66% or better

Cracking a manipulation-proof, million combination safe

So you spent the big bucks and got that fancy safe but if these guys can build a robot to brute-force the combination you can bet there are thieves out there who can pull it off too. [Kyle Vogt] mentioned that we featured the first iteration of his build back in 2006 but we can’t find that article. So read through his build log linked above and then check out the video of the new version after the break. It’s cracking the combination on a Sargent and Greenleaf 8500 lock. There’s an interesting set of motions necessary to open the safe. Turn the dial four revolutions to the first number, three revolutions to the second, two revolutions to the final number, then one revolution to zero the dial. After that you need to press the dial inward to activate the lever assembly. Finally, rotate the dial to 85 to retract the bolt which unlocks the safe.

The propaganda on this lock says it stood up to 20-hours of manual manipulation. But [Kyle] thinks his hardware can get it open in a few hours. His hardware looks extremely well-engineered and we’d bet some creative math can narrow down the time it takes to brute force the combo by not going in sequence.

[Read more...]

2010 sees new lock impressioning speed record

[Jos Weyers] tipping us off about this lock impressioning video. It shows his final round of the lock impressioning championship at this year’s SSDev conference. Even though he shaved about fifteen seconds off of his 87-second single-lock record from last year he came in third overall because the competition averages times over several rounds.

This method of opening locks uses a file to create the correct teeth after examination of tiny marks on a key blank from trying to open the lock. We’ve seen foil impressioning as well as electronic impressioning, but video of the competitions makes this our favorite method.

Electronic key impressioning

[Barry] shared his postulation on how electronic key impressioning works (google cache). You may remember his foil impressioning demo from earlier in the month, but now he’s addressing a piece of news we must have missed. Apparently, a handheld impressioning device is about to hit the market that can tell you the key codes for a lock in a matter of seconds. [Barry's] guessing at how this is done from his experience with a similar device aimed at car locks. When the circuit board seen above is inserted into a lock, it completes a circuit between the lock housing and the wafer. The firmware monitors the conductors on the tip of the PCB to calculate how deeply the cut should be and at what point on the key.

This would be fun to try with a homemade PCB, any idea how to deal with wrapping traces around the edge of the board like that?

Foil impressioning defeats security locks

Apparently it’s been around for fifteen years but using foil impressions to pick locks is new to us. This is similar to using bump keys but it works on locks that are supposedly much more secure. This method uses a heavy gauge aluminum foil to grab and hold the pins in the correct place for the lock to be turned. The foil is folded over and slits are cut where each pin will fall. It is then inserted into a lock on a tool shaped like a key blank. Jiggle the tool for a bit and the cylinder will turn. This just reminds us that we’re much more dependent on the good will of our fellow citizens to not steal our stuff, rather than the deterrent that a lock provides.

We’ve embedded a detail and fascinating demonstration of this method after the break. The materials in the video are from a Chinese-made kit. We’re not sure where you find these types of locks, but we don’t feel any less secure since our keys could be obtained from a distance anyway.

Update: Video now embedded after the break. The link is down but you can try the Google Cache version.

[Read more...]

How to crack a Master lock

masterlock01

Long, long ago we covered a method to crack a Master lock in about 30 minutes or less. Here’s a revival of the same method but now the instructions to retrieve the combination are in info-graphic format created by [Mark Edward Campos].

If you didn’t get to try this the first time around, here’s how it works: A combination of a physical vulnerability, math, and brute force is used. First, the final number of the code can be obtained by pulling up on the latch while the dial is rotated. Because of the way the lock is built the correct number can be extrapolated using this trick. Secondly, a table of all possible first and second number combinations has been calculated for you.  Third, it’s your job to brute force the correct table of possibilities which includes only about one hundred combinations.

We’re not really into felony theft and hopefully you’re not either. But, we have a nasty habit of needing to use a combination lock that’s been in a drawer for a few years and having no idea of what the correct code might be.

Update: We’ve had a lot of comments about shimming as a better method. For your enjoyment we’ve embedded a video after the break that details how to shim a Master lock using a beer can. Just remember: friends don’t let friends drink and shim.

[Read more...]

Universal credit card in the palm of your hand

universal_credit_card

Do you remember the magnetic card spoofer in Terminator 2? It was a bit farfetched because apparently the device could be swiped through a reader and magically come up with working account numbers and pin numbers. We’re getting close to that kind of magic with [Jaroslaw's] card spoofer that is button-programmable.

Building off of a project that allows spoofing via an iPod and electromagnet, [Jaroslaw] wanted something that doesn’t require a computer to put together the card code. He accomplished this by interfacing a 16-button keyboard and a character LCD with an AVR ATmega168 microcontroller. Card codes can be entered with the buttons and verified on the LCD. Of course this is still dependent on you knowing the code in the first place.

As you know, credit cards use this technology. We don’t think Walmart is going to be OK with you pulling this out in the checkout line, not to mention local five-oh. This technology is also used for building access in Universities, businesses, and hotels. If used in conjunction with some other spy technology you’ll be on your way to becoming a secret-agent-man.

Photographic key duplication

key_photo

[Ben] and his associates over at the University of California at San Diego came up with a way to duplicate keys using a picture of them. They developed an algorithm that uses measurements from known key blanks to extrapolate the bitting code. Because the software is measuring multiple points it can correct the perspective of the photo when the key is not photographed on a flat surface, but from an angle.

They went so far as to test with cell phone cameras and using a telephoto lens from 195 feet away. In most cases, correct keys were produced within four guesses. Don’t miss their wonderful writeup (PDF) detailing how key bitting works, traditional covert duplication methods, and all the details of their process. The lack of available code prevents us all from playing secret agent (or felon) with this idea but [Ben] did mention that if there is sufficient interest he might release it.

Lock bumping showed us how weak our security is, but this is a bit scary.

[Thanks Mike]