The guys from Bloomington’s Fraternal Order of Lock Sport (FOOLS) sure know how to throw a party! At this year’s DerbyCon event down in Louisville, the group put on an awesome event that combined lockpicking and drinking – what could be better?
The Rumble Challenge is lock picking game where six people compete head to head for the best time. Whenever a competitor masters his lock, the competition is paused so that each player has a chance to take a shot from their air-powered shot dispensing machine. Once everyone has imbibed, the next round starts with the competitors picking up where they left off, in an effort to be the next to successfully open his lock.
The game is controlled by an Arduino, which both times the competition and senses when the locks have been opened. The Arduino relays this data to a computer, which uses a projector to display the contestant’s scores on a big screen. As an added bonus, FOOLS member [dosman] added loud rumble motors to the locking mechanisms in order to throw competitors off their game.
The contest sounds like a ton of fun – we’re bummed that we missed it. If you want to see how the game was put together, check out [dosman’s] build log over at the Bloominglabs wiki.
Hackers at the “RaumZeitLabor” hackerspace in Mannheim Germany have noticed that the locking mechanism on the thinkpad mini dock is extremely easy to circumvent. Sold as an additional layer of security, the mechanism itself is not really secured in any way. The button that actuates it is locked by a key, but the latch isn’t secured and can be accessed via a vent on the side. They are using a lockpicking tool in the video, but they say that even a long paperclip would suffice.
We know that no security device is perfect, and if someone really really wants it, they’ll take it, but this seems a bit too easy. Maybe the next version will have a little plastic wall protecting the latch from being actuated manually. Hopefully if security is your main concern you are using something a little more robust that a dock-lock.
[via the RaumZeitLabor hackerspace (google translated)]
Continue reading “Thinkpad Dock-Picking”
This month’s Wired magazine has an extensive profile of [Marc Weber Tobias]. He’s a professional lock picker that delights in coming up with new techniques for taking on high security locks. In recent years, he’s run afoul of the US’s premier high security lock manufacturer, Medeco, by publishing Open in Thirty Seconds with [Tobias Bluzmanis]. Medeco still denies that this is even possible. Wired decided to to test the team by purchasing six new cylinders and timing them. Each one was open in under nine minutes. You can see a video of this on Wired’s site.
Last fall we covered a decoding attack against Medeco locks by [Jon King].
Sometimes describing how a lock actually works can be the hardest part of teaching someone about lockpicking. [Mike Gee] has designed an acrylic lock that may just be the ticket for these situations. All of the pieces are cut from clear acrylic. As you insert the key, you can see it raise the four pins up to the shear line. He says that it will definitely take some tweaking as you assemble it to get it to function smoothly. Embedded below is a video of the lock in use. You can find plans on Thingiverse.
Continue reading “Acrylic tumbler lock”
[Steffen Wernéry] has published a video of the impressioning contest at LockCon. We learned about key impressioning at this year’s HOPE conference. You start the process by inserting a key blank into the lock. By turning the lock until it stops and then moving the key up and down you create marks on the blank’s face. Take a file to those marks to remove the extra material and then repeat the process. Once the pins are set properly, they’ll stop leaving marks on the blank. It takes a lot of skill to do this right, but you end up with a perfectly functional key. [Barry Wels] managed to win the competition in 5:30 with second place coming in at 6 minutes.
The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.
On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.
[photo: Rija 2.0]
In the same vein as our recent Defcon article on biometric cloning, White Wolf Security has released this article about turning a biometric door lock into a trojan. They note that there are many common ways to break into one, from harvesting fingerprints to using gummy bears to fake a finger. This hack involves having full access to the unit so you can disassemble it.
The unit has a system built-in where you can touch a 9-volt battery to some connectors on the bottom to power it in case of a building power failure. The researchers simply routed some wires from the motorized lock to the plates used for the 9-volt and then reassembled the lock. The door can then be opened at any time without verification, even if the software on the unit is reset.