Elementary 1x10 Leviathan
Oct. 25th, 2014 08:10 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
kerravonsenI enjoyed this episode, it was action-packed, clever, with character stuff too.
Unfortunately, something about the plot-logic has been bothering me, something that most people wouldn't notice at all, but, alas, it is my profession. Something to do with the computer programming. Mind you, the writers get double kudos for (a) avoiding Obvious Computer Fail, which very few shows do, and (b) making the computer stuff something that bugged me afterwards, rather than during. So I'm not exactly complaining... it's just a puzzle that I needed to work out.
Thanks to this episode transcript I was able to double-check the key bits of dialogue that were bothering me.
Regarding the access code:
Now, this is fair enough. I've used one of those "key fob" devices myself for work, when accessing a secure computer system. The number on it does indeed change, and you have to type in that number in order to access the secure network.
First problem is a slight one: it is a little imprecise to call it a "random number generator". Why? Because if the numbers were truly random, nobody would ever be able to get into the safe, ever, because the key fob wouldn't be able to know what the number at the bank-vault was. So how do the key-fob and the bank-vault remain in sync? With an algorithm which takes two inputs: a "seed" value, and the current time. This generates what are called "pseudo-random" numbers; all computer-generated "random" numbers are actually "pseudo-random" numbers. They appear to be random, but if you use the same algorithm and the same "seed" value, you get the same sequence of numbers. Thus, you have two devices: the vault number-generator, and the key-fob, which are programmed with the same algorithm and the same seed, and they will generate the same numbers at the same time; thus if you have the key-fob, you know what the number in the vault is.
Second problem is a practical one: what if the guy with the key-fob got run over by a bus, or simply lost the key-fob? Millions of dollars of diamonds, and they can't access their own vault! Seems pretty dumb to me.
Also, I would have thought that a simpler method of breaking into the Leviathan would be to steal the guy's key-fob. If they were really good, they could steal it while he was asleep, use it, and then put it back with him none the wiser.
Third puzzle: how exactly did they check that the random number generator was "working perfectly"?
1) Did they ring up the guy with the key-fob? If so, his key-fob wouldn't match the vault unless the thieves had restored the original software (which perhaps they did).
2) Did they glance at the display and say "that looks random"? That's not much of a test.
3) Did they run some sort of self-test? If they did, then of course the replacement software would be set up to say "yes, everything's fine!"
Regarding Malbolge and the access code:
I looked it up, and Malbolge does indeed exist. That's pretty cool!
However... so far as I can tell, the only reason to use Malbolge is to hide the program in plain sight. Having a program written in Malbolge doesn't give you access to the vault's software, even if the vault's software was written in Malbolge (which doesn't seem that likely).
Fine, that's where the "inside man" comes in. Presumably they replaced the vault software with the Malbolge program. How?
Thing is, as it says above, the random number generator is "hardwired into the system". That would mean that it would be connected, directly, with wires, to the locking mechanism. The most likely way that would be done would be with a microchip computer which was programmed at the factory and installed inside the lock. No convenient keyboard or USB port - there would be no way to access the chip, and thus no way to alter the software.
As I said above, it would be easier to steal the key-fob.
Unfortunately, something about the plot-logic has been bothering me, something that most people wouldn't notice at all, but, alas, it is my profession. Something to do with the computer programming. Mind you, the writers get double kudos for (a) avoiding Obvious Computer Fail, which very few shows do, and (b) making the computer stuff something that bugged me afterwards, rather than during. So I'm not exactly complaining... it's just a puzzle that I needed to work out.
Thanks to this episode transcript I was able to double-check the key bits of dialogue that were bothering me.
Regarding the access code:
Holmes: Ten-digit access code?
Batonvert: Yes, it's provided by a random number generator that's hardwired into the system. The code changes every two minutes.
Holmes: Who has the code?
Batonvert: It appears on a key fob that the owner carries. If you want to get in there, he's got to read it to you. He's in Gstaad right now. He's had the fob on him the whole time.
Holmes: You could attack the random number generator, make it spit out a pattern, so you could predict the code.
Batonvert: The number generator is working perfectly.
Now, this is fair enough. I've used one of those "key fob" devices myself for work, when accessing a secure computer system. The number on it does indeed change, and you have to type in that number in order to access the secure network.
First problem is a slight one: it is a little imprecise to call it a "random number generator". Why? Because if the numbers were truly random, nobody would ever be able to get into the safe, ever, because the key fob wouldn't be able to know what the number at the bank-vault was. So how do the key-fob and the bank-vault remain in sync? With an algorithm which takes two inputs: a "seed" value, and the current time. This generates what are called "pseudo-random" numbers; all computer-generated "random" numbers are actually "pseudo-random" numbers. They appear to be random, but if you use the same algorithm and the same "seed" value, you get the same sequence of numbers. Thus, you have two devices: the vault number-generator, and the key-fob, which are programmed with the same algorithm and the same seed, and they will generate the same numbers at the same time; thus if you have the key-fob, you know what the number in the vault is.
Second problem is a practical one: what if the guy with the key-fob got run over by a bus, or simply lost the key-fob? Millions of dollars of diamonds, and they can't access their own vault! Seems pretty dumb to me.
Also, I would have thought that a simpler method of breaking into the Leviathan would be to steal the guy's key-fob. If they were really good, they could steal it while he was asleep, use it, and then put it back with him none the wiser.
Third puzzle: how exactly did they check that the random number generator was "working perfectly"?
1) Did they ring up the guy with the key-fob? If so, his key-fob wouldn't match the vault unless the thieves had restored the original software (which perhaps they did).
2) Did they glance at the display and say "that looks random"? That's not much of a test.
3) Did they run some sort of self-test? If they did, then of course the replacement software would be set up to say "yes, everything's fine!"
Regarding Malbolge and the access code:
Watson: That looks like something your printer spits out when it's trying to test to see if it works. It looks like sheer nonsense.
Holmes: That's what it is supposed to look like. It's a programming language called "Malbolge." It was designed to be impenetrable. The language's creator named it after the eighth circle of hell in Dante's Inferno. Now, there are few people in the world who can even recognize Malbolge as anything other than gibberish. Fewer still who can write software using it. I learned about the language from a consultant I used in London. She should be able to get us a translation soon. The important thing is it's a message. It was hidden in plain sight throughout the trial.
Watson: Do you think someone from the jury recognized it?
Holmes: Why else would they ask to see a coffee order again and again, hmm? Here you are. Justin Guthrie. Unemployed at the time of the trial, but listed his previous occupation as "software engineer." Shall we see if he's familiar with Malbolge?
Watson: So what do we do if this guy Guthrie says he doesn't know what you're talking about?
Holmes: We can start by seeing if he's got any diamonds lying around. (phone chimes) That's it. They attacked the random number generator.
Watson: That does not say, "they attacked the random number generator."
Holmes: It's an algorithm, Watson. This is a translation of the coded Malbolge, sent by my contact in London. This is how the first team of thieves got into The Leviathan. The vault's software is designed to spit out ten random digits every two minutes. This makes it impossible to predict the access code at any given moment. The genius of the original plan is this algorithm. They hacked the software, fed the equation into it. It spits out escalating multiples of the number pi every two minutes. Pi is infinite, so if you take a ten-digit sample, the numbers still appear random.
Watson: But if you know the algorithm, you can predict the code.
Holmes: Yes. Even after you leave, it still looks like the software is functioning perfectly, hmm? Justin Guthrie must have translated the Malbolge, realized that he had the key for cracking The Leviathan.
I looked it up, and Malbolge does indeed exist. That's pretty cool!
However... so far as I can tell, the only reason to use Malbolge is to hide the program in plain sight. Having a program written in Malbolge doesn't give you access to the vault's software, even if the vault's software was written in Malbolge (which doesn't seem that likely).
Fine, that's where the "inside man" comes in. Presumably they replaced the vault software with the Malbolge program. How?
Thing is, as it says above, the random number generator is "hardwired into the system". That would mean that it would be connected, directly, with wires, to the locking mechanism. The most likely way that would be done would be with a microchip computer which was programmed at the factory and installed inside the lock. No convenient keyboard or USB port - there would be no way to access the chip, and thus no way to alter the software.
As I said above, it would be easier to steal the key-fob.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2014-10-25 05:36 pm (UTC)There are statistical tests that can be applied to see if the sequence of numbers being generated is sufficiently random. Of course a snag is that you need a fairly lengthy sequence of numbers before you can have enough confidence in your tests. (I used to dabble in this area long ago, and still have my copy of Volume 2 of Donald Knuth's "The Art of Computer Programming".)
But the bigger problem is that, if the baddies had really replaced the random number generator with one of their own that produced numbers that passed the tests but that they could predict, then the testing wouldn't help.
I agree that stealing the keyfob would probably have been far easier, but it wouldn't have produced nearly so interesting a plot (by the sound of it - I haven't seen it myself).
no subject
Date: 2014-10-25 11:13 pm (UTC)Agreed.
I agree that stealing the keyfob would probably have been far easier, but it wouldn't have produced nearly so interesting a plot
True. (grin)