Even though the very concept of an ‘unpickable lock’ is as plausible as making water not be wet, this doesn’t take away from the intellectual thrill of devising solutions to picking attacks and subsequently circumventing those solutions. Case in point the ‘unpickable’ traveling key lock that [Works by Design] recently featured and sent a few copies off to lock pickers such as [Lock Noob] who gave picking it a shake.
Many of the details and reasoning behind [Works by Design]’s lock design can be found in the original video, with [Lock Noob] going over the basic summary before getting to work trying to pick it.
Rather than trying to bump the tumbler lock mechanism or another indirect approach, the focus is here on an impressioning attack. Although in this traveling key mechanism the physical key is moved inside the lock, the pins of the tumbler lock will leave impressions on the brass blanks when the lock is gently forced to rotate, indicating that there’s still too much material there.
The approach here is thus to slowly file away these sections, with interestingly the plastic pin that [Works by Design] had added to dodge impressioning attacks not being too much of an issue. Thus after over an hour of turning-filing-turning-filing ad nauseam, the lock mechanism rotated, confirming that it had been defeated.
In the subsequent teardown of the lock it can be seen that a plastic pin is indeed rather fragile, with part of its top having been torn off. After replacing this damaged plastic pin with a fresh one, a foil-based impressioning attack is attempted by putting aluminium foil over a skeleton key, but this didn’t quite work out as the pins come in sideways and thus do not leave a useful impression.
Theoretically the pins would press down onto the soft foil, creating an almost immediate impression of the required key. Perhaps that leaving a solid side on the blank would make it work, but this is an approach that would have to be refined.
Either way, it shows that ‘unpickable’ depends on your definition, as ‘1+ hour of filing with knowledge of bitting depths’ would be considered ‘unpickable’ by some. At least it’s not as dramatic as a 2020 [Stuff Made Here] ‘unpickable lock’ hack that we covered, before it got shredded by the [LockPickingLawyer] with resulting list of potential fixes of multiple easy exploits before even having to resort to impressioning.
Considering that traveling key designs generally require at least a tedious impressioning attack, with potential ways to address this in a more substantial way, a redesign featuring these changes would be rather interesting to see picked. If it can defeat the average lockpicking enthusiast including those practicing the legal profession, it’s probably as close to ‘unpickable’ as can be before the bolt cutters and angle grinders are used against any vulnerable parts that aren’t the lock itself.
The article begins by implying that an unpickable lock is impossible, I disagree. An unpickable lock would be as simple as a lock which, once locked, cannot be unlocked by any key or any other method whatsoever. I never said it was useful, but it’s not impossible.
Which depends on your definition of “key”.
If you weld a lock shut, an angle grinder can be a great key.
If you say that doesn’t count because it has to re-lock again… well then re-weld it!
It wouldn’t be a lock, it would be a ratchet. Like a bolt seal that can be pressed shut and requires bolt cutters to open.
Sure, and perfect system security can be achieved by encasing your system in concrete and then hucking it into a volcano.
I would argue that a lock by definition requires the ability to lock and unlock.
I’m going to ignore the philosophical element to the arguments on an unpickable lock because otherwise what’s the point of encryption when all the knowledge of the universe exists in /dev/random somewhere.
Practically though, I believe an unpickable lock absolutely can exist. The problem with physical locks like here is that they test the key directly and doing so allows the key to test the lock.
If you instead use an intermediary that transfers the information the key stops being a way to get information back on the lock.
This sort of thing gets easy when you use digital locks instead and is probably why keycards and RFID are the keys used for more serious things in modern times. Those don’t get picked.
One way of doing this in a physical lock might be to use the key to set some pins that then independently travel and are tested instead of the key itself. The lock would rotate partially with anything inserted but if the pins weren’t properly set before they rotated away the lock will still not open.
But they can be picked, by trying out all possible combinations. If the system consists of just the key and the lock, and no other authorization, and the lock must accept all attempts to open it with an invalid key, on false reading of the key, etc. it can eventually be picked.
Ultimately, any means of operating the lock would cause some measurable difference in how the lock operates internally, which would be detectable on the outside, such as observing a difference in the distribution of charges or how the mechanism moves or distributes its weight inside the lock. Like picking an old combination lock by listening to the pins falling with a stethoscope. It might take some unobtainium technology, but as long as we allow all means then the possibility exists.
Unpickable locks exist if we limit the effort you’re allowed to spend on picking it.
^Here we see an example of someone who completely failed to read my comment about not getting philosophical.
I reject that assessment. Again, you need to define where you limit “practical” and “philosophical”. How much effort do you arbitrarily allow to pick this unpickable lock?
For example, if you take the mechanical version: transfer keys. Inserting random keys, we could simply listen to how the lock reacts to each combination to find out the sequence of events and deduce what’s happening – but if we’re not allowed that, then it’s “philosophical”.
Also:
That’s a faulty analogy, because while you can find every bit of information in random noise, you have no way of knowing whether that is the secret you’re looking for.
With a lock, you always have some minimum amount of feedback: the lock opens or not. Other information would be available if you have the entire device in your hands – subtly different responses to different inputs, even if the lock doesn’t open. If it’s electronic, changes in power consumption or radio emissions for example. It all goes down to what you’re allowed to throw at the problem and how much time you’re allowed to do it.
Great story. Except that electral locks have been proven to be easy to bypass time and time again. We have rfid locks in out office, with exposed wires going to the solenoid opening the door.
This is a really lame and poorly thought out comment.
A failure of implementation is not a failure of design. It’s easy to open a mechanical lock if the latch is left accessible; same idea.
If it has a motor or a solenoid to open the latch, you can always drill down to it and power it yourself. Or, if you’re not allowed to damage the lock, xray it to see where the electronics are and blast it with radiation to trigger the transistor that powers it.
Implausible? Maybe, but you didn’t define the limit where you switch from practical to philosophical.
My comment was for reasonable and reasonably intelligent people, not for someone who runs headlong into a pointless argument because they refuse to stick within reasonable standards.
Define “reasonable”. Is this some random individual, or a government spy department with millions in budget?
Perhaps a magnetic key. They’d need to impression with a magnetic field viewing sheet?
Some of the lock pins are small neodymium magnets and never physically touch the key. Half of them need to repel and the rest attract negating bump attacks and standard picking.
Even magnetically segmenting the key or making it flexible isn’t really going to add much resistance.
There’s no such thing as a pick proof lock, just people who’ve kept to the notion after having been brought up to think stealing is wrong.
The keyhole in an easily cuttable padlock is just so you can send it to somebody to try and pick, when nobody can open it except with an angle grinder, then it becomes a good lock for a safe door.
I guess the pins and the shape of the key help, but I think an NFC reader inside the lock, with a tag in the key as well as a coin cell in the key that powers the reader inside the lock makes all the pin bumping a waste of time. Just in case somebody fries the reader you would need some secret spots to drill to defeat the reader, but on the face of a safe door those would be awfully hard to find.
I quite liked Stuff Made Here’s earlier version, which measured the key and transferred it’s measurements to some intermediary pins, which were then compared against the gates which actually tested the combination. Thus, no part of the key or anything else that came from outside could come into contact with the part that held critical information.
This lock, however, still managed to slow down the process quite a bit.
A contactless and maybe pretty secure lock would be to use an optical system instead of physical pins or magnets. Each tooth on the key corresponds to a break beam type sensor (there would be a beam on every tooth for every depth so that you couldn’t just see where the beam is) then when the right combination of beams are broken or unbroken then it opens.
Going even further it could use a system similar to optical keyboard switches where it measures the amount of light that can pass through a V to measure position. If instead of simple break beam sensors these were used it would then need each beam to let a specific amount of light through. The key would need to be very precise though.
The problem with an optical solution would be that dirt can easily affect it and it may be possible to use some kind of photo sensitive film to stick inside the lock and record a key getting used.
Another option could be magnets but rather than just sensing position instead it uses hall effect sensors to measure the field strength and polarity and uses that to unlock.
Maybe a form of magnetic viewing film stuck inside the lock would work here too though.
Maybe to get around the film way of impressioning it would need to use the travelling key method shown in this lock but during the stage where the keyhole is accessible either expose it to a very strong magnet or bright light so that any impression left on the photo sensitive film or magnet viewing film is wiped before it can be taken out.
Maybe to prevent the common way of defeating electronic locks by using a strong magnet externally to actuate the solenoid it could use a two electromagnet system where the normal permanent magnet in a solenoid is replaced by a second coil.
It’s a trifle slow vs. a solenoid; but I’ve seen some electronic locks that use a small motor and gear to move a nonmagnetic toothed element instead: the motor still means that there is some magnetic entanglement(but it’s more complex; and substantially confined inside the motor, so probably harder to exploit, though I wouldn’t rule it out 100%); but that definitely stops the ‘just slap a powerful magnet on one side’ EZ-attack that the dodgy solenoid designs have.
It seems like there would probably also be options(again potentially exploitable; but adding significant ‘texture’) in adding additional magnetic elements that interfere with the bolt the solenoid is moving in response to magnetic fields that aren’t in exactly the position where the solenoid’s coil will generate them.
I suspect that this would be deeply impractical(both because there are easier attacks for most common locks and because the key sometimes needs to deliver a fair amount of force in sloppy or ill-maintained locks); but I’d be curious if it would be viable to build a mechanically adjustable key for ‘in-system impressioning’.
Presumably the default state would be all cut positions at their lowest value, with each having a screw-driven plate that could be raised so that it pushes the corresponding tumbler in the same way a blank cut to the corresponding depth would.
It’s the sort of thing that would be trivial at a much larger scale: for common key types it’s basically a row of 6 or 8 screw jacks with some clever drive shaft routing to run all the shafts in one direction and out to where the user could crank each one to the desired height; but getting that sort of apparatus into the geometry of a key blank would be some real watchmaker stuff; and getting it to survive being turned in a reluctant lock would probably be a ‘real watchmaker not afraid of some materials that really suck to machine’ stuff.