Satoshi’s Lost Faucet — Walk-through (pt. 2)

Chain of Insight
Published in
5 min readMay 7, 2020


This is part 2 of the Satoshi’s Lost Faucet walk-through. If you’re looking for Part 1, please visit:

We previously worked out how to open the zip file from the museum lobby. This archive contained another copy of the source image and a text file linking to the next riddle page. The page can’t be accessed yet because it’s under password protection.

A minor encoding issue led us to add a second proof hash 😅

Unlocking the Genesis Exhibit

The password required to unlock the Genesis Exhibit is not the steganograpic link from JSTEG, but information from that linked forum thread is vital for solving this step. More specifically, Satoshi’s message at sub ID #5754 contains all the information needed to solve the riddle. At first glance our hashes appear like they might be Sha1 outputs, but after reading Satoshi’s posts we find reasonable justification the hashes are actually Ripemd-160.

The riddle is asking for the input rather than output so anyone able to reproduce one of the proof hashes should be able to determine the encoding format for the password. If anyone reproduced the hash but got stuck here they surely were smarting upon discovering the answer, as formatting for the input was given by the homie Satoshi N. back in 2010. More specifically, the pertinent information from Satoshi’s post is: bitcoinaddress = RIPEMD-160(SHA-256(publickey))) but that begs the question — what constitutes the publickey and the bitcoinaddressin this scenario? To help orient players to think in this fashion our public hint for the Genesis Exhibit explained:

Use of the word “now” is interesting here, as it implies your inventory was recently updated. Putting it all together…

  • Unzipping unlocks 2 files, one of these is the 🔒, the other is the 🔑
  • A URL is like an address, so the text file URL must be the left side of our target equation: bitcoinaddress = RIPE-MD-160(SHA-256(publickey))So now we’re looking for just the key.
  • If we determined the URL is the lock, the image must be the value of the publickey in Satoshi’s pseudocode. The riddle already tells us the value of the left side of the equation (the public hashes), which enables us to test our assumption to make sure it satisfies the correct value. Once we can reproduce our target output we have everything we need to proceed.

The above script reproduces the hash proof of the riddle and confirms the input format. From here it’s a just a matter of converting it back to a string conforming to Satoshi’s pseudocode. The resultant password that’s required is: RIPEMD-160(SHA-256(Times_03Jan2009.jpg))

Get to the Easy Stuff Already!

From here unlocking the Genesis Exhibit produces a secret trap door leading to an eerie basement.

As a reward for the hard work required to progress this far in the game the trap door leads to a page without any clue as to how it can be accessed. Puzzling at first. So um, how do you access it? Ironically this password is one every solver probably tried to use many times already —the link extracted by JSTEG:

Lower Level Stage: the Final Riddle

Here we’re met with more backstory about the origin of Satoshi’s faucet. We find ourselves in a room lit by an ancient laptop belonging to the eponymous creator. Browsing the machine’s directories shows evidence it ran the Bitcoin v0.1.0 but access is blocked to open any wallet.dat files containing mined coins. That said, trying to access them launches a strange program instructing you to somehow doxx Satoshi.

Greatest mystery of all Bitcoin history?

The blinking Powershell cursor both clues you in and trips you out. The answer isn’t a PowerShell command but actually the error response from one.

Other hints are:

  1. There are 3 riddle pages, each corresponding to an operating system type.
  2. “Who is Satoshi Nakamoto” is clearly a ridiculous question since (as far as we know) it can’t be solved logically unless there’s trickery involved 👻 🎃, so trickery involved there is.

The key thing to recognize is “Who is Satoshi Nakamoto?” can be rewritten as a valid PowerShell command by modifying only 2 characters of the string: Whois Satoshi.Nakamoto PowerShell is pretty tolerant with its syntax and this version of the command isn’t possible on other systems all of which require a lowercase whois command.

But the difference between Whois and whois hardly justifies producing separate puzzle pages. There must be something about the responses themselves which required splitting the riddle into separate web pages. To clue you in that you need the error message, not the command itself, requires a logical leap. Despite what Satoshi claimants have tried to justify, our riddle’s question is not really solvable without having cryptographic proof and cryptographic proof is exactly what Satoshi’s laptop has just denied you from accessing by way blocking your permissions. Since the question itself is errant, the answer you will need is likewise an error message:

  • Windows: No such host is known.
  • Linux: No whois server is known for this kind of object.
  • MacOS: You queried for Satoshi.Nakamoto but this server does not have any data for Satoshi.Nakamoto.

GG Well played! 😊