When it comes to safes, mechanical design and physical layout are just as important as the electronic bits. If care isn’t taken, one element can undermine the other. That appears to be the case with this Amazon Basics branded biometric pistol safe. Because of the mechanical design, the fingerprint sensor can be overridden with nothing more than a thin piece of metal — no melted gummi bears and fingerprint impressions involved.
[LockPickingLawyer] has a reputation for exposing the lunacy of poorly-designed locks of all kinds and begins this short video (embedded below) by stating that when attempting to bypass the security of a device like this, he would normally focus on the mechanical lock. But in this case, it’s far more straightforward to simply subvert the fingerprint registration.
This is how it works: the back of the front panel (which is inside the safe) has a small button. When this button is pressed, the device will be instructed to register a new fingerprint. The security of that system depends on this button being inaccessible while the safe is closed. Unfortunately it’s placed poorly and all it takes is a thin piece of metal slid through the thin opening between the door and the rest of the safe. One press, and the (closed) safe is instructed to register and trust a new fingerprint. After that, the safe can be opened in the usual way.
It’s possible that a pistol being present in the safe might get in the way of inserting a metal shim to hit the button, but it doesn’t look like it. A metal lip in the frame, or recessing the reset button could prevent this attack. The sensor could also be instructed to reject reprogramming while the door is closed. In any case, this is a great demonstration of how design elements can affect one another, and have a security impact in the process.
[truebassB]’s dispenser operates around a 555 timer, adjusted by a potentiometer. Push a button and a cup pours in a few seconds, or hold the other button to dispense as much as you want.
The dispenser is made from MDF and particle board glued together, with some LEDs and paper prints to spruce it up. Just don’t forget a small spill sink for any miscalculated pours. You needn’t fret over the internals either, as the parts are easily acquired: a pair of momentary switches, a 12V micro air pump, a brass nozzle, food-safe pvc tube, a custom 555 timing circuit — otherwise readily available online — a toggle switch, a power supply plug plus adapter and a 12V battery.
Homebrew laser cutters are nifty devices, but scorching your pals, burning the house down, or smelling up the neighborhood isn’t anyone’s idea of a great time. Lets face it. A 60-watt laser that can cut plastics offers far more trouble than even the crankiest 3D-printers (unless, of course, our 3D printed spaghetti comes to life and decides to terrorize the neighborhood). Sure, a laser’s focused beam is usually pointed in the right direction while cutting, but even an unfocused beam that reflects off a shiny material can start fires. What’s more, since most materials burn, rather than simply melt, a host of awful fumes spew from every cut.
Despite the danger, the temptation to build one is irresistible. With tubes, power supplies, and water coolers now in abundance from overseas re-sellers, the parts are just a PayPal-push away from landing on our doorsteps. We’ve also seen a host of exciting builds come together on the dining room table. Our table could be riddled with laser parts too! After combing through countless laser build logs, I’ve yet to encounter the definitive guide that tells us how to take the proper first steps forward in keeping ourselves safe while building our own laser cutter. Perhaps that knowledge is implicit to the community, scattered on forums; or perhaps it’s learned by each brave designer on their own from one-too-many close calls. Neither of these options seems fair to the laser newb, so I decided to lay down the law here.
[Dave Jones] over at EEVblog got his hands on a small safe with an electronic lock and decided to try his hand at safe cracking. But rather than breaking out the thermal drill or shaped charge, he hooked up his Rigol scope and attempted a safe cracking via signal analysis (YouTube link).
We have to say that safes Down Under seem much stouter than most of the inexpensive lock boxes we’ve seen in the US, at least in terms of the quality (and quantity) of the steel in the body of the safe. Even though [Dave] was looking for a way in through the electronics, he still needed to deal with all that steel to get himself out of a face-palm moment that resulted in a lockout. Once that was out of the way, he proceeded to capture usable signals from the internal microcontroller using the only two available contacts – the 9 volt battery connections. While he did get signals, he couldn’t find any signatures that would help determine the six digits in the PIN, and as he points out, even if he did, brute-forcing through the one million permutations to find the right code would take too long, given the wrong-code lockout feature of the lock.
Even though he failed to hack into this particular safe, there’s still plenty to be learned from his methods. And who’s to say that other similar locks aren’t a little more chatty about their internals? Maybe you could even manage to EMP your way past the lock.
So you spent the big bucks and got that fancy safe but if these guys can build a robot to brute-force the combination you can bet there are thieves out there who can pull it off too. [Kyle Vogt] mentioned that we featured the first iteration of his build back in 2006 but we can’t find that article. So read through his build log linked above and then check out the video of the new version after the break. It’s cracking the combination on a Sargent and Greenleaf 8500 lock. There’s an interesting set of motions necessary to open the safe. Turn the dial four revolutions to the first number, three revolutions to the second, two revolutions to the final number, then one revolution to zero the dial. After that you need to press the dial inward to activate the lever assembly. Finally, rotate the dial to 85 to retract the bolt which unlocks the safe.
The propaganda on this lock says it stood up to 20-hours of manual manipulation. But [Kyle] thinks his hardware can get it open in a few hours. His hardware looks extremely well-engineered and we’d bet some creative math can narrow down the time it takes to brute force the combo by not going in sequence.
[Greg] sent in his biometric pistol safe lock. He keeps his guide light on details so not every Joe can crack the system (there is a thread to sift through if you really wanted to), but the idea runs fairly simple anyway. [Greg] took an old garage door opening fingerprint scanner and wired it into a half broken keypad based pistol safe. While he did have some issues finding a signal that only fired when the correct fingerprint is scanned, a little magic with a CMOS HEX inverter fixed that problem quick.
This does bring one question to our minds, are fingerprint scanners as easy to crack as fingerprint readers?