Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised

It seems a bit unfair to pile on a product that has already been roundly criticized for its security vulnerabilities. But when that product is a device that is ostensibly deployed to keep one’s family and belongings safe, it’s plenty fair. And when that device is an alarm system that can be defeated by a two-dollar wireless remote, it’s practically a responsibility.

The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.

With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.

The bottom line with alarm systems is that you get what you pay for, or sadly, significantly less. Hats off to [LockPickingLawyer] for demonstrating this vulnerability, and for his many other lockpicking videos, which are well worth watching.

Continue reading “Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised”

Turning A Single Bolt Into A Combination Lock

In our search for big-box convenience, we tend to forget that locksmiths once not only copied keys but also created complex locks and other intricate mechanisms from scratch. [my mechanics] hasn’t forgotten, and building a lock is his way of celebrating of the locksmith’s skill. Building a combination lock from a single stainless bolt is probably also showing off just a little, and we’re completely fine with that.

Granted, the bolt is a rather large one – an M20x70 – and a few other materials such as brass rod and spring wire were needed to complete the lock. But being able to look at a single bolt and slice it up into most of the stock needed for the lock is simply amazing. The head became the two endplates, while the shank was split in half lengthwise and crosswise after the threads were turned off; those pieces were later turned down into the tubes and pins needed to create the lock mechanism. The combination wheels probably could have come from another – or longer – bolt, but we like the look of the brass against the polished stainless, as well as the etched numbers and subtle knurling. The whole thing is a locksmithing tour de force, and the video below captures all of it without any fluff or nonsense.

If working in steel and brass isn’t your thing, fear not – a 3D-printed combination lock is probably within your reach. Or laser cut wood. Or even plain paper, if you’re not into the whole security thing.

Continue reading “Turning A Single Bolt Into A Combination Lock”

3D Printed Snap Gun For Automatic Lock Picking

At a far flung, wind blown, outpost of Hackaday, we were watching a spy film with a bottle of suitably cheap Russian vodka when suddenly a blonde triple agent presented a fascinating looking gadget to a lock and proceeded to unpick it automatically. We all know very well that we should not believe everything we see on TV, but this one stuck.

Now, for us at least, fantasy became a reality as [Peterthinks] makes public his 3D printed lock picker – perfect for the budding CIA agent. Of course, the Russians have probably been using these kind of gadgets for much longer and their YouTube videos are much better, but to build one’s own machine takes it one step to the left of center.

The device works by manually flicking the spring (rubber band) loaded side switch which then toggles the picking tang up and down whilst simultaneously using another tang to gently prime the opening rotator.

The size of the device makes it perfect to carry around in a back pocket, waiting for the chance to become a hero in the local supermarket car park when somebody inevitably locks their keys in their car, or even use it in your day job as a secret agent. Just make sure you have your CIA, MI6 or KGB credentials to hand in case you get searched by the cops or they might think you were just a casual burglar. Diplomatic immunity, or a ‘license to pick’ would also be useful, if you can get one.

As mentioned earlier, [Peter’s] video is not the best one to explain lock picking, but he definitely gets the prize for stealth. His videos are below the break.

In the meantime, all we need now are some 3D printed tangs.

Continue reading “3D Printed Snap Gun For Automatic Lock Picking”

Hacked Electric Toothbrush Defeats Locks With Ease

The movie version of lockpicking tends to emphasize the meticulous, delicate image of the craft. The hero or villain takes out a slim wallet of fine tools, applies them with skill and precision, and quickly defeats the lock. They make it look easy, and while the image isn’t far from reality, there are other ways to pick a lock.

This expedient electric toothbrush lockpick is a surprisingly effective example of the more brute force approach to lockpicking. As [Jolly Peanut] explains, pin tumbler locks work by lining up each pin with the shear line of the cylinder, which allows the lock to turn. This can be accomplished a pin at a time with picks, or en masse by vibrating the pins until they randomly line up with the shear line just long enough for the lock to turn. A locksmith might use a purpose-built tool for the job, but a simple battery-powered electric toothbrush works in a pinch too. [Jolly Peanut] removed the usual business end of the brush to reveal a metal drive rod that vibrates at a high frequency. The rod was slimmed down by a little grinding to fit into the keyway of a lock, and with the application of a little torque, the vibration is enough to pop the pins into the right position. He tries it out on several locks in the video below, and it only takes a few seconds each time.

Such brute force methods have their drawbacks, of course. They’re not exactly subtle, and the noise they create may attract unwanted attention. In that case, hone your manual lockpicking skills with a giant 3D-printed see-through lock.

Continue reading “Hacked Electric Toothbrush Defeats Locks With Ease”

Giant 3D Printed Lock Helps Teach Picking

Despite what the media might tell you, picking locks isn’t just for spies and guys wearing balaclavas. Those who pick as a hobby, or even competitively, think of locks as logic puzzles. Each lock is a unique challenge, and defeating it requires patience, dexterity, and perhaps most importantly the experience that comes from regular practice. But where does one start if they want to get into the world of recreational lock picking, also known as locksport?

Many people begin their journey on a practice lock, usually made of clear plastic so you can see its inner-workings. That’s fine for the individual, but what if you’re trying to demonstrate lock picking to a group? [John Biggs] may have the solution for you, assuming you’ve got the time and material. His huge 3D printed cutaway lock, and appropriately sized tools, allow even the folks in the back of the room to see how basic picking techniques work.

A print of this size is nothing to sneeze at; a quick peek on the reference printer here at the Hackaday Chamber of Secrets indicates you’re probably looking at the better part of 20 hours to print everything out. Once printed you’ll likely need to take a file and some sandpaper to all the surfaces to make sure things operate smoothly. It doesn’t appear to be a terribly challenging print all things considered, but we wouldn’t call it a beginner’s project either.

The only non-printed part in this design is the springs, which [John] mentions he hasn’t quite found the solution for yet. They need to be fairly weak or else the lock is too hard to pick, but springs large enough to work with the pins are usually pretty strong. This might be a perfect application for some custom wound springs.

After you’ve mastered the PLA lock, it might be time to make your own picks and see if anyone is giving free lock picking workshops in your area.

[Thanks to DarkSim905 for the tip.]

Opening A Ford With A Robot And The De Bruijn Sequence

The Ford Securicode, or the keyless-entry keypad available on all models of Ford cars and trucks, first appeared on the 1980 Thunderbird. Even though it’s most commonly seen on the higher-end models, it is available as an option on the Fiesta S — the cheapest car Ford sells in the US — for $95. Doug DeMuro loves it. It’s also a lock, and that means it’s ready to be exploited. Surely, someone can build a robot to crack this lock. Turns out, it’s pretty easy.

The electronics and mechanical part of this build are pretty simple. An acrylic frame holds five solenoids over the keypad, and this acrylic frame attaches to the car with magnets. There’s a second large protoboard attached to this acrylic frame loaded up with an Arduino, character display, and a ULN2003 to drive the resistors. So far, everything you would expect for a ‘robot’ that will unlock a car via its keypad.

The real trick for this build is making this electronic lockpick fast and easy to use. This project was inspired by [Samy Kamkar]’s OpenSesame attack for garage door openers. In this project, [Samy] didn’t brute force a code the hard way by sending one code after another; (crappy) garage door openers only look at the last n digits sent from the remote, and there’s no penalty for sending the wrong code. In this case, it’s possible to use a De Bruijn sequence to vastly reduce the time it takes to brute force every code. Instead of testing tens of thousands of different codes sequentially, this robot only needs to test 3125, something that should only take a few minutes.

Right now the creator of this project is putting the finishing touches on this Ford-cracking robot. There was a slight bug in the code that was solved by treating the De Bruijn sequence as circular, but now it’s only a matter of time before a 1993 Ford Taurus wagon becomes even more worthless.

Hacking When It Counts: Prison Locksmithing

In 1978, Tim Jenkin was a man living on borrowed time, and he knew it. A white South African in his late 20s, he had been born into the apartheid system of brutally enforced racial segregation. By his own admission, he didn’t even realize in his youth that apartheid existed — it was just a part of his world. But while traveling abroad in the early 1970s he began to see the injustice of the South African political system, and spurred on by what he learned, he became an activist in the anti-apartheid underground.

Intent on righting the wrongs he saw in his homeland, he embarked on a year of training in London. He returned to South Africa as a propaganda agent with the mission to spread anti-apartheid news and information to black South Africans. His group’s distribution method of choice was a leaflet bomb, which used a small explosive charge to disperse African National Congress propaganda in public places. Given that the ANC was a banned organization, and that they were setting off explosives in a public place, even though they only had a few grams of gunpowder, it was inevitable that Jenkin would be caught. He and cohort Steven Lee were arrested, tried and convicted;  Jenkin was sentenced to 12 years in prison, while Lee got eight.

Continue reading “Hacking When It Counts: Prison Locksmithing”