# Alyx 3.0
## First Step https://pastebin.com/u/Alyxx
**A new note appeared on Alyxx's pastebin**
"**Sometimes, the deepest secrets can only be found in my eyes.**"
**Take the pixel hex color.**
!(https://i.imgur.com/YXDu73A.png =x183)!(https://i.imgur.com/s8hHkVJ.png)!(https://i.imgur.com/wbY88yN.png =x183)
## Second Step pastebin.com/7eLz3bQE
Acces with the password "**hidden**"
The text says that even when you are blind, space keep existing so you have to select the text to see the spaces.
We have 3 different space sizes.
!(https://i.imgur.com/6A1WaKj.png) 5 Spaces
!(https://i.imgur.com/2zcPiiQ.png) 1 Space
!(https://i.imgur.com/bhg2JVE.png) 0 Spaces
5 acts as a separator "**/**" (since its longer)
1 acts as a dash "**-**"
0 acts as a dot "**.**"
**Note:** I used separators at the beginning and the end because there is an inconsistency on how pastebin shows empty spaces after a newline and it was making the riddle unsolvable.
## Third Step - https://pastebin.com/iF5Th4pK
It's a base64 encoded text, but the hint tells us that its scrambled.
Decoding from Base64 shows some plaintext at the end
**Some numbers are showing up.
We separate those 3 lines.**
Something looks broken, that's because the line order is scrambled. We reorder them accordingly
(Note that the line with a "**=**" must be the last one since the character is used for padding)
We end up with a list of **17** numbers.
The base64 has **17** lines.
The list shows the correct order of the lines (Makes sense because line 3 (the last) has an "**=**" sign)
**It can be done manually but I wrote a quick python script**
text = """WmlhU3dnU1NCM2IzVgpzWkc0bmRDQm9Z
lines = text.split("\n")
order = [11, 7, 6, 17, 15, 4, 9, 1, 2, 10, 12, 5, 8, 13, 16, 14, 3]
for n in order:
print(lines[n-1]) # -1 bc index starts at 0
**we decode the final base64 and it gives us another base64. we decode again.**
Good job, you have solved the last step and proved you are worthy of being here.
Again, thanks for helping me escape the fbi, I wouldn't have made it without you sending that email.
All you have to know is here pastebin.com/jxwEGDq5 the password is "unscrambled"
bottom padding text.
## Last Step - pastebin.com/jxwEGDq5
**Alyxx tells us what happened during isHaacK adventure and Alyx 2.0**
The link downloads a zip file with some files captured by the backdoor in the FBI.
## Investigation - http://tiny.cc/Alyxx
the **datadump.txt** contains a bunch of names, emails and passwords.
name, email, ip, password
Jac Robertson, email@example.com, 126.96.36.199, 040269
Bret Blanchard, firstname.lastname@example.org, 188.8.131.52, Bond007
Natalya Anderson, email@example.com, 184.108.40.206, sexy1
Jareth Fitzgerald, firstname.lastname@example.org, 220.127.116.11, 03021955
Tonicha Cochran, email@example.com, 18.104.22.168, tranzit
**Patient-Consent-Covid-19.pdf** is the only pdf without a password.
You can find in the metadata that **Michael Stewart** is the author of the pdf.
Searching that name in the data dump shows the HR password
Michael Stewart, firstname.lastname@example.org, 22.214.171.124, HrP@55w0rd321!
We can use that password to decrypt the **FBI Agents Email Log.pdf**
In this document we can see Kosiak's password and his email.
- his password is **4pr1l2019!**
- Searching Kosiak's email in the datadump shows an entry.
`Kaisok Vorodis, email@example.com, 126.96.36.199, F4k31nt3rn3tP@55w0rd`
- None of those passwords decrypt **Kosiak N0tpr0n Classified Data.pdf**
## Investigation - Finding Kosiak's password
For this task, let's recap all the relevant info we have
- Human Resources Password is **HrP@55w0rd321!**
- The pdf was updated on **april 2019** and Kosiak's password is **4pr1l2019!**
- The folder is named **FBI-Files-09-29-2020** so it's from **september 2020**
- The entry of **Kosiak's email** in **Datadump.txt** gives
- **F4k31nt3rn3tP@55w0rd** - His **fake** internet password
Kosiak's password might be **september2020!** but we are missing the leet speak like in **4pr1l2019!**
Note that **F4k31nt3rn3tP@55w0rd** and **HrP@55w0rd321!** share the **P@55w0rd** part, which means Kosiak took that part from the FBI department for his fake password.
This means that Kosiak writes passwords himself like **F4k31nt3rn3t** and **4pr1l**.
He only converts **vocals to numbers**
**september2020! --> s3pt3mb3r2020!**
## Investigation - N0tpr0n Classified Data
We can now decrypt **Kosiak N0tpr0n Classified Data.pdf**
We can see an RSA private key and a [link](https://www.devglan.com/online-tools/rsa-encryption-decryption) for decryption. It can be used to decipher the data in **N0tpr0n_RSA_Encrypted_Data.txt**