Welcome to the Loki Christmas puzzle write-up, one of the most interesting, fun and original puzzles that I have ever competed in. This puzzle was published at the beginning of December 2018, together with the new Loki website layout and the service node 2.0.0 release (codenamed Festive Freya). The initial announcement, although I can not find it, said simply that the puzzle has a 1000 LOKI reward, starts somewhere on their new website and whoever solved should send a tweet to @Loki_Project with the winning phrase.

Big thanks to silver_anth agreeing to team up right from the start!

The path

So as I mentioned, the start of the puzzle was located somewhere on the https://loki.network/ website. Unfortunately, because it took us more than 8 months to solve, the exact layout of the website has changed, meaning that at some point the link you had to find was not there anymore (but is there now, only in a different place and format). But at any rate, if my memory serves me right, it was a tiny little hidden text that you had to click and which would redirect you to

Note that at the moment this link redirects you to a 2019 reupload of it which seems to be identical to the original. It includes a QR code which should only link you to the main Loki Discord channel but also gives clues that you have to talk to Santa, who was a bot on that discord with id Loki Santa Bot#5822.

Writing anything to the bot would just give you the message

Sorry you don’t sound like a familiar person at all

which obviously further hints that the bot is expecting some special phrase. A closer look on the above webpage reveals that another message is hidden with a html_mask, namely

Santa! I received 1 cookie and 1 glass of milk, but not enough for Freya and Loki, what shall I do?

Using this phrase on the bot helps refresh his memory and he replies with the next step of the puzzle:

Yes, yes! It’s that time of the year, Loki has disappeared again. I have a few notes for you that have been scattered around the internet. I don’t quite recall what Loki is up to again this year. Would you remind me of the 4 sentences that I’ve left around the internet? It might have the answer you’re looking for. Loki has been mischievous and jumbled the sentences into each of his own stories. I think he’s hidden those stories here, loki.network/wp-content/uploads/2018/12/chris_scared_loki_away.html joshalosh.github.io/loki-docs Loki’s blog Loki’s youtube channel. Please find them and remind me-

So now we needed to find 4 phrases hidden in various parts which are hinted at and tell them to the bot!

Well, the first link that’s already supplied to us has a nice little story which, upon closer inspection, has a paragraph that’s in white font,

One day he hoped that people would be able to protect themselves the same way he could and he was sure that a group of people who cared about privacy the same way he did would come up with a solution. Until then, he would shapeshift into Simon in the hopes of remaining forgotten and seldom talked about as a Christmas Leprechaun.

Supplying this to the bot gets us the reply

1 of 4 sentences found Yes that seems to ring a bell, now what about the other sentences?

as well as a Santa image, which I’ll mention a bit later. Very importantly, each correct phrase gave a seemingly identical Santa image with a different 16 hex char name.

Two other phrases were found in a similar fashion but I won’t go into details because I didn’t document the exact sources. The last phrase was taken from yet another long story, but each letter was collected from the first letter of a sentence. All in all, the other 3 are:

There is a god of tricks who is known to be a fabulous shapeshifter. He turned into Simon, the easily forgotten and seldom talked about Christmas leprechaun. THE REASON WAS TO HIDE HIS REAL IDENTITY FROM PEOPLE WHO WERE LOOKING TO USE THIS INFORMATION AGAINST HIM.

Once all 4 sentences were found, the bot further said:

You’ve found all 4. It doesn’t quite make sense, but I’m sure if you put the 4 sentences together in the right order and say it all at once, I ought to remember something useful!

So rearranging the phrases and supplying them together as such:

There is a god of tricks who is known to be a fabulous shapeshifter.

He turned into Simon, the easily forgotten and seldom talked about Christmas leprechaun.

THE REASON WAS TO HIDE HIS REAL IDENTITY FROM PEOPLE WHO WERE LOOKING TO USE THIS INFORMATION AGAINST HIM.

One day he hoped that people would be able to protect themselves the same way he could and he was sure that a group of people who cared about privacy the same way he did would come up with a solution. Until then, he would shapeshift into Simon in the hopes of remaining forgotten and seldom talked about as a Christmas Leprechaun.

Finally, sending this to the bot gives us the final useful bit of information:

That sure does bring back memories. That’s right, Loki left you this, I think you might be interested in this Soundcloud thing. You young whipper-snappers and your Soundcloud, Santa here was busy leaving presents on the Blockchain back when I was young. https://soundcloud.com/user-614097681-355897030/dawg-1/s-3KLhd

Dimi’s midi diary

At this point I felt like we entered the next phase of the puzzle, since interaction with Discord was no longer required, and challenges stopped being Christmas themed. Also, personally, I enjoyed this phase very much!

We are sent to a strange Soundcloud track. Listening to it, it’s very obvious that the left and right channels contain completely different data. The left channel contains a synthesized voice which tells us some technical specifications of something, with very spicy and fun additions. I loved this part! Trying to reverse what’s going on, we find that the voice is actually describing the MIDI specifications, which would act as a hint further down the path.

On the other hand (or rather, channel) we have a very ambiental sort of track which doesn’t make much sense. Well, turns out it’s just a normal voice recording, but slowed down 25x. Downloading the Soundcloud file and opening in Audacity (or other audio software), we can isolate just the right channel and increase the track speed by 25x, to reveal that the audio is actually saying

Inside the pastebin link we can see a looong list of hex values, with the first 4 bytes in ASCII range. Transforming just these 4 gives us “MThd”, and with a simple google search we learn that it’s a header for a chunk in the MIDI standard. So that’s a MIDI file’s hex contents. Using a tool like HxD we can just copy-paste the pastebin data into a new file and instantly recreate the .mid file.

Now we need to see what’s contained inside the .mid file. We can do this quickly online using a site such as https://onlinesequencer.net where we just upload our recreated file and we’re given:

file contents visualised as midi notes

So that cute little logo on the left is the github logo, and it seems like we’re supposed to find DDY-LEE there, and something about 44C330706 which seems like part of a commit hash. Looks relatively straightforward but it’s not *that* easy in practice, or at least wasn’t for us. First of all, there is no DDY-LEE on github, but instead there is a DOY-LEE, a dev in the Loki team. Then, we didn’t have much luck searching for that hash. Instead, we managed to find the correct repo and only afterwards confirmed it was correct because it had same commit hash. We don’t know if there was an easier way to find it, but it took us like 2 hours of rummaging through Doy-lee’s projects to come up with this:

which contains only these 4 lines:

The end is near, the answer you seek is nearby here dimi@116.203.31.9

Well, we confirmed almost immediatelly that this is a ssh box, but we were still short of a password.

When we reached this point it was still day 1 of the puzzle, around 10 hours in. We tried a lot of things as password, we ransacked everything on github, but never found anything that worked. We were stuck on this point for around 5 or 6 months.

The password

Remember that I mentioned earlier that Santa Bot gave us 4 images, one for each correct phrase that we input? Well, they were all identical except for some snowflakes. These snowflakes give us an order (see image below), so we figured we have to put the file names together to get a hash. The hash we get is:

5ab371e80fac15e02F59c378fd373d283f77eb2d7d2e4142B8f5d918d1b6ddd0

The last thing that Santa Bot told us was something mentioning the blockchain, so we figured that this hash would probably be a transaction id. Note that the hash contains 2 uppercase letters, an F and a B, which were probably put there just to mess with the solving process a bit, since the blockchain explorer is case sensitive and only uses lowercase letters. At any rate, we had this part sorted out on the first day as well. But it didn’t work.