CryptoChallenge: Cicada 3301 Vol. 1

A basic steganography and cryptography challenge room based on the Cicada 3301 challenges

Link for the room:


There are a lot of stories surrounding cicada 3301, and this room was inspired by this mysterious crypto challenges.

Let’s start:

Initially we are provided with 2 files:


Analyzing 3301.wav

We used for analizing the 3301.wav file.


We can process the audio waves from it, and with a couple steps we retrieve:


Only a minor tweak to change the color so it’s legible for QR scanners:


The QR code led us to a site with some information in it.

We decode the given passphrase/key from base 64 with the following commands:

[user@parrot/thm-cicada 17:58]$echo SG01Ul80X1A0NTVtaHA0NTMh | base64 -d

[user@parrot/thm-cicada 18:00]$echo Q2ljYWRh | base64 -d

After some testing, we used the Vigenere Cipher (

There were no results trying to decrypt, so I tried Encrypting it again with Vigenere, and the l33t password appeared!

Analyzing welcome.jpg

1.- Hidden information inside welcome.jpg:

For this file, we need to uncover some hidden data (Steganography). There is no information in the metadata, so we “unhide” a useful string using the passphrase given and the online tool, which is itself a link again.

2.- Embedded file inside welcome.jpg

There is another file embedded into our welcome.jpg file, and we can uncover it with:


Extracting this invitation.txt file:


Cracking the hidden hash

Following the link given in the previous step, and downloading the next image in it, and trying to retrieve hidden information with “steghide” inside our new 85*.jpg file, the passphrase is now invalid πŸ€”

In Cicada 3301 challenges, the tool used was named outguess, so we can use it to test a new approach to this file, with the -r switch, which will retrieve hidden messages inside files:


We now have something to work with. (hash deliberately cut in image to avoid spoiling)

We also have now some instructions to decode a secret message in “a book”. Let’s see what we end up cracking; we still don’t know what that “book” is.

Ran John the Ripper to try to crack the hash…


While we wait, let’s try an online tool. No results at, so we move on to


(Image deliberately cut to avoid spoiling)

Enough with decoding, let’s encode!

Now, following the link, we arrive at this book:


…But we already know what to do with this, as our “out.txt” has some hints to proceed with this πŸ€”

The instructions are as follows:

“Use positive integers to go forward in the text use negative integers to go backwards in the text.”

And the “codes” to proceed read as follows:


… And so on

This is a perfect time to practice some python, so we can make a script and “decode” our secret message (Code shared below):


Bingo! That’s our link


Nope, I don’t think that’s it. Back to vim.

In case you want to try it this way, here’s some explanation of this poorly written program:

I saved both the book and the “keys” of our “out.txt” file with some simple formatting (Some simple character substitutions) so it’s easier to process with python:

The dots at the beginning of each paragraph (“13. The book…”) of the book were changed with “~” so I don’t have trouble splitting with python.

Also, the keys were saved in a new file, with the format “number:number”, also to avoid splitting issues.

    secret = ""
    for code in codes:
        if "/" in code:
            secret += "/"
            dig = code.split(":")
            code_index = dig[0]
            code_key = dig[1]

            with open('book.txt','r') as book:
                for line in book:

                    divided = line.split("~")
                    index = divided[0]
                    text = divided[1]
                    text = text.replace(" ","")
                    if index == code_index:
                        if int(code_key) < 0:
                            code_key = int(code_key) + 2
                            secret += line[int(code_key)]
                            secret += text[int(code_key)-1]
                        except IndexError:



The strings we needed to encode, with the instruction “Use positive integers to go forward in the text use negative integers to go backwards in the text.”, the negative integers meant going from the start of the string, backwards, including the initial paragraph numbers. (So -2 in the paragraph “53.This shall regenerate” is 5, not “t”).

This script was completely unnecessary because there were only 19 lines to “encode” and it could’ve been done perfectly fine with the naked eye, but it was a fun character-handling experiment.

This leads to the last piece of this Cicada 3301 puzzle, and with our final link open, and nothing else to retrieve from it, except for some plaintext.

Poor John the ripper is still trying to crack the hash.. I forgot it :)

Written By


Cybersecurity professional and IT enthusiast with a passion for technology, music, personal growth, and Eastern philosophy. Transitioned from mechanical engineering to IT in 2020, with a full-time interest in Technology, Cybersecurity and recent advances in AI. Seeks to integrate eastern philosophy, mindfulness and a growth mindset into daily life and work.