14 Million Satoshi Puzzle “Run BITCOIN Run” Solved!
A Postmortem on How it was Built and Solved!
Bitcoin puzzles are fun. I was inspired to make my own after agonizing over this one for weeks to no avail. It had 5 Bitcoin in it back in 2015.
What I learned from all this is that Bitcoin puzzle design is hard. Making a puzzle that is brute force proof, but solvable for the plebs is even more difficult. And in hind sight, I made the puzzle too hard in it’s first iteration, and too easy in it’s second. You see I first released the first version of the puzzle last year on October 31st to celebrate the 13th anniversary of the Bitcoin whitepaper. But after going unsolved for a year, I decided to up the reward to 0.14 Bitcoin and release the puzzle again with some more clues. Turns out, those clues were fast figured out this time around, as almost 48 hours latter the puzzle was solved and funds were sent to the winners Bitcoin address.
The Puzzle Design:
Bitcoin Puzzle masters have the option to either
a) first create the private keys/seed words and then insert them into the puzzle or
b) make a puzzle and somehow derive the private key/seed words from the puzzle.
Option a) is more difficult in my opinion, since you gotta warp the art to insert the private key information. Doing this can impact the quality of the art negatively, and can also be a bit of a grind to implement. And in this case, I wanted the whole video piece to be the private key from start to finish, and backwards again!
So I first created the puzzle by using woodkids run boy run music video as a base. I then added a bunch of Bitcoin history and paraphernalia throughout the video.
This included:
• A fading dollar sign at the top of a fiat tower as Bitcoin runs away
• The whitepaper falling like rain
• A copy of the genesis block text expanding on beauty behind the hills
• With a counter point of the Federal Reserve Logo embossed on the side of the tower of power
• s_nakamoto emerging with the first Bitcoin logo (Satoshi went by this moniker on sourceforge.com where the Bitcoin code was originally published before GitHub)
• Bitcoin Boy falling over the inflation bug block
• s_nakamoto emerges to help Bitcoin Boy up again, as a screen of the code for the halvings and coins supply is shown
• Followed by the open source copyright license terms issued by Satoshi for the Bitcoin project
• Followed by the 2nd iteration of the Bitcoin logo as an “idea Mr Creedy…and ideas are bullet proof.”
• A quote describing Bitcoin as a timechain as a tree like structure from satoshi’s notes in the first version of Bitcoin code.
• Segwit shield and UASF sword (user activated soft fork) are both nods to the blocksize wars
• Bitcoin boy jumping over the Bitcoin moon
• Liberty Bell added to the New Tower
• Not Your Keys, Not Your Bitcoin on the entrance to the Citydel
• With a brief flash of the reward address and derivation path of the multisig wallet
• “A Peaceful Revolution” billboard made by cryptograffiti
• A lightning strike awaking the giants
• The FED logo disappearing from the tower of power
• Taproot embossed on the side of the flying pirate ship
• One rocket ship going to the Bitcoin moon, one returning
I also added some inspirational audio on top of the music, which was ultimately the key to the keys. The valid bip39 words from these added audio tracks were the seed words.
This began with a lord of the rings quote from Arwin “There is still hope” amongst the contrast of hell’s siren blaring and falling ash. The next audio insert was from V for Vendetta, where V describes ideas as bullet proof. Then there was Kennedy announcing “we choose to go to the moon”. And a speech from the TV show Fargo about “PRINCIPLES” (here’s looking at you Raoul). Finally the last inserted audio track was of president Kennedy underscoring that we don’t accomplish great things because they are easy, but because they are hard. A nod to proof of work, hard money.
Note: DO NOT USE THIS METHOD FOR REAL WORLD SEED WORD GENERATION. Seed words should be truly random and cannot be randomly picked by a human without dice, or 24 hats with all 2048 seed words in each hat, and where you pick one word from each hat randomly. Even this has flaws! More info on this topic.
These several inserted audio tracks as the seed words was really too hard to figure out in the first iteration of the puzzle a year ago. So for this years update I simplified things by marking the seed words for each key with a tint for (this also helped for re-posting the video to YouTube without an copyright take-down).
The first key was highlighted by orange tint and the words were in order of the video from the start to the middle where they finished. The second key was highlighted by the inverted tint, but started at the end of the video and flowed backwards towards the middle. Both keys intersected each other in the middle of the video where some words were shared, which was highlighted by an orange and inverted tint simultaneously.
As you can see, “upon”, “hill” and “keep” were the shared words of the seeds. While the atypical, “allow” and “burst” words were out of place in the subtitles, since they were added into the video piece after the fact.
The reason for this is because the last word in ever seed is a special checksum word that acts as a fingerprint that equals the sum of the first 23 words. Ultimately what this means is that you can’t use any random word for the last word in a manually generated seed phrase, otherwise the seed phrase won’t be valid.
Therefore, I had to do a small brute force operation to grind the 24th word into existence and re-add it to the video.
I was hoping some of these small anomalies would hint at the nature of the seed words, but I think there were too many rabbit holes in the paraphernalia content that people got lost in.
I was hoping that the updated video with the tints highlighting the words would help with this, and it turns out it didn’t take too long for people to put the pieces together on reddit.
Soon after comments like the above were made, the puzzle was solved…
But by who?
I sent out a public message on twitter asking for the winner to step forward, and lucky enough they did. Turns out they were working on cracking the puzzle since the first version was released over a year ago with some custom brute force coding skills.
I made a couple mistakes in the paraphernalia that the winner thought were seed words. But this threw off their results. They ended up not being able to crack the first version since they added words that were not valid seed words to their brute forcing job.
But one ace they had up their sleeve was that the multisig wallet had sent Bitcoin from the winning address once. I did this at the start of the project to test the seeds of the multisig wallet and be sure it was valid and working.
But by spending from an address you reveal a few things! For one, it revealed that I was using a 2 of 2 multisig wallet! And two it provided data that could be used to confirm if two seeds from a pool of hundreds of potential seeds were the matching 2 of 2 winning seeds.
Thus, when the update of the puzzle was released the winner only picked the words within the tinted frames to brute force. He then had a list of many good seed combinations that could be combined to match the fingerprint from the test spend transaction!
Which is another lesson. Don’t Reuse Addresses! This is exactly why! Ultimately this was how my puzzle was defeated! Address Reuse!
If I had not spent from this multisig wallet, the brute forcer would have a much harder job of checking each potential seed combination for funds. I’m not even sure if this could be automated that easily.
All in all, this was a fun project that I can cross off my Bitcoin bucket list. I don’t think I’ll be doing another one of these for a long long time. BUT, if I were to do another one I would probably use a taproot script in some creative way. I hope it helped inspire and educate some people about Bitcoin!
Thanks for reading!
/end
