Cyberpunk 2077

From Game Detectives Wiki
Revision as of 21:57, 22 August 2018 by Vintage (talk | contribs) (cleanup step, pt2)
Jump to: navigation, search
Cyberpunk 2077
Active since 2018-10-06
CP2077.png
A hacker at E3 2018 exposed a live website linked to upcoming release Cyberpunk 2077.
Type Official
Creator CD PROJEKT RED
Discovered 2018-10-06

Main Page > List of Investigations > Cyberpunk 2077

Cyberpunk 2077 is a story-driven, open world RPG of the dark future from CD PROJEKT RED, creators of The Witcher series of games.








HAX! I CALL HAX!! A hacker infiltrates Microsoft's E3 2018 presentation to deliver some OP CP77 goodness.

E3 HAX

During Microsoft's E3 2018 presentation slot on June 10th, a hacker interrupted the speaker, ultimately causing a trailer for upcoming release Cyberpunk 2077 to play. Players noticed some valuable info during the hack, including GOG codes which were redeemable for games and, most notably, an IP address, 212.91.11.20.

Password prompt found on the server the E3 hack's IP address resolved to.







QUADRA

Players quickly realized that the IP resolves to a section of CDPR's Cyberpunk 2077 website, where a password prompt was found along with a welcome message,

WELCOME TO QUADRA - THE HIGH-PERFORMANCE AUTOMOTIVE SOLUTIONS
WITH A SOUL. PLEASE ENTER YOUR QUADRA VIP USER CREDENTIALS.

The login field is force-filled to QUADRA V-TECH, which players connected to a license plate number from the trailer, NC20 CP77, which serves as the password. Only a very small pool of players were allowed through, being met with a field to enter their email address. Soon after, the site began to display a message indicating a quota had been reached and that no more emails would be collected. How many players got through in total remains unknown.





Message which greeted players when the password was entered after the quota was filled.

Quota Met

ASCII-art output of the SSH server.

Suspecting an ARG was building, players began to rummage the site and peruse other related media. A a "secure" subdomain was found, along with a "E3 Schedule" file. RTSP is set up on the site, which players suspected might indicate future intent. They discovered the site had an SSH server on the same host, which outputs an ASCII-art message, pictured right. The other output, Permission denied (publickey), indicates a private key would be needed to access the server.

Players also uncovered more potential leads in the trailer, including lines of debug output from OpenSSH, barcodes, PDF417 codes, and several messages (usually on screens in the video), including one which seems to tease the website found.

... 10/11/2078 THE FOLLOWING WILL APPLY TO ALL

PROFILES ON DATA ALT//0 463.0983.890.3
DOMAIN-PUBLIC RESTRICTION REF. 192.8930.610.10

PUBLIC DATA PRESENTATION WILL TAKE PLACE ON MONDAY AT 12PM GMT+09 ON ALL DOMAINS. SERVER CAPABILITIES ARE ESTIMATED TO SUSTAIN 90% REGISTERED
USERS//

P2-OS CORPORATION, ALL RIGHTS RESERVED

Developers indicated in multiple messages via Discord that players should wait as more information is coming. Whether or not the info found in the trailer will prove useful remained unknown.

Several users on Reddit who entered the password prior to the quota being met report they received emails from CDPR styled like emails from QUADRA automotive which request logistic and personal information from the player in order to receive a care package. There is no cause to believe the emails are illegitimate.

Return of the ARG

After a lengthy period of inactivity, the ARG sparked up again when CDPR posted concept art on their Twitter on 2018-22-08, with one of the screenshots containing a bit.ly link leading to an image. Opening that image in a text editor leads to a second image, which eventually lead to the Trauma Team International website.

Accessing the website the players were met with a bot called David asking for an ID to be able to talk to him. Further investigation revealed that the numbers from the first image gave the Login ID "0374337573334" for Trauma Team International.

Once logged in, David asked what options players wanted to pick and only available option was Services, where players chose to buy the insurance as stated in the second image. With this, each player was given a unique, 10 character code and David asked to use it in the My Orders section. After a specific amount of codes were given out the bot went offline. The code was deciphered using ASCII85 (Z85 (ZeroMQ) variant), once deciphered the code in the form of #ID00000 was usable in the My Orders section.

Players were greeted with a space to input their Emails and was then once entered their emails were greeted with this image.

After a certain amount of codes were used, the "My Orders" page went offline with the message "Connection failed" to conclude this part of the ARG.