Difference between revisions of "HELIOS"

From Game Detectives Wiki
Jump to: navigation, search
[checked revision][checked revision]
(Security Terminal)
(Security Terminal)
Line 111: Line 111:
 
On 2021-12-7, at 12:00 AM UTC, or 16:00 Stream Local Time, another revision was announced to the terminal program bringing it up to revision 5. This revision enabled the coredump and query commands to be used on module 25798 - Security Terminal.
 
On 2021-12-7, at 12:00 AM UTC, or 16:00 Stream Local Time, another revision was announced to the terminal program bringing it up to revision 5. This revision enabled the coredump and query commands to be used on module 25798 - Security Terminal.
  
'''Page 9''' of the Factory Door coredump, the status page, had updated to read the following.
+
On <code>query 25798</code> being used in the helios terminal on the stream, its outputted two commands to be used on module 25798. The security terminal required two different inputs to be executed on it: registering a UID and committing a branchid. What these id numbers were was not known without the information obtained when using <code>coredump</code> on module 25798.  
<pre>
 
Module 31575
 
STATUS
 
  dscs_iii_a3  | access granted
 
  Control Door  | access granted
 
  Station 1    | access granted
 
  Control Room  | access denied
 
[End of file]
 
</pre>
 
 
 
The first of the new commands was <code>query 25798</code>, which set the frame for the second puzzle. When entered, it would return a new set of available execute commands, seen below.
 
 
<pre>
 
<pre>
 
Query Module 25798
 
Query Module 25798

Revision as of 20:15, 9 December 2021


DSCS III A3
Active since 2021-12-05
Dscs.png
The Department of Defense has declassified access via uplink to the DSCS 3 satellite. Good Luck and Godspeed.
Type Official
Creator Alice & Smith
Discovered 2021-12-05

Main Page > List of Investigations > HELIOS

The DSCS III A3 ARG is an ongoing ARG produced by Alice & Smith which started on 5th December 2021. The initial trailhead informed players that access to a Department of Defense communication satellite was now authorized, with clues leading players to a stream where terminal commands led them deeper into an unknown complex.

List of additional pages
List of Helios terminal commands and outputs Repository of all Helios terminal commands and their associated outputs.
Gallery of Helios camera checks Repository of Helios camera check images.

Initial Discovery

At 03:24 UTC on 2021-12-05, the Alice & Smith (A&S) Twitter account tweeted "WARNING - DSCS III A3 access has been authorized. Good Luck and Godspeed." with a link to the A&S Discord. DSCS III-A3, officially known as USA-167, is an active satellite that is part of the Defense Satellite Communications System (DSCS). The DSCS forms part of the United States' military communication network, with DSCS III-A3 specifically being the penultimate launch of this constellation in March of 2003

This was followed up at 17:05 UTC with a second tweet stating "UPDATES | Dec 5th | - DSCS III A3 IRC TOR uplink and RTMP FEED updated to version 636f-rev1.". The reference to an RTMP feed led players to a Twitch stream titled HELIOS Task Force on the dscs_iii_a3 channel.

Discovering the Stream

The stream contained an interactive terminal which users could enter commands into and get responses from. The initial terminal upon loading the stream was:

Setting hostid: 636f-rev1...
Entropy harvesting: interrupt ethernet
Fast boot: skipping disk checks
Mounting remote file systems
Starting network: DVB-TEXT DSCS-III-A3
Uplink Parameters: 7600 mhz - 7604 mhz
Additional TCP/IP options: .sgov=1
Starting IRC TOR PID
Manual: www.intelink.sgov.gov/wiki-ts/cmd-636f
Starting background file system check in 60 seconds

Clicking on the icon to the right of the stream for the Helios terminal popped up a Twitch window describing it. This included a note saying that the command help should be used to start.

Queries and Key Systems

Converting the hexadecimal code found by inputting the version command to text produced the message command 'query' support = 1. This new command, query could be confirmed by typing in help query, which in turn has led to the discovery of the latest system inventory, chks1029 which, when queried, returned a list of currently active modules:

ERROR: chks1029 format type table
  31575 | Factory Main Door
  25798 | Security Terminal
  75879 | Main Control Room
  59579 | Nuclear Blast Door
  99879 | Lights Out Factory
  65548 | Assembly Line Alpha
  65549 | Assembly Line Beta
  65550 | Assembly Line Delta
  65551 | Assembly Line Gamma
  75998 | Site Alpha
Invalid query for module 'chks1029'

Factory Main Door

Following the discovery of the module 31575 and its contents, players began to notice quirks within the livestream's audio. A series of sharp and deep tones would continuously repeat, to which players began to document.

The series would play Sharp, Two Deep, Sharp, Three Deep, Sharp, Five Deep, Sharp, Seven Deep, Three Sharp. The series would then repeat.

A keen-eared player noticed the tones corresponded to the first four numerical prime numbers, Two, Three, Five, and Seven. Using the "blocks" provided by the coredump pages 1, 4, and 8, a central superblock was formed utilizing earlier information from the initial coredump command, stating a "20x9 grid". Within this grid, substituting all non-prime numbers for zeroes, and all prime numbers for ones, a grid of zeroes and ones was formed, and when turned to it's side, spelled the word KEY.

The substituted grid on it's side, forming the word KEY.









The solve led to the completion of the command execute 31575 -open -key.

Accessing local PGP Key
/home/31337/.ssh/31575
Access authorized
Requests received so far: 0
Connecting to module 31575
TAK1 - Valid
TAK6 - Valid
BGD8 - Valid
DTB3 - Valid
SDD4 - Valid
Adding your entry, please wait...
Process completed.

Note the line which says Requests received so far: 0. This is what was returned upon the first entry of the command, with every subsequent unique entry counting up by one. At 25, 50, 75, and 100 entries, a routine camera check would be initiated, showing more of the facility to the livestream. These four camera checks each revealed new areas of the facility. When the final goal of 200 entries was reached at 11:35 UTC, the factory door seen on the livestream opened.

Security Terminal

On 2021-12-7, at 12:00 AM UTC, or 16:00 Stream Local Time, another revision was announced to the terminal program bringing it up to revision 5. This revision enabled the coredump and query commands to be used on module 25798 - Security Terminal.

On query 25798 being used in the helios terminal on the stream, its outputted two commands to be used on module 25798. The security terminal required two different inputs to be executed on it: registering a UID and committing a branchid. What these id numbers were was not known without the information obtained when using coredump on module 25798.

Query Module 25798
Status Request - Security Terminal
Authorized commands:
  execute 25798 -register -<UID>
  execute 25798 -commit -<branchid>
Please stand by...
Module Status: Online

The second of the new commands was 5 new pages of coredump information, accessed using coredump 25798, returning a new set of 5 pages and a line reading 5 entries / 10 digits ID. Players suspected this to be vital to the construction of the solution as it had been in the previous puzzle, relating to the grids.

Module 25798 - Security Terminal Solve

Following a set of hints from the Clippy Database, players learned the solution dealt with Satellite Catalog Numbers, or SATCATs for short, which were to be entered as the "UIDs", and would, when entered, give two characters and what order of sequence the characters were, leading to the second part of the puzzle, the "branchid".


The first satellite in the sequence was SATCAT number 00015, corresponding to the Explorer 6 satellite. This answer was gotten from page 1 of the coredump, with Explorer 6's serial number being "Thor 134". Entry of this UID returned the players with the first fifth of the branchid: "a4"


The second in the sequence was SATCAT number 00055, corresponding to the Sputnik 5 satellite. This answer was gotten from page 2 of the coredump, with "Little Arrow" being the translated name of Strelka, one of the two dogs aboard the Sputnik 5 satellite. Entry of this UID returned the players with the second fifth of the branchid: "g7"


The third in the sequence was SATCAT number 04382, corresponding to the DFH-1 satellite. This answer was gotten from page 3 of the coredump, with "92 TJ" meaning 92 Tera Joules, the explosive yield of China's Project 596, as part of the Two Bombs One Satellite project, of which DFH-1 was the first satellite launched by the project. Entry of this UID returned the players with the third fifth of the branchid: "x9"


The fourth in the sequence was SATCAT number 07752, corresponding to the Aryabhata satellite. This answer was gotten from page 4 of the coredump, with the image of the Interkosmos logo simply pointing players in the right direction, while the real solution was within the second image, the crop of School of Athens. Within the cropped area, the man drawing is Euclid of Alexandria, whose famous algorithm was preceded by the similar Kuṭṭaka algorithm, developed by Indian astronomer Aryabhata, leading to the satellite Aryabhata. Entry of this UID returned players with the fourth fifth of the branchid: "c1"


The fifth in the sequence was SATCAT number 04489, corresponding to the Venera-7 satellite. This answer was gotten from page 5 of the coredump, with "243 days" referring to the rotational period of the planet Venus, which is 243 days. The satellite itself was found by virtue of being the first satellite to ever return data about Venus to humanity. Entry of this UID returned the players with the final part of the branchid: "d7".


With all 5 parts of the branchid discovered, players put them together to complete the command execute 25798 -commit -a4g7x9c1d7. Entry of this command began a similar process to the factory door, requesting 100 unique entries of the command to continue.


Upon the 100th entry of the commit command, the hallway seen in the livestream turned green, and the stream was interrupted by a moving graphic similar to the twitch channel's profile picture, repeating a series of letters and numbers. This marked the start of the third puzzle, Module 75879 - Main Control Room.

Main Control Room

Query & Coredump 75879

The third module began with the discovery of only two commands linked to it, being the frequently used query and coredump commands.

Entering query 75879 would return differently than the other query commands have, reading the following.

Query Module 75879
Status Request - Main Control Room
Authorized commands:
  Unavailable
  Unavailable
Please stand by...
Module Status: Offline

Players then entered coredump 75879, returning a reference to the first module, and a list of links.

WARNING: memory coredump for 75879
Generating files...
Error, Data Integrity Failed
Missing reference on 31575.page7
Tracking sequence started...
  FOUND: data.dscsiii-a3.directory/3lL5XkY
  FOUND: data.dscsiii-a3.directory/3EGivlb
  FOUND: data.dscsiii-a3.directory/3pLvv2W
  FOUND: data.dscsiii-a3.directory/3EDZnEu
  FOUND: data.dscsiii-a3.directory/3GsEHQs
  FOUND: data.dscsiii-a3.directory/3IAbAMX
  FOUND: <error>
Missing data
Scan schedule: Every 4h
Process Failed

The six links all redirect to twitch clips, each from seemingly normal streamers being interrupted by a similar visual & sequences of numbers as the main livestream had been.