Stormseeker's Website

Stormseeker has a personal portfolio website at http://www.thestormseeker.com/, which has been connected to the ARG.

Originally, the site's front page, which had the title "Stormseekers Portfolio Site", only contained a screenshot image of what looked like a Source engine rendered scene with the text "Coming Soon..ish" below the image. The site was updated in May, 2015, some time after the Steam release of Black Mesa, adding Stormseeker's portfolio with screenshot galleries.

At the end of December, 2015, the site became unreachable, and as of January, 2016, the site is still unreachable. In a post on the forums, Stormseeker explained that the website went down because the server company lost all the data. 

IMPORTANT NOTE: As of August 6, 2017, the domain and the website are in all likelihood permanently defunct. The original domain registration expired on January 4, 2017. The domain was later apparently re-registered by a 3rd party, which subsequently put the domain up for sale, and still is for sale, for an asking price of 900 USD.

Konami Code
IRC clue 1 together with Code A led players to discover that the Konami Code could be performed on Stormseeker's website. This, in turn, led to the discovery of the terminal.blackmesasource.com website.

ba.js
var code = [], lulz = "38,38,40,40,37,39,37,39,66,65"; $(document).keydown(function(e) {  code.push( e.keyCode );   if ( code.toString.indexOf( lulz ) >= 0 ){     $(document).unbind('keydown',arguments.callee);     window.open('http://terminal.blackmesasource.com') 	window.focus;   } }); This is the Javascript source code that watches for the Konami Code input. The decimal values for "lulz" are Javascript event keycodes. If these decimal values are interpreted as ASCII the result is: &&((%'%'BA Note: This script currently fails to run on Stormseeker's site with the error "$ is not defined". This is due to the fact that ba.js is run before jQuery, a Javascript library that provides the global $ function, has been queued for loading.

Hidden password-protected area: /thepizzaisalie
The website has a hidden, password-protected area at the following URL:

http://www.thestormseeker.com/thepizzaisalie/

Username: drhorn

Password: 1001085139140914

The password is the combination of Codes A-D.

The message from the server (the HTTP authentication realm attribute), shown in the password prompt, is: "The Pizza is a LIE!"

When accessing the URL above, and entering the credentials, a directory index is shown.

The directory originally contained the two files listed in the table below:

A third file appeared after IRC clue 6 (or at the same time):

More information on these files follows below.

1001085139140914.html
This page shows the image of the "grilled pizza". It also contains some hidden text (black text on black background) that can revealed by highlighting.

This is the text as it appears in the HTML source code:

grilledpizza.jpg
The image contains a hidden message encoded in binary where a white triangle represents "0" and a black triangle represents "1". Reading from left to right, top to bottom, yields the following binary sequence: 00000010 00100000 00100010 01110100 01100110 01100101 01111000 01101001 01110010 01101011 01101100 01100011 01110010 01101011 01111010 01100110 01100101 01101010 01110000 01100110 01101100 01101110 01100110 01100101 01101011 01111001 01110110 01000111 01011010 01010001 01010001 01010010 00100010 00100000 00010111 00000011

In hex this is: 02 20 22 74 66 65 78 69 72 6b 6c 63 72 6b 7a 66 65 6a 70 66 6c 6e 66 65 6b 79 76 47 5a 51 51 52 22 20 17 03 When interpreted as ASCII code, the following is revealed: ␂ "tfexirklcrkzfejpflnfekyvGZQQR" ␗␃

The first and the last two characters in the message—STX, ETB and ETX—are ASCII control codes which stand for "Start of Text", "End of Transmission Block" and "End of Text", respectively. (Note: since control codes are non-printable, they have been replaced with their respective Unicode representations in the quoted text above.)

The quoted string of letters found in the message tfexirklcrkzfejpflnfekyvGZQQR

is a message encoded with a simple shift cipher. Substituting each letter with the corresponding letter in an alphabet shifted (rotated) by 9 reveals: congratulationsyouwonthePIZZA

Hashes of grilledpizza.jpg
If the pizza is a lie, then the above message is congratulating you for winning the lie, i.e. nothing. Perhaps it is just a red herring, and the actual "key to all things" is the JPG itself. For example, 384 bits from SHA-384 provides 256 bits for a key, and 128 bits for an IV when using AES-256.

HALOS.txt
This file was added after IRC clue 6.

<~$=]7mj+>"^878?-98P`>b/g+(a<(.p*7Rg'C:.6cf/hSb/+:9_R/pgE8Bl .:!Gp$$sEcu#7F!+8%ATDU*@:Wq[I4d-)+B;?/;BS7m<(U+V<(Tk\+AtX*K73G/s:fUI;7Sco);b9qW+@/@o8QJ,V8P`)(FOG_8Q%uF/hSa`;ajY.7Sco)7S-?@9H[ ;';cFl95u^fP;GJhs/hRJs:-hQV;b9n16VgEQ9LVoL5!D.Q>=2(M;c?7W8OZ#i8PV`N;GBGV8 P`)(9LVuN9HZ<#>>J3r0/#.70O5#p1GWDn0Jd,n2.C!)A2Z>'2`G5%1h/6sAn*hU3A<?J1Gh" I1!@UihXA79((1,^jE0ed,pAS#:)AN2VYA2?#O2e+d*0f(O?0KEWQ1bq$EAR[JO1c&Ys0f:e" 0JkUu3FcYZ1-%7'3FZT42`!HQAMc2'0KD*OAn<kV1,(Lp@5)5'1b^[D3+=[P2)Jo&A7T1.3B& g-@5'NM2`*NS1c],%@5]ku3Ak5*Ai;G!@PB`$2*!BIA7[GL2)Af"@:F11GNKO1gsiK1,WPr0fV!L@qI\\AMQ8 F'2E)T@PTZL2J-E1AS,C\3&P," 3B8fS1cR0F2ISHu@Pq['>;'8d7;cWY<,uDbF)>W4F(oQ1?$sMj>W4F(oQ1+@U0YF'W&~>
 * 1) 0f(Om2e+^%@U_;PAnGU.1M&6q1,^jE2`EZN1cIEM1LsuN0kN=!@q7DN3&5&*0k3"K1,_(#2)
 * 1) An!MS0f(UG2_\_q2D[6G3&EQN@5p8&3&!'uA7RSXAi2D'3B1M+AMmpS0K(jH2J+j+2Dno$Ai

User Matherunner noticed the "<~" start and "~>" end, as well as lack of ASCII characters 118 to 126 (v w y z { | } ~). He concluded that this is a simple ASCII85 encode.

ASCII85 decode
Proxyhost@-84-9-123-345.dslgb.com//closed.proxy.accepted//?OTR,3,4,?OTR:[INCOMING TRANSMISSION CLASSIFIED SOURCE]SUBJECT ANALYSIS - TENACIOUS¬[ABORTIVE.] [Transmission Ends See 752 Hex Code for more information.

A hint found in JavaScript files
On January 2, 2015, a message from Stormseeker containing a hint was discovered in each and every JavaScript file located in a directory index at http://www.thestormseeker.com/js/.

/*! *Oh hai there, someones bein a nosy bounder aren't they...  *Looking for ARG related stuffs? *I have a hint for you *21 goes into 1 *Don't trust anyone, it's not safe. */

See the table below for a list of the JavaScript files in question.

For more information, see 21 into 1.

A second password-protected area: /wibble
A second password-protected area on Stormseeker's site has been discovered at http://www.thestormseeker.com/wibble/. This, however, has been confirmed by Stormseeker as not related to the ARG.

For more information, see Wibble.