The Ford Securicode, or the keyless-entry keypad available on all models of Ford cars and trucks, first appeared on the 1980 Thunderbird. Even though it’s most commonly seen on the higher-end models, it is available as an option on the Fiesta S — the cheapest car Ford sells in the US — for $95. Doug DeMuro loves it. It’s also a lock, and that means it’s ready to be exploited. Surely, someone can build a robot to crack this lock. Turns out, it’s pretty easy.
The electronics and mechanical part of this build are pretty simple. An acrylic frame holds five solenoids over the keypad, and this acrylic frame attaches to the car with magnets. There’s a second large protoboard attached to this acrylic frame loaded up with an Arduino, character display, and a ULN2003 to drive the resistors. So far, everything you would expect for a ‘robot’ that will unlock a car via its keypad.
The real trick for this build is making this electronic lockpick fast and easy to use. This project was inspired by [Samy Kamkar]’s OpenSesame attack for garage door openers. In this project, [Samy] didn’t brute force a code the hard way by sending one code after another; (crappy) garage door openers only look at the last n digits sent from the remote, and there’s no penalty for sending the wrong code. In this case, it’s possible to use a De Bruijn sequence to vastly reduce the time it takes to brute force every code. Instead of testing tens of thousands of different codes sequentially, this robot only needs to test 3125, something that should only take a few minutes.
Right now the creator of this project is putting the finishing touches on this Ford-cracking robot. There was a slight bug in the code that was solved by treating the De Bruijn sequence as circular, but now it’s only a matter of time before a 1993 Ford Taurus wagon becomes even more worthless.
While it’s often thought of as a criminal activity, there’s actually a vibrant hobby community surrounding the art of lock picking. In the same way that white hat hackers try to break into information systems to learn the ways that they can be made stronger, so do those in the locksport arena try to assess the weaknesses of various locks. For the amateur, it can be exciting (and a little unnerving) to experience the ease at which a deadbolt can be picked, and if your concern is great enough, you can go a little farther and modify your locks to make them harder to defeat.
The lock in question was sent to [bosnianbill] by [Rallock67] with a device that [Rallock67] had installed using common tools. Known as a Murphy Ball, a larger-than-normal spring was inserted into one of the pins and held in place by a ball bearing. This makes the lock almost completely immune to bumping, and also made it much more difficult for [bosnianbill], an accomplished and skilled locksmith, to pick the lock due to the amount of force the spring exerted on the cylinder. The surprising thing here was that this modification seems to be relatively easy to do by tapping out some threads and inserting a set screw to hold in the spring.
Locksport and lockpicking are a great hobby to get into. Most people start out picking small padlocks due to their simplicity and ease. It’s even possible to pick some locks with a set of bobby pins. And, if you really want to see how easy it is to defeat some locks and/or how much good the TSA does for your overall security, you’ll want to take a look at this, too.
Thanks to [TheFinn] for the tip!
Continue reading “Modify Locks to Baffle Burglars”
Over at the 23B hackerspace in Fullerton, CA, [Dano] had an interesting idea. He took a zip tie, and trimmed it to have the same profile of a lock pick. It worked. Not well, mind you, but it worked. After a few uses, the pick disintegrated, but still the concept of picks you can take through a TSA checkpoint was proven.
A few days after this demonstration, [C] realized he had a very fancy Objet 3D printer at work, and thought printing some pics out would be an admirable goal. After taking an image of some picks through the autotracer in Solidworks, [C] had an STL that could be printed on a fancy, high-end 3D printer. The printer ultimately used for these picks was a Objet 30 Pro, with .001″ layer thickness and 600dpi resolution. After receiving the picks, [C] dug out an old lock and went to town. The lock quickly yielded to the pick, and once again the concept of plastic lock picks was proven.
Although the picks worked, there were a few problems: only half the picks were sized appropriately to fit inside a lock. Two picks also broke within 15 minutes, something that won’t happen with traditional metal picks.
Still, once the models are figured out, it’s easy to reproduce them time and time again. A perfect lock pick design is then trivial, and making an injection mold becomes possible. They might still break, but they’ll be far easier to manufacture and simple to replace.
What Maker Faire would be complete without teaching children the joys of jiggling and twisting locks until they’ve opened? Toool, the open organisation of lockpickers made their way to New York this weekend to show off their bumping skills and get the kids interested in manipulating small mechanical devices.
The guys from Toool had a very cool setup – just a bunch of tables and chairs with a few picks and torsion wrenches. There were a few classic Master Locks on the table, but also a series of six tumbler locks each labeled with a number 1 through 6 signifying how many pins were in the lock. The idea is to get someone started on a one-pin lock, and eventually have them work their way up to the full six pins.
In the video after the break, one of the more animated guys from Toool explains why they were there, and also shows off picking a Master Lock twice in under 30 seconds. Seriously, people: educate yourself on locks before buying one.
Continue reading “Picking locks with Toool”
This month’s Wired magazine has an extensive profile of [Marc Weber Tobias]. He’s a professional lock picker that delights in coming up with new techniques for taking on high security locks. In recent years, he’s run afoul of the US’s premier high security lock manufacturer, Medeco, by publishing Open in Thirty Seconds with [Tobias Bluzmanis]. Medeco still denies that this is even possible. Wired decided to to test the team by purchasing six new cylinders and timing them. Each one was open in under nine minutes. You can see a video of this on Wired’s site.
Last fall we covered a decoding attack against Medeco locks by [Jon King].
Sometimes describing how a lock actually works can be the hardest part of teaching someone about lockpicking. [Mike Gee] has designed an acrylic lock that may just be the ticket for these situations. All of the pieces are cut from clear acrylic. As you insert the key, you can see it raise the four pins up to the shear line. He says that it will definitely take some tweaking as you assemble it to get it to function smoothly. Embedded below is a video of the lock in use. You can find plans on Thingiverse.
Continue reading “Acrylic tumbler lock”
Despite, Hack a Day seeming to be fairly lock heavy lately, we’ve yet to cover a major story from The Last HOPE. At the conference, [Jon King] talked about vulnerabilities in Medeco locks and presented his Medecoder tool. Medeco is really what makes this story interesting; unlike the EU, the US has very few high security lock manufacturers. You pretty much have to use Medeco and it’s found in many government agencies.
The Medeco locks have a vertical row of six pins arranged like most pin tumbler locks. Unlike your average lock, the rotation of the pins is important. When the key is placed in the lock, it not only moves the pins to the correct height, it also rotates them to the correct orientation. A sidebar blocks the cylinder unless the pins are rotated properly. Each pin has three possible orientations. They’re biaxial as well, which means the pin’s offset point allows for three more possible positions.
Continue reading “Medeco high security lock picking”