Hackers Discuss the ‘Mr. Robot’ Series Finale

All good things must come to an end, but we got together one last time to discuss Mr. Robot’s series finale. This encompasses both part I and part II of the finale.

We talked about [SPOILERS, obv] Red Team Elliot vs. Blue Team Elliot, the iMac hack, FileVault, hidden partitions, body disposal (sort of), the finale’s music, recursive loops, disassociative identity disorder, and the show’s trans and queer representation. (The chat transcript has been edited for brevity, clarity, and chronology.)

This week’s team of experts includes:

  • Em Best: a former hacker and current journalist and transparency advocate with a specialty in counterintelligence and national security.
  • Jason Hernandez: Solutions Architect for Bishop Fox, an offensive security firm. He also does research into surveillance technology and has presented work on aerial surveillance.
  • Harlo Holmes: Director of Digital Security at Freedom of the Press Foundation.
  • Trammell Hudson: a security researcher who likes to take things apart.
  • Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as Director of Information Security at The Intercept.
  • Freddy Martinez: a technologist and public records expert. He serves as a Director for the Chicago-based Lucy Parsons Labs.
  • Yael Grauer (moderator): an investigative tech reporter covering online privacy and security, digital freedom, mass surveillance and hacking

Part I

Computer repair shops

Yael: I just want to say that tiny computer repair shops are adorable. I go to certified Mac repair shops that aren’t Genius Bars all the time because they’re nicer and more honest about what repairs you need and what they’d recommend doing/buying. And generally cheaper. So I like that throughout the show there’s been these little nerdy shops and it makes me miss Radio Shack. Shoutout to MacMedia in Scottsdale.

Jason: Yeah, I remember going to a few indie computer shops back in the day. It’s sad that most of them didn’t survive the rise of e-commerce. Well, I’m less sentimental about the death of Circuit City, even though I worked one Christmas there. I do miss CompUSA sometimes.

Harlo: I really miss mom n pop computer shops. They used to be all over NYC.

Coding trophies

Yael: Do you really get trophies for coding? Is that a thing?

Jason: Maybe at some corporate hackathons? It’s not something I recall there being any kind of competition for kids to do when I was younger, but idk.

Trammell: I’m glad everyone else noticed the CODING trophy. Did you see the one with the laptop?

Yael: I’ll have to go back and look again. I just remember wondering, what would Young Preppy Elliot have gotten trophies for?

Micah: I don’t think I ever got coding trophies, but when I was in middle school, my team won a MATHCOUNTS competition, and in high school I traveled to another state to compete in a regional programming contest and got first place. So I’m basically like Elliot.

Parallel Universe

Trammell: Did you all notice the cars? Every single car in the perfect world was white and new.

Jason: Lots of Tesla Model Ss.

Trammell: There were lots of fun small things, like the sign advertising the nuclear power plant with the nuclear family illustration turned into an ad for the community center with the same family. Or the Township sign that said, “A nice place to live,” but in the earlier world was defaced to remove the “nice.”

Yael: I was very excited to see an old-school iMac. I had one of those!

Jason: Yeah, I think I actually did my first programming on one of those iMacs in Junior High. Some JavaScript embedded in HTML docs.

Harlo: I had one of those, too. Mine was purple.

Yael: I had one of those right after I graduated college. And then at my very first post-college job we had a bunch of them in a circle for people to check their email if they didn’t have internet access at home.

Harlo: What’s the parallel universe Mr. Robot font? Because that is a distinct logo, I can’t quite place it…

Jason: It’s definitely inspired by the Geek Squad logo.

Harlo: Yep, can confirm with Bing!

1577119937753-font

Dual Elliots

Trammell: Malek did a wonderful job between the two of them with such different characteristics. Very Tatiana Maslany from Orphan Black.

Yael: So if you were hacking your parallel/perpendicular universe self, would you be able to do it? I guess it’s easier to break stuff than to protect it. Red Team Elliot has an advantage over Blue Team Elliot. So I guess my money is on Elliot being able to hack Elliot.

Micah: I noticed that when (A) hacker Elliot was searching preppy Elliot’s apartment, he found a copy of Ubuntu Made Easy, the 2012 No Starch Press book.

1577119952053-ubuntu

(A) Elliot == Red Team Elliot

Preppy Elliot == Blue Team Elliot

Harlo: A CASE LOGIC FULL OF PHOTOS. WHAT A FUCKING DRIP

Trammell: Red Team Elliot also had the advantage that the iMac was old and would still boot into single-user mode. That was the same technique I had to use to break into a NeXT Cube with a long-forgotten root password:

1577118630485-16875707127_d6e9a20a33_k

Image: Trammell Hudson

Yael: I thought it was interesting that Elliot thought he could learn about Elliot through his social media profiles, at least as step 1. I just want to say that OSINT has its limitations in multiple ways… so what happened here was everything looked all happy and glamorous.

Jason: Everyone self-censors on public social media… one’s Facebook profile is never a perfect representation of their life.

Yael: But one time I backstalked someone’s Instagram to try to determine what kind of a person they were and my impression of this person’s character ended up being WAY WORSE than how they are IRL. So it cuts both ways.

iMac Hack

Micah: So the iMac hack, I never tried that before (in my earlier hacker days I never had Mac hardware), but this is the password reset he was doing. Also this.

Yael: Ooh, that’s how he did the password reset?

Trammell: Once he was logged in to the account on the Mac, pretty much all of the websites would be accessible due to stored cookies in the browser, as well as any data backed up to iCloud. That’s a huge advantage for Red Team Elliot.

Yael: What could Blue Team Elliot have done? Saved on an encrypted drive?

Harlo: FileVault.

Trammell: If the browser login cookies didn’t persist, they would have been lost after the reboot into single-user mode. It’s a hassle to have to re-login after restarting, which is why most folks don’t do it.

Em: Would there have been an iCloud backup, though? Not introduced until 2011 and OS 10.7.

Jason: It looks like Blue Team Elliot used a weak password that was cracked pretty quickly on a single machine.

Harlo: But that was on the “hidden” partition.

Micah: So there’s something in how (A) Elliot hacked preppy Elliot’s computer that I don’t understand. Initially, the password reset failed because of FileVault, right? And then he got around FileVault by booting to single-user mode, deleting /var/db/.applesetupdone which causes the Setup Assistant to re-run on reboot… but how does that unlock the FileVault drive? Wouldn’t he still need preppy Elliot’s password?

Jason: Yeah, I think so.

Yael: Maybe it was just the same complex password Red Team Elliot would’ve guessed

Trammell: Maybe he had an idea for what it might be and was able to limit the search space for the password testing.

Em: There are apparently ways around this. You need my Yubikey to boot into my Mac. Unless you go into Rescue mode, and then you can disable that requirement entirely.

Harlo: He definitely went into Rescue mode.

Em: “Physical access is total access.”

1577119970251-singleusermode

Micah: He deleted the file “.setupdone,” though in real life it’s called “.applesetupdone.”

Also, he didn’t include spaces where they should be. I wonder if the producers decided to slightly modify the commands so they won’t actually work if someone tried them? Like instead of /sbin/mount-rw/ the real command is /sbin/mount -rw /

Trammell: He seemed to miss spaces in several of the commands.

Em: Yeah, the iMac had no iCloud. So iCloud hacking wasn’t an option. It didn’t—and couldn’t—run the required OS.

Yael: I know they show has invented different tech that mimics real tech before to avoid the situation where the company says no and they get in trouble.

Micah: Yes they have. Like, I remember they’ve slightly altered Windows screenshots to remove words like “Windows” and “Microsoft,” and I think they’ve maybe skipped spaces before, too.

Yael: So like for example if they wanted a Windows tool and didn’t want to ask Windows they would just create an alternative Windows-esque tool that didn’t say Windows because if a company says no and they do that, then it’s worse than if they never asked, but at the same time, they got real tech from, like, Bishop Fox, etc. with permission.

Em: That’s called Greeking. Or, as Wikipedia mostly calls it, “Product Displacement.” But industry term is, IIRC, “greeking it.” Interesting to note that with the missed spaces, etc., they animate the screens entirely. So it raises the question of how deliberate those things are.

Trammell: Back on the self-hack, right quick… he uses Chrome in headless mode to extract the various login cookies using a WebSocket debugger. That’s super clever.

Yael: Can you parse that for us?

Trammell: Rather than running Chrome and trying out all of the different sites to see which Preppy Elliot used, he had Chrome tell him the stored login passwords (I think that is what those are in the value field).

Harlo: Can we say more about this! I heard of a new wave of identity theft where it’s just about stealing people’s browser footprints; is this related?

Trammell: Google tries to identify real people by having things like login cookies, search history, etc. So if you can copy some of those tokens from real people, you don’t have to run lots of automatic searches to try to build up a history. (Preppy Elliot is also on twitter, but I can’t make out the handle.) I think that is more about passing the Not a Robot test.

Hidden Partition

Micah: So I don’t quite get getting through the first full disk encryption FileVault, but the hidden partition part was pretty awesome

Harlo: How do we know he had FileVault on?

Micah: When Red Team Elliot attempts to reset Blue Team Elliot’s password in recovery mode, but can’t, he says, “Shit. The drive’s encrypted. Maybe he’s more like me than I thought.”

Em: (Again, he technically couldn’t have because it wasn’t a feature introduced until OS X 10.3 which his old iMac couldn’t handle unless it was just a shell and he’d completely swapped out all of the tech, which is problematic in other ways but definitely doable)

Jason: I just watched the Mac hacking scene up to the discovery of the hidden disk volume, and I’m a little confused about what happens. I assume that he didn’t actually get through FileVault to access Blue Team Elliot’s user profile, despite his comment “shit, the boot drive is encrypted, maybe he’s more like me than I thought.” The list of volumes also shows the filesystem is APFS, which is pretty new

Trammell: I can’t find the full GIF, but the hacking scene was the most realistic since Hackers: https://images.gr-assets.com/hostedimages/1500997301ra/23405528.gif (That one is like a 12 hour time-lapse of Dade sitting at the keyboard staring at code and printouts while the sun sets, the rest of the crew dances, has pizza, and the sun rises).

Yael: Heh. Accurate. Except needs more Mountain Dew.

Micah: Speaking of The Matrix, the earthquakes were absolutely caused by glitches in the matrix

Harlo: Oh, hey, just a thought. What was that Mac OS X vuln where the root password was just “”? [nothing] Is that applicable here?

Em: That was a Sierra bug.

Trammell: The Intel Management Engine had a vulnerability where they did a password string compare with strncmp(real_password, user_input, strlen(user_input)), which means that an empty input will match.

Yael: Ooh, that’s a fun bug.

Micah: Here’s the password cracker script. The password cracking script is really simple. It just reads from stdin, and tries mounting the hidden partition one line at a time. When Elliot actually runs it, he passes in passwords.list, which is some wordlist he must have downloaded or created. And apparently, it included the password ELLIOTS-desktop, which I think was the hidden partition’s password.

1577119988469-passwordcracker

Trammell: I would expect Preppy Elliot to use pico/nano, while Hacker Elliot would be more of a vi or ed sort of person.

Yael: Oh no, Elliot. You made it too easy for Elliott. So what’s the 101 rundown of how the entire hack worked? He goes in, runs from safety mode, overrides…something, downloads a password list?

Trammell: Single-user mode, which used to not require any passwords. And provides write access to the non-FileVault encrypted parts of the drive. So that he could then add new users, change passwords, etc.

Micah: I think overall it was realistic in that if someone has physical access to your computer, there is a good chance they can get in. (At least, in the olden days). That gave him access to the disks and let him log in as the normal user. Which then let him do the social media searches, etc.

Jason: Why is it calling apfs-fuse on a Mac? Is that a thing?

Trammell: Fuse is a general-purpose user space file system.

Micah: Fuse is also used for other types of partitions, like macfuse is a dependency for Veracrypt.

Trammell: He’s using fuse to probe the apfs encryption key, since it doesn’t have any rate limiting, and since he doesn’t need a slow GUI to keep popping up. Essentially using apfs-fuse as an offline attack against the password, where the official apple tools have provisions to make them less useful for automated attacks).

Trammell: That clarifies why you’d use a FUSE driver on a Mac for a native filesystem.

Jason: I think this might be the driver he’s using: https://github.com/kholia/apfs2john— it looks like it runs on MacOS.

Yael: But wait, he had to do something else to find the hidden partition.

Harlo: It’s NOT hidden, though. It’s just… there. If you can find it with diskutil list, it’s not hidden.

Jason: Yeah, it’s not really hidden on/from the system. It’s just not automatically mounted.

Harlo: Also, it’s not hidden if you can find it running regular commands, and it’s also labeled “fuck society.” “Here are my secrets, thank you.bat”

Jason: I think Blue Team Elliot’s “hiding” of those images is just intended to keep Angela/friends/family from stumbling on his weird hobby drawings.

Yael: So perfect Elliot wanted another life… and drew Elliot’s life and F Society because “I figured that’s what an anarchist hacker would come up with,” which is actually pretty good tbh. I mean he did have a hoodie, but pretty accurate.

Trammell: They invented each other—Hacker Elliot imagined what a perfect life would be, and Preppy Elliot imagined what a l337 hacker would be like.

Harlo: One more thing about the hack. Passwords.list, do we have a link to that? Just a plug for diceware, my friends.

Micah: Whenever I need good wordlists to try to crack a password, my first try is using one of the lists in this repository: https://github.com/danielmiessler/SecLists.

Jason: Rockyou.txt is a pretty small password list that is highly effective in pentesting

Yael: Wait, if it’s effective in pentesting, do you need to not use it for yourself? 🙂

Jason: Rockyou.txt is a list of a lot of common passwords. It’s a quick and easy list to run through penetration testing tools and guess all of them quickly if no rate limiting is involved. If you use a password that is on that list, you should change it 🙂

Trammell: You can also do the RAND Corp style guaranteed random password generation:

1577118725646-48698405668_cab48a45f4_k

Image: Trammell Hudson

Yael: I think EFF sells one, too?

Harlo: Nope, WE sell a dope diceware zine, but EFF sells awesome dice to go with it. 🙂

Micah: These are sitting on my desk at the moment.

1577120009577-dice

Image: Micah Lee

Yael: Okay, I will link to these things for nerdy stocking stuffers/Hanukkah presents.

Killing Your Alt

Yael: Last thing for this episode. Would you kill your alt? I want to knooooooow.

Trammell: https://tvtropes.org/pmwiki/pmwiki.php/Main/KillingYourAlternateSelf

Micah: I wouldn’t kill my alt. If I were in that situation — without understanding exactly how real this world I was in was or not—I would have called 911 and tried to save him.

Yael: I think I would try to reason with my alt, esp. if she didn’t call the cops on me.

Jason: Yeah, I’d call 911 and disappear.

Yael; Or I’d pretend I was a long-lost twin, maybe?

Harlo: I would NOT kill my alt. I think they would be really fun.

Micah: Even if they’re sort of the same person, it’s clear the other Elliot is like a sentient human. I guess it’s true that the two of them interacting tended to cause earthquakes, but still.

Yael: I thought the earthquakes were from the nuclear reactor blast that did/didn’t happen.

Em: It’s proposed by Elliot, but what we see contradicts the notion that the earthquakes are caused by their proximity or interacting.

Micah: The first earthquake happened when he heard his alt’s voice on the phone, then another happened when they touched each other

Em: No. The first earthquake happened when Elliot woke up in the street.

Part II

Body Disposal

Micah: Elliot is fuckin dark. What’s he gonna do with the body?

Em: For the record, it would be the easiest body disposal of all time since no one would be reported missing. The only way to get caught would be in the act.

Harlo: Isn’t that the whole thing with multiple timelines? You have to kill your alt?

Em: That’s a myth.

Micah: This is related to the philosophy of transporters in Star Trek. If you beam from one location to another, you actually end up murdering the first you and materialize as the second you. Is it ethical? There was even a TNG episode where a double of Riker got stuck in the transporter buffer for years or something.

Em: Well that’s not murder, that’s suicide.

Trammell: The Riker double went on to live a productive life in a different Trek franchise.

Harlo: Why wouldn’t we want to have two Rikers? I mean, one was burdened with ineffable and unprecedented trauma…

Em: There are two things to discuss. One is that it’s not a body Mastermind!Elliot is trying to dispose of its Host!Elliot. As in, actual Host!Elliot. The consciousness. You can’t really examine the episode without looking at it through the lens of dissociative identity disorder. The show’s version of dissociative identity disorder.

Music

Freddy: I just wanted to say that the song Ne me quitte pas that was playing before the wedding was covered by Nina Simone. A song about cowardice men. Harry Anslinger, who created the original Bureau of Narcotics (before the DEA) was obsessed with Simone. (Anslinger would obtain heroin for Joseph McCarthy for years.) There is an amazing book called “Chasing the Scream” that documents Anslinger’s obsession with Simone and how he used it to launch the modern war on drugs. More on this here: https://www.thefix.com/content…

Em: Since we’re addressing the music, have to say that the opening song in part 1 was more appropriate than everyone would think on first watch. Delightfully so.

You’re wondering who I am (Secret, secret, I’ve got a secret)
I’ve got a secret I’ve been hiding under my skin
My heart is human, my blood is boiling, my brain IBM
So if you see me acting strangely, don’t be surprised
I’m just a man who needed someone and somewhere to hide
To keep me alive, just keep me alive
I’m not a robot without emotions, I’m not what you see
I’ve come to help you with your problems, so we can be free
I’m not a hero, I’m not a savior, forget what you know
I’m just a man whose circumstances went beyond his control
The lyrics tell you the truth right at the start.

Looking Back at Part I

Jason: I would say that the hacking and password attacks were probably easier than they would have been, given that the imagined Elliot exists entirely in our Elliot’s mind.

Em: Okay, but it’s not an “imagined Elliot.” They would’ve thought pretty similarly. It’s the host.

The “imagined Elliot” (Host!Elliot) is older than “our Elliot” (Mastermind!Elliot). If one has to say that either of them was “imagined,” it’d be Mastermind!Elliot.

Micah: Maybe this explains my confusion with bypassing FileVault. How did that actually work, since Elliot didn’t crack the password to initially root the box? Maybe it was more like what happens when you’re hacking in your dreams. It doesn’t have to completely make sense.

Em: This is what I meant by “it all has to be analyzed through the lens of DID because that’s how it was constructed by the producers.” And it did make sense, but you can’t think of it as hacking because it wasn’t. It was Mastermind finding ways to access parts of themself that had been cordoned off, basically. Some of which were figments. But thinking of it as “hacking” at all is inaccurate, which is one reason why all the tech didn’t actually make sense. The iMac wasn’t an iMac, it was a box stuffed with memories and idealized versions of things. It was an amalgam.

Jason: If I was imagining how I’d hack a Mac in my brain, there would be some inaccuracies because I don’t perfectly remember how they work

Em: But that’s not what this was. It wasn’t a Mac. It wasn’t even the idea of a Mac. Not really. Think of the iMac as a memory palace that’s locked. Think of it as memories that you’ve lost. You’re not imagining finding them. It’s not imaginary, it’s more symbolism. Thinking of it as “hacking” at all is like thinking of trick or treaters as ghosts and goblins. It’s something else with a sheet over it.

Micah: I really liked it when dream-reality started to seriously break down.

Yael: The FSociety masks?

Micah: Yes, the FSociety masks. Everyone having Mr. Robot’s face. All of the glitches in the matrix where suddenly he was somewhere else.

Yael: He called himself on the phone, ermigod. Yeah, it was fun. Kind of reminded me of The Butterfly Effect and of Being John Malkovich

Jason: It also kind of reminds me of the end of Brazil, with the Baby Face masks

Recursive Loops

Yael: What did they mean by “recursive loop” re: this imagined universe?

Em: That it was limited and repeating. The same day over and over. The same fantasy. Host!Elliot never married Faux!Angela, Host!Elliot was always about to get married to Faux!Angela. It was a loop that Elliot’s mind tried to interpret through a technical lens, same as the so-called hacking. Host!Elliot = “preppy Elliot” AKA the “real Elliot.”

Harlo: Thus the busy work of the last episode.

Jason: I thought that the phrase “recursive loop” was a little goofy in a technical sense. Is it recursion, or is it a loop?

Harlo: Ooooh, that’s good. If it recurses, it never gets to loop. Poesie (chef’s kiss).

Micah: You can infinitely loop, but you can’t infinitely recurse—each time you call a recursive function you take a bit more memory, and eventually you run out of memory

Harlo: Fucking killjoy.

Jason: Yeah, the earthquakes are an out of memory condition.

Em: They’re dissonance.

Jason: Maybe it’s recursive, and the collision of Red Team Elliot with Blue Team Elliot is the result of it reaching an exit condition. Same as the missing faces/F-society masks at the wedding.

1577120041591-maxrecursionexceeded

Em: Hard disagree.

Yael: Out of memory condition is when your computer runs out of memory and starts doing weird glitchy shit?

Micah: Generally if a program uses all of your computer’s RAM, your OS kills it

Yael: But you can’t kill the host

Micah: I kept hitting that in one of the Advent of Code recursion challenges

Harlo: How so? That’s interesting!

Micah: I was running out of memory with my implementation for this challenge https://adventofcode.com/2019/… you need to solve a series of complicated mazes in the most efficient way possible, and you do this by building up a tree recursively. I actually hit the python RecursionError: maximum recursion depth exceeded exception, so I increased the maximum to something insane, and ran it again, and I could open System Monitor and watch my RAM usage go up, and up, and up, until the computer freezes for a few seconds and then my OS kills my Python script.

Em: It’s not an “out of memory” thing. That has nothing to do with this. The earthquakes, the masks and the faces were the result of dissonance. Each one happened when the “reality” was challenged. That happened most directly by Mastermind and the Host confronting each other, but several things caused it. Each instance happened when “reality” was challenged, either by entering into the denial space/alternate reality, seeing “himself” or having Mr. Robot flat out tell him “that’s not real.”

Harlo: Oh… also, Gretchen Carlson. Oooookkkkkk. It was all a dream! And you were there, and you were there, and Gretchen Carlson was there…

Tying Up Loose Ends

Yael: Anyone have anything else to add, maybe about stuff I cut out in past seasons or that we didn’t discuss?

Harlo: So, a while ago in the robot chat (I forget which season), I mentioned that this show has a Sybil vibe to it. The editors linked to the Sybil consensus against attacks (which is totally reasonable). But actually, I was talking about the Sybil complex (Flora Rheta Schreiber) this entire time.

Yael: Oh, that was me that linked to that, not an editor. (Sorry!)

Micah: Here’s one thing I didn’t quite get. Whiterose’s body was found in the nuclear reactor, and the news was reporting it as a foiled terrorist attack. And Elliot was found unconscious at the site of the attack, and Darlene is like in hiding. Yet she’s just visiting him in the hospital, and they’re not in FBI custody?

Yael: Yes, we all know that you’ll never be off the hook for hacking, even if you do save the world. (cc: Marcus Hutchins).

Em: The show was kind of really shitty in terms of trans and queer representation. Consistently so.

Yael: Please go off.

Em: The only trans character was motivated to commit mass murder over decades due to her dysphoria. They linked it directly to her being trans. The producers misgendered White Rose on at least one occasion in public materials, after the reveal of who she was. Dom and Darlene got fxcked in how their story was handled and told. The only queer and trans characters were either villains BECAUSE they were queer and trans or the show went out of its way to deny them any sort of happy ending, or even closure. What happens with Dom? No one knows, and the show didn’t care.

Yael: I touched on this a tiny bit last episode, but Janus reminded me of Hot Carla.

Em: Hot Carla at least got a bit more rep than what was in the show itself, but still. She was treated with more dignity than White Rose, even if I’m not sure if we actually saw her or not. Hot Carla was a prisoner who was treated somewhat as a joke by the show, from what I recall. She wasn’t a character, she was a plot device and a joke.

Yael: I was expecting the Dom/Darlene situation to resolv, but yeah, they really did leave that stupid airport thing unfinished. I was disappointed with the ending tbh.

Micah: I’m glad we finally got to understand all of Elliot’s various personalities, and that the entire show was really about Mastermind Elliot

Em: His main personalities, we didn’t get to understand all of them. We (the viewers) are a collective alter and the final alter of the Dr. was never explained or addressed, that was just a ‘form that was chosen,’ but we sort of did get the others explained, even if it was more of a “tell don’t show” situation, unless you count retroactive stuff, which I hesitate to.

Yael: I agree, not the best ending, and beating WhiteRose ended up seeming a bit anticlimactic. But overall, it’s been a great four and a half years. Goodbye, friends.