S01E10 - The Leviathan
This episode had some interesting CS questions.It started slow, with another use of Holmes' zoom addon:
 |
| Screenshot taken at ~14:50. |
I doubt the zoomed pictures would look like what Holmes shows to Watson, but there is not a lot to complain about. It's just that a simple loupe would have been easier...
At ~20:00 we learn that Holmes was able to hack into Watson's phone, even though she had a pin on it. Depending on the phone that's definitely a possibility: for example, on Android (around the time when the episodes were shot), it was quite easy to remove the pin-lock. I'm not sure, if reenabling the lock (with the same pin) would be as trivial, but Holmes should manage...
I'm pretty sure these security flaws have been fixed in the meantime. In fact, Android even encrypts the whole phone by default now.
And then it got really interesting.
Malbolge
Holmes realizes that a coffee order shouldn't be too interesting, and that a jury shouldn't need to ask for it three times. When looking at the paper he finds some text that looks like random characters: |
| Screenshot taken at ~21:40 |
Although Malboge is a real programming language, it is not intended to be used for development of programs. It's more of a riddle and thought as a challenge to write programs in it. It took 2 years for the first program!
Given the difficulty in writing the simplest programs it's not surprising that the code in this episode is one of the already existing programs. It's Malboge's "Hello World" program (with just minor differences, probably due to sloppy copying):
('&%:9]!~}|z2Vxwv-,POqponl$Hjig%eB@@>}=<M:9wv6WsU2T|nm-,jcL(I&%$#"
`CB]V?Tx<uVtT`Rpo3NlF.Jh++FdbCBA@?]!~|4XzyTT43Qsqq(Lnmkj"Fhg${z@>
A hello-world program is the classic first program, and just prints "hello world" (usually on the console). In Dart (another programming language) it would look as follows:
main() { print('hello world'); }
Clearly that's not the program that Holmes gets back from his contact in London:
 |
| Screenshot taken at ~22:45 |
- it's almost impossible to write programs in it.
- once recognized, it doesn't offer any protection.
- it still looks like something computer related.
The first point would be easy to fix by using another weird esoteric language like Brainfuck. It's output looks almost as cryptic, but it has the advantage that developers are actually able to write programs in it (although they usually don't write it directly). For example Brainfuck's hello world looks as follows:
++++++++++[>+++++++>++++++++++>+++<<<-]>++.>+.+++++++
..+++.>++.<<+++++++++++++++.>.+++.------.--------.>+.
There are many other esoteric languages and I strongly recommend a look at Wikipedia's list: http://en.wikipedia.org/wiki/Esoteric_programming_language.
If the thieves wanted to make it hard (or impossible) for others to read their program they should have used encryption instead of obscurity. After encrypting the program with a key (usually a password) the program would be pretty much impossible to read without it.
Finally, to make it look less like computer related thing, there is Steganography which is the art of hiding messages in other messages. A typical container medium is a picture. The linked wikipedia page has some nice examples.
Random Number Generators
The message Holmes receives from his contact in London (see screenshot above) is supposed to be the algorithm that was written onto the coffee order (don't ask how it got there).E(π) = Q(π) / Q(E) + Q(π)
I honestly don't have any idea what this formula is supposed to be (and why it uses π instead of the more common 'x'), but let's Holmes explain it:
"The vault's software is designed to spit out ten random digits every two minutes.
This makes it impossible to predict the access code at any given moment.
The genius of the original plan is this algorithm.
They hacked the software, fed the equation into it.
It spits out escalating multiples of the number pi every two minutes.
Pi is infinite, so if you take a ten-digit sample, the numbers still appear random.
But if you know the algorithm, you can predict the code.
Yes. Even after you leave, it still looks like the software is functioning perfectly,"
There are some nice ideas here, but when looking at it a little bit closer everything just falls apart:
"The vault's software is designed to spit out ten random digits every two minutes.
This makes it impossible to predict the access code at any given moment."
If the vault's software was really generating ten random digits, it would be truly impossible to predict the access code. Unfortunately, this would also be true for the owner of the vault... To be precise, Holmes should have said that the software is producing a sequence that resembles random digits, or use the term "pseudorandom generator".
A pseudorandom generator is a piece of software that generates sequences of numbers that look random. This is exactly what is needed here: a program in the vault that expects a random code, and a token or fob, that the owner carries that knows how to produce the same sequence.
Despite all my ramblings this part of the explanation is pretty good. We frequently drop the "pseudo" prefix when talking informally of these generators.
"The genius of the original plan is this algorithm.
They hacked the software, fed the equation into it."
That starts to make less sense: if they were able to hack the software (how???), why bother with a cryptic Malbolge program (and write it on paper)? They could have changed the software to accept 0000000000 at a specific time and gotten in this way. It's not clear why they needed something more complicated...
"It spits out escalating multiples of the number pi every two minutes.
Pi is infinite, so if you take a ten-digit sample, the numbers still appear random."
The formula that Holmes received doesn't look like it produces "escalating multiples of the number pi" (whatever that is). However, the question if the digits of pi are or look random is interesting. Holmes is correct that pi is infinite. It is furthermore not repeating (unlike 1/3 which is infinite, but repeating). That doesn't mean that it is a good pseudo random generator, though. There could be a pattern (like "after two 5s there is an even digit"). For the number pi, mathematicians are still actively investigating. You can find the the same question on mathoverflow with some interesting replies.
For a nice presentation of nicely the digits behave (supporting its use as a random generator) see this rendering. Don't buy their "proven" argument, though! They just haven't disproved it.
In any case: using the digits of pi as a pseudo random generator is not really a good idea: the digits are readily available (thus easily findable) and the sequence is therefore very easy to predict. It is furthermore expensive to compute.
"But if you know the algorithm, you can predict the code.
Yes. Even after you leave, it still looks like the software is functioning perfectly,"
Yes. Even after you leave, it still looks like the software is functioning perfectly,"
Clearly, if you know the algorithm (and its initial input), you can predict the code. However, it wouldn't look like the software is functioning perfectly. This absolutely doesn't make sense: the vault door doesn't show any random code (that would make it a little bit too easy to open it ;). So the only one who sees codes is the owner of the token. And that token's codes wouldn't work anymore, since the algorithm in the door would expect different sequences.
The attackers could, of course, restore the original algorithm once they finished breaking in, but in that case why would they even need a different algorithm? Just make the door always expect 0000000000.
Even after thinking about it for some time, I still can't make any sense of the whole attack. Sorry...
That said, this episode was quite nice: even though the computer science in it was pretty bad, it led me to some interesting places while doing the research.
Comments
Post a Comment