I'm trying up and down with values related to the NFTs, or found on the multiple McAfee channels, but still nothing, i also tried to rewrite the whole aes encryption and decryption routines, can get multiple hexes output, but no clear string that looks like a passphrase
i was looking in parallel, at the public PGP key that's posted in the channel, has something to do with a protonmail address, not going to share it here until we get some more clues (we don't know if it's a legitimate address, honeypot, nothing burger, i think it's better to avoid having people bomb it with emails), but it's fairly easy to extract, here's the key
Not really sure about the two, we could suppose each one has a different output?
one thing that doesn't make sense for me, it's in the 'decryption' routine, it first parses the base64 epsilon64 to epsilon, then within the next steps, it prints the original epsilon_64, the decoded one, and then tries to print is as string (?), this last step has no sense seen it's still 'crypted'
then down again goes, tries to call decrypted with the parameters, decoded from 64 as cyphered text, the key we don't know, that has to be min 16 chars, as decryption key, and then the MD5 of Q society as initialization vector (346257E94DA2E0D0D0F54AA397D291F0),standard parameters as per reference, DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
via var decrypted = crypto.Decrypt(epsilon, testkey0, md5);
And uses the same routine for the multiple test keys (for only 1 of the 2 descriptions), not really sure if it's just bad practice with copy paste or if the code was wrapped up just to
for the rest, i've scanned up and down again the Telegram, and both pages (also the one about McAfee himself on OpenSea, https://opensea.io/JohnMcAfeeNFTs / 0x72813bcb41858b447467fe43b53b0902a51119f0), there was the other hex and metadata from that Q image (0x5e7033fd210f8d7b3e87486ad989732c7943058b that he wrote with leading 1 instead of 0 and FBMD23000965010000290400004b0400009d0400007a0c0000f90d0000af1000005e1200000414000068170000), and quickly the wacked contract, but can't find anything yet to fit in with or without spaces :/
Also, two particular interesting references on the channel, one is the number wrote multiple time with HOWLING, in this post it's highlighted, and also in the same post the following
VAULT ACCESS<<
PASSVVORD:
HEARD YOU AREN'T SLEEPING WELL : [HETBKNARFAZIL]
LOADING…….ETA. . .?
]SAME.TIME[
<SIHT><TEG><STEL>
<DETRATS><YTRAP>
I'm trying up and down with values related to the NFTs, or found on the multiple McAfee channels, but still nothing, i also tried to rewrite the whole aes encryption and decryption routines, can get multiple hexes output, but no clear string that looks like a passphrase
i was looking in parallel, at the public PGP key that's posted in the channel, has something to do with a protonmail address, not going to share it here until we get some more clues (we don't know if it's a legitimate address, honeypot, nothing burger, i think it's better to avoid having people bomb it with emails), but it's fairly easy to extract, here's the key
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEYSVIzxYJKwYBBAHaRw8BAQdA3p7s7oz8X2OwHATFKWShQjLexcaBWyGM mHq5ok1npy3NNW9yaWdpbmFsMTdAcHJvdG9ubWFpbC5jb20gPG9yaWdpbmFs MTdAcHJvdG9ubWFpbC5jb20+wo8EEBYKACAFAmElSM8GCwkHCAMCBBUICgIE FgIBAAIZAQIbAwIeAQAhCRDrGND1ys+qQxYhBE0TIiXzefF0KP6ddesY0PXK z6pDMqcBAJnyeAkqLkVtE2xer2x9Wg48rQntO9HdrYFuFy9MCpeZAQCHBYEX hWJR0K9PkatNV+4m+ZZ/2Zyw7jsQdL8Ze84xAc44BGElSM8SCisGAQQBl1UB BQEBB0BZd4GGFk1whTWyY60+CyvHQITb43Rw3nfDdmgVJaC+DgMBCAfCeAQY FggACQUCYSVIzwIbDAAhCRDrGND1ys+qQxYhBE0TIiXzefF0KP6ddesY0PXK z6pDUyEA/RPdRQaylsyL81JCB0ZdPnwuhSVmtEHQK3e/OAwQuZDzAQDqanbp ii6GYCEodsnjiLP6x0+mCupghml+3kXOX4HmDA== =efCK -----END PGP PUBLIC KEY BLOCK-----
Not really sure about the two, we could suppose each one has a different output?
one thing that doesn't make sense for me, it's in the 'decryption' routine, it first parses the base64 epsilon64 to epsilon, then within the next steps, it prints the original epsilon_64, the decoded one, and then tries to print is as string (?), this last step has no sense seen it's still 'crypted'
then down again goes, tries to call decrypted with the parameters, decoded from 64 as cyphered text, the key we don't know, that has to be min 16 chars, as decryption key, and then the MD5 of Q society as initialization vector (346257E94DA2E0D0D0F54AA397D291F0),standard parameters as per reference, DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
via var decrypted = crypto.Decrypt(epsilon, testkey0, md5);
And uses the same routine for the multiple test keys (for only 1 of the 2 descriptions), not really sure if it's just bad practice with copy paste or if the code was wrapped up just to
for the rest, i've scanned up and down again the Telegram, and both pages (also the one about McAfee himself on OpenSea, https://opensea.io/JohnMcAfeeNFTs / 0x72813bcb41858b447467fe43b53b0902a51119f0), there was the other hex and metadata from that Q image (0x5e7033fd210f8d7b3e87486ad989732c7943058b that he wrote with leading 1 instead of 0 and FBMD23000965010000290400004b0400009d0400007a0c0000f90d0000af1000005e1200000414000068170000), and quickly the wacked contract, but can't find anything yet to fit in with or without spaces :/
Also, two particular interesting references on the channel, one is the number wrote multiple time with HOWLING, in this post it's highlighted, and also in the same post the following
https://t.me/McafeeAfterlife/240