Hack a Padlock key from Plastic Scraps

Not too many years ago, if you wanted a decent copy of a key made, you had to head to either a locksmith’s shop or the nearest hardware store, where real people actually knew their trade. Now we generally take our keys to the Big Orange Box o’ Stuff and have it copied by a semi-automated machine, or even feed it into one of the growing number of fully automated key-copying kiosks, with varying results. But as [BlueMacGyver] shows us, a serviceable padlock key can be whipped up quickly at home with nothing but scraps.

The video below details the process – soot the profile of the key with a lighter, transfer the carbon to some stiff plastic with Scotch tape, and cut out the profile. With a little finagling the flat copy makes it into the lock and opens it with ease. Looks like the method could be applied to locks other than padlocks. As for raw material, we think we’ve found a use for all those expired credit cards collecting in the desk drawer.

We’ve given a lot of coverage lately to hacks involving locks, including copying keys from photos and making bump keys with a 3D printer. But we like this hack for its simplicity. True, you need physical access to the key to copy it, and that limits the hack’s nefarious possibilities. But maybe that’s not such a bad thing.

Continue reading “Hack a Padlock key from Plastic Scraps”

Pictures that Defeat Key Locks

We’re at LayerOne this weekend and one of the talks we were excited about didn’t disappoint. [Jos Weyers] presented Showing Keys in Public — What Could Possibly Go Wrong? The premise is that pictures of keys, in most cases, are as good as the keys themselves. And that pictures of keys keep getting published.

[Jos] spoke a bit about new services that offer things like 3D scanning and storage of your key for printing when you get locked out, or apps that ask you to take a picture of your key and they’ll mail you a duplicate. Obviously this isn’t the best of ideas; you’re giving away your passwords. And finding a locksmith is easier than findind a 3D printer. But it’s the media gaffs with important keys that intrigues us.

We’ve already seen the proof of concept for taking covert images to perfectly duplicate a key. But these examples are not so covert. One example is a police officer carrying around handcuff keys on a belt clip. Pose for a picture and that key design is now available to all. But news stories about compromised keys are the biggest offenders.

subway-keysA master key for the NYC Subway was compromised and available for sale. The news coverage not only shows a picture at the top of the story of a man holding up the key straight on, but this image of it on a subway map which can be used to determine scale. This key, which is still published openly on the news story linked above, opens 468 doors to the subway system and these are more than just the ones that get you onto the platform for free. We were unable to determine if these locks have been changed, but the sheer number of them has us thinking that it’s unlikely.

firemans-keysWorse, was the availability of fire-department master keys which open lock boxes outside of every building. (Correction: these are fire department keys but not the actual lock-box keys) A locksmith used to cut the original keys went out of business and sold off all their stock. These keys were being sold for $150, which is bad enough. But the news coverage showed each key on a white background, straight on, with annotations of where each type of key will work.

Other examples include video news stories about credit card skimmers installed in gas pumps — that coverage showed the key used to open the pump housing. There was also an example of speed camera control cabinet keys being shown by a reporter.

key-photo-duplication-layerone[Jos’] example of doing the right thing is to use a “prop” key for news stories. Here he is posing with a key after the talk. Unfortunately this is my own house key, but I’m the one taking pictures and I have blurred the teeth for my own security. However, I was shocked during image editing at the quality of the outline in the image — taken at 6000×4000 with no intent to make something that would serve as a source for a copy. It still came out remarkably clear.

Some locks are stronger than others, but they’re all meaningless if we’re giving away the keys.

This Space Saver Puts The Squeeze On Your Keys


Keys? Who needs them? Well, pretty much everyone. You can’t deny that there are some ridiculously crowded key chains out there. It’s clear that [Robb] wanted to hit the other side of that spectrum when he started working on his latest multi-key project.

The term “multi-key” may be a little misleading as there are more than just keys on this tool. In addition to the bike lock, locker, work and house keys, there is a USB drive, bottle opener, screw driver and a couple of Allen wrenches. The side frames started out as part of an Allen key combo set; one not of the highest quality.  The Allen keys started snapping off during use which left [Robb] with a set of otherwise useless side frames. These became the platform of which [Robb’s] project is based. Adding a couple new bolts, nuts and a few modified keys got him the rest of the way there. A lot of thought went into which items to put into this tool and [Robb] explains his thought process in his step-by-step instructions.

The simple nature and potential for customizing makes this a great utilitarian DIY project. Although this may not be Janitor worthy, it will certainly consolidate some of the bulk in our pockets.

Key Cutting with a CNC Mill


Keys cost like what, $2 to copy at a locksmith? But where’s the fun in that? Here’s an easy way to cut your own keys using a CNC mill!

[Bolsterman] now “works” for a real estate company that rents out various properties. Whenever someone moves out, the locks need to be changed ASAP. They use Schlage locks, which can be re-keyed to any pin combination. New keys are typically cut with a punch or a key cutting machine — he actually had one years ago, but got rid of it. Not wanting to buy a new one for his new job at the real estate company, he decided to see how hard it would be to turn his small desktop CNC into his own personal key cutting machine.

All it took for [Bolsterman] to turn his mill into a key cutting machine was a 3/8th 90° countersink bit with the end ground to a flat approximately 0.055″ across (0.035″ is the width of a factory key, but a bit of leeway makes it easier to make the key). Then you simply zero the mill off of the shoulder of the key, and using the handy Schlage pin chart (included in the original link), cut the grooves!

To automate all of this, [Torrie Fischer] created a python script for generating the GCode  for keys based on [Bolsterman’s] technique — it’s hosted over at Noisebridge’s Wiki — check it out!

But if all that seems like too much effort, you could just print a new key instead…

Ambient Computer Noise Leaks Your Encryption Keys

RSA Key extraction

[Daniel, Adi, and Eran], students researchers at Tel Aviv University and the Weizmann Institute of Science have successfully extracted 4096-bit RSA encryption keys using only the sound produced by the target computer. It may sound a bit like magic, but this is a real attack – although it’s practicality may be questionable. The group first described this attack vector at Eurocrypt 2004. The sound used to decode the encryption keys is produced not by the processor itself, but by the processor’s power supply, mainly the capacitors and coils. The target machine in this case runs a copy of GNU Privacy Guard (GnuPG).

During most of their testing, the team used some very high-end audio equipment, including Brüel & Kjær laboratory grade microphones and a parabolic reflector. By directing the microphone at the processor air vents, they were able to extract enough sound to proceed with their attack. [Daniel, Adi, and Eran] started from the source of GnuPG. They worked from there all the way down to the individual opcodes running on the x86 processor in the target PC. As each opcode is run, a sound signature is produced. The signature changes slightly depending on the data the processor is operating on. By using this information, and some very detailed spectral analysis, the team was able to extract encryption keys. The complete technical details of the attack vector are available in their final paper (pdf link).

Once  they had the basic methods down, [Daniel, Adi, and Eran] explored other attack vectors. They were able to extract data using ground fluctuations on the computers chassis. They even were able to use a cell phone to perform the audio attack. Due to the cell phone’s lower quality microphone, a much longer (on the order of several hours) time is needed to extract the necessary data.

Thankfully [Daniel, Adi, and Eran] are white hat hackers, and sent their data to the GnuPG team. Several countermeasures to this attack are already included in the current version of GnuPG.

Using a screwdriver to start your car


[Hahabird] uses this screwdriver to start his car. Despite what it may look like, only this particular screwdriver will start the ignition because it still uses the key lock. What he’s done is alter the screwdriver to act as an extension for the key. It’s purely aesthetic, but you have to admit it looks pretty gnarly hanging off of the steering column.

The hack merely involved cutting off the unneeded parts of the key and screwdriver. With the shaft of the tool cut down to size he clamped it in a vice and cut a slot into it using a hack saw. From there he headed over to the grinding wheel and smoothed out the sharp edges.

The key itself had the handle portion cut off and was thinned on the grinding wheel to fit snugly in the screwdriver slot. To permanently mate the two pieces he used a torch and some silver solder.

[via Reddit]

Freezing Android to crack the encryption


Build a better lock and someone will make a tool to open it without the key. Or in this case they’ve made a tool to discover the key using a trip to through the deep freeze. The Forensic Recovery of Scrambled Telephones — or FROST — uses cold temperatures and a custom recovery image to crack Android encryption keys.

Cold boot hacks go way back. They leverage use of low temperatures to slow down the RAM in a device. In this case, the target phone must already be powered on. Booting a phone that uses the encryption offered by Android 4.0 and newer requires the owner’s pass code to decrypt the user partition. But it then remains usable until the next power cycle. By freezing the phone, then very quickly disconnecting and reconnecting the battery, researchers were able to flash their own recovery image without having the encryption key cleared from RAM. As you can see above, that recovery package can snoop for the key in several different ways.

[Thanks Rob]