Corne's Lost Password‬ · forum‬

hyperastro

Joined May 2023

Topic Starter

hyperastro 2025-09-04T01:36:52+00:00

Corne's Lost Password

Something strange has happened in OT…

Corne2Plum3 was trying to figure out how to lock threads when he accidentally logged himself out.

No big deal, right? Just reset the password.But sadly the recovery email didn’t work. All that Corne is left with is a scrambled piece of text.

033d3804127f100d04445020203e1d1c7f09040f

This ciphertext looks like nonsense, but it actually contains Corne's password which he can use to log back into his account.

Problem is, The cipher isn’t simple. But by some divine intervention hints and parts of the key were sent to various OT'ers

Some of you have received fragments of the key. Others have hints about the password inside. But no single person can solve it alone. You’ll need to work together, combine your clues, and see if OT can prove itself as a team.

The question is:
Can OT save Corne's account… or will his password be lost forever?

Premise of this thread:

- OTers must work toghter to find Corne's password.
- The password can be found with any 5 hints but the more you have the more obvious it becomes.
- If you don't wish to participate in this thread but you received a DM, reply to this thread with the hint to help.
- if you usually don't check your DM's check them! see if you have a hint
- This is a test to see how well OT can work as a team.

Last edited by hyperastro 2025-09-04T01:49:35+00:00, edited 1 time in total.

Ashton

2,039 posts

Joined February 2016

Ashton 2025-09-04T01:50:56+00:00

Hint: the 2nd word of the plain text is the most common English word

Behrauder

95 posts

Joined June 2021

Behrauder 2025-09-04T01:59:36+00:00

XOR:

OT! Manga Adaptation has 3 chapters so far.
In a few months, something called Pokémon OT!Red will actually be a thing, and it’s going to be awesome!

-Izuki-

9,487 posts

Joined December 2023

-Izuki- 2025-09-04T02:28:28+00:00

Hint: The 3rd word of plaintext is a vegetable.

tapperruiii

75 posts

Joined July 2024

tapperruiii 2025-09-04T02:58:28+00:00

Hint: 6th to 10th character spell a real word

I LOVE AGNES TACHYON I LOVE AGNES TACHYON I LOVE AGNES TACHYON I LOVE AGNES TACHYON

Isshiki Kaname

936 posts

Joined May 2014

Isshiki Kaname 2025-09-04T04:34:59+00:00

Hint: my bro made a watermelon fountain

I really love Narumi Toa. Like, a lot. Like, a whole lot. You have no idea. I love her so much that it is inexplicable, and I'm ninety-nine percent sure that I have an unhealthy obsession. I will never get tired of installing Gentoo Linux with -o3 -march=native -flto optimization flags on an AMD Ryzen 9950X bare metal using a fleet of 8 same specced machines for distcc. It is my life goal to meet up her with her in real life and have her configure my arch install for me

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-04T04:56:13+00:00

Hint: Not Ceasar, not Atbash.

The piece of scrambled text is hexadecimal with 40 characters. (Take: SHA-1 hash seems plausible.)

Last edited by McEndu 2025-09-04T04:59:27+00:00, edited 1 time in total.

z0z

521 posts

Joined February 2018

z0z 2025-09-04T05:40:53+00:00

Hint: 6th character is an underscore

Ymir

1,935 posts

Joined June 2020

Ymir 2025-09-04T06:09:53+00:00

Hint: Someone's hint is a lie.

This way to the GULAG

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-04T06:18:58+00:00

Ashton wrote:
Hint: the 2nd word of the plain text is the most common English word

Take: "the"

Some places (e.g. Linux?) allows spaces (U+0020, ASCII 0x20) in passwords, others do not

Last edited by McEndu 2025-09-04T06:20:51+00:00, edited 1 time in total.

Gengar9nn

338 posts

Joined October 2022

Gengar9nn 2025-09-04T06:47:02+00:00

Hint: 10 characters long

Last edited by Gengar9nn 2025-09-04T06:47:36+00:00, edited 1 time in total.

Milenakos - Crab Cell

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-04T07:49:04+00:00

Gengar9nn wrote:
Hint: 10 characters long

Take: without other hints and assuming only ASCII characters (excluding C0 control codes, space and U+007F DELETE) are used, search space is somewhere between 2^65 to 2^66

Ashton wrote:
Hint: the 2nd word of the plain text is the most common English word

There are the following possibilities:

.the......
..the.....
...the....
....the...
.....the..
......the.
.......the

reducing the search space to 7x(94^7), or slightly lower than 2^46, a few magnitutes easier than cracking DES. If the string is indeed a SHA-1 hash, it shouldn't take long to crack the password by force unless there is a yet unknown salt string.

Ymir wrote:
Hint: Someone's hint is a lie.

z0z wrote:
Hint: 6th character is an underscore

tapperruiii wrote:
Hint: 6th to 10th character spell a real word

Take: the lie is either z0z's hint or tapperruiii's hint.

-Izuki-

9,487 posts

Joined December 2023

-Izuki- 2025-09-04T07:51:02+00:00

McEndu wrote:
Take: the lie is either z0z's hint or tapperruiii's hint.

Or ymir is just a lier ¯\_(ツ)_/¯

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-04T08:02:59+00:00

-Izuki- wrote:
Hint: The 3rd word of plaintext is a vegetable.

Take: The password is either in the form ??the_???? (z0z) or ??the????? (tapperuiii).

At this point a Python script could be used to crack this in 24 hours with a dictionary attack, imo.

Last edited by McEndu 2025-09-04T08:03:07+00:00, edited 1 time in total.

hyperastro

63 posts

Joined May 2023

Topic Starter

hyperastro 2025-09-04T08:49:27+00:00

(Extra Hint): Ppy didn't use best practices when creating the website and he did not adhere by modern cyber security standards. He might not have been aware about concepts such as password hashing and opted to use a diffrent route.

- Marco -

Technical Support Team

8,498 posts

Joined December 2011

- Marco - 2025-09-04T10:30:18+00:00

Hint: One of the most common thread types in OT

make osu! more awesome! | ♥️ | Need Help? | Lazer > Stable

-Izuki-

9,487 posts

Joined December 2023

-Izuki- 2025-09-04T10:36:47+00:00

hyperastro wrote:
(Extra Hint): Ppy didn't use best practices when creating the website and he did not adhere by modern cyber security standards. He might not have been aware about concepts such as password hashing and opted to use a diffrent route.

probably API key, but idk how it actually can help

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-04T10:41:33+00:00

- Marco - wrote:
Hint: One of the most common thread types in OT

Take: ITT?

Corne2Plum3

Global Moderator

1,870 posts

Joined November 2019

Corne2Plum3 2025-09-04T10:42:44+00:00

Hint: the cipher uses a logical operation found in computer science

- Marco -

Technical Support Team

8,498 posts

Joined December 2011

- Marco - 2025-09-04T10:43:13+00:00

McEndu wrote:
- Marco - wrote:
Hint: One of the most common thread types in OT
Take: ITT?

or AMA 🤔

make osu! more awesome! | ♥️ | Need Help? | Lazer > Stable

MangaGrumpy

374 posts

Joined May 2022

MangaGrumpy 2025-09-04T11:23:31+00:00

- Marco - wrote:
McEndu wrote:
- Marco - wrote:
Hint: One of the most common thread types in OT
Take: ITT?
or AMA 🤔

No it's like meta or something when was the last time an itt thread was posted

bi/demiandrogyne-he/she/they
pfp by lostsilver!

burgernfat

22 posts

Joined March 2021

burgernfat 2025-09-04T12:30:46+00:00

By divine intervention you have been gifted with a hint for this thread: community/forums/topics/2125918?n=1 Hint: Together the plaintext has 4 words
4:43

Karmine

1,031 posts

Joined November 2015

Karmine 2025-09-04T13:07:05+00:00

Hint: happy->sad peace->war alive->___

Gengar9nn

338 posts

Joined October 2022

Gengar9nn 2025-09-04T15:43:19+00:00

Karmine wrote:
Hint: happy->sad peace->war alive->___

dead

Milenakos - Crab Cell

Gengar9nn

338 posts

Joined October 2022

Gengar9nn 2025-09-04T15:44:00+00:00

Corne2Plum3 wrote:
Hint: the cipher uses a logical operation found in computer science

Isn't your password lost?

Milenakos - Crab Cell

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-04T16:00:12+00:00

echo "033d3804127f100d04445020203e1d1c7f09040f" | xxd -r -p

Will this help? I'm just guessing.

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-04T16:08:50+00:00

Edit: fairly unlikely to be a SHA-1 hash imo, all bytes are in the 0x00-0x7f range :shrug:

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-04T16:34:25+00:00

3, 61, 56, 4, 18, 127, 16, 13, 4, 68
80, 32, 32, 62, 29, 28, 127, 9, 4, 15

83 93 88 64 47 99 111 105 119 83

S]X@/coiwS

Could this be the answer?

Gengar9nn

338 posts

Joined October 2022

Gengar9nn 2025-09-04T16:41:10+00:00

ynzoqn wrote:
3, 61, 56, 4, 18, 127, 16, 13, 4, 68
80, 32, 32, 62, 29, 28, 127, 9, 4, 15

83 93 88 64 47 99 111 105 119 83
S]X@/coiwS
Could this be the answer?

Unless there's a second cipher applied here, no

Milenakos - Crab Cell

Corne2Plum3

Global Moderator

1,870 posts

Joined November 2019

Corne2Plum3 2025-09-04T16:54:23+00:00

ynzoqn wrote:
3, 61, 56, 4, 18, 127, 16, 13, 4, 68
80, 32, 32, 62, 29, 28, 127, 9, 4, 15

Tried several 8-bit bitwise operations between these 2 lists and convert to ASCII:

AND: 0, 32, 32, 4, 16, 28, 16, 9, 4, 4
```
<Literally nothing is displayed>
```
OR: 83, 61, 56, 62, 31, 127, 127, 13, 4, 79
```
O=8>
```
XNOR: 172, 194, 199, 193, 224, 128, 128, 242, 251, 176
```
¬ÂÇÁàòû°
```
NAND: 255, 223, 223, 251, 239, 227, 239, 246, 251, 251
```
ÿßßûïãïöûû
```

Tried the same but with 7 bits (getting rid of the most significant bit by using a 0x7F mask):

AND: 0, 32, 32, 4, 16, 28, 16, 9, 4, 4
```
<Literally nothing is displayed>
```
OR: 83, 61, 56, 62, 31, 127, 127, 13, 4, 79
```
O=8>
```
XNOR: 44, 66, 71, 65, 96, 0, 0, 114, 123, 48
```
,BGA`r{0
```
NAND: 255, 223, 223, 251, 239, 227, 239, 246, 251, 251
```
__{ocov{{
```

I don't think I'm getting anywhere with this...

hyperastro

63 posts

Joined May 2023

Topic Starter

hyperastro 2025-09-04T17:47:07+00:00

This is so interesting to watch!!!

Just a little nudge to make sure you guys don't go the completely wrong route. There is only 1 cipher applied. Re-read the hints that were sent in chat (yall are so close but so far)

Gengar9nn

338 posts

Joined October 2022

Gengar9nn 2025-09-04T19:32:24+00:00

hyperastro wrote:
This is so interesting to watch!!!

Just a little nudge to make sure you guys don't go the completely wrong route. There is only 1 cipher applied. Re-read the hints that were sent in chat (yall are so close but so far)

Yeah

Milenakos - Crab Cell

abraker

Global Moderator

8,356 posts

Joined July 2014

abraker 2025-09-04T21:13:15+00:00

I was going to berate hyperastro for making this gpt crackable but I am pleasantly surprised

std skin 2021: link | mania skin 2021: (vanilla ver ~ hidden ver)
osu!Skills - Compare your skills in a slightly different way
OT!neus - osu off-topic subforum's very own discord server

Ashton

2,039 posts

Joined February 2016

Ashton 2025-09-04T21:14:55+00:00

abraker wrote:
I was going to berate hyperastro for making this gpt crackable but I am pleasantly surprised

Yeah thats one of the first thing I did until I realized it was much more complicated lol

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-05T02:13:25+00:00

Now I'm thinking it might be the sha1sum, which is 40 characters long. There are four words, the second word is "the", the third word is some kind of vegetable, and characters 6 through 10 form a word. Storing the password in this way in a database doesn't seem secure. It might be something like this.

printf "celebration the pumpkin spice" | sha1sum
87bf107cf65f071bc4b6f6a4d35a09be57cff278

Karmine

1,031 posts

Joined November 2015

Karmine 2025-09-05T11:38:17+00:00

Is it even possible? I've tried but couldn't get anything conclusive there's contradictory info it seems.

According to hints there are 4 words and 10 characters total, that's only 1 to 3 letter words, one of them being "the".
There's supposed to be a vegetable name but is there even one that would fit? And then there's either a 5 letter word on 6-10 or an underscore on 6.

hyperastro

63 posts

Joined May 2023

Topic Starter

hyperastro 2025-09-05T20:01:04+00:00

Karmine wrote:
Is it even possible? I've tried but couldn't get anything conclusive there's contradictory info it seems.

According to hints there are 4 words and 10 characters total, that's only 1 to 3 letter words, one of them being "the".
There's supposed to be a vegetable name but is there even one that would fit? And then there's either a 5 letter word on 6-10 or an underscore on 6.

Some clues are related to the plaintext answer others have to do with the key. (Look at the cipher text there might be a pattern you can find)

Last edited by hyperastro 2025-09-06T01:03:30+00:00, edited 1 time in total.

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-06T00:39:24+00:00

It needs to be encrypted with a key, so it's not SHA-1. I should have realized this from the Extra Hint and McEndu's post, but I was too eager to believe it was SHA-1.

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-06T01:11:04+00:00

hyperastro wrote:
Karmine wrote:
Is it even possible? I've tried but couldn't get anything conclusive there's contradictory info it seems.

According to hints there are 4 words and 10 characters total, that's only 1 to 3 letter words, one of them being "the".
There's supposed to be a vegetable name but is there even one that would fit? And then there's either a 5 letter word on 6-10 or an underscore on 6.
Some clues are related to the plaintext answer others have to do with the key. (Look at the cipher text there might be a pattern you can find)

guess on encryption scheme: ciphertext[20] = plaintext[20] XOR concat(key[10], key[10])

tapperruiii

75 posts

Joined July 2024

tapperruiii 2025-09-06T01:11:44+00:00

how are yall this nerdy

I LOVE AGNES TACHYON I LOVE AGNES TACHYON I LOVE AGNES TACHYON I LOVE AGNES TACHYON

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-06T01:24:32+00:00

Made a script to help determine where "the" should be in the key or plain text

Results:

77 55 5d wU]
49 50 61 IPa
4c 6c 77 Llw
70 7a 1a pz.
66 17 75 f.u
0b 78 68 .xh
64 65 61 dea
79 6c 21 yl!
70 2c 35 p,5
30 38 45 08E
24 48 45 $HE
54 48 5b TH[
54 56 78 TVx
4a 75 79 Juy
69 74 1a it.
68 17 6c h.l
0b 61 61 .aa
7d 6c 6a }lj

source

#include <stdio.h>
#include <string.h>

static const char ctext[] = {
    0x03, 0x3d, 0x38, 0x04, 0x12, 0x7f, 0x10, 0x0d, 0x04, 0x44,
    0x50, 0x20, 0x20, 0x3e, 0x1d, 0x1c, 0x7f, 0x09, 0x04, 0x0f,
};

int main()
{
    char window[4];
    window[3] = 0;

    for (int i = 0; i <= 17; ++i) {
        memcpy(window, &ctext[i], 3);
        window[0] ^= 't';
        window[1] ^= 'h';
        window[2] ^= 'e';
        printf("%02x %02x %02x %3s\n", window[0], window[1], window[2], window);
    }

    return 0;
}

tapperruiii wrote:
how are yall this nerdy

this is nerd thread sorry

Last edited by McEndu 2025-09-06T01:24:52+00:00, edited 1 time in total.

hyperastro

63 posts

Joined May 2023

Topic Starter

hyperastro 2025-09-06T01:24:53+00:00

McEndu wrote:
hyperastro wrote:
Karmine wrote:
Is it even possible? I've tried but couldn't get anything conclusive there's contradictory info it seems.

According to hints there are 4 words and 10 characters total, that's only 1 to 3 letter words, one of them being "the".
There's supposed to be a vegetable name but is there even one that would fit? And then there's either a 5 letter word on 6-10 or an underscore on 6.
Some clues are related to the plaintext answer others have to do with the key. (Look at the cipher text there might be a pattern you can find)
guess on encryption scheme: ciphertext[20] = plaintext[20] XOR concat(key[10], key[10])

👀

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-06T01:29:21+00:00

If XOR is correct, the reuse of one-time-pad gives a fairly meaty attack vector.

XOR of the halves: 53 1d 18 3a 0f 63 6f 04 00 4b

Guess of character classes, assuming no control characters (0x00-0x1f and 0x7f):

number/lowercase
same class
same class
uppercase/lowercase
same class
number/uppercase
number/uppercase
same class
same class
number/lowercase

Legend:

C0: control characters (0x00 - 0x1f)
number: numbers and a majority of punctuations including space (0x20 - 0x3f)
uppercase: uppercase letters and some punctuations (0x40 - 0x5f)
lowercase: lowercase letters and some punctuations (0x60 - 0x7f)
same class: any of number/number, uppercase/uppercase or lowercase/lowercase

Last edited by McEndu 2025-09-06T01:51:24+00:00, edited 3 times in total.

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-06T02:14:42+00:00

https://crypto.stackexchange.com/a/10163
https://toolbox.lotusfa.com/crib_drag/
https://www.tausquared.net/pages/ctf/twotimepad
I don't know if this is useful. There should be the in the plain text. If this approach is used, the total length of the four words of plaintext plus any spaces should be 20 characters.

Last edited by ynzoqn 2025-09-06T03:28:55+00:00, edited 3 times in total.

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-06T06:46:40+00:00

I think it may not be related to Two-Time Pad. When I use this webpage, I see that the visible characters include spaces, numbers, etc., which do not look like regular words.

Last edited by ynzoqn 2025-09-06T06:52:21+00:00, edited 1 time in total.

ynzoqn

8 posts

Joined May 2024

ynzoqn 2025-09-07T05:42:45+00:00

Last edited by ynzoqn 2025-09-07T06:48:29+00:00, edited 1 time in total.

Karmine

1,031 posts

Joined November 2015

Karmine 2025-09-07T10:27:08+00:00

This is getting too deep.

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-07T12:42:48+00:00

ynzoqn wrote:
https://blog.ppy.sh/post/128722315598/20150909

It seems that bcrypt has been used since at least 2015. We may need to find posts on sites such as reddit before 2015 to find the cipher?

I looked through pages 25 to 45 of blog.ppy.sh, which dates back to September 9, 2015, and found nothing about storing passwords in databases. However, I did find some other interesting content, which I found in the following links:

osu!stamp
https://blog.ppy.sh/post/121343692948/20150612-answers
https://blog.ppy.sh/post/121948609343/20150619-answers-2
https://blog.ppy.sh/post/122576677808/20150627-answers-3
https://blog.ppy.sh/post/123257459803/20150705-answers-4
https://blog.ppy.sh/post/123968773293/20150713
https://blog.ppy.sh/post/124649324483/20150721
https://blog.ppy.sh/post/126660263353/20150814
https://blog.ppy.sh/post/128102417423/20150901

I don't think this is a real entry from the production database.

hyperastro

63 posts

Joined May 2023

Topic Starter

hyperastro 2025-09-07T19:11:22+00:00

Karmine wrote:
This is getting too deep.

Mariana trench levels of deep...

McEndu

1,398 posts

Joined March 2019

McEndu 2025-09-08T02:13:11+00:00

How many words for vegetables are in the Oxford dictionary, sorted by number of alphabets? just to know

Corne's Lost Password

Sign In To Proceed

Don't have an account?

Corne's Lost Password

Premise of this thread:

Ashton wrote:

Gengar9nn wrote:

Ashton wrote:

Ymir wrote:

z0z wrote:

tapperruiii wrote:

McEndu wrote:

-Izuki- wrote:

hyperastro wrote:

- Marco - wrote:

McEndu wrote:

- Marco - wrote:

- Marco - wrote:

McEndu wrote:

- Marco - wrote:

Karmine wrote:

Corne2Plum3 wrote:

ynzoqn wrote:

ynzoqn wrote:

hyperastro wrote:

abraker wrote:

Karmine wrote:

hyperastro wrote:

Karmine wrote:

tapperruiii wrote:

McEndu wrote:

hyperastro wrote:

Karmine wrote:

ynzoqn wrote:

Karmine wrote:

New reply