Home > Conferences, Cryptography, Puzzles > ShmooCon 2012 Badge Puzzle

ShmooCon 2012 Badge Puzzle

For three years running, I (or I with a co-worker) have been the first person to solve the ShmooCon Badge puzzle. (I’m also, I believe, the only outsider to have solved the 2008 badge puzzle, but that’s another post). Seems like it’s time for me to stop playing.

So I asked Heidi if I could do the puzzle this year, and she agreed. We went back and forth many times over a few weeks, and got a lot of advice and suggested changes from G. Mark Hardy (who’d written the last three puzzles). Finally, just a few days before everything had to go to the printers, we put a fork in it and decided the puzzle was “done.”

Since the theme for the con this year was, loosely, gearheads, I chose a puzzle with some mechanical/crypto components. All in all, there were seven gear-shaped badges, several images in the program, and a couple extra bits of crypto text.

As always, if you’d like to try to solve this yourself, then STOP now, as the rest of this post is full of spoilers. If you’d like a copy of just the raw data (ciphertexts and other clues revealed during the contest), click here.

The first element of the puzzle that everyone saw was, of course, the badge. In addition to the “expected” badge elements (ShmooCon, plus Speaker or Attendee or Staff), the badges featured:

  • Letters all around the edge, in the gear teeth,
  • A six-letter string at the bottom, and
  • A four-digit number at the top.

Hidden in the program was the first hint:


The hope was that this hint would encourage players to find the correct order for the badges, as well as the fact that they need to line up in some way. The trouble was, how do you order them? A natural guess would be to use the numbers, but are they supposed to go in numerical order or something else?

That was the point of the “slash or dot” element of the hint. If you were to add a slash to the numbers, where would you put it? Turns out, these numbers (selected by G. Mark) were actually the start dates for ShmooCon 1-7. Put them in the proper order by year, and that’s the order for the badges.

So badge data, in order, looks like this:

               Teeth (clockwise from top)
#  Bottom  Top   0 1 2 3 4 5 6 7 8 9 10 11
1  CGARIN  0204  Y I I E O E O E K T A  T
2  OEDNCE  0113  C O T R T A T U D W A  S
3  NATOKX  0323  H C O T M H C H S A U  C
4  NRONRT  0215  H A O T C N R L E U H  N
5  ESPEEE  0206  L E S K A E O K U D N  B
6  CRTCAT  0205  G A A D E R W W E S E  T
7  TEULDC  0128  A Y S H R H N Y L C S  E

That was “Stage 0.” The goal of Stage 1, then, is to read the message hidden in the six-character badge strings by stacking the badges in order and reading down the columns.

What’s interesting is that you could bypass the entire ShmooCon date index altogether. For example, if you looked at the frequency analysis for Stage 1 (the six-letter strings), you’d see something that looks remarkably like normal English text, with E being the most common letter, and C, N, and T tying for 2nd. It’s a small sample size, but even still definitely doesn’t look like a typical sustitution cipher output. This should tell the player that it’s some kind of transposition cipher — that is, the letters are simply scrambled, not changed.

So to solve this in that way, it’d be necessary to try to re-arrange the letters until you get words. As I mentioned later, “it’s best to try the easy approaches first,” so the easiest approach here would be to assume each six-letter string needs to stick together, and it’s just a question of re-arranging them to build words. If you look at the last letter of each row, there are only 5 letters in use: C, E, N, T, and X. So immediately, one might consider the words “CENT” and “NEXT.”

There are four ways to do this: The N and X remain constant, but you have to try two different rows for E and for T.


In two of these, the 2nd column spells “GSAR,” but in two of them, it spells “GEAR.” The other columns don’t do much, but there are only three other rows to try to add to the bottom to build new words with, so it should fall out pretty quickly. For example, if you add ESPEE next, then the first column becomes “CONCE” or “CONNE”, depending on what you picked for the fourth row, while the 3rd column ends with “TOP.” And so forth.

I don’t know if anyone actually tried this approach. I’m hoping some people at least considered it.

Regardless of whether you used the number index or just brute-forced the strings, the result of Stage 1 is instructions for Stage 2:


Again, thanks to G. Mark for taking one of our rough ideas (“wouldn’t it be cool if people had to actually connect the badges together and turn them to get a message?”) and making it into something that actually works. But how do you connect the gears? There was a hint for that, in the program:

Putting all the gears, in order, in an arrangement like that yields the first “machine” for this puzzle. To read this Stage 2 message, you’d:

  • Look at the top of a gear and read the letter
  • Turn the gears one click (top gears go clockwise, bottom counter-clockwise)
  • Look at the top of the next gear
  • Repeat

At the top of the first gear is “Y.” Turn the gears one click, and now the “O” that was at 1 o’clock on the 2nd gear is now at the top, so write down “O.” Turn gears again, and now the “U” that was originally at 10 o’clock on gear 3 is at the top. Keep doing this and eventually you get the message:


I’d considered several different keys for Stage 3, but eventually picked my own handle. I did this partially because there’s a history of the puzzle-maker using his handle as a key or hint (about half of G. Mark’s puzzles feature GMARK as a key at some point). I also hoped that, in looking up my handle, players would find my writeups from past puzzles and see that one particular cipher appears again and again. That’s the “classic code” that’s used for Stage 3.

Plugging Stage 3 into a Vigenere decoder, then:


Which brings us to Stage 4. As I was wandering around Friday night, I watched a table full of people working on the puzzle, and they’d already figured out how this stage works, even before they’d solved a single stage. Which was vaguely encouraging to me, to know that my contraption wasn’t that obscure.

Stage 4 required three elements: A ciphertext, a cipher, and a key.

The ciphertext was hidden on little “auto repair slips” scattered through the program (the “GATHER VINS” part of the clue). Collecting all 5, and putting the VINs in order based on the number in the middle of each, gives the following final ciphertext:


The cipher is a keystream-based cipher, where the keystream is generated by a 3-gear machine printed in the program.

That machine produces a different keystream (or, more accurately, a different segment of a single very long keystream) depending on what position the gears are initially set to. That starting position is the final “KEY” mentioned in the clue. In the image in the program, the gears are initally set to “TSG.”

But what’s the actual key you need to use? I thought and thought for a while on this one… Originally I wanted to use “OCT” (for ShmooCon 8), and figured that “10” in octal would be an interesting sort of hint, until G. Mark reminded me that “10” also looks like binary. Doh. So after about 20 minutes of brainstorming, we finally came up with “CAR” (Duh!!), and then I decided on something slightly more evil.

The key for the final stage is “KEY.”

I hope that annoyed…er, amused…at least some of the players.

Anyway, once you set the gears to start at KEY, you then read the top of each gear, turn, read the top of each gear, turn, etc. Not quite the same as the first machine, but I thought reasonably obvious (and as I said, at least one team figured that part out on Friday afternoon).

To solve this final stage, you take the ciphertext:


and subtract the keystream:


to get the plaintext. In this case, we’re numbering the alphabet from 0 (so A is 0, and Z is 25). So Z-B is 25-1 or 24, which is Y. F-R wraps around and gets you O., etc. You can also use the standard Vigenere tableau (it’s essentially the same operation, mathematically), or the “One Time Pad” tool on my favorite cipher puzzle site rumkin.com. No matter how you attack it, the final ciphertext decrypts to:


I wasn’t in the building when the winning team came in with their answer, but apparently they actually walked up to Bruce and asked him. Informed that he would not be able to answer the question, the winners huddled over the con program for a while, then after additional input from Heidi, went off to “ask the Internet.” Ten minutes later, at about 12:40 on Saturday, they returned with the right answer: “Volvo.”

Congratulations to Mike Herms and Matthew Bocknek for solving the puzzle! I hope you enjoyed it.

(click here for the solution presentation from the closing ceremony.)

  1. February 4, 2012 at 6:14 pm

    Another fun puzzle for Shmoocon fans. BTW, I included a more straightforward alternate way of ordering the badges if you couldn’t figure out the date sequence. As Darth said, you can do a frequency analysis or line up the last letter of each row. You could even brute-force all 7! permutations (5,040). But all of those are too much work, if you ask me. Just take the first letter of each badge text block (C – C – E – N – N – O – T), and solve that like a JUMBLE puzzle — only one seven letter word works — CONNECT. Now you’re down from 5,040 permutations to 4. Read column two, and if you get R – E – A – R – S – G – E, for example, you’ve got the C’s reversed (positions 1 and 6) — so swap those badges around and you get G – E – A – R – S – S – E in column two, and you’re onto the next stage with directions in hand. 🙂 Congratulations to Darth for a great puzzle, and looking forward to more.

  2. February 5, 2012 at 12:20 am

    Hey Darth,
    I did enjoy it! I am in fact a regular reader of all of your crypto solutions. I studied the past badge puzzles here and how you solved them. When I left work on Thursday before the con all I could think about was that I was going to solve and hopefully win this year’s puzzle. I knew (or thought at the time) that meant I had to contend with you and your knack for solving these things. When Friday came I got my badge and started to check out the program for all elements that may be involved. I was pretty sure that there were 7 badges I just had to find them. The guy next to me had badge 0128 and did not want me to photograph and share it because he thought it may contain Personally Identifiable Information :/ (I even told him that there were only seven unique badges). Luckily the guy in front of me was a speaker from Foundstone and said to follow him on twitter to get all the pictures of the badges. Later I saw the tweet by you “First big breakthrough on the ShmooCon badge puzzle!” I immediately thought you were talking about yourself and I started to get bummed out. Later hope was restored when I read “I’m actually not playing the ShmooCon Badge contest this year. But happy to throw some hints out. 🙂 ” Now that I knew the Dark Lord was out of the running, I knew I could do this!

    Friday night Mike and I had all the badge pictures but were stuck at how to order them. I went to sleep knowing that we needed to find an order to these badges to move on. At 6am Saturday morning I woke up having thought that representing the numbers xxxx as xx/xx would produce dates. I immediately thought that 7 badges = 7 days of the week however it worked out to not be unique days of the week, I was stumped again. At 9am I rode in to ShmooCon with Mike and we discussed my thought that they were dates. He then asked “Was ShmooCon always the last weekend in January?” I said I was not sure and we moved on. We were so close but did not make the connection. As it turned out we never did or did we need to. On 395 I saw the clue from GMark about reading down for directions. Under direction from Mike I just tried to make a word from the first letters of the boxed badge text (see the GMark method above in his comment). At the con Mike fixed up a simple error I made and we were off to “Turn the gears”. Two hours later and the puzzle was solved. I loved the literal use of key and the 80 char long key string, typing that on my phone was a challenge. I also loved when we asked Bruce directly and he looked at Heidi and asked if he could answer she said no and he told us he was leaving so he did not do anything stupid. The reason Mike and I looked through the program was that we thought one of the five car repair slips might have had the initials BP (Bruce Potter). I was really asked by Heidi “who do I ask for anything I don’t know” to which I replied “the internet”. The crowd loved that the closing ceremony.

    I did find it odd that both you and GMark were tweeting hints so after it was done I sent some tweets GMark’s way. I told him I did not see any “gmarks” in the puzzle and he said that this puzzle was your show and was just a consultant. After I saw this it was quite obvious as to why you were not competing, and knew all the answers (you designed it).
    Sorry for the long comment. I just wanted to give my side and the obstacles Mike and I faced. By the way after I found out that you had made the puzzle I almost felt like I had cheated, knowing that I read all of your crypto posts here. This was my second ShmooCon and I found your site after last year’s groans that you had won again, I needed to see who this guy was that had won.

    Long and short Great puzzle, I had a wonderful time figuring it out! Perhaps you may get some joy knowing that you had an unintentional hand in training the winners.


    • Darth Null
      February 6, 2012 at 9:09 am

      So glad you had fun! I’m a little disappointed that the bulk of the puzzle fell so quickly after you got the badges in order, but then maybe you’d already been thinking about later stages anyway. It’s especially funny how you danced around the ShmooCon date trick but never quite latched on.

      And I’m glad that my writeups here helped… don’t feel like that’s “cheating”. 🙂 I try to document these puzzles for two reasons: 1, so that great puzzles aren’t lost to time (and that others may build upon past successes), and 2, so that people can learn more about solving them. So if my posts helped you in any way, that’s a big win in my book!

      • February 6, 2012 at 11:08 am

        Well as for the last stages of the puzzle, we had the vins already as I was pretty sure we were going to need them at some point. Of course I knew you had solved the puzzle the last three times so we progressed to the three gear stage rather quickly. The three gear stage was pretty tricky though :). I tried them the way they were, forwards and backwards but no dice. I then convinced myself that K-E-Y was the key since there was only one k, e, and y on each respective gear. At first we were stuck on how many revolutions it would take to get the gears to align to key. Take that number and rotate the previous 7 gear’s to get the key to the VIN’s. The method was way too complicated and did not work. I then realized I could just set the three gears to key and try reading forwards and backwards. All of a sudden I saw “YOUHAV” pop out and I went crazy! I kept decoding it three letter chunks at a time because I just wanted to see what it said. I was very excited because I could not think of any more cipher text that needed decoding. I thought it was over and we had one. Then I decoded “NOW FOR THE FINAL CHALLENGE” and I started to get stressed again because there was one more step. At the very end our key was messed up and I entered the cipher text wrong so we decoded WHAT CAR DOES BRUCE STILL HAVE ON BLVORD. I felt like Ralphie from “A Christmas Story” saying “have on what?”, “HAVE ON WHAT?”. We then corrected it to blocks after we identified the mistake.

        I thought that the puzzle was perfect because each stage led me to the next and presented a clue for the key. You should remember that I had read how it is important to keep it simple. Many of your puzzles showcase how easy the answer was after you know the solution and the importance to not over-complicate matters. At every stage and at every dead end I took a step back and said what I know, what is there left, and what was the clue. This allowed me to refocus on a simple approach after I made leaps in the wrong direction. I hope you are not disappointed now that you know all the wrong directions I went :). It was challenging and set us for loops at times!


      • Darth Null
        February 6, 2012 at 11:41 am

        I also ensured that “GMH” (G. Mark) and “DJS” (my initials) were available on the wheels as potential distractors. 🙂

        I’m glad that the “one stage leads to the next” format worked. I first really saw that with G. Mark’s TOORCON 12 puzzle, and I like the structure of it. Though I do think that there should be some looping / branching, just to make things a little more interesting. Maybe next year. Finally, I’m really glad that you’re learning from my mistakes as far as keeping things simple. Refocusing, stepping back, keeping an open mind, not getting bogged down on a single approach (whether that approach is reasonable or rabbit-hole-crazy) is a skill that I’m still developing.

        Thanks again for your comments. Seeing what you went through, and your enjoyment and enthusiasm, makes it all worthwhile!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: