Cyberpunk 2077

From Game Detectives Wiki
Revision as of 12:37, 27 August 2018 by Mattyb (talk | contribs) (Trauma Team)
Jump to: navigation, search
Cyberpunk 2077
Active since 2018-10-06
CP2077.png
A hacker at E3 2018 exposed a live website linked to upcoming release Cyberpunk 2077.
Type Official
Creator CD PROJEKT RED
Discovered 2018-10-06

Main Page > List of Investigations > Cyberpunk 2077

Cyberpunk 2077 (CP2077) is a story-driven, open world RPG of the dark future from CD PROJEKT RED (CDPR), creators of The Witcher series of games. As the release of CP2077 drew closer, CDPR began trickling hidden messages and puzzles to close followers, often rewarding those who solve them fastest with CP2077 merchandise by mail.




HAX! I CALL HAX!! A hacker infiltrates Microsoft's E3 2018 presentation to deliver some OP CP77 goodness.

E3 HAX

During Microsoft's E3 2018 presentation slot on June 10th, a hacker interrupted the speaker, ultimately causing a trailer for upcoming release Cyberpunk 2077 to play. Players noticed some valuable info during the hack, including GOG codes which were redeemable for games and, most notably, an IP address, 212.91.11.20.

Password prompt found on the server the E3 hack's IP address resolved to.

QUADRA

Players quickly realized that the IP resolves to a section of CDPR's Cyberpunk 2077 website, where a password prompt was found along with a welcome message,

WELCOME TO QUADRA - THE HIGH-PERFORMANCE AUTOMOTIVE SOLUTIONS
WITH A SOUL. PLEASE ENTER YOUR QUADRA VIP USER CREDENTIALS.

The login field is force-filled to QUADRA V-TECH, which players connected to a license plate number from the trailer, NC20 CP77, which serves as the password. Only a very small pool of players were allowed through, being met with a field to enter their email address. Soon after, the site began to display a message indicating a quota had been reached and that no more emails would be collected. How many players got through in total remains unknown.

Message which greeted players when the password was entered after the quota was filled.

Quota Met

ASCII-art output of the SSH server.

Suspecting an ARG was building, players began to rummage the site and peruse other related media. A a "secure" subdomain was found, along with a "E3 Schedule" file. RTSP is set up on the site, which players suspected might indicate future intent. They discovered the site had an SSH server on the same host, which outputs an ASCII-art message, pictured right. The other output, Permission denied (publickey), indicates a private key would be needed to access the server.

Players also uncovered more potential leads in the trailer, including lines of debug output from OpenSSH, barcodes, PDF417 codes, and several messages (usually on screens in the video), including one which seems to tease the website found.

... 10/11/2078 THE FOLLOWING WILL APPLY TO ALL

PROFILES ON DATA ALT//0 463.0983.890.3
DOMAIN-PUBLIC RESTRICTION REF. 192.8930.610.10

PUBLIC DATA PRESENTATION WILL TAKE PLACE ON MONDAY AT 12PM GMT+09 ON ALL DOMAINS. SERVER CAPABILITIES ARE ESTIMATED TO SUSTAIN 90% REGISTERED
USERS//

P2-OS CORPORATION, ALL RIGHTS RESERVED

Developers indicated in multiple messages via Discord that players should wait as more information is coming. Whether or not the info found in the trailer will prove useful remained unknown.

Several users on Reddit who entered the password prior to the quota being met report they received emails from CDPR styled like emails from QUADRA automotive which request logistic and personal information from the player in order to receive a care package. There is no cause to believe the emails are illegitimate.

Concept art which was edited by CDPR to contain a bit.ly link (check out the top-right of the image).

Trauma Team

After a lengthy period of inactivity, the ARG sparked up again when CDPR posted concept art on their Twitter on 2018-22-08, with one of the concept art, pictured right, containing a bit.ly link leading to an image. Opening that image in a text editor leads to a second image, which eventually lead to the Trauma Team International website.

Screen seen by "winners" of the OrderID Trauma Team phase.

Need Insurance?

Accessing the website, players were met with a bot named David asking for an ID in order to talk to him. Further investigation revealed that the numbers from the first image gave the Login ID 0374337573334 for Trauma Team International.

Once logged in, David asked what options players wanted to pick, with the only available option being Services. Selecting this option allowed platers to choose to buy insurance as stated in the second image. With this, each players was given a unique, 10 character code and David prompted these players to use it in the My Orders section of the site. After a specific amount of codes were given out the bot went offline. The code was deciphered using ASCII85 (Z85 (ZeroMQ) variant), giving the ID #ID00000 which was usable in the My Orders section.

Players who made the cutoff were prompted to input their emails. Upon entering their emails, they were greeted with this image, pictured left, informing them that the process would take up to 7 days and thanking them for participating.

After a certain amount of codes were used, the My Orders page went offline with the message "Connection failed" to conclude this part of the ARG. This followed suit from previous ARG "rounds" were a cutoff is implemented to gate how many players can "win" a given round.

Your Life Is Worth It!