The Birthday Treasure Hunt
The Sunday before my birthday, I had been to church in the morning and then went to Jimmy John’s as as tradition. Leaving Jimmy’s, I noticed an envelope under my windshield wiper. Not wanting to stop, I continued onto my parent’s house, where I was to do my taxes. It was a plain white envelope with no markings. Inside was a single piece of paper with what looked like a grid of tiny QR codes printed on it:
Not having any idea what it was, I proceeded to work on my taxes. Midway through, I received a suspicious email:
Mr. Moratorium <firstname.lastname@example.org>
Dear Mr. Husby,
It is I who placed a blank envelope under your windshield wiper. I believe I may have made a serious mistake, and that you were not the intended recipient of this envelope.
Please, let me entertain you with a game of wit to make amends for my error.
The URL pointed to a RAR file hosted on Erik’s CSCI account:
So now I knew it was Erik behind this scheme! Opening the RAR, I found a README.txt containing the following:
1. PRINT (OR FIX)
Also, there was a word document named “the_coolest_doc_ever_created.docx” containing the following:
Finally, there was an application directory containing an executable along with a source directory. However, the source file named blah.java contained only one line:
nice try ;
However, Erik didn’t realize that java class files can be decompiled using a decompiler like Jd-Gui. Doing so gave me a password to use the application: “Mitzy”
The application was a project Erik had done for a CSci homework assignment, in which text would fall from the top and land on any visually distinguishable elements in the picture. Its primary use is with a webcam, but it also has a manual override feature to load a static image, which helps make the text rain more deterministic. Luckily, because I was able to decompile the source, I was able to unlock this mode by typing “Mitzy”. Had I known, it turns out that redirecting the .exe output to a file would have printed a security question asking the name of our family cat.
After loading this image, it was clear that the text was a GPS coordinate. When I punched in the coordinate comprised of any numbers/symbols that fell through one of the hash marks, I came up with a location off the coast of South America. Ok, this doesn’t seem right! The latitude clearly couldn’t be negative, so I flipped the sign of it and then ended up with a coordinate near the Wayzata Country Club. Still doesn’t seem quite right. Then I decided to drop any digits on the lower 1/3 of the image (that should probably have fallen through due to velocity). After doing that, I got a GPS location next to TCF Bank Stadium. Now that sounds more reasonable. Google Earth didn’t show anything there other than a bike rack, but I drove over to find a new bus shelter. And under the bench in the shelter… another envelope!
This envelope contained another QR-like grid and a small note:
You’re getting closer to your goal
Find the missing link
Pass: # of orange dudes in game 1, level 1
p.s. You only get one chancde to enter the password correctly.
Envelope in hand, I drove back to Ridgewood and loaded up Cosmo on my laptop. Playing the first level, I counted the orange dudes and was able to log into ../assignment9/ (relative to the original RAR location). Looking around, I found an odd image:
This gave me a clue that I was looking for a .jpg file that was really a .png, which I eventually found. It was named 180.png, but was unable to render correctly. I edited the file with a hex editor and changed the header byte to make it a PNG. After that, it correctly rendered into another hash mark diagram (actually a 180 flip of the original)
Repeating the process gave me a new coordinate, which mapped to the lamppost at Ridgewood. I went out and found a bag buried in the dirt containing yet another envelope! It had another QR-like grid and a flash drive.
The flash drive contained a program called PaperBak. This finally answered the question about what these odd QR-like grids were – they are a physical backup of encoded electronic data! I scanned in the 3 sheets and loaded them up in the program. But there was one more challenge: the data was encrypted. Sitting at a password prompt, I wasn’t sure what to do. There didn’t appear to be anything else in the envelope. So I thought, “what would Erik pick as a password?” and the first thing that came to mind was the traditional password from Recess: swordfish. I punched it and and it worked!! (Erik later pointed out that written in micro-print inside the envelope flap was “Beware of red herrings. Swordfish taste better anyways”)
After it finished decoding the images, out came an audio file: noname.mp3
Of course, this didn’t sound like anything but an incomprehensible chipmunk. Pulling it up in an audio editor, I slowed it down, but it still didn’t sound like much. What next? Reverse! After reversing and slowing it down, I finally got something that sounded comprehensible: Erik’s “murderer” audio compilation followed by him singing me happy birthday!