The Birthday Treasure Hunt

The Sunday before my birthday, I had been to church in the morning and then went to Jimmy John’s as as tradition.  Leaving Jimmy’s, I noticed an envelope under my windshield wiper.  Not wanting to stop, I continued onto my parent’s house, where I was to do my taxes.  It was a plain white envelope with no markings.  Inside was a single piece of paper with what looked like a grid of tiny QR codes printed on it:

Not having any idea what it was, I proceeded to work on my taxes.  Midway through, I received a suspicious email:

Mr. Moratorium <[email protected]>
Mar 19

Dear Mr. Husby,

It is I who placed a blank envelope under your windshield wiper. I believe I may have made a serious mistake, and that you were not the intended recipient of this envelope.

Please, let me entertain you with a game of wit to make amends for my error.
http://tinyurl.com/lh69zfp

My condolences,
Mr. Moratorium

The URL pointed to a RAR file hosted on Erik’s CSCI account:

So now I knew it was Erik behind this scheme!  Opening the RAR, I found a README.txt containing the following:

1. PRINT (OR FIX)
2. RUN
3. PUZZLE
5. ?????

Also, there was a word document named “the_coolest_doc_ever_created.docx” containing the following:

Finally, there was an application directory containing an executable along with a source directory.  However, the source file named blah.java contained only one line:

nice try ;

However, Erik didn’t realize that java class files can be decompiled using a decompiler like Jd-Gui.  Doing so gave me a password to use the application:  “Mitzy”

The application was a project Erik had done for a CSci homework assignment, in which text would fall from the top and land on any visually distinguishable elements in the picture.  Its primary use is with a webcam, but it also has a manual override feature to load a static image, which helps make the text rain more deterministic.  Luckily, because I was able to decompile the source, I was able to unlock this mode by typing “Mitzy”.  Had I known, it turns out that redirecting the .exe output to a file would have printed a security question asking the name of our family cat.

After loading this image, it was clear that the text was a GPS coordinate.  When I punched in the coordinate comprised of any numbers/symbols that fell through one of the hash marks, I came up with a location off the coast of South America.  Ok, this doesn’t seem right!  The latitude clearly couldn’t be negative, so I flipped the sign of it and then ended up with a coordinate near the Wayzata Country Club.  Still doesn’t seem quite right.  Then I decided to drop any digits on the lower 1/3 of the image (that should probably have fallen through due to velocity).  After doing that, I got a GPS location next to TCF Bank Stadium.  Now that sounds more reasonable.  Google Earth didn’t show anything there other than a bike rack, but I drove over to find a new bus shelter.  And under the bench in the shelter… another envelope!

This envelope contained another QR-like grid and a small note:

You’re getting closer to your goal
Find the missing link
../assignment9/
Login: cosmo
Pass: # of orange dudes in game 1, level 1
p.s. You only get one chancde to enter the password correctly.

Envelope in hand, I drove back to Ridgewood and loaded up Cosmo on my laptop.  Playing the first level, I counted the orange dudes and was able to log into ../assignment9/ (relative to the original RAR location).  Looking around, I found an odd image:

This gave me a clue that I was looking for a .jpg file that was really a .png, which I eventually found.  It was named 180.png, but was unable to render correctly.  I edited the file with a hex editor and changed the header byte to make it a PNG.  After that, it correctly rendered into another hash mark diagram (actually a 180 flip of the original)

Repeating the process gave me a new coordinate, which mapped to the lamppost at Ridgewood.  I went out and found a bag buried in the dirt containing yet another envelope!  It had another QR-like grid and a flash drive.

The flash drive contained a program called PaperBak.  This finally answered the question about what these odd QR-like grids were – they are a physical backup of encoded electronic data!  I scanned in the 3 sheets and loaded them up in the program.  But there was one more challenge:  the data was encrypted.  Sitting at a password prompt, I wasn’t sure what to do.  There didn’t appear to be anything else in the envelope.  So I thought, “what would Erik pick as a password?” and the first thing that came to mind was the traditional password from Recess:  swordfish.  I punched it and and it worked!!  (Erik later pointed out that written in micro-print inside the envelope flap was “Beware of red herrings. Swordfish taste better anyways”)

After it finished decoding the images, out came an audio file:  noname.mp3

Of course, this didn’t sound like anything but an incomprehensible chipmunk.  Pulling it up in an audio editor, I slowed it down, but it still didn’t sound like much.  What next?  Reverse!  After reversing and slowing it down, I finally got something that sounded comprehensible:  Erik’s “murderer” audio compilation followed by him singing me happy birthday!

Thanks Erik!

Leave a Reply

Your email address will not be published. Required fields are marked *