This section covers how each discovery was made - in order to bring people up to speed on the ARG.
More information is still required. No hypothesis or unconfirmed ideas.
Google Maps Links
The Chinese room
- The first Google Maps link on the NextFrictionalGame.com links to 'China' (hence thechineseroom).
- The second Google Maps link on the NextFrictionalGame.com website points to Borerary, an island in the Hebrides, which is where Dear Esther (a game by thechineseroom) is located.
- The third Google Maps link on the NextFrictionalGame.com links to a street in Seattle, where the Smith Tower is adajcent. Inside the Smith Tower is 'The Chinese Room'.
- In the NextFrictionalGame.com console, the supposed email is CC'd to "MOC.EMAGLANOITCIRFTXEN|RCT#MOC.EMAGLANOITCIRFTXEN|RCT". "TCR" supposedly stands for "thechineseroom", which is how the developer in question stylizes their own name.
- thechineseroom's next game, "gameB", is a "top secret game we’re working on that will be due out in Q4 2012."This release date is extremely close to the release date ("A MACHINE FOR PIGS COMING FALL TWO THOUSAND TWELVE") stated on the console.
The CSS for the main page contains the ciphertext:
LZW WNAD ESQ ZAVW LZW YJWSLWJ WNAD. TML LZW WNAD SDKG ZAVWK LZW YJWSLWJ YGGV.
Which is a ceasar shift of:
THE EVIL CAN HIDE THE GREATER EVIL. BUT THE EVIL ALSO HIDES THE GREATER GOOD.
Acessing the console
In the main webpage source it was discovered that there was a form hidden:
<form action="inject_db.php" method="get"> <input type="text" name="select_user" /> <input type="submit" value="Submit" /> </form>
The name "inject_db.php" hinted at performing a form of SQL Injection in order to proceed. This lead to the following URL gaining Acess to a commodore 64 style
http://www.nextfrictionalgame.com/inject_db.php?select_user=' or '1'='1
When first gaining access to the page (or acess after a subsequent EXIT command) via the above URL, the following is presented:
WELCOME %#&?|!.SYNTAX ERROR GOTO 10 10 U=$GET_["SELECT_USER"] 15 IF U$ = 1 THEN U$ = -1 17 GOTO 20 18 U$ = U$+1 20 ON U$ GET -1,0,1,2,3,4,5,6,7,8 30 PRINT U$ 40 IF U$ < 8 THEN GOTO 18 50 END DAN ADMIN JENS THOMAS LUIS MARC MARCUS MIKAEL PETER RASMUS
The first section is BASIC code. It appears to be iterating through each "USER" by Employee NR and printing them. A special case is made for user DAN as he has Employee NR -1. Typing HELP lists various commands which can be acessed. Note that certain commands were not initially visible on the HELP output.
A countdown was later added to the bottom of the console.
Each of the fragment names relate to some form of disease/virus/bug. Fragements all have the same style URL: HPL2.1/000LLL/FRAGMENT_[LETTER].[ZIP/7z] (Where 0 refers to a digit, and L refers to a letter of the alphabet). Each fragment contains letters on it and can be pieced into a full image.
Letters: pfcicnimsoigg aamrnohe oftlwlas edtwenlavuhto
Re-arrange to: A machine for pigs coming fall two thousand twelve
Every user but JENS and ADMIN could be acessed without a password. User THOMAS, however, was the only user that could be interacted with in a meaningful way. Users were given the choice to promote or demote THOMAS. After THOMAS recieved 100 promotions the file fragment_ebola.zip could be downloaded by typing USER THOMAS.
Link for fragment ebola
Typing LOAD "$",8 followed by LIST generates a list of files. Typing LOAD "AMNESIA_AMFP[CRACKED].EXE",8 will result in the password protected archive fragment_anthrax.7z being downloaded with the following displayed: TROJAN VIRUS INFESTED FILE "HPL2.1/978WTY/FRAGMENT_ANTHRAX.7Z" SENT TO CLIENT. The password is derived from merging the CSS cipher and the readme.txt cipher together as a password:
THE EVIL MAY HIDE THE GREATER EVIL. BUT THE EVIL ALSO HIDES THE GREATER GOOD. THIS WORLD IS A MACHINE. A MACHINE FOR PIGS. FIT ONLY FOR THE SLAUGHTERING OF PIGS.
The password works in 7zip but not WinRAR.
Link for fragment anthrax
Each of the users LUIS, MARC, MARCUS, MIKAEL, PETER and RASMUS (USER command) had an error as their STATUS. A single character (either digit or letter) was after this. For example, the following is the output of the command USER MARC:
EMPLOYEE NR: 4 PROMOTION LEVEL: DB_ERROR_INF_MANIFEST STATUS: THROW DIRECTORY ERROR %6
Arranging the users by EMPLOYEE NR and reading out the letters gives a string which matched the pattern for directory path for a fragment download link: 561ywk
When access to JENS was availible, reading his STATUS completed the URL:
WELCOME JENS. GOOD TO SEE YOU AGAIN. ADDITIONAL TOOLS: PLAY - SEE HELP AUDIO FOR DETAILS. EMPLOYEE NR: 1 PROMOTION LEVEL: DB_ERROR_INF_MANIFEST STATUS: THROW FILE ERROR %FRAGMENT_XMALARIA.ZIP
Link for fragment malaria
Logging as ADMIN allows to run the command TRACEROUTE DAN, returning the following:
USER IN DATABASE BUT NO CROSS REFERENCE DATA FOUND. POSSIBLE UNAUTHORIZED ACCESS. TRACEROUTE INITIATED MAX 30 HOPS 60 BYTE PACKETS 1 CSC1-GW-222.SERVO.RU (18.104.22.168) 4.204MS 0.979MS 0.895MS 2 EA6-P2P.GW.PEERSTROE.FR (22.214.171.124) 0.491MS 0.531MS 0.432MS 3 BR2R-EA6-P2P.FRAL.DE (126.96.36.199) 0.434MS 0.561MS 0.436MS 4 188.8.131.52 (184.108.40.206) 0.570MS 0.703MS 0.581MS 5 M1FRE-XE-4-2-0.SUNES.NO (220.127.116.11) 4.384MS 0.603MS 0.551MS 6 T1FRE-AE5-V1.SUNES.NO (18.104.22.168) 0.638MS 0.675MS 0.636MS 7 22.214.171.124 (126.96.36.199) 0.669MS 0.766MS 0.656MS 8 SE-TUG.LOKAS.NET (188.8.131.52) 0.783MS 0.966MS 0.804MS 9 DK-UNI.LOKAS.NET (184.108.40.206) 16.690MS 16.738MS 18.245MS 10 UNKNOWN (220.127.116.11) 29.899MS 29.859MS 29.857MS END
Using an IP locator service, we learn that the final IP address is located in Portsmouth, United Kingdom. Executing the command LOCALBLOCK PORTSMOUTH triggers the download of fragment_ecoli.zip.
Link for fragment ecoli
Password for JENS (11010) and ADMIN (00101)
Acessing the Entities folder (LOAD "*",8 followed by LIST) lists several files. Acessing "MALTUS.ENT" (LOAD "MALTUS.ENT",8) prints some XML to the screen:
<ENTITY> <MODELDATA> <MESH FILENAME='ENTITIES/MALTUS.DAE'> <SUBMESH ID='0' MATERIAL='' NAME='MALTUS' ROTATION='0 0.11010 0' SCALE='1 1.11010 1' WORLDPOS='0 0.11010 0' /> </MESH> <SHAPES> <SHAPE ID='1' NAME='SHAPE_1' RELATIVEROTATION='0 -0.11010 0' RELATIVESCALE='1 1.11010 1' RELATIVETRANSLATION='0 0.11010 0' ROTATION='0 0.11010 0' SCALE='0.100667 0.11010 0.0407706' SHAPETYPE='BOX' WORLDPOS='0 0.11010 0' /> </SHAPES> <BODIES> <BODY ANGULARDAMPING='0.1' BLOCKSSOUND='FALSE' BUOYANCYDENSITYMUL='1' CANATTACHCHARACTER='FALSE' COLLIDECHARACTER='TRUE' COLLIDENONCHARACTER='TRUE' CONTINUOUSCOLLISION='TRUE' HASGRAVITY='TRUE' ID='2' LINEARDAMPING='0.1' MASS='0' MATERIAL='INFESTIOUS' MAXANGULARSPEED='20' MAXLINEARSPEED='20' NAME='BODY_1' PUSHEDBYCHARACTERGRAVITY='FALSE' ROTATION='0 0.11010 0' SCALE='1 0.11010 1' USESURFACEEFFECTS='TRUE' VOLATILE='FALSE' WORLDPOS='0 0.11010 0'> <CHILDREN> <CHILD ID='0' /> </CHILDREN> <SHAPE ID='1' /> </BODY> </BODIES> <USERDEFINEDVARIABLES ENTITYTYPE='PROP_JENS'> <VAR NAME='HEALTH' VALUE='33' /> </USERDEFINEDVARIABLES> </ENTITY>
This file was created by JENS (CHKMK "MALTUS.ENT",8) and contains the pattern 11010 several times. This is the password that belongs to JENS. The password for acessing ADMIN is inside "INFESTATION.DAE" (LOAD "INFESTATION.DAE",8):
<?XML VERSION='1.0' ENCODING='UTF-8'?> <COLLADA VERSION='1.4.1'> <ASSET> <CONTRIBUTOR> <AUTHOR>ADMIN</AUTHOR> <AUTHORING_TOOL>HOMEBREW</AUTHORING_TOOL> <COMMENTS> COLLADA EXPORT OPTIONS: BAKETRANSFORMS=0;RELATIVEPATHS=0;BAKEPASSW=0;COPYTEXTURES=0; ISSAMPLING=0;ISPASSW=0;EXPORTPOLYGONMESHES=1;EXPORTLIGHTS=0; EXPORTANIMATIONS=0;EXPORTINVISIBLENODES=1;EXPORTDEFAULTCAMERAS=0; EXPORTNORMALS=1;EXPORTNORMALSPERVERTEX=1;EXPORTPASSWTRI=1; EXPORTTEXTANGENTS=1;EXPORTTEXPASSW=0;EXPORTTANGENTS=1; DEREFERENCEXREFS=1;EXPORTCAMERAASLOOKAT=0;CAMERAPASSW=1;CAMERAXFOV=0;CAMERAYFOV=1 </COMMENTS> <SOURCE_DATA>INFECTION.BLENDER</SOURCE_DATA> </CONTRIBUTOR> <CREATED>2010-11-01T10:52:47</CREATED> <MODIFIED>2010-11-01T10:52:47</MODIFIED> <UNIT NAME='METER' METER='1'/> <UP_AXIS>Y_UP</UP_AXIS> </ASSET> </COLLADA>
The password for ADMIN can be found by looking at the values of all the "Collada Export Options" within the comments tags contatining "PASSW". The password is 00101 and happens to be the bit-wise NOT of the password for JENS.
After gaining access to the ADMIN account you can type FILEBIT+R "README.TXT",8 to gain acess to the readme file. Opening it with the LOAD command produces the following ciphertext:
XTCN KVMED CN S FSZTCHR. S FSZTCHR QVM WCYN. QCX VHEP QVM XTR NESOYTXRMCHY VQ WCYN.
Treating this as a substitution cipher yields the plaintext:
THIS WORLD IS A MACHINE. A MACHINE FOR PIGS. FIT ONLY FOR THE SLAUGHTERING OF PIGS.
A MAIL command was later added to the output of USER JENS 11010. Typing MAIL READ * yields the following message:
FROM: DANIEL <IT@NEXTFRICTIONALGAME.COM> TO: JENS <JENS@NEXTFRICTIONALGAME.COM> CC: BCC: SUBJECT: DID YOU BREAK IT? HEY, WORD HAS IT YOU PLAYED A ZIP FILE WITH THE PLAY TOOL? GOOD GOING, YOU FRIED THE 6581 TO A USELESS PIECE OF 80'S TECH. IT'S ABOUT AS CLEVER AS PUTTING TWO POETS ON A STAGE AND THINKING THEY WOULD UNLOCK SOMETHING MAGICAL. ZIP IT SOUND GUY OR YOU'LL SOON BE OUT OF A JOB. -IT
This suggested putting a .zip file through the play command. Typing PLAY "hpl2.1/561ywk/fragment_xmalaria.zip" will display an error and download the file.
The email was later updated:
HELLO. NO I DID NOT. I THINK MY ACCOUNT MIGHT HAVE BEEN COMPROMISED. DOES IT REALLY MATTER THAT THE 6581 BROKE? I NEVER USED IT ANYWAY, I ALWAYS WORKED AROUND IT. SPEAKING OF POETS. HOW COME YOU ALWAYS CIPHER YOUR CREATIONS? LIKE THE TWO LATEST, THEY HARDLY MAKE SENSE AS IT IS. FOCUS ON WHAT YOU KNOW, NAG LESS AND HAVE A NICE DAY. -JENS > ON THE 18TH OF FEB, 2012 DANIEL WROTE: > > HEY, > WORD HAS IT YOU PLAYED A ZIP FILE WITH THE PLAY TOOL? GOOD GOING, YOU FRIED THE 6581 TO A USELESS PIECE OF 80'S TECH. > > IT'S ABOUT AS CLEVER AS PUTTING TWO POETS ON A STAGE AND THINKING THEY WOULD UNLOCK SOMETHING MAGICAL. > > ZIP IT SOUND GUY OR YOU'LL SOON BE OUT OF A JOB. > -IT
This update introduced some text to the bottom of the screen suggesting there is a limited time remaining.
At the same time as the second MAIL update, a countdown appeared on the website suggesting the console would go down ("LESS THAN [TIME] SECONDS OF POWER LEFT."). At 19.15 GMT+1 the timer rapidly decreased (due to "POWER BACKUP GENERATOR FAILURE") such that at 19.45 GMT+1 (19/02/2012) the timer finished. The following notice was displayed when the console was "powered down":
POWER SAVING MODE. DELIVERY OF POWERDOWN NOTICE SUCCESSFUL. TO: THEWORLD@NEXTFRICTIONALGAME.COM FROM: COMMUNITY@NEXTFRICTIONALGAME.COM CC: TCR@NEXTFRICTIONALGAME.COM BCC: FG@NEXTFRICTIONALGAME.COM SUBJECT: AMNESIA A MACHINE FOR PIGS COMING FALL TWO THOUSAND TWELVE.
Hyperlinks in the text link to:
on iPhone, iPad, AppleTV, PC. It's free.