Zailgo e0 Game - Investigation Summary (Part 1/3)
Game Overview

Game Name: "Zailgo e0" (also referred to as "Zalgo")
Creator: @Wedtm on X (Twitter)
Type: Cybersecurity/hacking challenge involving port knocking and SSH access
Goal: Gain SSH access to Docker containers running in a Kubernetes cluster

Core Challenge Description (from @Wedtm)
"The scanners are Docker containers that are running in a Kubernetes cluster here at my house that I have a bunch of IPv6 addresses pointed at. In order to access them, you need to port knock. If you're not familiar with port knocking, it's basically sending a request to a port that is closed. The destination server, just because the port is not accepting a connection, can still see that you have made an attempt to connect to that port. So you have to do that with three different ports in the right order, and then SSH will open up. Once SSH opens up, you also have to have an SSH key that's valid, which you can generate those and get keys from those in certain places."
Key Clues Discovered
1. Initial Scanner Interface
Trustless Engineering Co.
HPI Scanner Interface Point
Scanner ID: fd4b:a1ce:b0b0:a5c0::/64
Trial Code Name: ZAILGO / Classification Level: CODE_WORD
hpi-trial login:
2. Critical Port Information

Port 25519: Confirmed as one of the three knock ports (position "2" in sequence)
Sequence Pattern: "2 3 1" - this is the ORDER, not the port numbers
Total Process: 3 port knocks + SSH opens (4 total steps)

3. IPv6 Address Translation

Original (private): fd4b:a1ce:b0b0:a5c0::/64
Public equivalent: 2607:b4c0:a1ce:b0b0:a5c0::/64 (Trustless Engineering's address space)
Key insight: The fd4b: prefix was converted to 2607:b4c0: for the public network

4. Cryptographic References

Alice and Bob pattern:

a1ce = "Alice"
b0b0 = "Bob"


Ed25519 reference: Port 25519 relates to the Ed25519 cryptographic curve
Penrose Tiles book: "Penrose Tiles to Trapdoor Ciphers...and the Return of Dr. Matrix" by Martin Gardner (learning material)

5. Numerical Clues from Game
Original numbers: 2504, 0425, 254, 425, 1995, 32768, 520, 2607, 3000, 103, 666, 15300, 135, 768, 3791, 112, 25519
Additional numbers discovered: 420, 3791, 112
Date reference: "25th of the 4th" (possibly relating to ports 2504, 0425, 254, 425)
6. Special URL Clue

URL in Miles' bio: https://2130706433
Decoded: 2130706433 = 127.0.0.1 (localhost in decimal format)
Significance: Suggests converting decimals to IP components for IPv6 address construction

Zailgo e0 Game - Investigation Summary (Part 2/3)
Technical Understanding
Port Knocking Sequence

Pattern: "2 3 1" means 3rd largest 1st largest 2nd largest of three selected ports
Known: Port 25519 is the "2" in the sequence
Process: 3 knocks in specific order, then SSH becomes available
SSH Location: Unknown port (tested 22, plus various game-related ports)

IPv6 Address Variations Tested

2607:b4c0:a1ce:b0b0:a5c0::
2607:b4c0:a1ce:b0b0::a5c0
2607:b4c0:a1ce:b0b0:a5c0::1 through ::10
Hex conversions of port numbers (e.g., ::29a for 666)
Special addresses like ::dead, ::beef, ::1337

Comprehensive Port List Developed
# Original game numbers
254, 425, 520, 1995, 2504, 2607, 32768, 3000, 103, 666, 15300, 135, 768, 3791, 112, 25519

# CS/Crypto historical numbers
420, 1337, 443, 80, 53, 22, 3389, 1024, 2048, 4096, 65535

# Zalgo-themed numbers
13, 777, 1984, 2012, 6, 7, 66, 616, 1313, 2666
Attempts Made
Manual Testing Phase

Tested various IPv6 address formats
Tried different port combinations manually
Confirmed IPv6 connectivity (user has working IPv6 from Sydney, Australia)
Tested timing variations between knocks

Automation Development
Created comprehensive PowerShell automation script with:

Quick-Knock function using System.Net.Sockets.TcpClient
Multiple IPv6 address format testing
Systematic port combination testing using "2 3 1" pattern
Multi-port SSH testing (ports: 22, 25519, 2607, 520, 666, 443, 420, 777, 103, 112)
Progress tracking and success detection
Error handling and rate limiting

Automation Scale:

~50 IPv6 addresses tested
~12 knock sequences per address
~10 SSH ports tested per sequence
Total: ~6,000 combinations tested
Estimated runtime: 4+ hours

Key Technical Details
PowerShell Implementation
powershellfunction Quick-Knock($targetHost, $port) {
try {
$tcp = New-Object System.Net.Sockets.TcpClient
$tcp.ReceiveTimeout = 3000
$tcp.SendTimeout = 3000
$tcp.Connect($targetHost, $port)
Start-Sleep 1
$tcp.Close()
} catch {
# Expected for port knocking
}
}
Success Detection Criteria

SSH responses: "Permission denied", "publickey", "password", "authentication", "banner", "login", "Welcome", "Last login"
Fast response times (< 1.5 seconds)
Unusual response content (> 10 characters, non-standard errors)

>>6267243
Zailgo e0 Game - Investigation Summary (Part 3/3)
Results So Far

No successful port knocking sequence found
All attempts resulted in SSH connection timeouts or refusals
No evidence of SSH opening on any tested port after knock sequences
All basic connectivity confirmed (IPv6 working, target addresses reachable via ping)

Current Status & Remaining Challenges
What We Know For Certain

Port 25519 is confirmed as one of three knock ports
Sequence follows "2 3 1" pattern (3rd largest 1st largest 2nd largest)
IPv6 base network is 2607:b4c0:a1ce:b0b0:a5c0::/64
User has working IPv6 connectivity
Three knocks required before SSH opens

What Remains Unknown

The other two knock ports from our extensive number list
Exact IPv6 host addresses within the /64 network
SSH port that opens after successful knocking
Timing requirements between knocks or SSH attempt
Alternative interpretations of the "2 3 1" pattern

Possible Issues with Current Approach

Incomplete port list - missing crucial numbers
Wrong IPv6 address format - need different host portion construction
Timing sensitivity - knocks must be faster/slower/more precise
SSH port assumptions - service opens on unexpected port
Rate limiting - automation triggering anti-abuse measures
Sequence interpretation - "2 3 1" means something different than our implementation

Next Steps for Investigation

Search for additional numerical clues in game materials
Test alternative interpretations of "2 3 1" pattern
Investigate SSH key generation hints for post-access phase
Consider manual testing with different timing approaches
Review Penrose Tiles book for mathematical patterns/sequences
Explore anti-automation countermeasures that might be affecting results

Files and Resources

Results logging: "zalgo_results.txt" (for any successful attempts)
Reference book: "Penrose Tiles to Trapdoor Ciphers...and the Return of Dr. Matrix" by Martin Gardner
Contact: @Wedtm on X for game updates

This represents approximately 4+ hours of systematic investigation and automation development. The challenge remains unsolved despite comprehensive testing of the most logical port combinations and IPv6 address formats.

Each part is now under 3000 words and maintains a logical flow. Part 1 introduces the challenge, Part 2 covers the technical approach, and Part 3 discusses results and future directions. This should be perfect for sharing your quest online!