S&G cutaway

November 10th, 2019

A while ago, we talked about a very nice cutaway lock made by l0ckcr4ck3r, see https://blackbag.toool.nl/?p=2613. That was a Mul-T-Lock MT5+. He has been busy on a new lock lately, the Sargent and Greenleaf Environmental Padlock 0881.

S&G 0881

I must admit I did not know the lock, aklthough it is apparantly well-known in the USA. The lock is made to especially withstand harsh weather for prolonged periods and still open without problems,

L0ckcr4ck3r has worked his magic to cut the lock open and this is the result:

More pictures can be found at https://drive.google.com/drive/folders/1DKNmLTOpDM12dxdGNW-kbYIPNJRx2vEX?usp=sharing.

Toool is not affiliated with l0ckcr4ck3r, we just want to show nice pictures of nice locks.

(Post by Walter)

LockCon 2019 – Dutch competition

October 29th, 2019

One of the award ceremonies at LockCon is for a competition that takes a year. Every year, Toool has a competition with about 26 locks that are taken to all our meetings. Members of Toool can set a time on the opening of these locks and repeat doing so, improving their times as they learn more about the lock and how to pick it. It is very helpful in improving your technique but of course it is quite different from the lockpicking competition in which you get a lock you have never seen before and need to open it.

This years’ results are to be found at https://toool.nl/competitie2019/.

  1. Walter
  2. Jos
  3. Christian
  4. Tom
  5. Adam
  6. Rob

(Post by Walter)

LockCon 2019 – lever lock picking

October 29th, 2019

The lever lock picking championship has been part of LockCon for a few years now, thanks to Jord who set it up. This year, our friends from Italy brought with them a setup for a competition including locks in nice stands and tools to open them. The locks needed to be picked 4 times, for a full 360 degree turn. LEDs on top showed the progress.

There were 29 participants. In the first round, people needed to do one opening on one lock. The fastest 16 went on to the semifinals. Four groups of 4 would get 5 minutes per each of 4 locks. The best of each group, plus the best runner-up then participated in the final.

Impressioning Italian style

The final score was as follows:
1. Julian
2. Alex
3. Christian
4. Torsten
5. Nigel

Since Julian would rather not be in the picture, we include a picture of Alex getting prizes from Jos

(post by Walter)

LockCon 2019 – lockpicking

October 29th, 2019

The Dutch Open is one of the oldest lockpicking contests in the world – and the most international. This year, we had to cap the number of attendees to 66.

In the first round, 6 groups of 11 people were formed. They each needed to open 11 locks in at most 5 minutes each. The 2 best of each table then progressed. Then there were 2 shoot-out rounds, where 2 people would compete one to one, opening two locks in 15 minutes per lock maximum. That left three finalists and three people in the B finals.

I had high hopes and in the first round I opened 11 locks in a total time of 4 minutes and 1 second, the fastest of my table. But unfortunately for me, I was eliminated in the second round. The people who progressed get 6-pin locks and dimple locks to open.

The results were as follows:
A-Finals
1. Marc
2. Manfred
3. Julian
B-Finals
4. Oli
5. Max White
6. Robert

A- and B-finals times
Marc gets his prize from Jos

(Post by Walter)

LockCon 2019 – impressioning

October 29th, 2019

Some 40+ people participated in the impressioning championship. In the first round, one lock needed to be impressioned within an hour. The locks were sponsored by Abus and they gave us keyed-alike cilinders with a rather shallow profile. Within the hour, 32 people opened their lock.

The 6 fastest went on to compete in the A-final, the 6 runners up in the B-final. Both groups needed to open 6 locks in less than 15 minutes each. These were locks with more difficult profiles.

The result:
A-Final
1. Manfred
2. Jan-Willem
3. Jord
4. Walter
5. Cocolitos
6. Jos
B-Final
7. Alex
8. Oli
9. Mathias
10. Torsten
11. Datagram
12. Rebecca

All the times scored in the A and B finals
Jos hands the first prize to Manfred

(Post by Walter)

LockCon 2019

October 29th, 2019

For the 11th time in a row, Toool has organised LockCon, the international conference on lock sport. Before that, it was the Dutch Open Lockpicking Championship, and this championship is now incorporated in LockCon, together with an impressioning competition and a leverlock competition.

With over 100 attendees last weekend, it was bigger than ever, but it still retained that cosy family get-together feeling. Information sharing, meeting up with old friend, meeting new friends, swapping locks and participating in championships in a relaxed environment, where everybody participates in making it a success is what it’s all about.

It was nice to see delegations from all parts of the world, from nearby to far away (even including Canada, US, Australia, New Zealand).

The Italian delegation brought in a fine selection of Parma products, including wine, ham and cheese.

I would like to thank our sponsors, beginning with Abus, long-time sponsor of the many locks and blank keys for the impressioning competition. Datagram sponsored the badges and trophys. All the prizes were sponsored by Sparrows, Multipick, TOKOZ, PACLOCK, Parmakey, M2 serrurerie and Oli.

Prizes

(Post by Walter)

Key duplication from a photo CTF

September 22nd, 2019

Jos has a talk about key duplication from pictures. If you have not seen it: https://youtu.be/muINcnhj1EQ
For a conference there was the question: What does it take to make it into a workshop? There was little budget so we have turned it into a CTF instead of a training/workshop.
This CTF has no prices and might teach you something new.

If you ever wished you could try it without being sneaky, this is your chance. The CTF is a controlled and safe environment. You are encouraged to copy these keys!

The problem:
Publishing pictures of your keys is not a good security practice. Keys can be duplicated from a photo rather easily. Twitter and other social media are full of threads filled with pictures of keys. I got shared one but they’ve removed it on our advice.
(Note to self: Take more screenshots.)

Example: https://twitter.com/hashtag/zeigteureschluesselanhaenger
The hashtag is about the keychain but there are some perfectly decodable keys in there.

The CTF:
1) Get to the keys
2) Take a photo or make an imprint of it
3) Make a key
4) Test the key

Measuring tools and files will be available at the lockpicking village.
We are going to help as little as possible to not spoil the fun.

There are three keys at the moment:
CTF 1) Key will be published here
CTF 2) Key will be placed on the table at lockpicking villages (do not borrow/steal the key please.)
CTF 3) Key will be on the belt/lanyard of the Orga or instructors at the lockpicking Village

Please don’t publish pictures of the CTF 2 and CTF 3 key. You are allowed to do a writeup about CTF 1.

CTF Key 1:
Key measurements:

As there was still some ambiguity, this picture should prove be useful. Each square is 5mm by 5mm.

All locks are standard unmodified 5pin Abus/Buffo. The blanks that work are Y1, 1A (SKS/JMA), CS206 (Silca) and many others. You’ll get points for sourcing your own keys. Really, give it a try!

This CTF will run for the next months to years. Come see Toool at a conference near you.
Next up: Hardwear.io, HITB, LockCon and Hackerhotel 2020.

If you want to play but can’t make it to a conference. Please send me a digital bird at Jan-Willem at Toool dt nl. You’ll be send three pictures and a post address. You can mail me the physical keys you’ve made.

I’ve tested the CTF myself. It took me about 30 minutes to make three keys from a photo.
Please, don’t publish pictures of your keys, stay safe.

Published by Jan-Willem.

Impromptu lockpicking village at Bornhack IV

August 19th, 2019

Jos and I (Jan-Willem) where at Bornhack.dk a small hacker conference in Denmark. Not only where the talks interesting also the quietness was welcome. Bornhack does not have multiple tracks so plenty of time to relax and pick locks.

We brought a lockpicking village in a box. A decently sized tool case with everything you’d need for a unplanned lockpicking village.

I’m attempting to learning manipulation of safe locks and brought a S&G lock and a bunch of manipulation sheets to Bornhack. It took me the better part of three days to crack it. (For a upcoming conference I’ve got an hour.)

Manipulating safes and safecracking sparked the interest of multiple people and I’ve did my best to explain the basics. What I was doing and how to exploit the lock.

Jos did his talk on post-its and invited people to join us at theFEEST village. aka Dutch village with free beer and stroopwafels. Many Danish hackers joined us at the village. It’s always fun to teach people a new skills.

Internet of lockpicks.

Note to self: Create a http://www.istodayfriday.com/ like website for lockpicking.

Key duplication revisited

August 18th, 2019

A few weeks ago, we tested the Quick Key Easy Pro kit from Multipick, which turned out to work very well for duplicating a BKS Janus key and even a DOM Diamant key.

This time, we wanted to see if you really need such as expensive kit. First, we focus on the metal. Can we use cheap rose metal we obtained from the internet? We use the moulds we created earlier. The answer: yes, this works fine, for both keys. Our first attempt failed as the two halfs of the mould were not properly aligned, but that is “operator error”.

Next, we try to see if there are alternatives to the moulding material. We use cuttlebone, that is also used by silver smiths. We use a standard key to start with. The duplicate looks promising, but does not work. Again, we blame the alignment of the two parts of the mould. Some further testing is necessary. The cuttlebone is too brittle to be used in combination with the holder from the Multipick kit.

Attacking masterkeyed systems

August 6th, 2019

A couple of years ago one of our members, Jos Weyers, came up with a novel method to attack masterkeysystems. If you know Jos, it’s probably not at all surprising that this method mainly consists of impressioning. Attacking masterkeyed systems that way has several distinct advantages; no need to take a lock apart, no need for huge numbers of blanks, no need to have access to a working key, no guessing if your new key is indeed the master you are looking for, to name just a few. After keeping this knowledge within a rather small community for some time, it is now out in the open due to a talk Jos did at OzSecCon in Melbourne this year.Which off course includes live demo’s right there on stage.

https://twitter.com/kylieengineer/status/1139694231964938240

(masterkeysystem supplied and pinned up by Holly Poer , “southpark-esque lock animations” by JanWillem Markus)