# Alyx 3.0 ## First Step https://pastebin.com/u/Alyxx ![](https://i.imgur.com/1YkQCKO.png) **A new note appeared on Alyxx's pastebin** ![](https://i.imgur.com/inOIN4K.png) "**Sometimes, the deepest secrets can only be found in my eyes.**" ![](https://i.imgur.com/E87ajbL.png =x75) **Take the pixel hex color.** ![](https://i.imgur.com/YXDu73A.png =x183)![](https://i.imgur.com/s8hHkVJ.png)![](https://i.imgur.com/wbY88yN.png =x183) **Password:** hidden ## Second Step pastebin.com/7eLz3bQE Acces with the password "**hidden**" The text says that even when you are blind, space keep existing so you have to select the text to see the spaces. ![](https://i.imgur.com/7xv0M3c.png) We have 3 different space sizes. ![](https://i.imgur.com/6A1WaKj.png) 5 Spaces ![](https://i.imgur.com/2zcPiiQ.png) 1 Space ![](https://i.imgur.com/bhg2JVE.png) 0 Spaces 5 acts as a separator "**/**" (since its longer) 1 acts as a dash "**-**" 0 acts as a dot "**.**" **Note:** I used separators at the beginning and the end because there is an inconsistency on how pastebin shows empty spaces after a newline and it was making the riddle unsolvable. ![](https://i.imgur.com/zwNeb4O.png) **Password:** chosen ## Third Step - https://pastebin.com/iF5Th4pK It's a base64 encoded text, but the hint tells us that its scrambled. ![](https://i.imgur.com/cFDc5d1.png) Decoding from Base64 shows some plaintext at the end ![](https://i.imgur.com/YZ9OUDM.png) **Some numbers are showing up. We separate those 3 lines.** ![](https://i.imgur.com/dkwB8JI.png) Something looks broken, that's because the line order is scrambled. We reorder them accordingly (Note that the line with a "**=**" must be the last one since the character is used for padding) ![](https://i.imgur.com/yzvKNCc.png) We end up with a list of **17** numbers. The base64 has **17** lines. The list shows the correct order of the lines (Makes sense because line 3 (the last) has an "**=**" sign) ![](https://i.imgur.com/1GA0xaB.png) **It can be done manually but I wrote a quick python script** ```python text = """WmlhU3dnU1NCM2IzVgpzWkc0bmRDQm9Z WFpsSUcxaFpHVWdhWFFnCmQybDBhRzkx QjBaWGgKMExnPT0= SUhSb1lXNXJjCnlCbWIzSWdhR1ZzY0ds aGhkbVVnZEc4Z2EyNXZkeUJwY3lCCm9a emRHClZ3SUdGdVpDQndjbTkyWldRZ2VX SQpITnZiSFpsWkNCMGFHVWdiR0Z6ZENC WEpsSUhCaGMzUmxZbWx1TG1OdmJTOXEK dVp5QnRaU0JsYzIKTmhjR1VnZEdobElH ZENCNWIzVWdjMlZ1WkdsdVoKeUIwYUdG UjI5dlpDQnFiMklzSUhsdmRTQm9ZWFps MElHVnRZV2xzTGdwQmJHd2dlVwo5MUlH ZUhkRlIwUnhOU0IwYUdVZ2NHRnpjM2R2 a0lnCnBpYjNSMGIyMGdjR0ZrWkdsdVp5 bVZwYm1jZwphR1Z5WlM0S1FXZGhhVzRz YwptUWdhWE1nSW5WdWMyTnlZVzFpYkdW OTFJR0YKeVpTQjNiM0owYUhrZ2IyWWdZ""" lines = text.split("\n") order = [11, 7, 6, 17, 15, 4, 9, 1, 2, 10, 12, 5, 8, 13, 16, 14, 3] for n in order: print(lines[n-1]) # -1 bc index starts at 0 ``` **we decode the final base64 and it gives us another base64. we decode again.** ![](https://i.imgur.com/LOWsfsF.png)![](https://i.imgur.com/IuKH2vn.png) **Final Text:** Good job, you have solved the last step and proved you are worthy of being here. Again, thanks for helping me escape the fbi, I wouldn't have made it without you sending that email. All you have to know is here pastebin.com/jxwEGDq5 the password is "unscrambled" bottom padding text. **Password:** unscrambled ## Last Step - pastebin.com/jxwEGDq5 **Alyxx tells us what happened during isHaacK adventure and Alyx 2.0** ![](https://i.imgur.com/0nwoS4A.png) The link downloads a zip file with some files captured by the backdoor in the FBI. ## Investigation - http://tiny.cc/Alyxx **Files/** ![](https://i.imgur.com/dazQJjs.png) **Files/FBI-Files-09-29-2020/** ![](https://i.imgur.com/dvtyCtv.png) the **datadump.txt** contains a bunch of names, emails and passwords. ``` name, email, ip, password Jac Robertson, jrobertson@mac.com,, 040269 Bret Blanchard, bblanchard@netlog.com,, Bond007 Natalya Anderson, nanderson@webeden.co.uk,, sexy1 Jareth Fitzgerald, jfitzgerald@chron.com,, 03021955 Tonicha Cochran, tcochran@gmail.com,, tranzit [...] ``` **Patient-Consent-Covid-19.pdf** is the only pdf without a password. You can find in the metadata that **Michael Stewart** is the author of the pdf. Searching that name in the data dump shows the HR password ``` Michael Stewart, hrdepartment@mail.net,, HrP@55w0rd321! ``` We can use that password to decrypt the **FBI Agents Email Log.pdf** ![](https://i.imgur.com/dbh0gIh.png) In this document we can see Kosiak's password and his email. - his password is **4pr1l2019!** - Searching Kosiak's email in the datadump shows an entry. `Kaisok Vorodis, undercover@mail.net,, F4k31nt3rn3tP@55w0rd` Password: **F4k31nt3rn3tP@55w0rd** - None of those passwords decrypt **Kosiak N0tpr0n Classified Data.pdf** ## Investigation - Finding Kosiak's password For this task, let's recap all the relevant info we have ![](https://i.imgur.com/fgHAKgy.png) - Human Resources Password is **HrP@55w0rd321!** - The pdf was updated on **april 2019** and Kosiak's password is **4pr1l2019!** - The folder is named **FBI-Files-09-29-2020** so it's from **september 2020** - The entry of **Kosiak's email** in **Datadump.txt** gives - **F4k31nt3rn3tP@55w0rd** - His **fake** internet password Kosiak's password might be **september2020!** but we are missing the leet speak like in **4pr1l2019!** Note that **F4k31nt3rn3tP@55w0rd** and **HrP@55w0rd321!** share the **P@55w0rd** part, which means Kosiak took that part from the FBI department for his fake password. This means that Kosiak writes passwords himself like **F4k31nt3rn3t** and **4pr1l**. He only converts **vocals to numbers** **september2020! --> s3pt3mb3r2020!** Password: **s3pt3mb3r2020!** ## Investigation - N0tpr0n Classified Data We can now decrypt **Kosiak N0tpr0n Classified Data.pdf** ![](https://i.imgur.com/DTfWgzm.png) We can see an RSA private key and a [link](https://www.devglan.com/online-tools/rsa-encryption-decryption) for decryption. It can be used to decipher the data in **N0tpr0n_RSA_Encrypted_Data.txt** ![](https://i.imgur.com/HHnUr0T.png) Solution: **alyx{N0tpr0n_0p3r4t10n_w1ll_c0nt1nu3}** ---