For three years running, I (or I with a co-worker) have been the first person to solve the ShmooCon Badge puzzle. (I’m also, I believe, the only outsider to have solved the 2008 badge puzzle, but that’s another post). Seems like it’s time for me to stop playing.
So I asked Heidi if I could do the puzzle this year, and she agreed. We went back and forth many times over a few weeks, and got a lot of advice and suggested changes from G. Mark Hardy (who’d written the last three puzzles). Finally, just a few days before everything had to go to the printers, we put a fork in it and decided the puzzle was “done.”
Since the theme for the con this year was, loosely, gearheads, I chose a puzzle with some mechanical/crypto components. All in all, there were seven gear-shaped badges, several images in the program, and a couple extra bits of crypto text.
As always, if you’d like to try to solve this yourself, then STOP now, as the rest of this post is full of spoilers. If you’d like a copy of just the raw data (ciphertexts and other clues revealed during the contest), click here.
The first element of the puzzle that everyone saw was, of course, the badge. In addition to the “expected” badge elements (ShmooCon, plus Speaker or Attendee or Staff), the badges featured:
- Letters all around the edge, in the gear teeth,
- A six-letter string at the bottom, and
- A four-digit number at the top.
Hidden in the program was the first hint:
GET YOUR SHMOOS IN LINE! SLASH OR DOT! ONE'S HOT ONE'S NOT!
The hope was that this hint would encourage players to find the correct order for the badges, as well as the fact that they need to line up in some way. The trouble was, how do you order them? A natural guess would be to use the numbers, but are they supposed to go in numerical order or something else?
That was the point of the “slash or dot” element of the hint. If you were to add a slash to the numbers, where would you put it? Turns out, these numbers (selected by G. Mark) were actually the start dates for ShmooCon 1-7. Put them in the proper order by year, and that’s the order for the badges.
So badge data, in order, looks like this:
Teeth (clockwise from top) # Bottom Top 0 1 2 3 4 5 6 7 8 9 10 11 1 CGARIN 0204 Y I I E O E O E K T A T 2 OEDNCE 0113 C O T R T A T U D W A S 3 NATOKX 0323 H C O T M H C H S A U C 4 NRONRT 0215 H A O T C N R L E U H N 5 ESPEEE 0206 L E S K A E O K U D N B 6 CRTCAT 0205 G A A D E R W W E S E T 7 TEULDC 0128 A Y S H R H N Y L C S E
That was “Stage 0.” The goal of Stage 1, then, is to read the message hidden in the six-character badge strings by stacking the badges in order and reading down the columns.
What’s interesting is that you could bypass the entire ShmooCon date index altogether. For example, if you looked at the frequency analysis for Stage 1 (the six-letter strings), you’d see something that looks remarkably like normal English text, with E being the most common letter, and C, N, and T tying for 2nd. It’s a small sample size, but even still definitely doesn’t look like a typical sustitution cipher output. This should tell the player that it’s some kind of transposition cipher — that is, the letters are simply scrambled, not changed.
So to solve this in that way, it’d be necessary to try to re-arrange the letters until you get words. As I mentioned later, “it’s best to try the easy approaches first,” so the easiest approach here would be to assume each six-letter string needs to stick together, and it’s just a question of re-arranging them to build words. If you look at the last letter of each row, there are only 5 letters in use: C, E, N, T, and X. So immediately, one might consider the words “CENT” and “NEXT.”
There are four ways to do this: The N and X remain constant, but you have to try two different rows for E and for T.
CGARIN CGARIN CGARIN CGARIN OEDNCE ESPEEE ESPEEE OEDNCE NATOKX NATOKX NATOKX NATOKX CRTCAT NRONRT CRTCAT NRONRT
In two of these, the 2nd column spells “GSAR,” but in two of them, it spells “GEAR.” The other columns don’t do much, but there are only three other rows to try to add to the bottom to build new words with, so it should fall out pretty quickly. For example, if you add ESPEE next, then the first column becomes “CONCE” or “CONNE”, depending on what you picked for the fourth row, while the 3rd column ends with “TOP.” And so forth.
I don’t know if anyone actually tried this approach. I’m hoping some people at least considered it.
Regardless of whether you used the number index or just brute-forced the strings, the result of Stage 1 is instructions for Stage 2:
CONNECT GEARS READ TOP TURN ONE CLICK READ NEXT ETC
Again, thanks to G. Mark for taking one of our rough ideas (“wouldn’t it be cool if people had to actually connect the badges together and turn them to get a message?”) and making it into something that actually works. But how do you connect the gears? There was a hint for that, in the program:
Putting all the gears, in order, in an arrangement like that yields the first “machine” for this puzzle. To read this Stage 2 message, you’d:
- Look at the top of a gear and read the letter
- Turn the gears one click (top gears go clockwise, bottom counter-clockwise)
- Look at the top of the next gear
At the top of the first gear is “Y.” Turn the gears one click, and now the “O” that was at 1 o’clock on the 2nd gear is now at the top, so write down “O.” Turn gears again, and now the “U” that was originally at 10 o’clock on gear 3 is at the top. Keep doing this and eventually you get the message:
YOU TURNED THE GEARS NOW REACH BACK A CLASSIC CODE YOU MUST ATTACK WHO WON LAST THREE HIS HANDLE THE KEY
I’d considered several different keys for Stage 3, but eventually picked my own handle. I did this partially because there’s a history of the puzzle-maker using his handle as a key or hint (about half of G. Mark’s puzzles feature GMARK as a key at some point). I also hoped that, in looking up my handle, players would find my writeups from past puzzles and see that one particular cipher appears again and again. That’s the “classic code” that’s used for Stage 3.
Plugging Stage 3 into a Vigenere decoder, then:
- Ciphertext: JAKAL EPTYV UJXRR SEZVE KMORA PLUSG KVSCE
- Key: DARTH NULL
- Plaintext: GATHER VINS USE KEY TO SET THE GEARS PROFIT
Which brings us to Stage 4. As I was wandering around Friday night, I watched a table full of people working on the puzzle, and they’d already figured out how this stage works, even before they’d solved a single stage. Which was vaguely encouraging to me, to know that my contraption wasn’t that obscure.
Stage 4 required three elements: A ciphertext, a cipher, and a key.
The ciphertext was hidden on little “auto repair slips” scattered through the program (the “GATHER VINS” part of the clue). Collecting all 5, and putting the VINs in order based on the number in the middle of each, gives the following final ciphertext:
ZFFLKJBV1WHNNHPIB FCJVBJRD2APJEYOPQ HJJTZPQM3XLJYUQFH ZJHIYZZP4WNJBNOVD PVVEWBLG5SPHISYEJ
The cipher is a keystream-based cipher, where the keystream is generated by a 3-gear machine printed in the program.
That machine produces a different keystream (or, more accurately, a different segment of a single very long keystream) depending on what position the gears are initially set to. That starting position is the final “KEY” mentioned in the clue. In the image in the program, the gears are initally set to “TSG.”
But what’s the actual key you need to use? I thought and thought for a while on this one… Originally I wanted to use “OCT” (for ShmooCon 8), and figured that “10” in octal would be an interesting sort of hint, until G. Mark reminded me that “10” also looks like binary. Doh. So after about 20 minutes of brainstorming, we finally came up with “CAR” (Duh!!), and then I decided on something slightly more evil.
The key for the final stage is “KEY.”
I hope that annoyed…er, amused…at least some of the players.
Anyway, once you set the gears to start at KEY, you then read the top of each gear, turn, read the top of each gear, turn, etc. Not quite the same as the first machine, but I thought reasonably obvious (and as I said, at least one team figured that part out on Friday afternoon).
To solve this final stage, you take the ciphertext:
and subtract the keystream:
to get the plaintext. In this case, we’re numbering the alphabet from 0 (so A is 0, and Z is 25). So Z-B is 25-1 or 24, which is Y. F-R wraps around and gets you O., etc. You can also use the standard Vigenere tableau (it’s essentially the same operation, mathematically), or the “One Time Pad” tool on my favorite cipher puzzle site rumkin.com. No matter how you attack it, the final ciphertext decrypts to:
YOU HAVE DONE VERY WELL NOW FOR THE FINAL CHALLENGE TO WIN WHAT CAR DOES BRUCE STILL HAVE ON BLOCKS
I wasn’t in the building when the winning team came in with their answer, but apparently they actually walked up to Bruce and asked him. Informed that he would not be able to answer the question, the winners huddled over the con program for a while, then after additional input from Heidi, went off to “ask the Internet.” Ten minutes later, at about 12:40 on Saturday, they returned with the right answer: “Volvo.”
Congratulations to Mike Herms and Matthew Bocknek for solving the puzzle! I hope you enjoyed it.
(click here for the solution presentation from the closing ceremony.)
(view Archived Comments from the old site)