Cicada 3301 — The Holy Grail

SummaryPart one of a series on Cicada 3301. I describe the process of solving the first publicly documented stage of the 2012 puzzle, from the original 4chan image through steganography, a Reddit subreddit, Mayan numerals, a book cipher drawn from the Mabinogion, and the organisation's global network of physical posters.

Regarded as "the most elaborate and mysterious puzzle of the internet age", Cicada 3301 is a mysterious organisation that attempted to recruit codebreakers starting in 2012. I have included the puzzle-solving process and provided my own speculation on the purpose and meaning behind the organisation.

4chan§

4chan is an anonymous imageboard site originally created as an English equivalent to the Futaba Channel.4chan was founded in 2003 by Christopher Poole, known online as "moot", who was fifteen years old at the time. Users can post images with captions in a specific topic board. There is no registration and users post anonymously, often referring to each other as anon.

Regardless of what you think of 4chan, from the perspective of 3301 the site is a reasonable compromise between obscure and mainstream — visible enough to go viral, noisy enough to deter casual attention.The puzzle was posted specifically to /x/, the Paranormal board. A deliberate choice: /x/ attracts people comfortable with ambiguity and pattern-seeking, and filters out most of the rest of the site.

Initial Image§

The first puzzle was posted January 4, 2012 on 4chan's /x/ board.

The original Cicada 3301 image posted to 4chan in January 2012 — The original image posted to /x/ on January 4, 2012.

Upon running the image through a text editor, a message is revealed. Anyone with basic cryptology knowledge would know to run it through a Caesar cipher. Doing so yields an imgur link.

The link leads to a JPEG image of a decoy duck. There is some wordplay going on, and the next step relies on knowledge of image compression and steganography.

Diagram showing the YCbCr colour space components — The Y (luminance) and CbCr (chrominance) channels separated. The eye's insensitivity to colour makes the CbCr channels ideal for hiding data.

JPEG compression and how steganography exploits it

JPEG is a lossy compression method — you are not guaranteed to get the same image out as you put in. The JFIF subset of the standard converts RGB colour to the YCbCr colour space, where Y is luminance (brightness) and CbCr are the chrominance (colour) components. Because the human eye is far more sensitive to changes in brightness than in colour, the chrominance channels can be downsampled aggressively — four Y pixels for every one CbCr pixel — with minimal perceptible loss.

The data then passes through a Discrete Cosine Transform, which interprets it as cosine waves and averages them to preserve the overall structure of the image at the cost of fine detail.

The Discrete Cosine Transform

JPEG works on 8×8 pixel blocks. The 2D DCT converts each block from the spatial domain (pixel values) into the frequency domain (cosine wave coefficients):

$F(u,v) = \frac{1}{4}\, C(u)\, C(v) \sum_{x=0}^{7} \sum_{y=0}^{7} f(x,y) \cos\!\left(\frac{(2x+1)\,u\pi}{16}\right) \cos\!\left(\frac{(2y+1)\,v\pi}{16}\right)$

where $f(x,y)$ is the pixel value at position $(x,y)$ , $(u,v)$ are the frequency coordinates, and

$C(k) = \begin{cases} \dfrac{1}{\sqrt{2}} & k = 0 \\ 1 & k > 0 \end{cases}$

The $F(0,0)$ coefficient — the DC component — captures the average brightness of the block. Higher $(u,v)$ coefficients capture progressively finer detail. JPEG quantises these coefficients: low-frequency ones are stored at high precision, high-frequency ones are coarsely rounded or discarded entirely, since the eye barely notices their loss. The inverse DCT reconstructs the block from however many coefficients survive.

Steganography hides data in the quantised coefficients before reconstruction — small enough changes that the output image looks identical.

Steganography exploits this process by making tiny, controlled changes to pixel values during compression. The resulting differences are imperceptible to the eye but detectable by tools that know what to look for. You can hide a text file, a PDF, or another image inside a JPEG this way.

Outguessing the Duck§

The decoy duck image from the Cicada 3301 puzzle — The decoy duck image. The wordplay is in the name: outguess the duck.

With that aside over, we can plug the image into outguess, a steganographic tool for Linux.Outguess is named after the idea of "out-guessing" statistical detection — it hides data in a way that preserves the statistical properties of the original image, making naive detection harder. Outguess looks through the data blocks of the file and adjusts pixel values slightly to embed hidden content. The output is a link to a subreddit.

The Subreddit§

The subreddit contains posts with scrambled titles and strange symbols at the top.

The first significant post is a picture of a welcome mat. Outguessing it reveals a PGP-signed message. This is important — it establishes a verifiable chain of authenticity for every subsequent puzzle step.

There was also a picture of King Arthur, accompanied by another message.

PGP signing explained

PGP (Pretty Good Privacy) uses asymmetric cryptography: you generate a public key and a private key. Anyone can encrypt a message with your public key; only you can decrypt it with your private key.

Signing works in reverse. Cicada signed their messages with their private key. Anyone can verify that signature using Cicada's public key — confirming that the message genuinely came from whoever holds that private key, and has not been tampered with.

This matters because the puzzle attracted imitators and trolls almost immediately. Cicada's signed messages are verifiable; unsigned ones claiming to continue the puzzle are almost certainly fake. If you are trying to solve Cicada and are not verifying PGP signatures, you are most likely being trolled.

The Numbers§

The strange symbols at the top of the Reddit page are Mayan numerals.Mayan numerals use a base-20 (vigesimal) system with three symbols: a dot for one, a bar for five, and a shell for zero. The Maya were among the first civilisations to use a positional zero. Translated, the resulting integers can be applied to the post titles on the same page by shifting the letters in reverse order. The combined titles form a passage from The Mabinogion, specifically The Lady of the Fountain.The Mabinogion is a collection of Welsh mythology, among the earliest prose literature in any British language. The choice of source text is itself a message — Cicada's puzzle design rarely wastes a detail.

Looking back at the file obtained by outguessing the duck, there is a series of numbers separated by colons. This is a book cipher — coordinates into a specific edition of a specific text, where each number pair points to a line and character position.

If you look at the corresponding lines and letters (1:20 being the 20th character of the 1st line), a message appears.

Calling the resulting number gave an automated voice message. The number is now deactivated.

The first Cicada image was 509×503 pixels — both prime numbers.509 and 503 are both prime. Multiplying both dimensions by 3301 (also prime) yields 845145127, which was briefly a live website. Cicada's use of primes throughout the puzzle appears deliberate and consistent. Multiplying by 3301 yields 845145127, so http://845145127.com — which no longer exists.

The Site§

The site displayed an image of a cicada. Running outguess on it produced a message.

After a waiting period, running outguess on the image again yielded coordinates. There were Cicada posters placed around the world. This is significant — it meant Cicada was more than a lone individual. This was a coordinated effort by an organisation with a global presence, willing to carry out a physical operation across multiple countries. They must have had something to gain from recruiting.

Scanning the QR codes on the posters returned two messages, both book descriptions with book codes. They also cautioned against collaboration — which is reasonable, if you are selecting for individuals rather than teams.

The first code leads to Encyclopedia Britannica, 11th Edition, Volume 6, Slice 3 "Chitral to Cincinnati". It revealed the name of the organisation: Cicada.

The second code led to Agrippa (A Book of the Dead).Agrippa is a 1992 artist's book by William Gibson, containing a poem on a floppy disk that encrypted itself after a single reading. The choice of a work literally designed to self-destruct feels pointed. Applying the book code produced an onion link.

What Tor and onion links are

Tor (The Onion Router) anonymises internet traffic by routing it through a series of volunteer-operated relays, encrypting it in layers — hence the onion metaphor. Each relay decrypts one layer and passes the data on, so no single node knows both the origin and destination.

Onion links (.onion addresses) are services hosted within the Tor network and not accessible via a regular browser. You need the Tor Browser to reach them. They are used for everything from journalism and political dissidence to, yes, less savoury things — but the protocol itself is neutral. Running Tor is legal in most countries and does not attract any particular scrutiny on its own.

Conclusion§

This is the end of the publicly available part of the 2012 puzzle. At this point the chronicle diverges. One path follows those who received an email as promised and documented their private experience. The other path comes from an email leak.

I will continue this series along the first path, which is the more interesting and better documented of the two.