HELIOS
This page is a work in progress and will be updated as new developments emerge. If you have information you think should be added, please create an account to enable page edits or contact a Wiki Editor. |
DSCS III A3 | |
---|---|
The Department of Defense has declassified access via uplink to the DSCS 3 satellite. Good Luck and Godspeed. | |
Type | Official |
Creator | Alice & Smith |
Discovered | 2021-12-05 |
Main Page > List of Investigations > HELIOS
The DSCS III A3 ARG is an ongoing ARG produced by Alice & Smith which started on 5th December 2021. The initial trailhead informed players that access to a Department of Defense communication satellite was now authorized, with clues leading players to a stream where terminal commands led them deeper into an unknown complex.
List of additional pages | |
---|---|
List of Helios terminal commands and outputs | Repository of all Helios terminal commands and their associated outputs. |
Gallery of Helios camera checks | Repository of Helios camera check images. |
Contents
Initial Discovery
At 03:24 UTC on 2021-12-05, the Alice & Smith (A&S) Twitter account tweeted "WARNING - DSCS III A3 access has been authorized. Good Luck and Godspeed." with a link to the A&S Discord. DSCS III-A3, officially known as USA-167, is an active satellite that is part of the Defense Satellite Communications System (DSCS). The DSCS forms part of the United States' military communication network, with DSCS III-A3 specifically being the penultimate launch of this constellation in March of 2003
This was followed up at 17:05 UTC with a second tweet stating "UPDATES | Dec 5th | - DSCS III A3 IRC TOR uplink and RTMP FEED updated to version 636f-rev1.". The reference to an RTMP feed led players to a Twitch stream titled HELIOS Task Force on the dscs_iii_a3 channel.
Discovering the Stream
The stream contained an interactive terminal which users could enter commands into and get responses from. The initial terminal upon loading the stream was:
Setting hostid: 636f-rev1... Entropy harvesting: interrupt ethernet Fast boot: skipping disk checks Mounting remote file systems Starting network: DVB-TEXT DSCS-III-A3 Uplink Parameters: 7600 mhz - 7604 mhz Additional TCP/IP options: .sgov=1 Starting IRC TOR PID Manual: www.intelink.sgov.gov/wiki-ts/cmd-636f Starting background file system check in 60 seconds
Clicking on the icon to the right of the stream for the Helios terminal popped up a Twitch window describing it. This included a note saying that the command help
should be used to start.
Queries and Key Systems
Converting the hexadecimal code found by inputting the version
command to text produced the message command 'query' support = 1
. This new command, query
could be confirmed by typing in help query
, which in turn has led to the discovery of the latest system inventory, chks1029
which, when queried, returned a list of currently active modules:
ERROR: chks1029 format type table 31575 | Factory Main Door 25798 | Security Terminal 75879 | Main Control Room 59579 | Nuclear Blast Door 99879 | Lights Out Factory 65548 | Assembly Line Alpha 65549 | Assembly Line Beta 65550 | Assembly Line Delta 65551 | Assembly Line Gamma 75998 | Site Alpha Invalid query for module 'chks1029'
Factory Main Door
Following the discovery of the module 31575
and its contents, players began to notice quirks within the livestream's audio. A series of sharp and deep tones would continuously repeat, to which players began to document.
The series would play Sharp, Two Deep, Sharp, Three Deep, Sharp, Five Deep, Sharp, Seven Deep, Three Sharp
. The series would then repeat.
A keen-eared player noticed the tones corresponded to the first four numerical prime numbers, Two, Three, Five, and Seven. Using the "blocks" provided by the coredump pages 1, 4, and 8, a central superblock was formed utilizing earlier information from the initial coredump command, stating a "20x9 grid". Within this grid, substituting all non-prime numbers for zeroes, and all prime numbers for ones, a grid of zeroes and ones was formed, and when turned to it's side, spelled the word KEY
.
The solve led to the completion of the command execute 31575 -open -key
.
Accessing local PGP Key /home/31337/.ssh/31575 Access authorized Requests received so far: 0 Connecting to module 31575 TAK1 - Valid TAK6 - Valid BGD8 - Valid DTB3 - Valid SDD4 - Valid Adding your entry, please wait... Process completed.
Note the line which says Requests received so far: 0. This is what was returned upon the first entry of the command, with every subsequent unique entry counting up by one. At 25, 50, 75, and 100 entries, a routine camera check would be initiated, showing more of the facility to the livestream. These four camera checks each revealed new areas of the facility. When the final goal of 200 entries was reached at 11:35 UTC, the factory door seen on the livestream opened.
Security Terminal
On 2021-12-7, at 12:00 AM UTC, or 16:00 Stream Local Time, another revision was announced to the terminal program bringing it up to revision 5. This revision enabled the coredump and query commands to be used on module 25798 - Security Terminal.
On query 25798
being used in the helios terminal on the stream, its outputted two commands to be used on module 25798. The security terminal required two different inputs to be executed on it: registering a UID and committing a branchid. What these ID numbers were was not known without the information obtained when using coredump
on module 25798. On using coredump 25798
5 files were generated that could be read along with the line 5 entries / 10 digits ID
which seemed to indicate that a 10 digit ID number was required for this terminal. Each coredump file generated had its own clues that once investigated seemed to point towards different satellites that had been launched into space. At the time of the security terminal activating however the significance of the satellites wasn't yet clear and while several inputs were attempted based on the information of the satellites no valid entries were uncovered.
On 2021-12-8, at approximately 8:30 PM UTC, or 12:30 Stream Local Time, the terminal program had another revision bringing it up to revision 6. This brought the CSR (Clippy SubRoutine) subroutine online but is simply called clippy
in the terminal commands. on using query clippy
a command is listed to read various pages of its help message database where it appears to be helping an unknown individual. Amongst these pages was mention of space objects tracked by NORAD are registered with their own unique SATCAT, or Satellite Catalog, numbers. With this information the SATCAT numbers of the satellites identified with the coredump information were used as the UID number for the execute 25798 -register -<UID>
command. These gave valid entries which outputted two-digit branch sequences for each of the 5 satellites. When all the branch sequences were arranged in order it produced a 10 digit code that could be inputted using the execute 25798 -commit -<branchid>
command. The method of solving the UIDs and branchid are detailed below.
Page 1 Coredump Solution
On reading the page 1 coredump in the terminal three block fragments were produced that had different clues on them:
- Aug
- 134
- data.dscsiii-a3.directory/31zCVhu
The third fragment's url when put into a browser linked to an image of the Thor's Fight with the Giants painting. Combining Thor with the other infomation lead to the Thor-able expendable rocket launch system. In August this system was used to launch one satellite on vehicle 134, Explorer 6. Explorer 6's SATCAT number is 00015 which when inputted into the helios terminal using execute 25798 -register -00015
would yield the result of BranchSequence_01(a4)
leading to a4 being the first digits of the branchid.
Page 2 Coredump Solution
On reading the page 2 coredump in the terminal, only one block fragment was produced with the words "Little Arrow". Little Arrow when translated into Russian yields the name Strelka, the name of one of the dogs aboard the Sputnik 5 satellite. Inputting Sputnik 5's SATCAT number, 00055, into the terminal using execute 25798 -register -00055
yields the result of BranchSequence_02(g7)
leading g7 to be the next 2 digits of the branchid.
Page 3 Coredump Solution
On reading the page 3 coredump in the terminal, only one block fragment was produced with the words "92 TJ". TJ is the abbreviation for Tera Joules a method of measuring explosive yields, in particular nuclear weapons usually reach these kinds of numbers. 92 TJ can be applied to several different nuclear weapons but in keeping with the satellite theme only one really matches, China's Project 596 which was part of the Two Bombs, One Satellite project. The satellite in question was the Dong Fang Hong I or also known as China 1 which has the SATCAT number of 04382. When inputted into the terminal using execute 25798 -register -04382
it outputs the result of BranchSequence_03(x9)
leading x9 to be the next two digits of the branchid.
Page 4 Coredump Solution
On reading the page 3 coredump in the terminal, two block fragments were produced that had different clues on them:
- data.dscsiii-a3.directory/3dzEo9L
- data.dscsiii-a3.directory/3y4KyIo
As with the page 1 coredump image, these URLs also link to images: Image 1 & Image 2.
The fourth in the sequence was SATCAT number 07752
, corresponding to the Aryabhata satellite. This answer was gotten from page 4 of the coredump, with the image of the Interkosmos logo simply pointing players in the right direction, while the real solution was within the second image, the crop of School of Athens. Within the cropped area, the man drawing is Euclid of Alexandria, whose famous algorithm was preceded by the similar Kuṭṭaka algorithm, developed by Indian astronomer Aryabhata, leading to the satellite Aryabhata. Entry of this UID returned players with the fourth fifth of the branchid: "c1"
The fifth in the sequence was SATCAT number 04489
, corresponding to the Venera-7 satellite. This answer was gotten from page 5 of the coredump, with "243 days" referring to the rotational period of the planet Venus, which is 243 days. The satellite itself was found by virtue of being the first satellite to ever return data about Venus to humanity. Entry of this UID returned the players with the final part of the branchid: "d7".
With all 5 parts of the branchid discovered, players put them together to complete the command execute 25798 -commit -a4g7x9c1d7
. Entry of this command began a similar process to the factory door, requesting 100 unique entries of the command to continue.
Upon the 100th entry of the commit command, the hallway seen in the livestream turned green, and the stream was interrupted by a moving graphic similar to the twitch channel's profile picture, repeating a series of letters and numbers. This marked the start of the third puzzle, Module 75879 - Main Control Room.
Main Control Room
Query & Coredump 75879
The third module began with the discovery of only two commands linked to it, being the frequently used query and coredump commands.
Entering query 75879
would return differently than the other query commands have, reading the following.
Query Module 75879 Status Request - Main Control Room Authorized commands: Unavailable Unavailable Please stand by... Module Status: Offline
Players then entered coredump 75879
, returning a reference to the first module, and a list of links.
WARNING: memory coredump for 75879 Generating files... Error, Data Integrity Failed Missing reference on 31575.page7 Tracking sequence started... FOUND: data.dscsiii-a3.directory/3lL5XkY FOUND: data.dscsiii-a3.directory/3EGivlb FOUND: data.dscsiii-a3.directory/3pLvv2W FOUND: data.dscsiii-a3.directory/3EDZnEu FOUND: data.dscsiii-a3.directory/3GsEHQs FOUND: data.dscsiii-a3.directory/3IAbAMX FOUND: <error> Missing data Scan schedule: Every 4h Process Failed
The six links all redirect to twitch clips, each from seemingly normal streamers being interrupted by a similar visual & sequences of numbers as the main livestream had been.
This puzzle is still being solved. New information will be added as soon as it is available. |