|This page is a work in progress and will be updated as new developments emerge. If you have information you think should be added, please create an account to enable page edits or contact a Wiki Editor.|
|The Department of Defense has declassified access via uplink to the DSCS 3 satellite. Good Luck and Godspeed.|
|Creator||Alice & Smith and Twitch, Inc.|
The HELIOS ARG, initially known as the DSCS-III-A3 ARG is an ongoing ARG produced by Alice & Smith in collaboration with Twitch, Inc which started on 5th December 2021. The initial trailhead informed players that access to a Department of Defense communication satellite was now authorized, with clues leading players to a stream where terminal commands led them deeper into an unknown complex.
|List of additional pages|
|List of Helios terminal commands and outputs||Repository of all Helios terminal commands and their associated outputs.|
|Gallery of Helios camera checks||Repository of Helios camera check images.|
- 1 Initial Discovery
- 2 Factory Main Door
- 3 Security Terminal
- 4 Main Control Room
- 5 HELIOS OS Activation
- 6 The Launch
At 03:24 UTC on 2021-12-05, the Alice & Smith (A&S) Twitter account tweeted "WARNING - DSCS III A3 access has been authorized. Good Luck and Godspeed." with a link to the A&S Discord. DSCS III-A3, officially known as USA-167, is an active satellite that is part of the Defense Satellite Communications System (DSCS). The DSCS forms part of the United States' military communication network, with DSCS III-A3 specifically being the penultimate launch of this constellation in March of 2003.
This was followed up at 17:05 UTC with a second tweet stating "UPDATES | Dec 5th | - DSCS III A3 IRC TOR uplink and RTMP FEED updated to version 636f-rev1.". The reference to an RTMP feed led players to a Twitch stream titled HELIOS Task Force on the dscs_iii_a3 channel.
Discovering the StreamNOAA Space Weather Scales, a series of indicators for space weather conditions that can impact the health of satellites, communications, astronauts and the like. The scale ranges from 1 to 5 and with all three indicators at 1, the current conditions reported are all minor.
The stream contained an interactive terminal which users could enter commands into and get responses from. The initial terminal upon loading the stream was:
Setting hostid: 636f-rev1... Entropy harvesting: interrupt ethernet Fast boot: skipping disk checks Mounting remote file systems Starting network: DVB-TEXT DSCS-III-A3 Uplink Parameters: 7600 mhz - 7604 mhz Additional TCP/IP options: .sgov=1 Starting IRC TOR PID Manual: www.intelink.sgov.gov/wiki-ts/cmd-636f Starting background file system check in 60 seconds
Clicking on the icon to the right of the stream for the Helios terminal popped up a Twitch window describing it. This included a note saying that the command
help should be used to start.
Queries and Key Systems
Converting the hexadecimal code found by inputting the
version command to text produced the message
command 'query' support = 1. This new command,
query could be confirmed by typing in
help query, which in turn led to the discovery of the latest system inventory,
chks1029 which, when queried, returned a list of currently active modules:
ERROR: chks1029 format type table 31575 | Factory Main Door 25798 | Security Terminal 75879 | Main Control Room 59579 | Nuclear Blast Door 99879 | Lights Out Factory 65548 | Assembly Line Alpha 65549 | Assembly Line Beta 65550 | Assembly Line Delta 65551 | Assembly Line Gamma 75998 | Site Alpha Invalid query for module 'chks1029'
Factory Main Door
When attempting to use the IDs from
chks1029 as a part of other commands, players found that the only entry that would return anything was 31575 - the Factory Main Door. The command
query 31575 informed players that there was a command to both open and close the door, however an access code was required. The command
coredump 31575 provided a list of 9 individual coredump pages with various details scattered throughout.
Arranging the Grid
Players quickly identified that pages 1, 4, and 8 were of the same format and were likely related to the hint in the
coredump 31575 command of 180 entries / GRID 20 by 9. With 9 blocks of data, each containing 4 lines of 5 numbers, players ended up re-arranging the numbers such that a single block would form one column of the eventual grid, with numbers transposed in order (left-to-right, top-to-bottom). e.g.:
666 242 355 576 483 559
666 242 355 576 483 559
By ordering the numbers in this manner, and ordering the columns according to the block numbers (1 on the left and increasing to 9 on the right), players had a complete grid that they began to investigate how to decode.
Distorted Audio Message
Around 00:30 UTC on 2021-12-06, those listening to the stream heard a distorted audio file play instead of the usual background track, and around 30 minutes later, was discovered to have updated from showing nothing, to now referencing the completion of an audio frequency render (presumed to be related to the distorted audio file slightly before).
The audio file was inspected and found to contain distinct two distinct sounds, a high pitched "sonar ping"-like sound and a deep bass sound. By looking at the number of bass sounds in a row and splitting them into groups using the high pitched sound as a delimiter, players found the numbers 2, 3, 5 and 8. These numbers correspond to the 3rd through 6th numbers in the Fibonacci sequence. While players had already been suspecting there was some sort of manipulating of filtering, the large block of numbers and this file was related, it was not possible to correlate the two at the time.
At around 03:30 UTC a message was posted in chat by the DSCS_III_A3 channel which notified players that there was an "error" and "repo diff ---p3-raw-AUDIO_RENDER +++p3-clean_AUDIO_RENDER. diff files analysis IS required". In plain English, this message indicated to players that the original "raw" audio file was replaced with a new, "clean" one, and that the new file will need to be analyzed.
Decoding the Grid
Upon listening to the file, or viewing the waveform of the audio file, players noticed that the final bass tone was removed, changing the sequence to now be 2,3,5,7. This meant it was no longer part of the Fibonacci sequence but instead they were the first 4 Prime numbers. By reviewing the 20 by 9 block of numbers, and replacing all of the non-prime numbers with 0, while all of the prime numbers are changed to 1, before rotating the grid 90 degrees counter-clockwise, the arrangement of prime numbers spelled out the word key.
With this keyword, players were able to enter the command
execute 31575 -open -key into the terminal. Upon entering the command, players received the following confirmation:
Accessing local PGP Key /home/31337/.ssh/31575 Access authorized Requests received so far: 0 Connecting to module 31575 TAK1 - Valid TAK6 - Valid BGD8 - Valid DTB3 - Valid SDD4 - Valid Adding your entry, please wait... Process completed.
Individually there was no significant change for each single player, however as time progressed and more players entered the code, status updates were provided in chat indicating how many more entries were still needed. Initially this was 25, then 50, then 100 before finally 200. As each goal was reached, a glowing ring expanded until it encircled the door. Additionally, as goals were reached, new camera feeds were revealed and occasionally cycled through, showing other areas of the facility beyond the main door and that players would soon need to be working on. Players also noticed that after commands started to be sent to open the door, the NOAA Space Weather Index in the bottom rght had changed to indicate S-2 (or Moderate Solar Radiation Storms).
At 11:35 UTC on 2021-12-07, the 200th command to open the door was sent, and the door opened. At the same time, the NOAA Space Weather Index updated again to now show S-3 and R-2 (Strong Solar Radiation Storms and Moderate Radio Blackouts)
On 2021-12-08, at 00:00 UTC, or 16:00 Stream Local Time, another revision was announced to the terminal program bringing it up to revision 5. This revision enabled the coredump and query commands to be used on module 25798 - Security Terminal.
query 25798 being used in the Helios terminal on the stream, it outputted two commands to be used on module 25798. The security terminal required two different inputs to be executed on it: registering a UID, and committing a branchid. These ID numbers were to be solved for, using the information obtained from using
coredump 25798. On execution of the command, 5 files were generated that could be read along with the line
5 entries / 10 digits ID, which seemed to indicate that a 10 digit ID number was required for this terminal. Each coredump file generated had its own clues, that once investigated, seemed to point towards different satellites that had been launched into space. At the time of the security terminal activating, however, the significance of the satellites was not yet clear to players, and while several inputs were attempted based on the information of the satellites, no valid entries were uncovered.
On 2021-12-8, at approximately 8:30 PM UTC, or 12:30 Stream Local Time, the terminal program had another revision bringing it up to Revision 6. This brought the CSR (Clippy SubRoutine) subroutine online, but is simply called
clippy in the terminal commands. On using
query clippy, a command is listed to read various pages of its help message database, where it appears to be helping an unknown individual. Amongst these pages was mention that space objects tracked by NORAD are registered with their own unique SATCAT, or Satellite Catalog, number. With this information, the SATCAT numbers of the satellites, identified with the coredump information, were used as the UID number for the
execute 25798 -register -<UID> command. These returned valid entries, which outputted two-digit branch sequences for each of the 5 satellites. When all the branch sequences were arranged in order, it produced a 10 digit code that could be inputted using the
execute 25798 -commit -<branchid> command. The method of solving the UIDs and branchid are detailed below.
Page 1 Coredump Solution
On reading the page 1 coredump in the terminal, three block fragments were produced that had different clues on them:
The third fragment's URL, when put into a browser, linked to an image of the Thor's Fight with the Giants painting. Combining Thor with the other information lead to the Thor-able expendable rocket launch system. In August, this system was used to launch one satellite on vehicle 134, Explorer 6. Explorer 6's SATCAT number is 00015, which when inputted into the Helios Terminal using
execute 25798 -register -00015, would yield the result of
BranchSequence_01(a4), leading to a4 being the first digits of the branchid.
Page 2 Coredump Solution
On reading the page 2 coredump in the terminal, only one block fragment was produced with the words "Little Arrow". Little Arrow, when translated into Russian, yields the name Strelka, the name of one of the dogs aboard the Sputnik 5 satellite. Inputting Sputnik 5's SATCAT number, 00055, into the terminal using
execute 25798 -register -00055 yields the result of
BranchSequence_02(g7) leading g7 to be the next 2 digits of the branchid.
Page 3 Coredump Solution
On reading the page 3 coredump in the terminal, only one block fragment was produced with the words "92 TJ". TJ is the abbreviation for Tera Joules, a method of measuring explosive yields, with values this high often being seen only in nuclear weapons. 92 TJ can be applied to several different nuclear weapons but in keeping with the satellite theme only one really matches, China's Project 596 which was part of the Two Bombs, One Satellite project. The satellite in question was the Dong Fang Hong I or also known as China 1 which has the SATCAT number of 04382. When inputted into the terminal using
execute 25798 -register -04382 it outputs the result of
BranchSequence_03(x9) leading x9 to be the next two digits of the branchid.
Page 4 Coredump Solution
On reading the page 4 coredump in the terminal, two block fragments were produced that had different clues on them:
As with the page 1 coredump image, these URLs also link to images: Image 1 & Image 2. The first image is a logo for Interkosmos, the space program for the Soviet Union. The second image is a cropped-out piece of the School of Athens fresco which in particular is focused on Euclid. When comparing the two, no satellites launched by Interkosmos bore the name Euclid nor was Greece even involved in the program. When probing deeper with the Euclid algorithm and the countries that were part of the Interkosmos program you find there was a similar algorithm devised by an Indian astronomer called Aryabhata and which has a satellite named after that was launched in the Interkosmos program. When inputting this satellite's SATCAT number into the terminal using
execute 25798 -register -07752 it yields the result of
BranchSequence_04(c1) which are the next two digits of the branchid.
Page 5 Coredump Solution
On reading the page 5 coredump in the terminal, only one block fragment was produced with the number "243". Searching the number with respect to space finds that Venus has a rotational period of 243 earth days. While there is several artificial satellites in relation to Venus the one with distinction is Venera 7 which was the first one to soft-land on Venus and transmit data back to Earth. Inputting its SATCAT number into the terminal using
execute 25798 -register -04489 yields the result of
BranchSequence_05(d7) which are the last digits of the branchid.
When all the branch sequences are arranged in order, it yields a 10 digit id number of
a4g7x9c1d7 which can be inputted in the terminal using
execute 25798 -commit -a4g7x9c1d7 and yielded the result of adding your entry to the terminal. Once 100 entries in total were collected from unique twitch ids, the hallway lights turned green and the broadcast was interrupted by a moving graphic that repeated a string of numbers and letters. Once this was over, the terminal was updated with access granted to the Main Control Room.
Main Control Room
Query & Coredump 75879
The third module began with the discovery of only two commands linked to it, being the frequently used query and coredump commands.
query 75879 would return differently than the other query commands have, reading the following.
Query Module 75879 Status Request - Main Control Room Authorized commands: Unavailable Unavailable Please stand by... Module Status: Offline
Players then entered
coredump 75879, returning a reference to the first module, and a list of links.
WARNING: memory coredump for 75879 Generating files... Error, Data Integrity Failed Missing reference on 31575.page7 Tracking sequence started... FOUND: data.dscsiii-a3.directory/3lL5XkY FOUND: data.dscsiii-a3.directory/3EGivlb FOUND: data.dscsiii-a3.directory/3pLvv2W FOUND: data.dscsiii-a3.directory/3EDZnEu FOUND: data.dscsiii-a3.directory/3GsEHQs FOUND: data.dscsiii-a3.directory/3IAbAMX FOUND: <error> Missing data Scan schedule: Every 4h Process Failed
The six links all redirect to twitch clips, each from seemingly normal streamers being interrupted by a similar visual & sequences of numbers as the main livestream had been.
Later the next day, two more clips were added:
data.dscsiii-a3.directory/3dyTMTY. The command also updated to say
Pattern Detected: DSCS.III-A3.Authorization.XXXXXXX near the bottom, providing the format for the next solution. A ninth clip occurred during Twitch Gaming's pre-show for The Game Awards 2021, at 12:17 AM UTC, and a tenth during the post-show at 4:21 AM UTC. The day after that, an eleventh occurred during Twitch Gaming's winter gathering livestream at 8:38 PM UTC.
Grid Power Distribution
At 21:03 UTC on 2021-12-10 the stream updated to focus on a batch of terminals with different values listed on them. In addition, the terminal initialization text updated to Revision 10, and players who re-ran the
query 75879 command were directed to use the new
The initial command used,
grid status, informed players that there are three grid IDs, 33, 66 and 99 which need power distributed to them. This could be delivered in batches of either 10, 100 or 1000 megawatts, but would require collaboration with other users to apply. Specifically, the system required 2 users to wake the system and make it ready to accept commands (this was seen with a blue screen), a further 3 users to prepare the signal (resulting in a yellow screen on the terminals) and then another 5 users to commit the power increase (confirmed by a red screen with the word COMMIT over the top). The 10 users required to commit a power increase had to be unique within that set, however once a command was committed, the same 10 users could then submit a new command (i.e. 10 users could add 100 power, then once done they could add another 100 without needing anyone extra). The final part of the
grid status command warned players that the system was unstable, and that the system would recycle regularly. Initially, this was a 5 minute reset cycle (as described by the CRON expression */5 * * * *)
Players initially started adding power to different grid IDs to try and find the right value, however progress was frequently reset without identifying a particular value. After some time, players noticed that when increasing a particular grid IDs power too far, the white light above one of the screens turns red and the red light below turns white. These lights formed arrows pointing up and down and players soon realized that these indicated if the current power value was too low (with the light above and arrow pointing down) or too high (light below and arrow pointing up).
With this new information, players gradually stepped through power increments and, upon exceeding the desired value, resetting and then stepping through a range with lower increments (i.e. increasing by 1000 increments - 0,1000,2000,3000, reset when it's too high - then use 100 increments for the section before it swapped - 0,1000,2000,2100,2200). Using this method, players slowly worked through and identified the three correct power levels with ID 33 being 2200MW, ID 66 being 12000MW and ID 99 being 40100MW.
HELIOS OS Activation
At around 02:20 UTC on 2021-12-11, all grids were stabilized, and shutters opened allowing a view out to the Lights Out Factory with 4 portals which soon activated. At the same time, the Twitch Gaming channel was just finishing up one of it's awards shows and during the end card, 3 slides of text were shown with an emergency alert tone playing instead of the usual background music. The slides informed players that:
Following the prediction of a solar flare with a coronal mass ejection (CME) 20 times bigger than the Carrington Event of 1859, the Department of Defence is declaring a global state of emergency. Projections show that this event will happen on 2021-12-12 at 21:00 PST and will take 17 hours to reach Earth.
Government resources are now considered insufficient, immediate citizen contribution is required. The HELIOS Task Force has been re-activated in response to this global threat. Distributed computing effort is required through the livestream platform designation : TWITCH.
Agents, the RAMPART Initiative is now live.
At the end of the Twitch Gaming Awards stream, the channel started a raid on the HELIOS channel which directed ~50,000 viewers to the channel.
Finally, the HELIOS terminal upgraded to a full HELIOS OS, providing players with the ability to view their profile (including achievements), view collected resources, a timeline, a list of streamers who had integrated the HELIOS OS with their stream and a new and upgraded terminal window (none of the old commands carried over to this new one).
The purpose of the HELIOS OS and the overall RAMPART Initiative was to have the community collect resources, send them to streamers who were running the HELIOS OS extension (thereby acting as resource pools) and contributing to the overall mission to prevent the effects of the solar flare. Streamers could choose specific missions to focus on (such as boosters or a command module) with traded resources from players being directed towards that mission objective. Additionally, becoming a HELIOS OS Streamer would prevent that individual from receiving the regular raw material allocation that regular players received automatically (such materials being refined and then sent to streamers of their choice, thus providing a constant steady flow of resources around the community).
Below is a list of all of the materials players received to send to streamers, who would make the components for missions.
At around 21:00 UTC on 2021-12-12, the HELIOS OS terminal updated and players were able to resume using commands within it again. Included within this update was a new command,
chcksum. When players ran the help command for this, they found the latest query in the system inventory used against this command.
query chcksum.3133 to replicate the last system inventory call showed players a list of IDs associated with several raw materials they had been collecting, as well as one ID that was corrupted - this was for the incredibly rare Twitchitrium resource.
Based on command usage tips found by using
help chcksum, players starting to run the command against several IDs (e.g.
chksum 1111 and
chcksum 02a8951. They quickly discovered that the IDs fell into three categories:
- ID 1111 (COMGRP) would always report back with a block of zeros (zeros were in blocks of 4 with the grid being 4 by 7 blocks for a total of 28 blocks). - ID 3333 (Twitchitrium) would always report back that the data is too fragmented. While there was a repair command listed in the help tool, players were initially unable to use it due to lacking the required commit-id - All other IDs would report back a similar block of numbers as 1111 but with up to 4 digits changed, as well as a country code identifier but only if the player entering the command was in a specific country. Each of these IDs were assigned to different countries and so no single players would have access to all of the data.
Players collaborated to find those in different countries to test the command.
0000 0000 0000 0000 0000 0000 00A5 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 003C
0000 0000 U100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00M4 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 Z1FE 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 UX00 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 G700 0000 0000 0000 0000 0000 0000 0000 0000
Players found that the countries that could access a particular material's ID were large manufacturers of that given material (Gamium being the exception and being available to Canada, most likely in reference to Alice & Smith's game development studios being based there).
By taking each of the modified blocks in each of the response (the values in bold in the above table) and ordering them based on their row before removing any remaining zeroes, players found the ID U1A5UXZ1FEG7M43C. Using this ID as part of the repair command (
chcksum U1A5UXZ1FEG7M43C -repair) enabled players to repair the Twitchitrium ID. This activated a global drop event, rewarding many players across all streams with 10 Twitchitrium.
Shortly after players first ran this command, several changes were spotted in the Lights Out Factory, including a 5th portal activating, and the 4 that were already activated turning from an orange color to blue.
Around 20:45 UTC on 2021-12-13, the TwitchGaming Twitch Channel restarted it's stream and, when it came back online, players found a timer until the predicted time when the solar flare would reach earth (at 20:45 this was T-01:15:00 as the predicted arrival time as 22:00 UTC). Additionally, the NOAA Space Weather Index now showed all as level 5 - extreme.
At 21:00 UTC, Twitch streamer DeejayKnigt appeared on Stream and provided background on the events leading up to the final hour. After recapping the events, Deejay interviewed Twitch Streamers ONE_shot_GURL, DataDave and Lana_Lux, discussing their favourite parts of the event, reviewing some statistics related to their missions and their viewer's contributions as well as questions which crossed over HELIOS with the streamer's interests, such as ONE_shot_GURL's Pokemon cards and DataDave's anime knowledge.
From 21:35 UTC (T-25:00), the four streamers all appeared on stream together and discussed the event together, including specific moments like the shortage of Structulite Plates and Turbine Pumps early on or the low drops of Copper in the final hours. The discussion continued for some time with questions from the chat and banter about the last few days.
At 21:58 UTC (T-02:00), callouts from a command center could be heard identifying each of the required stages of the rocket launch complete (e.g. propellant load etc.).
After a slight glitch in the stream, the rocket - RAMPART 1 - launched at 22:02 UTC. The rocket performed well and shortly afterwards the Barrier Emitter deployed just in time to protect Earth from the incoming Solar Flare. With this, the RAMPART Initiative and wider HELIOS Project was a success.