Electronic Key Impressioning

[Barry] shared his postulation on how electronic key impressioning works (google cache). You may remember his foil impressioning demo from earlier in the month, but now he’s addressing a piece of news we must have missed. Apparently, a handheld impressioning device is about to hit the market that can tell you the key codes for a lock in a matter of seconds. [Barry’s] guessing at how this is done from his experience with a similar device aimed at car locks. When the circuit board seen above is inserted into a lock, it completes a circuit between the lock housing and the wafer. The firmware monitors the conductors on the tip of the PCB to calculate how deeply the cut should be and at what point on the key.

This would be fun to try with a homemade PCB, any idea how to deal with wrapping traces around the edge of the board like that?

22 thoughts on “Electronic Key Impressioning

  1. @nave.notnilc True, but the board with traces looks very cheap to replace. I suppose it could be designed to be disposable. Use an IDC cable or something to connect it to the main electronics.

  2. I’d bet money this thing will cost at least 3 grand and there will be a registry and ‘red tape’ for tracking ownership.

    They probably used thousand of locks to build the variable for the firmware…

  3. “They probably used thousand of locks to build the variable for the firmware”

    Actually each one would have to be custom made for each type of lock. The number of and vertical spacing between the traces would have to be specific to the cut depths for a particular manufacturer, and the angle of the cut off end of the board would have to be such that the effective horizontal spacing of the traces can be used to distinguish exactly which wafer is losing contact when, which is entirely dependent on the wafer spacing in the lock.

    Given that the board has to be tuned to the lock, the firmware won’t have but one system at a time to deal with, and all those systems are widely available without trying “thousands of locks”.

    Furthermore, this won’t work on double-sided/alternating/sidewinder wafer locks (most cars), or pin tumbler locks (most houses). At most, this is a shortcut for code-cutting a key for cheap-ass office furniture. As a locksmith, I’d never buy one because I can already sight-read the wafers in these locks with a pick and flashlight.

  4. I would be tempted to epoxy copper foil onto the edge, use a sharpie for etch resist, and call it a task for industrial chemistry. Aluminum foil will work but have fun soldering to it (etches with some nice exothermy though!).

    Conductive epoxy might work too.

    I like the via idea but prefer to make my own boards, and making vias makes me sad.

  5. Cool, wonder if you can do it optically?

    “As a locksmith, I’d never buy one because I can already sight-read the wafers in these locks with a pick and flashlight.”

    Exactly what I was thinking, 2 posts above me.

  6. in today’s day in age with electronics being relied on more and more it is getting very difficult to totally secure places.

    while the electronics allow the changing of keys to lock out unwanted users the unwanted users could if they have the tools make a brute force key.

    in the old days you had to change the lock set witch meant removal of the lock set or door knob and replacing it with a new one.

    the process was made a little better if the lock set had removable lock pins so a lock set could be rebuilt.

    brute force attack could involve an electronic card based key that sends all the key combinations until it works.

    a way to defeat brute force attacks is to design the lock to self disable or even self destruct if the wrong key is used more than a certain number of times making the only way in is to get a physical key and unlock it and replace the lock or reprogram it

  7. @Sean
    “Aluminum foil will work but have fun soldering to it”

    Simple but effective trick. A drop or two of light oil (mineral, cooking, whatever), abraid surface with corner of sharpening stone o.n.o. through oil to remove oxide layer, solder through oil with hot iron. The oil excludes the air and stops the reformation of the oxide layer allowing the solder to wet the actual metal surface. Works a treat, but it does require a fair bit of iron power. Once tinned it can be resoldered without the oil because the solder now excludes the air.

  8. You could mill the pcb with a small end mill and fill it with a low-melting point alloy. Alternately you could use appropriately spaced sheets of Cu held in a jig and cast plastic around them.

    Dmalg is right. Between foil impressioning and sight reading, normal auto locks aren’t that hard.

  9. I think the first thing I would try, etching this board at home, would be to do standard two sided traces. Then, I think I would dig through my tool box and find the finest motor winding wire, strands from stranded wire or even strands from Litz wire, and create a solder bridge. This will add some thickness but if you solder just enough to attach you can trim really tight and make a nice smooth solder. You don’t want it to wrap around, just meet the two traces.

    Don’t know how durable this would be but as others have suggested, this doesn’t look like a lifelong board to begin with. I imagine this solution (soldering) is cheap, simple and would likely work, though some other considerations may be necessary.


  10. Any device made of matter or non-sentient=better than Turing passing level AI will be somehow possible to compromise. Even a Human can be “social engineer” hacked in many cases. The concept becomes “Good Enough” to robustly defend against a realistic threat level. Yeah, We can indeed use several Cray boxen to bruteforce any codes not protected by failed attempt detection. Or use gadgets like this admirable for what it does device.

    But, at the end of a mundane day- no one will be spending the time&effort etc of hacking a lock with this method for trivial gains. If so- why? Well- that takes a bit of thinking the differences between Hackers&Mundanes. Mundanes use a factory Key.. Hackers take earned PRIDE in being able to open something by sheer technoskill.
    Do pause to think on the ethical obligation we shoulder by knowing what we do that the Mundanes may not. It’s what demarcates White Hat from Black Hat.

    Locksport? for sure. As a tech challenge other than Locksport It’s something Hackerdom just “does”- we suss out how things work, and make them do OUR bidding. So long as it’s done ethically=with honorable permission we’re golden!

    See- we also have an ethical obligation to give a Lock company *warning* of a weakness so it can close the hole before avoidable damages befall innocents. I may be overly shrill in that set of admonitions and expectations eh? But again- It’s part of the ticket we write when we call ourselves Hackers. I’m impressed with the skill this device shows. And terrified of how few folks reading of such things may have been taught of ethics surrounding the use of our tools.

  11. I have to say, I’ve spent endless hours learning and honing my picking skills, and while they’re still not perfect, I enjoy being much better than the average person at lock picking. A device like this takes all the fun out of it. Since I never intend to break and enter or steal when I pick locks, so this device is not very useful to me.

    Actually, I usually pick locks because they stop working with their key, or the owner lost/broke the key

    @Oren, nice comment. I very much agree.

  12. The whole thing seems rather simple and low-end really, both the design of the key and the hack, same with the making a mold ‘trick’ that’s so obvious that the designer of the lock must have known before he even touched his mouse the morning he created it.
    And there have been reasonable efforts to defeat such tricks a hundred years ago already so why they designed it like this on a lock from the 21th century is anybody’s guess.

  13. “brute force attack could involve an electronic card based key that sends all the key combinations until it works.”

    No, for even the bog-standard 26-bit HID prox card it’d take you 87 DAYS of continuous trying to go through half the keyspace, and that assumes the lock will allow 2 attempts per second (a generous assumption), there’s no “X minutes lockout after Y number of failed attempts”, and there’s nobody watching the logs to see your millions of failed attempts and have a security guard tromp down and pepper spray you.

  14. “why they designed it like this on a lock from the 21th century is anybody’s guess.”

    Generally this kind of lock is what you find on office furniture. These sorts of locks are only intended to keep honest people honest. Real security costs money. They use cheap wafer locks that are easily defeated because nobody wants to pay a small fortune when all they’re locking up is their Sharpies and Post-Its.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.