Frequently Asked Questions (FAQ)

Caesar [or some other well known character] left a comment on PaintOver [or some other other in-game site] in binary that translates to a clue!

It is probably fake. If you look at the form to submit a new comment, it lets you put ANYTHING in for the name, without validating who you are. There are a great many childish people out there that just want to mess with you. Quite often you will find this stuff translates to a gross and vulgar website starting ending in *.cx and having something to do with goats.

Brute forcing ettiquite ("bruting")

There are two main kinds of brute forcing: (1) sitting at the computer and typing in passwords until you get the right one; and (2) setting up a program to hammer a server, attempting every possible password in the dictionary, while you go get some coffee. The former method is fine in most cases. The latter method is almost always forbidden.

You really have to think about other people's resources, which translate to other people's money. Trying a new hand-typed password every few seconds is not much different than clicking around links on a site. It uses about the same bandwidth and processing power. Hammering a server with an automated script eats up large amounts of bandwidth and tends to raise the server load. Often these things translate to more cost for the PM's behind the game, and less availability for other people playing it.

Usually, if there is a password on something, there is a more intelligent way to discover the password than trying everything in the book. Often passwords for in-game characters are poorly chosen and relate to something in their life--a favorite quote, music, pet, or person. For instance Phillip has a Plato quote in his bio--the title of the story from which the quote is taken gives us two of his passwords.

Decompiling ettiquite ("decking," reverse engineering, etc)

Often times, sites include embedded Flash or Java applets. Quite a few tools exist out there to decompile these mini-programs, so you can see the original source code. The security community finds this useful, as it can show flaws in an application. The ARG community might also find this useful, as sometimes there is data hidden in the Flash files that leads to more game knowledge.

The question arises: is this a proper thing to do in an ARG? Often times, poorly designed sites leave things in the flash that the original designers did not want you to know. There are many people who are unaware of the fact that this data can be reversed out of Flash. The old-school ARG players will say that it is the same as cheating, and is therefore off-limits. Others say that if it runs on their computer, they should be able to see what it is doing--either by decompiling a program or watching network packets as the flow into and out of the computer.

Currently, there is no solid answer to this question. It is still being debated. Be warned, though, that in the US it is technically illegal to decompile a program, except for under very specific circumstances, because of the DMCA. Other countries have DMCA-like legislation. My personal opinion is that the web follows standard client/server architecture. If secret data needs to be calculated, it should be done server-side, where the client cannot see it. If Flash and Java are utilized to do something like check a password, it should be sent to the server (possibly hashed to protect from evesdropping) and tested server-side, instead of a "IF $password = "secret" THEN GOTO 100" sort of scheme.

What is steganography (or "steg" or "stegging something")?

Taken from a SecurityFocus article:

While we are discussing it in terms of computer security, steganography is really nothing new, as it has been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted to obscure the message - for purposes of military intelligence, for instance - they would use steganography: the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax would then be poured on top of the message, thereby obscuring not just its meaning but its very existence.

According to, steganography (also known as "steg" or "stego") is "the art of writing in cipher, or in characters, which are not intelligible except to persons who have the key; cryptography." In computer terms, steganography has evolved into the practice of hiding a message within a larger one in such a way that others cannot discern the presence or contents of the hidden message. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file.

Basically, it lets you hide a message inside of another file--a picture file, a sound file, a text file, etc. Programs to extract these secret messages include Stegdetect and MP3stego.

I found a new site that looks like it's part of the game!

First, check for an Underscore Hosting logo on the site. If you do not see one, it is probably not part of the game. If you DO see one, it still may not be part of the game. You will have to right-click the image and view the properties (or view the document source or open the image in a new window or whatever you have to do to get the URL of the Underscore picture). The image should be at a URL similar to:

The root domain is and the site that is displaying the logo should have its domain after the "logos/" part of the URL (in this case, If the Underscore logo does not conform to this pattern--either served from a different site or with a different domain in the directory path--it is probably not an official site.

What is a PM?

The acronym PM has two different meanings, depending on context. Usually, you will see people using it as a (proper) noun: "The PM's have us really stumped this time." In this case, it stands for "Puppet Masters"--the people running the game. Other times, you will see it used as a verb: "PM me the info, once you find out." In this other case, it stands for "Private Message." Most message boards offer Private Message functionality--it is basically sending a private email without knowing the other person's email address, just their nickname.

The email windows on MetaDex overlap. How do I see the older messages?

Tell your browser to View Source, then scroll down to the things that look like email messages. The oldest ones are toward the bottom.