Jump to content



Photo

The PRE game fun...


  • This topic is locked This topic is locked
2258 replies to this topic

#1 vetRob

Rob

  • 7,332 posts
  • Joined: 06-July 03
  • Location: London, UK

Posted 23 December 2006 - 01:51

This thread is now closed, and is continuing HERE.

---------------------------

Neowin - Help us solve The Vanishing Point Game at www.vanishingpointgame.com

Thanks to bobp for creating this thread, of which I've now taken ownership for easy updating!

See here for the initial front page news item and more details.

So far, we know that it's probably a marketing campaign by 42 Entertainment for Microsoft (as the initial teaser image was first seen on the Internet Explorer Development Blog, and the Flash login page is seen connecting to the 42 Entertainment domain). 42 Entertainment were behind the highly successful Halo viral marketing campaign.

I'll be updating this post with the codes we find and the puzzles that are given as a result of that.
  • Initial image as reported on Neowin front page - solved as wh0isl0ki
  • Also solved as iw4nttwinyou from a blog post on HeavenGames.com
  • Also solved as 3scap3grav1ty from an edited post by the mystery lokivanishes poster
  • Also solved as imm0rtaliz3m3 thanks to a key from Doug Stockwell
  • Also solved as wh3r3t0g0 thanks to the guys at unfiction
  • iw4nttwinyou - gives US phone number (when called asks for PIN) - solved with PIN 35813, prompting the user to THIS webpage
  • 3scap3grav1ty - gives different grid-based puzzle - solved, leading the user to THIS webpage
  • 3akix3ozidd1b - identical to the above - solved
  • wh0isl0ki - gives grid-based puzzle - solved, leading the user to THIS webpage
  • imm0rtaliz3m3 - gives an mp3 file, the waveform of which looks like this and is solved like this (thanks go to Ehsan from Unfiction), leading the user to THIS webpage
  • wh3r3t0g0 - gives some html-escaped data. Putting this into a basic html page reveals a word, leading the user to THIS webpage
lokistuff.png

welcome.gif

The sudoku-like puzzle is solved with the following numbers:
592 487 613
817 563 924
643 921 875
		   
428 156 739
135 749 286
769 238 541
		   
256 374 198
371 895 462
984 612 357

Edited by Rob, 11 January 2007 - 22:46.



#2 TommyRush

TommyRush

    Neowinian

  • 10 posts
  • Joined: 04-September 03
  • Location: Gainesville, FL

Posted 23 December 2006 - 02:05

The source code has

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTUxMzcyMjQyN2RkbyO7jpOtE1Mb07Hm2nrpSyWWoQo=" />

I don't know if it is normal for the value to be like that, I don't know HTML

and <!-- PIN=5813 --> towards the bottom

Neither are the password

#3 Beastage

Beastage

    vroooooooom!

  • 3,046 posts
  • Joined: 06-February 02
  • Location: Eye of the storm

Posted 23 December 2006 - 02:08

Well reading it out loud didn't produce any noticable vocal results for me... tho some of the numbers and letters look like highways and directions

#4 OP vetRob

Rob

  • 7,332 posts
  • Joined: 06-July 03
  • Location: London, UK

Posted 23 December 2006 - 02:09

The Viewstate is a standard ASP.NET variable that's put in to most pages, nothing to do with that. The PIN, on the other hand, is interesting.

A raw dump of the HTTP session the Flash script uses when sending the password 'neowin' is quoted below.

POST /PreCodeHandler.ashx HTTP/1.1
Accept: */*
Referer:
x-flash-version: 9,0,28,0
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)
Host: www.vanishingpointgame.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: vaakokie=H3hOXjhzqeAzFtwGjbmmkCk7iMQ9w0z7oFBF0vETARCMV9ar9uwf4f7MNA47-_L-eTIoPoeJSVzbgrilYyVumfERJlhCZ4MvkcG6uGOfP2A1; ARPT=MMWQKNS192.168.1.128CKMYM; ASP.NET_SessionId=iyr5jxraoxvg5j55zg0t1255

var1=neowin&var2=989DCA4C56923144F848F12F6D49C484



#5 Kraftman

Kraftman

    Neowinian Senior

  • 2,197 posts
  • Joined: 01-May 05

Posted 23 December 2006 - 02:12

Yeah, I'm sure.

Posted Image


What is that packet sniffer that is open source and the name starts with an "e"? This has been killing me trying to find it. It's a good sniffer :p

Maybe I'm wrong about the "e" thing. Or the open-source thing. But it definitely does not run the native Windows GUI. Uses an "overlay" (much like Java, GTK, etc)

#6 Beastage

Beastage

    vroooooooom!

  • 3,046 posts
  • Joined: 06-February 02
  • Location: Eye of the storm

Posted 23 December 2006 - 02:14

now 42 thrown in the mix! omg confusing...

#7 OP vetRob

Rob

  • 7,332 posts
  • Joined: 06-July 03
  • Location: London, UK

Posted 23 December 2006 - 02:14

Ethereal is what you're thinking of. But I think Fiddler is better for this kind of analysis anyway as it deals with HTTP traffic specifically.

Think perhaps we're thinking along the wrong lines though. We should be trying to work out what these mean.

rpf6ncada34wget32-84
kvezz1x6cfp0egnyvm32
z3o6qj-o3ddwn3;u-loe

#8 Rodrigo

Rodrigo

    Neowinian Senior

  • 1,699 posts
  • Joined: 24-May 03
  • Location: Mexico

Posted 23 December 2006 - 02:16

http://42entertainment.com/do.html

This is one of their missions:

Innovative Marketing Campaigns: As a standalone agency, we drive brand engagement and ROI by immersing consumers in our clients' brands.


I'm pretty sure that's all relating to them.

#9 Beastage

Beastage

    vroooooooom!

  • 3,046 posts
  • Joined: 06-February 02
  • Location: Eye of the storm

Posted 23 December 2006 - 02:20

from 42's website - "Who hacked the website of a Napa Valley beekeeper, leaving behind a series of GPS coordinates? Why were pay phones at the Empire State Building delivering installments of a sci-fi radio drama? � As these questions gripped tens of millions of Web surfers last summer and fall, the answers led to a viral marketing campaign created for Microsoft by Seattle-based 4TwoEntertainment to promote Halo 2, the long-awaited sequel to the Xbox videogame hit."

I'm thinking GPS stuff too...

#10 Kraftman

Kraftman

    Neowinian Senior

  • 2,197 posts
  • Joined: 01-May 05

Posted 23 December 2006 - 02:23

Wait.. does the Fiddler look at only HTTP traffic, or HTTPS as well? Because it seems to be connecting securely.

#11 TommyRush

TommyRush

    Neowinian

  • 10 posts
  • Joined: 04-September 03
  • Location: Gainesville, FL

Posted 23 December 2006 - 02:31

I tried the first SWF decompiler on google and found this image
Capture.JPG

#12 Kraftman

Kraftman

    Neowinian Senior

  • 2,197 posts
  • Joined: 01-May 05

Posted 23 December 2006 - 02:34

You heard the man! January 8th, 6:30PM, Bellagio Fountains

#13 Soham

Soham

    Neowin's Mogulel

  • 3,655 posts
  • Joined: 01-September 03
  • Location: C-Bus, Ohio and Lille, Fr

Posted 23 December 2006 - 02:39

January 8th, 6:30PM, Bellagio Fountains

what is going happen on that day

#14 Beastage

Beastage

    vroooooooom!

  • 3,046 posts
  • Joined: 06-February 02
  • Location: Eye of the storm

Posted 23 December 2006 - 02:40

Las Vegas.... hmmm

#15 Kraftman

Kraftman

    Neowinian Senior

  • 2,197 posts
  • Joined: 01-May 05

Posted 23 December 2006 - 02:41

what is going happen on that day


Nobody knows which makes this whole thing even more interesting. I have a feeling that we didn't learn anything at all, and that Microsoft just did this to add to the excitement... and that we need an actual code to gain access to another part of the site :shifty: