Modify Locks to Baffle Burglars

While it’s often thought of as a criminal activity, there’s actually a vibrant hobby community surrounding the art of lock picking. In the same way that white hat hackers try to break into information systems to learn the ways that they can be made stronger, so do those in the locksport arena try to assess the weaknesses of various locks. For the amateur, it can be exciting (and a little unnerving) to experience the ease at which a deadbolt can be picked, and if your concern is great enough, you can go a little farther and modify your locks to make them harder to defeat.

The lock in question was sent to [bosnianbill] by [Rallock67] with a device that [Rallock67] had installed using common tools. Known as a Murphy Ball, a larger-than-normal spring was inserted into one of the pins and held in place by a ball bearing. This makes the lock almost completely immune to bumping, and also made it much more difficult for [bosnianbill], an accomplished and skilled locksmith, to pick the lock due to the amount of force the spring exerted on the cylinder. The surprising thing here was that this modification seems to be relatively easy to do by tapping out some threads and inserting a set screw to hold in the spring.

Locksport and lockpicking are a great hobby to get into. Most people start out picking small padlocks due to their simplicity and ease. It’s even possible to pick some locks with a set of bobby pins. And, if you really want to see how easy it is to defeat some locks and/or how much good the TSA does for your overall security, you’ll want to take a look at this, too.

Thanks to [TheFinn] for the tip!

Continue reading “Modify Locks to Baffle Burglars”

Pick Locks Like In The Movies: Using a Bobby Pin

Sure, many of us don’t hold our hair in place with bobby pins, but just in case we need to break into a secure location, like the broom closet we locked ourselves out of, it wouldn’t hurt to know how to use them to pick a lock.

There are worse things you can make a lockpick set out of. After you’ve secured two bobby pins, one for the tension wrench and one for a small hook pick. To make the small hook simply flatten the pick and remove the rubber cap from the side without waves; this is the small hook. To make the tension wrench, bend the second pin in half. Simple.

The guide also functions as a very good beginner tutorial on lock-picking, covering the types of simple locks one is likely to encounter, and the various shortcomings of their construction that could impede efforts to open them. The whole site is a good resource for those who enjoy the art.

After that it is standard lock picking. Put torsion on the barrel and prod those pins into place with your reconfigured fashion accessories.

Hack a Padlock key from Plastic Scraps

Not too many years ago, if you wanted a decent copy of a key made, you had to head to either a locksmith’s shop or the nearest hardware store, where real people actually knew their trade. Now we generally take our keys to the Big Orange Box o’ Stuff and have it copied by a semi-automated machine, or even feed it into one of the growing number of fully automated key-copying kiosks, with varying results. But as [BlueMacGyver] shows us, a serviceable padlock key can be whipped up quickly at home with nothing but scraps.

The video below details the process – soot the profile of the key with a lighter, transfer the carbon to some stiff plastic with Scotch tape, and cut out the profile. With a little finagling the flat copy makes it into the lock and opens it with ease. Looks like the method could be applied to locks other than padlocks. As for raw material, we think we’ve found a use for all those expired credit cards collecting in the desk drawer.

We’ve given a lot of coverage lately to hacks involving locks, including copying keys from photos and making bump keys with a 3D printer. But we like this hack for its simplicity. True, you need physical access to the key to copy it, and that limits the hack’s nefarious possibilities. But maybe that’s not such a bad thing.

Continue reading “Hack a Padlock key from Plastic Scraps”

Dear TSA: This is Why You Shouldn’t Post Pictures of Your Keys Online

We have to hand it to the Transportation Security Administration (TSA). They seem to have a perfect track record of screwing up – and that’s not an easy thing to accomplish if you think about it. If it’s not reports of TSA agents stealing valuables or inappropriately groping passengers, there is the fun fact that in all the years since it was created in 2001, the agency hasn’t caught a single person seeking to do harm in the friendly skies. We’re actually okay with that if it means nobody is trying to do anything shady.

The most recent TSA folly seemed to practically fall into the Internet’s lap when a reporter for the The Washington Post published a hi-res picture of the entire set of TSA master keys while writing an article about how the TSA handles your bags after checking them at the counter. Well, the lock picking community when nuts and in a short time had 3D printed versions available and working. You can see it in action in the (twitter) video after the break.

For those that are not familiar with travel in the US, you are not allowed to use just any old lock on your bags. It has to be approved by the TSA – and that means that they have to be able to open it. So the TSA agents have a set of master keys that can open any bag if they need to look inside for some reason. If you put a non-TSA approved lock on the bag, that can make them a little angry, and you risk having your bag delayed or even cut open.

Of course, you can get into just about any suitcase with a ball point pen, so maybe this isn’t a real “security” issue, but it sure isn’t what you want to see from the agency that is supposed to protect you. Who knew that you could make keys from a photograph? We did way back in 2009 and way more in depth this May… maybe the TSA should start reading Hackaday?

Continue reading “Dear TSA: This is Why You Shouldn’t Post Pictures of Your Keys Online”

Safe Cracking With Signal Analysis

[Dave Jones] over at EEVblog got his hands on a small safe with an electronic lock and decided to try his hand at safe cracking. But rather than breaking out the thermal drill or shaped charge, he hooked up his Rigol scope and attempted a safe cracking via signal analysis (YouTube link).

We have to say that safes Down Under seem much stouter than most of the inexpensive lock boxes we’ve seen in the US, at least in terms of the quality (and quantity) of the steel in the body of the safe. Even though [Dave] was looking for a way in through the electronics, he still needed to deal with all that steel to get himself out of a face-palm moment that resulted in a lockout. Once that was out of the way, he proceeded to capture usable signals from the internal microcontroller using the only two available contacts – the 9 volt battery connections. While he did get signals, he couldn’t find any signatures that would help determine the six digits in the PIN, and as he points out, even if he did, brute-forcing through the one million permutations to find the right code would take too long, given the wrong-code lockout feature of the lock.

Even though he failed to hack into this particular safe, there’s still plenty to be learned from his methods. And who’s to say that other similar locks aren’t a little more chatty about their internals? Maybe you could even manage to EMP your way past the lock.

Pictures that Defeat Key Locks

We’re at LayerOne this weekend and one of the talks we were excited about didn’t disappoint. [Jos Weyers] presented Showing Keys in Public — What Could Possibly Go Wrong? The premise is that pictures of keys, in most cases, are as good as the keys themselves. And that pictures of keys keep getting published.

[Jos] spoke a bit about new services that offer things like 3D scanning and storage of your key for printing when you get locked out, or apps that ask you to take a picture of your key and they’ll mail you a duplicate. Obviously this isn’t the best of ideas; you’re giving away your passwords. And finding a locksmith is easier than findind a 3D printer. But it’s the media gaffs with important keys that intrigues us.

We’ve already seen the proof of concept for taking covert images to perfectly duplicate a key. But these examples are not so covert. One example is a police officer carrying around handcuff keys on a belt clip. Pose for a picture and that key design is now available to all. But news stories about compromised keys are the biggest offenders.

subway-keysA master key for the NYC Subway was compromised and available for sale. The news coverage not only shows a picture at the top of the story of a man holding up the key straight on, but this image of it on a subway map which can be used to determine scale. This key, which is still published openly on the news story linked above, opens 468 doors to the subway system and these are more than just the ones that get you onto the platform for free. We were unable to determine if these locks have been changed, but the sheer number of them has us thinking that it’s unlikely.

firemans-keysWorse, was the availability of fire-department master keys which open lock boxes outside of every building. (Correction: these are fire department keys but not the actual lock-box keys) A locksmith used to cut the original keys went out of business and sold off all their stock. These keys were being sold for $150, which is bad enough. But the news coverage showed each key on a white background, straight on, with annotations of where each type of key will work.

Other examples include video news stories about credit card skimmers installed in gas pumps — that coverage showed the key used to open the pump housing. There was also an example of speed camera control cabinet keys being shown by a reporter.

key-photo-duplication-layerone[Jos’] example of doing the right thing is to use a “prop” key for news stories. Here he is posing with a key after the talk. Unfortunately this is my own house key, but I’m the one taking pictures and I have blurred the teeth for my own security. However, I was shocked during image editing at the quality of the outline in the image — taken at 6000×4000 with no intent to make something that would serve as a source for a copy. It still came out remarkably clear.

Some locks are stronger than others, but they’re all meaningless if we’re giving away the keys.

Cracking A Combo Lock In Under 30 Seconds

Forget the combination to your combo lock? Well if you’ve got a 3D printer, an Arduino, a servo and a stepper motor handy — you can build your own Combo Breaker pretty easily. It’s capable of solving any Master combination lock in 8 tries or less.

The creator [Samy Kamkar] is a privacy and security researcher, who absolutely loves finding holes in security. We actually just heard from him at our very own Hack a Day Prize: Los Angeles event, where he talked about his wireless keyboard sniffer he built into a cellphone charger.

He’s previously shown us how to crack a combo lock in 8 tries or less using an online calculator he made. This project is just an extension of that to automate the whole process.

As always he gives an extremely thorough explanation of the project in his build log video — including designing the 3D printed parts! If you wanna build your own it’ll cost just under $100 and you can grab all the necessary info and source files from his GitHub.

[Thanks for the tip Justin!]

Continue reading “Cracking A Combo Lock In Under 30 Seconds”