Juan Uys

Cracking the MI5 puzzle.


Cleaning up hard-drive; found some old code.

MI5 put this puzzle on their website. (It’s still there - just scroll down):

MI5 puzzle

The puzzle screams encoded message, because that’s not a picture of anything. I thought that perhaps this might be a ruse, and that something a bit more sophisticated is being used here, e.g. steganography.

Looking at the bitmap data showed clean numbers, i.e. only 2 colours were used, not slightly different shades of two colours (which would hint at stego).

I went back to the first idea, and lo and behold - it’s a recruitment drive!

python main.py

b’Congratulations, you solved the puzzle! Why don\x92t you apply to join our team? mi5.gov.uk/careers ‘

Bit underwhelming. I fully expected a chopper to land outside in the garden the moment my Python script finished running. A lady clad in black would kick my door down, run over to me, and say in a forceful yet husky voice “The Queen needs you.”

Spoiler: Here’s the code, but please do try it yourself and experience your own Bond moment (yes, I know he’s MI6…):


from PIL import Image, ImageFont, ImageDraw
import numpy as np

# these values gleaned by looking at the bitmap.
def bi(tup):
    if tup[0] == 58:
        return 1
    elif tup[0] == 232:
        return 0
        return -1

def ribbon(file_location="puzzle.png"):
    encoded_image = Image.open(file_location)
    im = np.asarray(encoded_image, dtype=np.uint8)
    binarised = [bi(im[i,j]) for i,j in np.ndindex(im.shape[:2])]

    next = binarised[0]
    count = 0
    results = []
    for i in binarised:
        if next == i:
            count = count + 1
            count = 1
        next = i

    strung = [(chr(i)) for i in results]
    hex = ''.join(strung)
    hex = hex.replace('-', '')

    decoded = bytes.fromhex(hex)

if __name__ == "__main__":


name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true


Pillow = "*"
numpy = "*"

python_version = "3.7"
Copyright © 2002-2024 Juan Uys, (source code for this website). Updates via RSS, Mastodon or newsletter 💌.