Mr. Robot eps2.9pyth0n-pt1.p7z – the security review

Mr Robot

It’s the start of the season finale, and apparently both parts of this finale were supposed to air at the same time. Instead, they’re now a week apart so this episode featured some intriguing albeit confusing events, and very little by the way of answers or even concrete plot.

There weren’t many security references in this episode – though some fascinating tech made cameos, the Commodore 64 being my favorite – so here’s hoping the second part of the finale gives us a bit more to consider.

Until then, let’s take a look at what this week’s episode had to offer.

WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON

The Red Wheelbarrow cipher code

In a clue that was left for us in last week’s episode, a key to revealing Tyrell’s identity was written on a hidden-in-plain-sight menu for the Red Wheelbarrow BBQ, which apparently you could see in the pan shot.

We see Elliot watch Mr. Robot deciphering the numerical codes written on the front and interior of the menu. It seems to start simply enough with some basic number-to-letter conversions, shifting the values with ROT-13, researching Perrin and Erdos-Woods numbers to eliminate, and eventually decoding a hex string into a telephone number.

Often when we see ciphers in popular media they may show one, perhaps two steps to deciphering the code itself but when geeks and hackers set each other puzzles it can take quite a lot more work to unravel them.

One great example is the yearly badge challenge at the hacker conference Defcon, courtesy of Defcon’s resident puzzlemaster 1o57. The challenge is a bit of a misnomer as the puzzle isn’t restricted to just the badge itself – from the hotel keys, to the graphics printed in the programs and around the convention halls, to the badge lanyards themselves, and well beyond—multitudes of clues and keys are scattered around the con for one massive challenge.

The goal: Figure it out before the con ends. It takes teams of seasoned puzzlemasters several intense days to decipher it all, if they can. They hunt down the clues that lead them down a huge rabbit hole to figure it all out—mainly for the massive bragging rights.

If you want to see what’s involved, check out Defcon 22’s challenge winners (Team Potatosec), who did an amazing writeup of the work they did to figure out that year’s badge challenge. Give it a quick peek. Does it look familiar?

Yes indeed, the cipher we saw in this episode is a direct code of part of 1o57’s Defcon 22 badge challenge. [Many thanks to the eagle-eyed Naked Security readers who noticed this!] There’s even a phone number you can call, which may also look familiar if you saw this episode. Where might it lead? I’ll let you try it and find out!

In comparison to the work needed to decipher the Defcon 22 badge, the work Mr. Robot did in this episode looks like kid’s stuff!

ECoin: The worst nightmare of cryptocurrency fans

As I suspected in my previous review, ECoin is indeed becoming a major plot point in the finale. It seems like it may become the replacement for the weakend US dollar, given the chaos in the world at large. It’s great news for ECorp and Mr. Price of course—a currency they control, transactions they get a cut from, all given legitimacy by the US government.

For ECorp, that all sounds fantastic.

On the flip side, this is also the last thing most cryptocurrency enthusiasts would ever want to see happen: A corporate-run, government-regulated currency adopted by the Treasury.

Angela’s not Deckard, is she?

This one’s not security-related, but it is tech: There’s a theory going around that the questions Angela was being asked via the fictional Commodore game were a form of the Voigt-Kampff test, which you may remember as the test given to potential replicants in Blade Runner or the original book, Do Androids Dream of Electric Sheep?

Given the conversation Dom had (or tried to have) with her Amazon Alexa, there seems to be a theme here of not being able to distinguish between what’s human and what’s machine. I wouldn’t doubt if this theme continues next week.

 

The second half of the finale promises to be intense. I hope we get some answers, though I wouldn’t be surprised if we’re left in a state of confusion. What about you – have you been keeping up with the show? Or will you be marathoning it all at once after the season is over?