Piano over the cat, day one

In case you haven't heard yet, yesterday an eccentric lady started a broadcast with a hanging grand piano . This piano in a few days will ruin a laptop with a cool NFT GIF, for which in a couple of years it will be possible to help out a tidy sum. And today this nervous woman has cut the first of the five cables that hold the piano!





During the first day, everything interesting happened, the rescuers of the cat went through a bunch of options for what they would catch on. Under the cut, we have collected all the most interesting things that have happened since the launch of the broadcast.



▍ Kotospasy by nickname of one of the hackers found his post with a request to help solve the TrueCrypt error and dump the memory of this hacker's computer. They pulled the key from the dump, with which they decrypted the container with the software. 



Volatility Foundation Volatility Framework 2.6 
Container: ??\C:\Users\m0x143y\Documents\encrypted.tc 
Hidden Volume: No 
Removable: No 
Read Only: No 
Disk Length: 66846720 (bytes) 
Host Length: 67108864 (bytes) 
Encryption Algorithm: AES 
Mode: XTS 
Master Key 0xfffffa801b57f1a8 84 2c 3d a3 24 7d 9a 37 d6 53 7e ac 1f 3c 2c 7f .,=.$}.7.S~..<,. 0xfffffa801b57f1b8 de 61 85 de 81 a9 84 2a 4d 3c d9 57 df 81 c7 29 .a.....M<.W...) 0xfffffa801b57f1c8 8f 56 fc e1 80 4e cf 2a ce 44 5b 9f a6 10 6f 98 .V...N..D[...o. 0xfffffa801b57f1d8 15 e2 50 1f 49 38 f0 a9 62 a7 96 4a db d3 53 9f ..P.I8..b..J..S. 
Dumped 64 bytes to .\0xfffffa801b57f1a8_master.key
      
      





▍ The addresses of github users were found , and a github generator of mnemonic phrases for four Monero wallets (possibly), empty, as well as one Ethereum wallet. We also found the history of transactions through some Ethereum wallets, but the crypt was chased two years ago.



▍ We pulled out the notes of the melody from the Arduino code and tried to send it for playback, but nothing happened. 



["E", "D", "C#", "C", "E", "E", "E", "E", "E", "D#", "E", "E", "D", "C#", "C", "E", "E", "B", "E", "E", "A#", "E", "E", "A", "E", "G#", "E", "G", "E", "F#", "E", "E", "F", "B", "E", "F", "C", "E", "F", "C#", "E", "F", "C", "E", "F", "B", "B", "E", "F", "B", "E", "F", "C", "E", "F", "C#", "E", "F", "C", "E", "F", "B", "E", "F", "B", "E", "F", "C", "E", "F", "G", "F#", "E", "G", "F#", "E", "G", "F#", "G", "F#", "E", "G", "F#", "E", "G", "F#", "E", "D#", "A", "E", "D#", "A", "E", "D#", "A", "E", "D#", "A", "E", "D#", "A", "E", "E", "E", "E", "E", "E", "E", "E", "G", "A", "A#", "A", "G", "A"]
      
      





At first they thought it was from Doom, and then someone found a mention of metalica-master of puppets.mp3 in the code. People even tried to run the melody through a logic analyzer in search of a binary sequence. Not found.



▍ The public also came to the conclusion that there are traces of hacker activity on the laptop and a connection with a certain SOKOL project



▍ We found out that a 59 GB flash drive is connected to the Arduino :







▍ Found an encrypted secret.7z file on the Arduino in usb.pcap. They pulled this out of it:



ssss-09-be6c314465393225739da1e65200657df7d4a15e66e606c9619ef51a88d5b4015353ac2f089f3dfcd3f86757e89
      
      





We decided that the file itself was broken: " Judging by 7z, the data is 158 bytes, but compressed by 160 ". We came to the conclusion that the laptop contains a private and public key from different SSH.



▍ Participants found such a link to the first chapter of the cyberpunk story: https://textbin.net/hzbmlkhzjg



Having heard some noise on the broadcast , they even tried to analyze it:





Probably, this is Oksana - the future cat killer with pianos - giggling vindictively behind the cameras after cutting the first of the cables holding the piano over the laptop today ...





Finally, some statistics:

Thereare about 100 peopleonline inthe Discord channel dedicated to the rescue operation , and more than 2,900 members areregistered on the channel . During the first 24 hours the site was visited by more than 3600 people, and the piano was played 2387 times. The broadcast was watched more than 1000 times, up to 70 people at the same time. This concludes the statistics of the first day, we will keep you informed.












All Articles