Difference between revisions of "Cyberpunk 2077"

From Game Detectives Wiki
Jump to: navigation, search
[checked revision][checked revision]
(Trauma Team)
(Trauma Team)
Line 83: Line 83:
 
[[Image:CP2077-grille.png|thumb|200px|right|The tshirt art combined with the image attached to the TT winners' email as a grille cipher.]]
 
[[Image:CP2077-grille.png|thumb|200px|right|The tshirt art combined with the image attached to the TT winners' email as a grille cipher.]]
  
After accessing the website, players were met with a bot named David asking for an ID in order to talk to him. Further investigation revealed that the numbers from the first image gave the Login ID <code>0374337573334</code> for [https://trauma-team-international.com/ Trauma Team International].  
+
After accessing the website, players were met with a bot named David asking for an ID in order to talk to him. Further investigation revealed that the numbers from the [https://cdn-l-mkt.cdprojektred.com/other/first_11cg89ul0w.bmp first image] gave the Login ID <code>0374337573334</code> for [https://trauma-team-international.com/ Trauma Team International].
  
 
Once logged in, David allowed players to "buy insurance" through Trauma Team. After doing so, each player was given a unique 10 character code, and David prompted these players to use their codes in the My Orders section of the site. After a specific amount of codes were given out, the bot went offline. The code was deciphered using ASCII85 (Z85 (ZeroMQ) variant), giving the ID <code>#ID00000</code> which was usable in the My Orders section.
 
Once logged in, David allowed players to "buy insurance" through Trauma Team. After doing so, each player was given a unique 10 character code, and David prompted these players to use their codes in the My Orders section of the site. After a specific amount of codes were given out, the bot went offline. The code was deciphered using ASCII85 (Z85 (ZeroMQ) variant), giving the ID <code>#ID00000</code> which was usable in the My Orders section.

Revision as of 00:39, 28 August 2018

Cyberpunk 2077
Active since 2018-10-06
CP2077.png
A hacker at E3 2018 exposed a live website linked to upcoming release Cyberpunk 2077.
Type Official
Creator CD PROJEKT RED
Discovered 2018-10-06

Main Page > List of Investigations > Cyberpunk 2077

Cyberpunk 2077 is a story-driven, open world RPG set in a dark future from CD PROJEKT RED (CDPR), creators of The Witcher series of games. As the release of Cyberpunk 2077 drew closer, CDPR began trickling hidden messages and puzzles to the community. The ARG is comprised of these puzzles, and quick solvers are often rewarded with Cyberpunk merchandise.




A "hacker" infiltrates Microsoft's E3 2018 presentation.

E3 Presentation

During Microsoft's E3 2018 presentation slot on June 10th, a "hacker" interrupted the speaker, ultimately revealing a trailer for Cyberpunk 2077. Players immediately noticed some valuable info during the trailer, including GOG codes which were redeemable for games and, most notably, an IP address, 212.91.11.20.

Quadra

The IP address led to a server with a password prompt.

Players quickly realized that the IP resolved to a section of CDPR's Cyberpunk 2077 website, where a password prompt was found along with a welcome message. The message read as follows:

WELCOME TO QUADRA - THE HIGH-PERFORMANCE AUTOMOTIVE SOLUTIONS
WITH A SOUL. PLEASE ENTER YOUR QUADRA VIP USER CREDENTIALS.

The login field is force-filled to QUADRA V-TECH, which players connected to a license plate number from the trailer, NC20 CP77, which turned out to be the correct password. Only a very small pool of players were allowed through, and were met with a field to enter their email address. Soon after, the site began to display a message indicating a quota had been reached and that no more emails would be collected.

Quota Met

Message which greeted players when the password was entered after the quota was filled.
ASCII-art output of the SSH server.
Art printed on the back of the t-shirts received by players who made the QUADRA cutoff.

Suspecting an ARG was building, players rummaged through the site and other related media. A a "secure" subdomain was found, along with a "E3 Schedule" file. RTSP is set up on the site, which players suspected might indicate future intent. Players discovered the site had an SSH server on the same host, which outputs an ASCII-art message. The other output, Permission denied (publickey), indicated a private key was be needed to access the server.

Players also uncovered more potential leads in the trailer, including lines of debug output from OpenSSH, barcodes, PDF417 codes, and several messages (usually on screens in the video), including one which points toward the QUADRA website.

... 10/11/2078 THE FOLLOWING WILL APPLY TO ALL

PROFILES ON DATA ALT//0 463.0983.890.3
DOMAIN-PUBLIC RESTRICTION REF. 192.8930.610.10

PUBLIC DATA PRESENTATION WILL TAKE PLACE ON MONDAY AT 12PM GMT+09 ON ALL DOMAINS. SERVER CAPABILITIES ARE ESTIMATED TO SUSTAIN 90% REGISTERED
USERS//

P2-OS CORPORATION, ALL RIGHTS RESERVED

Developers indicated in multiple messages via Discord that players should wait for more information.

Several users on Reddit who entered the password prior to the quota being met received emails from CDPR in the style of emails from QUADRA automotive, which request logistic and personal information from the player in order to deliver them a care package.

Players who made the QUADRA cutoff received a care package. It contained a CP2077 Quadra styled t-shirt in a QUADRA box. The art on the back of the t-shirt was mysterious, but players found no leads despite heavy analysis.

Trauma Team

On August 22, the ARG sparked up again when CDPR posted concept art on their Twitter. One of the pieces of concept art contained a bit.ly link in the background:

Concept art which was edited by CDPR to contain a bit.ly link (check out the top-right of the image).

This link led to an image. Opening that image in a text editor revealed a hidden message, after a long chunk of encoded text, which read Cesar said: oaawz://jku-s-tra.jkwyvqlraylk.jvt/pthnl/zljvuk.qwn. Using a 19 shift ROT, a link to a a second image was revealed. The second image pointed to the Trauma Team International website.

Need Insurance?

Screen seen by "winners" of the OrderID Trauma Team phase.
The tshirt art combined with the image attached to the TT winners' email as a grille cipher.

After accessing the website, players were met with a bot named David asking for an ID in order to talk to him. Further investigation revealed that the numbers from the first image gave the Login ID 0374337573334 for Trauma Team International.

Once logged in, David allowed players to "buy insurance" through Trauma Team. After doing so, each player was given a unique 10 character code, and David prompted these players to use their codes in the My Orders section of the site. After a specific amount of codes were given out, the bot went offline. The code was deciphered using ASCII85 (Z85 (ZeroMQ) variant), giving the ID #ID00000 which was usable in the My Orders section.

Players who made the cutoff were prompted to input their emails. Upon entering their emails, they were greeted with this image, pictured left, informing them that the process would take up to 7 days and thanking them for participating. After a certain amount of codes were used, the My Orders page went offline with the message "Connection failed," concluding this part of the ARG.


Your Life is worth it!

On 2018-26-08, four days after players ripped through the Trauma Team International site, players who got through the cutoff received an email from a Trauma Team International Representative prompting them to reply with their address. The email had two attachments, a PDF and a PNG image. The image was a ciphertext which could be decoded with a grille cipher using the back of the t-shirt as the grille, pictured right. Players concluded that Monday was the most likely solution, and they were proven right when the next clue surfaced on Monday.

Base 64 Stream

That Monday, on August 27, CDPR began broadcasting the Base64 encoded text on their Twitch channel. Soon after, they gave a 48 min walkthrough of the gameplay of Cyberpunk 2077.

Players captured the video recording during the broadcast and extracted images periodically to gather most of the data. Using OCR (optical character recognition) on each image, and eliminating any duplicate lines, The image was decoded. The image was a screenshot of the beginning of the gameplay demo showing the closed elevator. So far, a difference comparison shows little discrepancy besides the overlay on the top of the frame.