Cryptocurrency

Four Satoshi’s Treasure Key Fragments Found, Here’s How

On April 18th 2019 I posted an article about the release of a hunt for $1 million USD in Bitcoin. The treasure hunt came in the form of a game called Satoshi’s Treasure and I promised to keep you updated. Since its release a total of four key fragments have been released, with clues regarding their location.

At the time of writing this update all four keys have been located by online communities and, as a result of the game’s prize, online communities are rushing to make a clan. These clans are basically groups of ‘treasure hunters’ who wish to claim a chunk of the grand prize.

How The First Three Were Discovered

After realising the keys had been discovered I, like many of you reading this, wanted to find out how. I know the last post I made had a list of coordinates but that didn’t really tell all that much. As it turns out the coordinates (for the first clue) lead to a QR code which had the word ‘orbital’ around it (see picture below).

satoshis treasure key 1

This QR code simply provided a link to a website (https://satoshistreasure.xyz/k1). When you visit the link you are prompted to enter a password, which turns out to be ‘orbital’. Great that is key 1. The next two keys, found early by John Cantrell were discovered by using a bit of ingenuity and experience.

Taking note of the web address which key 1 was stored on John decided to try his luck by replacing the ‘k1‘ in the aforementioned web address with ‘k2‘ and ‘k3‘. Guess what? It worked. Upon entering the forbidden key pages John found that the pages were being locked by client side Javascript code.

Said Javascript stored the pass-phrases, albeit encrypted, in the HTML document which meant he was able to brute force attack the page on a local copy of the website. For those who don’t know, brute force attacks are essentially a case of guessing the password until you get it.

Instead of doing it manually, John wrote a script in Ruby (a coding language) which checked all the possible phrases (encrypted in the same way) stored in a text based dictionary he downloaded. When his encrypted passphrase matched that of the website’s he tried it on the actual game site and, guess what? It worked.

What About Key 4?

When looking for key number 4 you will be confronted by a gif image and not much more. Reddit user Vaultminer managed to find it hidden within the gif itself. They explain (on this post) that it was not hidden as a frame on the gif, as you would expect.

In fact, the gif was found by downloading the image provided by the game and then opening it with a text editor. Upon opening they noticed that there was actually a text file stored within the default directory left by Mac computers (__MACOSX) and decided to then open the gif file with a compression application (7zip) to access the contents of said directory.

They then found a text file which had a url and asked they enter the Jade key as the password. They were then directed to a web store which sold email delivered eggs. Each egg they purchased contained 1 of 8 pieces of the the QR code. They combined all 8 pieces and found the following URL: https://satoshistreasure.xyz/6WskbAMc8U6m3B68DdHL2QQ822odpPG.

That is it for now but I will continue to keep you all updated as, and when, I find information.

Love, peace and happiness.