[Meta Analysis] Rick 'n Morty S3E1: The Hacker's Episode


Hi folks, I'm a huge Rick n Morty fan, sometimes when watching it i can draw strong allegories and puns that relate to security, privacy, physics, psychology and wide range of crazy scientific fields. Knowing this I've decided to do some reviews of Rick n Morty where I expose this allegory to the wonderful folks who practice these sciences and those who would like to ;) Enjoy!


A machine force feeding a human. Being brutally and utterly dedicated to our whims they show us how perverted our ideas of success, good and bad are when taken critically. Effectively giving us a taste of our own "medicine". 



Before we dig into what the episode means here's a quick summary of it from wikipedia:

Rick is interrogated via a mind-computer link, inside a galactic federal prison. Summer and Morty attempt to rescue him, but they are captured by SEAL Team Ricks, who take them to the Citadel of Ricks and decide to assassinate Rick. Back at the prison, Rick tricks both the federal agents and his aspiring assassins by switching bodies with them. He then teleports the entire Citadel into the federal prison, prompting a massive battle. Amid the confusion, Rick rescues Morty and Summer and uses the Galactic Federation's mainframe to make their currency worthless. The Federation falls into chaos and collapses as a result, with the aliens leaving Earth. Back at home, Jerry asks Beth to choose between him and Rick, but she chooses Rick. After the new status quo is established, Rick reveals to Morty that his ulterior motive was to become his de facto male influence. This escalates into a nonsensical angry rant, centered around Rick's desire to find more of the discontinued McDonald's Szechuan sauce, a promotional product for the 1998 film Mulan.
https://en.wikipedia.org/wiki/Rick_and_Morty_(season_3)#Episodes

Lets dig in...

The Brainalyzer

Rick is trapped in something called a "brainalyzer" which is effectively a brain to computer link. In a couple different ways this is already a computer sciencey pun. One obvious way is that it references some cutting edge computer science research being done to literally connect peoples brains to computers. People have already in academic circles effected a way to both control computers using one's brain AND have computers control the faculties of someone's brain i.e. you can now control a computer with your brain OR/AND have your brain controlled by a computer.


Rick in the Brainalyzer.
Another way it is a hacker/computer science pun is that the brainalyzer is actually an ironic expression of the false ideology people have of computers: that they are NOT directly connected to our brains.

The software we write for the computer, the hardware we make for the computer and the perspectives we have of all of those things are also entirely inside our heads.

As a hacker I can tell you that what you do when you try to break someone's algorithm is basically argue with the person who wrote the algorithm in your head!  One persons implementation of their idea of security is 'competed' with yours; its all mind games! Coming back to the episode this is literally what Rick is doing in the scene; he inside his head argues with the person who is 'securing him' in the prison.

The flip side of this brainalyzer; from a security perspective, is that it is a huge security design mistake i.e. risking security by separation failure. By interfacing the thoughts of the prisoners to prison computer system (which controls the prison). Ironically; the prison exists to physically restrain the prisoners because they are bad people who think of doing bad things. The brainalyzer is implemented in utter reverse to this idea; in a sense it is a way to present control of the very prison to the literal minds of the people they are imprisoning!

Rick's Mind Virus(es)


The strategy the interrogators employ is to ask Rick to share with them the memory of his first successful creation of the Portal Gun. Rick then leads them to the memory; which turns out to be a complete fabrication!

Rick's exploit being uploaded...

What has happened here is Rick convinced them one kind of information or data in his head is actually another kind of information or data. This is strongly analogous to what is called a Memory Corruption attack! In a memory corruption attack the adversary convinces the machine that malicious data (one kind of information) is actually execution code (another kind of data) or that "data" should be treated as literal instruction. This flaw allows the attacker to inject data that is interpreted as code thereby allowing his/her data to influence arbitrarily the behavior of the machine.

So now we see Rick has actually triggered a memory corruption bug! And he does this in order to inject code into the machine giving them access to his brain. Rick confirms this by referring to the code he gave them as a "virus" and that he did it in order to install a backdoor that allows him full control of the facility!

Rick literally psychoanalyzing his opponent .i.e. in fact "getting inside his head".

After having fooled them Rick now has full control of the "memory" they are trapped in and reveals that the entire time he was actually fooling them. What is strongly ironic about this is that: He is physically trapped in a machine that allows them direct access to his brain, this is to say they are
"inside his brain", but because Rick was actually hustling them this whole time we can say that he was actually inside their heads!

Gotta go take a sh*t...

After escaping the brainalyzer Rick suddenly needs to use the bathroom on level 9. This is obviously a social engineering exploit. Buildings sometimes put restrooms behind security barriers, if there is a kind reception person at work they can usually be massaged into letting you go through to use the bathroom; after that point you've passed the check point and you're in! Very old trick, Kevin Mitnick would probably giggle to see Rick haphazardly employ this tactic.

Rick beings social engineering his way to level 9
The allegory becomes a little louder after this scene. Starting from a subtle nuanced example of an security exploit (nuanced and made subtle by the depth of the metaphor) which then switches to an even more obvious and almost sloppy "gotta go take a shit" to eventually Rick literally declaring his intention at the end of the episode (speaking in an encapsulating fashion). This "escalation" is a common cadence to security attacks (starting small, ending big):  you always start from a small crack and chip away until you have Domain Admin rights lol. Every hacker knows that! 

Just before Rick can make use of the password he is interrupted by assassins from the council of Ricks, he quickly escapes in what is a literal instantiation of an authentication replay or a kind of "session hijacking" attack. Here rick swaps identities with someone in the group that is trying to catch him thereby tricking them into killing the wrong person. Rick has now gone from an interrogator in the prison to a member of SEAL team Rick. One epic privilege escalation attack!

The privilege escalation attack


After killing the entire SEAL team, he makes his way to the citadel as Rick D99. He then pulls off another obvious privilege escalation attack by specifically asking for someone with a certain level of "higher" clearance.
Rick analogously  "Phone Phreaking"/Hardware hacking his way into the citadel

Assuming this role he then moves to getting control of the entire domain effectively and makes a joke about how bad the system design is (another joust at information security engineering ;). The design flaw here is that there is no further authentication or oversight needed in order to perform an incredibly dangerous function; you just walk up to it and press the right buttons lol no, executive calls, no approval process... just buttons! He abuses this design as a citadel employee to teleport the entire citadel straight into the galactic prison he just escaped from ensuing a massive war between the citadel and the galactic prison.

The person in the center here looks strikilngly similar to Rick in the image above. The armor, the hair; this is the defcon site banner; also some might recognize the "Butter Robot"-esque android being built in the background. By the way defcon is the worlds biggest hacking conference :)

The BitFlip attack 

Following this Rick makes his way to level 9, finally admitting his entire scheme was all an elaborate ploy to in fact "get level 9 access without a password"!  Which explains his entire chain of exploits as a revenge arch triggered by the citadel interrupting his imminent access to level 9 by the attempted assassination.   

Having gained level 9 access Rick uses what could be seen as another very old security attack called "bit flipping". This term is used sometimes to loosely refer to attacks that can deterministically change somethings state in a way that affects security, usually these "states" are represented using simple boolean values of 0 or 1 i.e. Row Hammer has been exploited in order to flip bits in a table that holds security relevant information. Effectively this is what he is doing with the currency value, flipping a 1 bit to 0. A small error, that eventually topples an entire federation. Start small, end big!



Thats it for now, until I dig out more macabre Information Security or extra-scientific analogies hehe.