If you’re here with me at DerbyCon right now then I hope you’ve stopped by the Lockpick Village. I have nothing to do with running it, rather it’s offered up and operated by the outstanding FOOLS (Fraternal Order of LockSport) who do an epic job every single year, bringing out new tech and new toys to teach all the girls and boys.
I have added one thing to their Village this year, however. It’s a single purple padlock, hanging on one of their lock boards…
… this is a contest lock. If you aren’t familiar with this style of mechanism, let me explain. This is known as the Master 1500i, which they call the “speed dial” but which we call the “hash lock” because “speed dial” is a stupid name for it.
Nothing is “dialed” when operating this mechanism. The combination to open a padlock of this type is entered as a series of pushes… up, left, down, or right …on the single big button on the front.
Press in on the shackle (to reset the gears inside), enter your series of pushes, then pull it open… simple, right? Well, the actual internals are pretty amazing stuff. Our good friend Michael Huebler of the German sportpicking group SSDeV did extensive research on these locks and even produced a very interesting internal visualizer tool and white paper to teach others.
There is a decode attack for these locks.
It is not super easy.
If you want, you can try to decode this lock. If you’d like to try to get the combination by another means, however, I’ve put up a little crypto puzzle. Follow the clues and you should be able to discern the correct series of pushes to open the lock.
If you show the lock to any member of the FOOLS staff in the Lockpick Village before the end of DerbyCon, I’ll have a prize for you! (You must bring the lock to them OPEN, not merely photograph or video it or tell them what you think the code is. They do not know it. Although, you should still try to bribe them with drinks.)
We’re calling this puzzle “Around the (most of) the World in (more or less) Eighty Hours.” Here you go…
UPDATE – The above Puzzle has been solved by Scorche of TOOOL and DC949. Way to go, man!
The solution appears below, along with a step-by-step breakdown of the stages and the clues that were available to help people along.
Step One – the above image from the post announcing this contest (which was paired with some nonsense text about being at the controls of a spaceship, etc) contains a reference to a YouTube URL. Some people spotted that the font on the blackboard was different in one place…
… and if people didn’t think that a v= variable could represent a youtube URL element, I later tweeted this hint image…
So hopefully that steered enough people to find this clip.
Step Two – The YouTube clip was clearly a Morse code segment, and if people couldn’t figure that out I even included the image of a signaling key there. So, folk would listen to that and hear a series of letters.
If someone is very, very good with radio they might have been able to just listen to the dots and dashes, but there are also a series of other tools that can make the job easier.
The above is an app that runs on Android and iOS and will listen to Morse via the microphone and simply show characters. Also, later on I tweeted the following hint…
offliberty.com is a site that will easily allow you to download a YouTube video as MP4 or MP3 audio. If someone were to pull the file and view the soundtrack in a wave editor, the dots and dashes of the Morse can become very easy to read…
So these dots and dashes would transcribe into the following groups of letters…
PCG XEX RJE LZK YVF PVN ROO CUY FQS
Step Three – The letters above could mean a lot of things, but I tried to give people a slight hint with the following tweeted image…
You see a boarding pass, hopefully you think Airport Codes. And all of the above letter groups are airports… almost. These letter codes represented airports in very, very obscure places (and someone later told me they almost lined up in a nice great circle route!) but one letter code is just wrong.
Some people explained that they thought I had done something wrong in keying the Morse code letters. So i later sent out another tweeted hint image…
…now while this may have led some people very astray in their thinking, given that this is clearly a press photo for a NASA mission, a few diligent and observant folk spotted that this was the crew of the Apollo 13.
What do hackers think during crypto contests when the number 13 appears?
Step Four – That’s right… run the letter codes from the Morse message through a ROT-13 pass. This is the result…
CPT KRK EWR YMX LIS CIA EBB PHL SDF
Now THOSE look like some more common airports. All that was left was to plot the route going from those cities, in order, and see what “direction” you would be flying.
The hash padlock uses a series of pushes. So if the “plane” is flying North, that’d be “up” and West would be “left” etc etc etc. Look down the flight itinerary and this is what you ultimately find…
U L U R R D L L
And here you can see Scorche solving the puzzle… great work!
Thanks for letting me whip up a little contest like this for DerbyCon. Thank you to everyone gave it a try. I always focus on mechanical locks, so this little crypto puzzle was a hoot. (Best part: realizing that when I ran the airports through a ROT-13 pass that they STILL were legit codes in all but one instance. That was awesome and totally unplanned.)