan 01, 2012 3:23 pm

niraD wrote:See also Venona Redux at The Youd Zone.

Now up to date.
Team Yofa
Posts: 169
Joined: Thu Mar 01, 2007 10:59 pm
Geocaching.com User Name: Team Yofa


Postby niraD » Mon Jan 02, 2012 1:09 am

The ACTIVITY 2 discussion thread is here:

The ACTIVITY 3 discussion thread is here:

Does anyone want to post a summary of ACTIVITY 1 or ACTIVITY 2 to this overview thread?
niraD | Darin McGrew
Like puzzle caches? Try gimmick car rallyes!
Posts: 1600
Joined: Wed Jan 25, 2006 5:17 pm
Location: Mountain View, CA
Geocaching.com User Name: niraD

Postby GraffnTrix » Mon Jan 02, 2012 2:28 am

Just a small suggestion: Maybe the people who made the puzzles should write up their respective puzzle summary. In which case we have to wait a little bit for Venona to announce who made what.
Posts: 443
Joined: Tue Oct 12, 2010 3:28 pm
Location: Palo Alto
Geocaching.com User Name: GraffnTrix

Postby jimbexleyspeed » Mon Jan 02, 2012 9:47 am

GraffnTrix wrote:Just a small suggestion: Maybe the people who made the puzzles should write up their respective puzzle summary.

I would actually prefer to read the summaries from the solvers' perspectives. What the thought process was, what triggered that "aha" moment, that sort of thing. I think that would be much more interesting than just "this is how it works".
Posts: 841
Joined: Tue Feb 13, 2007 8:31 pm
Location: Foster City, CA
Geocaching.com User Name: jimbexleyspeed


Postby The Rat » Mon Jan 02, 2012 10:18 am

niraD wrote:Does anyone want to post a summary of ACTIVITY 1 or ACTIVITY 2 to this overview thread?

Since no one else has done it, here is my version of Activity 1:

Activity 1 started with an mp3 file named O Venona posted on the cache page. Several people recognized it as a recording of O Canada, the national anthem of that country. After various types of signal analysis, the group found nothing hidden or odd about the audio itself, but GraffnTrix pointed out that there was a text header code. The text header consisted of letters and numbers alternating, e.g. L3V2S9... UncleTom was the first to suggest these might be Canadian postal codes, consistent with the true song title. I noticed that when these codes are put into GoogleEarth the screen zooms to a specific point within that postal code area and noticed further that it was always right on a specific street. Looking at the street names I almost missed the correct interpretation because the first street name that appeared on the first code was "Regional Road" # something. I then went on and got streets that began O-N-G and recognized Venona's signature CONGRATULATIONS message. The coding system was the first letter of the street for each of the postal codes. When I went back to the first one, I found that the Regional Road was also named Collier, confirming the decryption method.

GraffnTrix and The North Star and I then decrypted portions of the final message which read:

UncleTom then organized a search party to go out immediately to retrieve the cache. That was done and the key to the next activity was recovered. Afterwards thelins suggested that the searchers headed out too fast for others to join in, and that it might be more fun to make a rule that the cache should not be retrieved the same day as the solution. This suggestion has met with general agreement from those who have posted.

Venona eventually revealed that jimbexleyspeed was the minion who created this outstanding puzzle.
Last edited by The Rat on Sat Jan 14, 2012 11:29 am, edited 1 time in total.
The Rat
Posts: 2312
Joined: Mon May 02, 2005 8:35 pm
Location: Los Altos
Geocaching.com User Name: The Rat

Activity 2

Postby The Rat » Mon Jan 02, 2012 1:22 pm

No one has stepped up for Activity 2, so here goes:

This activity started with decoding the RC4 message on the cache page. No one has identified the key as significant. The result is a text message consisting of six numbers with long decimal extensions as follows:
<pre> 228.081218839405578
The html tags appear to be of no significance. UncleTom pointed out that the six numbers probably represent the six sections of typical coordinates, i.e. degrees, minutes, decimal portion first of latitude, then longitude. Others noted that apparently the numbers expected to be 2-digit numbers were coded in the 220+ range while the 3-digit ones were coded in the 2200+ range and all appeared to be in the same order of expected size of the coordinate numbers, but not in a linear relation.

After much speculation and fiddling around by the group, thelins had the key observation, found apparently by searching the words from the title, that there is a mathematical series known as a Kempner series that was introduced to the world using the words "curious series." The thing that is curious about a Kempner series is that even though the series 1/1+1/2+1/3+1/4+... etc. does not converge, i.e. increases to infinity as you add more terms, if you eliminate all the terms with one or more digits in the denominator, then the series converges to a specific value. For example, if you eliminate the terms with a "37" in them such as 1/37, 1/137, 1/370, etc., then this series will reach a specific value, a Kempner sum (ksum), which, being irrational, cannot be represented by a number with finite decimal places.

The search was then on for a way to find the Kempner value for 37 or 122 to confirm the hypothesis. No one was able to find these values online nor an online calculator. crawburr and The Rat both tried computing the sums using a brute force loop but saw only glacial progress in hundreds of millions of iterations. Reading an article on higher math jimbexleyspeed pointed out that it was not possible to compute it that way. The article found by thelins had links to programs that worked in Mathematica, a commercial program that does many higher math calculations. No one in the group had it, though and the code was not easily converted to languages or compilers the group did have. Eventually sfodoug and The North Star both downloaded the free trial version of Mathematica and then downloaded the program for the Kempner calculations and confirmed that ksum(37)=228.081218839405578, then computed the remaining numbers.

A group then went out late that night to retrieve the cache. The informal "rule" not to search the same day as the solve had not yet been implemented.
The Rat
Posts: 2312
Joined: Mon May 02, 2005 8:35 pm
Location: Los Altos
Geocaching.com User Name: The Rat

Summary for Activity 3

Postby thelins » Wed Jan 04, 2012 1:35 am

As I'm still too wired to fall asleep, I thought I would attempt to summarize Activity 3.

LETTING SNOW began by decoding the RC4 message on the cache page, which revealed:

<img src="http://www.activitiesvenona.org/venona/2012/Media/SNOW.jpg" alt="FARMER MAN IMAGE" />


(Please visit cache listing or use the decoded activity URL above to see the original.)

payakoi immediately noticed that there was a small QR code on the lower left portion of the picture. Using an online decoder, he discovered the following message:


A group was then organized to retrieve the cache at noon on the following day. The successful team included 22 cachers and 1 dog, and pictures of the expedition can be found here:

http://www.flickr.com/photos/8238526@N0 ... 690067761/
Last edited by thelins on Fri Jan 06, 2012 6:21 pm, edited 2 times in total.
Posts: 449
Joined: Tue May 11, 2010 12:12 am
Location: Los Altos
Geocaching.com User Name: thelins

Postby thelins » Wed Jan 04, 2012 1:59 am

And here is my hopefully acceptable summary of Activity 4.

Decoding the RC4 message on OILER's cache page revealed:


PurplePeople quickly noted that there were ten unique letters, and that the title resembled "Euler," which sparked various ideas around Euler's formula, series, and patterns. There were also different attempts to anagram the letters, examine letter frequency, and translate the letters to their letter-number equivalents.

UncleTom observed that the ten letters contained the necessary ones to form the world EULER, and xophe (FKA candcfamily) made the critical breakthrough -- that the ten letters spelled out the URL for ProjectEuler.net.

From there, xophe explained:

(1) If you assign digits to the letters in order of projecteuler.net, you get:


(2) The first string in Activity 4 is UELJRU which becomes 748317, which according to this page, is the solution to problem #37.

PurplePeople followed through on that logic and translated all the strings in Activity 4 to:


And using those numbers in conjunction with Project Euler Solutions produced the coordinates.

A group was organized to go after the cache at 12:15pm the following day, and their successful expedition included 22 cachers and 2 dogs this time!
Posts: 449
Joined: Tue May 11, 2010 12:12 am
Location: Los Altos
Geocaching.com User Name: thelins

Postby CACCBAG » Thu Jan 05, 2012 10:17 am

My ?Summary? for Activity 6:

After using the code from Activity 5, a table was produced and speculation, testing and discussion ensued about the division of the numbers, their ratios, their meanings, etc.:
Sadge wrote:
TeamOttlet wrote:Image

If you work out the division:
5672 ; 3344 ; 5032 ; 122
15209 ; 8963 ; 13493 ; 327
Everything is evenly divisible.

not2b made a critical leap fairly early in the day with this discovery:
not2b wrote:Check this out: treating each column as a fraction:
5672/15209 ; 3344/8963 ; 5032/13493 ; 122/327
We get the values:
0.372937076730883; 0.3730893673993083; 0.3729341139850293; 0.3730886850152905

Soon, another spark of brilliance appeared:
TimberToo wrote:Earlier I tired repeating the division the number of times that equaled the denominator, but that didn't yield anything that I could see:
5672/1 one time = 5672
30418/2 = 15209, then 15209/2 = 7604.5
10032/3 three times (or 10032/27) = 371.55553
35852/4 four times = 140.04687
25160/5 five times = 8.0512
80958/6 six times = 1.7352108
854/7 seven times = .0010369
2616/8 eight times = .0001559

It still seems like some variation on repeating division might yield something.

But was quickly lost as the community continued with averaging ratios, possible third rows or 5th numbers, the use of the forward slash symbol, etc.

Then the following theory now widely accepted as the Boobosky's Russian Algorithm (BRA) Cipher was suggested (Note: those cachers who are using computers with Big Brother software, may not want to actually click the somewhat NSFW link?.but the url basically tells you what it is) :oops: :
The Rat wrote:I've found a hot lead - literally. Combine the letter from LEARNING with the number in that cell:
an old Russian spying algorithm based upon sequences of the letters AA, A, B, C, D, DD, DDD, E, F, FF, G, GG, H, HH, J, JJ, K, KK and L. But this possible solution proved to be a bust.

Other ideas were tossed about including various ciphers, basics of learning, asteroid numbers, anagrams, continued fractions, gc codes, musical keys, (a side discussion on the possible puzzle creator), a converging series, Canada facts, QR coding, piano keys, hex strings and the meaning of the cells. Many of us were caught up in red herrings (it should be noted that all Russian herrings are, in fact, RED).

Then ? a flash of pure genius:
PurplePeople wrote:Image

This repetition theory was quickly picked up by some much wiser than this scrivener:
TeamOttlet wrote:If the key to learning is repetition, then extending the series of number makes a lot of sense. The problem then is to figure out how to extend the series so coordinates magically appear.

Unbeknownst to Venona, a brilliant US spy came up with a plan to pull Venona from out of his hiding place by placing an ingenious form of ?bait?:
crawburr wrote:ratio 1/2: 0.372937076730883;
ratio 3/4: 0.3730893673993083;
ratio 5/6: 0.3729341139850293;
ratio 7/8: 0.3730886850152905
5 = 37
2 = 29
1 = 370
N37 29.370 W122 13.896
A Vacant Lot in downtown Redwood City.
Dead end street, on a fence line.
Doesn't look like a 2.5 terrain, though..

While Venona chewed on this tidbit thinking of a way to mock the ?stupid Amerikans?, others returned to the repetition theory:

TeamOttlet wrote:It really looks like a demonstration that enough data mining will always produce coordinates of some sort. Not that I have any ideas either, other than I'm not convinced that the key isn't "REPETITION" instead of "LEARNING".

Then, just as Crawburr planned, Venona fell into the trap?.sending a message mocking us Americans, yet revealing clues (completely lost on this scrivener but picked up by those with working cerebral matter):

The ?AHA! Moment?:

TeamOttlet wrote:The period of the repetitions? Time to dissect every letter of the non-clue!

sfodoug wrote:I think this is it, hold on.

payakoi wrote:Bah, I can't remember how to calculate the repeating part of a repeating decimal. And my frantic searches are not producing good results. Someone else know offhand?

dstein766 wrote:And now back to the Venona non-clue. The various ratios and/or deltas between them...do they display some kind of periodicity? (They do to my untrained eye, in that we go back and forth between .3729 and .3730 a few times) Is there a sine wave function here?

And Venona?s downfall:

sfodoug wrote:Source: (Censored so find it yourself!)
(Solution is also censored ? calculate it yourself!)
JJJ/KKK - Period LLL

That is how the West defeated the East on this Activity?..now excuse me while I go study the BRA Cipher some more.

Members of "The A Team" who took party in this Activity against the mad Russian included: The North Star, Uncle Tom, TeamOttlet, Sadge, Geodanimal, sfodoug, CACCBAG (but only for comic effect and as a source of mockery), dstein766, not2b, PurplePeople, Gitonyerhorse, Muggle Finder, Team Yofa, xophe, dproven, doogelah, Timber Too, payakoi, ThegirlsfromPA, Kanchan, Graffn Trix, niraD, mcdurr, The Rat, aargnpopo, Xklondike, Mask2011, cachebefound, crawburr, MotorBug, Geo Fan, and Frank. (if I missed anyone please let me know, I will add you to the honor roll immediately).
Last edited by CACCBAG on Thu Jan 05, 2012 10:48 am, edited 1 time in total.
Posts: 608
Joined: Mon Nov 15, 2010 3:07 pm
Location: Daly City
Geocaching.com User Name: CACCBAG

Summary for Activity 5

Postby The Rat » Thu Jan 05, 2012 10:26 am

Venona's 5th activity involved a crossword puzzle. The decoded message, using the key from OILER, was
<p><tt>IS REQUIRE FOR SOLVE ENTIRE <a href="http://www.activitiesvenona.org/venona/2012/Media/CROSSWORD.pdf">PUZZLE</a>
FOR DECODING COORDINATES. IS AUDIO EACH CLUE, AS <a href="http://www.activitiesvenona.org/venona/2012/Media/Crossword/A1.mp3">HERE</a>.</p>

<pre>Lat: 30 C8 90 63 7D 21 DE E4 49 57 01
Lon: 65 38 C7 26 87 FA 1E D7 DC 86 63 30</pre>
That song snippet in the mp3 file was quickly identified by CACCBAG and others as Katy Perry's song California Girls. Lyrics were posted on the forum. Other cachers discovered that changing the URL of the audio file by replacing the number produced other audio files, and those files matched the Across words to the puzzle that had the form of a series of numbers such as (6,5,5,15). It was also discovered that substituting a D for the A produced similar audio clues for the Down words in that form.

While a major part of the crew assembled a list of audio clues, The Rat point out that applying the (6,5,5,15) clue for 1 Across to the letters in the title Califormia Girls produced the word OFFS (i.e. the 6th letter, 5th letter, 5th letter, and 15th letter) and the same method for 8 Across (song Heart of Glass) produced GOSH. This method was confirmed as the decoding method for the words in that format. Kanchan produced a Google Docs speadsheet mirroring the crossword that could be worked on cooperatively. This was missed at first in the rush to post song titles. Once the link was re-posted, a great many members all began filling in clues using this method and the song titles.

Other clues, however, were in a different format and many did not have audio clues. Clues in this format: ONE - (1,5,6,7), accompanied by an audio clue were soon discovered to require taking the word indicated (ONE meant take the first word of the song title) and subtract the indicated letters. This still left a large number of clues in a format like 29 Across:T + $.20. CACCBAG was the first to point out that where these words could be identified by guesswork or filling in letters the other direction, they could be confirmed by valuing the letters in cents as A=1 (or $.01), B=2, etc. This is consistent with the counting done by the Dollar Words website http://www.balmoralsoftware.com/dollar.htm and correlates with the title. For example 29 Across was identified as TOE which is a T, then the value of O ($.15) + E ($.05) = $.20. From that point on, all the decoding methods for the clues were known and it was an amazingly rapid process to fill in the entire crossword.

That still left the task of deriving the coordinates from the MD5 hashes shown at the bottom of Venona's message. I'm afraid this MD5 stuff lost me as I don't know how it works, but I know it was necessary to concatenate (append) all the words of the puzzle and apply the MD5 method to the text string to get a digest. Appending all the words going across produced a digest of d0dd9619ed1044d767f5067cec7cfa57, (credit to mcdurr for this) which was used a key to decrypt Lat: 30 C8 90 63 7D 21 DE E4 49 57 01. This at first did not produce a good decryption, but when used as a number, not an ASCII text string, it produced valid N coordinates. The same method was then applied to the the Down words appended together but at first it did not work. That turned out to be because the words were first appended together by reading down each column from top to bottom when the correct method was to append them in numerical order, D1, D2, etc., as pointed out by TeamOttlet among others. When this was done, valid west coordinates emerged.

The group then spent several pages of posts trying to organize the trip to get the cache, and a good time was had by all.
Last edited by The Rat on Sat Jan 14, 2012 11:38 am, edited 1 time in total.
The Rat
Posts: 2312
Joined: Mon May 02, 2005 8:35 pm
Location: Los Altos
Geocaching.com User Name: The Rat

Summary for Activity 7

Postby thelins » Fri Jan 06, 2012 3:21 pm

I'll drive a million miles
To be with you tonight...

Activity 7 was contained within a YouTube video, which was revealed after the RC4 message on the cache page was decrypted:

<A HREF="http://www.youtube.com/watch?v=IC0lrJX_KO8"><IMG SRC="http://www.activitiesvenona.org/venona/2012/Media/SNAKE.png" BORDER=0></A>

niraD actually posted a really cool BBcode version of the puzzle:


Set to the tune of Wang Chung's "Everybody Have Fun Tonight," this highly entertaining video contained a series of mini-clips, most of which were rapid action shots of arcade/video games.

Cachers quickly started identifying the games they recognized, and dstein766 began compiling an index of scenes in sequential order with brief descriptions of the contents of each scene. xophe then created a GoogleDoc spreadsheet, which facilitated the complete indexing of all 38 scenes and the collaborative identification process.

xophe observed that the decoding method must involve the initials of game names, as he could see LOCATION appearing in the middle. sfodoug soon expanded on that, noting CACHE LOCATION.

However, the game title methodology seemed to break down after that, which led to various conjectures until GraffnTrix realized the encoding switched to the years in which the games were released. Specifically, the last digit of each year provided the corresponding coord digit (e.g. 1982 = 2).

With the encoding process confirmed, everyone continued to work together identifying the games and their release dates. The last few were quite tricky, but ultimately, the solution was fully hammered out, with mini cacher filling in the coords' last missing digit and dstein766 making sense of the message's last missing letter.

The Rat organized a successful cache retrieval group outing for the next day at noon. Finders included: cachbefound, geodanimal, Mask2011, dprovan, flowerisland, Sadge!, CACCBAG, The Rat, Olivia Noelle, airsax, InTheRough, Xklondike, TeamOttlet, plus 4 next generation cachers.

And with that....

Everybody have fun tonight
A celebration so spread the word.

(Fun Easter egg at 0:11-0:12! Check it out! :D)
Posts: 449
Joined: Tue May 11, 2010 12:12 am
Location: Los Altos
Geocaching.com User Name: thelins

Postby Sadge » Sun Jan 08, 2012 1:31 pm

After one week of Venona ACTIVITIES, here is a brief overview of GBA activity.

For the Venona 2012 postings under General Geocaching
Overall Average: Replies - 96; Views - 2005
ACTIVITY Avg: Replies - 153; Views - 3021

I can add more later from the data I pulled compiled this morning.
Posts: 357
Joined: Tue Mar 02, 2010 5:23 pm
Location: Danville, CA
Geocaching.com User Name: Sadge!

Postby GraffnTrix » Sun Jan 08, 2012 3:09 pm




when used as RC4 key for:


Code: Select all

Suddenly, all the puzzlers simultaneously and unanimously had the idea that the title "FUGU" was indicating that this giant hexadecimal block was enocded with something called the Blowfish Cipher. This is a keyed block cipher. Blowfish has a 64-bit block size and a variable key length from 1 bit up to 448 bits. Based on the name, it was deduced that our key is most likely 32 bits.

One unique quality of the Blowfish cipher is that it is (as of now) impossible to cryptoanalyze. This means that the only way to crack this cipher is to brute-force it (try every possible key until it works.) If the key to a Blowfish cipher is 448 bits, the cipher would not be cracked until the heat-death of the universe, but since we believed our key was only 4 bytes (32 bits) long, it would only take us a few hours. A manual blowfish decoder can be found here. It should be noted that it is to be given a key in ASCII, and it will return the decoded text in ASCII.

This particular implementation of the cipher uses a mode called ECB or Electronic Codebook. In this block cipher mode, each 64 bit block encoded with the same key will always yield the same ciphertext. This, among other things, meant we could just test a few blocks of the cipher-text to test our decodes.

So we were ready, it was time to start the decode. TeamOttlet took on the daunting task of writing an automated Blowfish brute-forcer in C, while meanwhile a few other insights were being made. The cipher-text is enormous, which led the GBA to believe that the plain-text was actually going to be an image file. This meant that we would not be able to input an ASCII key and get out ASCII, as images cannot solely be represented by ASCII. It was also likely that the key was not made up of ASCII characters, which meant that the Blowfish decoder would need to accept the key in hexadecimal, and print out our answer in hexadecimal.

The first version of the decoder accepted a key in hexadecimal and decoded the first few blocks of the cipher-text looking to see if the decoded text was viable ASCII. (AKA: The program picked a key, decoded, and test checked if the result was English. If it wasn't, on to the next key. If it was, it outputted the key and decoded blocks.) Venona came on with this shocking news. To check all 2^32 keys one one computer would take 500 hours, give or take. But in the socialist spirit, we divided up the keyspace.

A Google Document was created to track who took one keyspace. One person might allocate some of their cores on their computer to work at decoding the first ten million keys, and somone else might take the next ten million. The cipher was not decoded. Why? The answer was touched upon earlier.




The earlier versions of "Blowfisher" (TeamOttlet's decoder) were decoding the cipher looking for an answer made of text, but in reality we needed to decode it with Blowfisher looking for an image. But how are the programs to know whether or not their decoded data are indicative of an image? This is done through image headers.

Images will always start with a constant series of bytes called a "header." Below are the first 4 bytes of headers (in hex and in ASCII) for JPG and PNG, common image filetypes.

Code: Select all
If it's a jpg= FF D8 FF E0  or  ????
If it's a png= 89 50 4E 47  or  ?PNG

So all we needed Blowfisher to do was to output when the decoded text started with the first few bytes of a header. TeamOttlet programmed the following image formats to be outputted: JPG, GIF, PNG, TIFF, BMP. We all again donated our cores to decoding, but still there was no luck. The next crux was overcome when jimbexleyspeed had this idea:

jimbexleyspeed wrote:What if, rather than looking for specific formats, there's something else we could look for that would be indicative of an image file?

This must be a pretty small image, so the beginning of the file, assuming it contains things like size or height and width, would probably have several bytes of 0x00. Not sequentially, perhaps, but just counting them and looking for 3 or 4 within the first 16 bytes or so might not yield that many false positives.

Unlike random blocks of ciphertext, images are nicely formatted, and thus have a lot of "00" bytes (called nulls.) If we set TeamOttlet's Blowfisher to also output when the decoded text had a certain amount of nulls, it wouldn't matter what image format it was, as we could just Google the header to figure out the format. So that's exactly what we did.

On the verge of giving up, one last version of Blowfisher is pumped out, this one outputting the decode whenever it contains 6 or more nulls in the first 512 bytes of the decoded text. The keyspace is reallocated to the Geocachers of the Bay Area, and a few hours later, we among many false positives, see something interesting.

GraffnTrix wrote:
TeamOttlet wrote:Hits:

key = 510226AA decoded data = 0A050108 00000000 5F002700 2C012C01 00040000 78511200 80511200 08000000

key = 51E1EBD0 decoded data = 4A00BB61 F25C6FD4 64B8B500 14000034 04B4C4A1 D6001672 0B93D800 5EC84954

That first one looks weird. Any ideas?

PC Paintbrush filetype. We should do a full decode with that.

Note that in the first line, there are 64 bits of null, preceded by 64 bits of what would be an image header. And luckily, that is a viable image header, identified as an IBM PC Paintbrush filetype. This is the reason the earlier versions of Blowfisher weren't working, because we were not searching for such an obscure and outdated file extention, .pcx. This filetype was quite popular, and was the image type of choice in pre-Microsoft days. It's quite antiquidated...

xophe wrote:But of course VENONA's soviet era computer must use that.

So now using the hex key 510226AA (or AA260251 if you're using Little-Endian) we decoded the entire cipher-text, instead of just the first few blocks of it. This created a full hexadecimal representation of an image. Saving the ASCII of that as "fugu.pcx" and viewing it with something that can view PC Paintbrush filetypes or converting it, we get the following.


I cropped out the coodinates per Venona's previous request. The image was posted, and good times were had. The key has no significance, according to the puzzle creator:

mcdurr wrote:No significance whatsoever. It was selected to be in a part of the keyspace that was unlikely to get checked first so that significant team play would be required to find it.

tl;dr version of the summary:

Gitonyerhorse wrote:folks found this Blowfish thing and then burned up their computers overnight to figure out it was a picture, which Ottlet then posted.

Thanks to everyone who helped, especially those who donated their CPUs to help crack this, jimbexleyspeed for determining a cracking method that works, and a special thanks to TeamOttlet for writing a whopping 6 versions of the Blowfish cracker. A retrieval party obtained the clue "CCCPBESTCOUNTRY".
Posts: 443
Joined: Tue Oct 12, 2010 3:28 pm
Location: Palo Alto
Geocaching.com User Name: GraffnTrix


Return to General Geocaching

Who is online

Users browsing this forum: dprovan, OokOok, Yaten and 1 guest