Blurred Out QR Code Was Key To $1,000 Bounty

Two code enthusiasts earned themselves $1,000 by deciphering a QR code from a TV broadcast despite It being blurred out.

Clement Storck and Michel Sassano were able to reconstruct the code, which represented a Bitcoin private key. It was part of a competition that turned out to be considerably more difficult than designed.

Robert Ver, a big advocate of cryptocurrencies, discussed the topic on a French TV news show. As something of a promotional stunt. He had intended the QR code to appear in full and simply make it a race among viewers to scan the code and use the key. Instead the TV broadcasters blurred out the image, which appears to be because of French broadcasting laws that ban prize giveaways on news shows.

However, while the written form of the key was blurred out at all times, the station did mistakenly air one shot where around the bottom 20 percent of the QR code was visible without blurring. It also aired the relevant wallet’s public key in unblurred QR and written form.

Storck and Sassano have detailed the process of solving this inadvertent puzzle in a blog post. They started with some basic image enhancement and analysis (which they joked is nothing like as effective as TV dramas suggest), which gave them the first six characters of the private key from its written form. They’d also been able to read the final character without any enhancement despite the blurring.

Next they used the available data from the unblurred QR image to figure out the size and format of the code, add in the data that they already knew based on the format, and then add in the data they could see in the unblurred image. To do this they used a Google spreadsheet (pictured), which effectively acted as a slightly easier version of drawing the code on grid paper, marking up both the data they knew and the sections they had to figure out.

Completing this process included taking advantage of error correction codes in the QR protocol (which are designed specifically for overcoming missing data). Based on the description, it could perhaps best be likened to solving an enormous Sudoku puzzle.

Eventually the number of unknown pieces of information was low enough that “only” two million possible combinations remained. That was enough to brute force it in around half an hour to produce two valid keys. One of these proved the correct one and the pair collected Ver’s bounty.


Geeks are Sexy needs YOUR help. Learn more about how YOU can support us here.