In the current Tool rhythm, we have one meetup a week. Both the Amsterdam and Eindhoven meetups are Bi-weekly, where we planned to have one meetup a week. We come together to discuss lock topics, compete in the Toool competition, and generally have fun picking locks.
In this post, I’d like to share pictures topics and projects that have come across at Toool meetups.
A locked coin safe was brought to the meeting. Due to the construction of the box, the lock was a very difficult to put torque on with a turning tool. We succeeded in opening the lock several times, and had great fun picking the lock in literally seconds with an electronic pick.
Once in a while, we receive donations from community members. This Sparrows vault was donated to us with the request for an upgrade to the lock, as the original served not enough of a challenge. We complied, and mounted a Kaba Mas X0 Electronic lock on the Vault.
Everyone has a go-to pickset, one which is a mix of everything. We also bring Sunday’s best to dedicated sets. For example, Moki makes great picksets, which are even better with homemade handles. Or a shiny Multipick set, be it dimple or a dual-gauge set designed by Christina Palmer. Where the only part staged about the photo is to have all the sets neatly displayed.
We went to the Association des Crocheteurs de France conference in December 2022, and brought back a few tools and picks from France. We attempted to pick the Polox-5, and Fichet F3D. Both attempts made possible by the incredible work of Nitiflor, who designed and 3D printed these picks.
Jos brought a suitcase with Chinese locks, which was gifted to him for organizing LockCon 2016. At the time, these locks were unobtainable, and information sparse. The mechanisms are very intricate with 50-element wafer locks, and cores with continuous rotation similar to the Yuema 750, an implementation we have yet to see used in Europe.
If this blog sparked interest in lockpicking, or if you have been picking and would like to join a meetup, please contact us. We are always welcome to new people, be it to teach the basics or to share advanced tricks. https://toool.nl/Gatherings
In the summer of 2022, the Dutch hacker community gathered at the May Contain Hackers conference. The conference was amazing, with over a dozen simultaneous tracks with topics ranging from electronics, privacy and internet security, to art and technology. The program is published at https://program.mch2022.org/ and the talks are published on https://media.ccc.de/c/MCH2022.
For Lockpicking content, Toool organized a lockpicking village, The MCH CTF included lockpicking challenges, and plenty of exciting talks are given. Including Introduction to lockpicking and safe cracking, Anker 3800 Magnetic lock, and bumping electronic locks! More on these after a photo impression of MCH.
Jan-Willem presented an introduction to lockpicking and safe lock manipulation.
Talk description from the MCH schedule: Most security implementations leak information, mechanical security is no different. It takes sharp eyes, a soft touch, and a good hearing to distinguish between information and noise. In this talk we will go in depth on how locks works, and how we can persuade them to disclose their secrets, and open them without damage.
The Open Organization of Lockpickers (Toool) is a group of nerds obsessed with mechanical security. We create, collect, take apart, discuss, and attempt to defeat locks. While we are known for lockpicking, there are many other techniques for opening locks without damage.
This talk will focus on the language of the locks, the side channels in mechanical security systems. We will start with binding order, the mechanism to isolate the locking elements, and exploit them one by one. Then we will discuss a wide variety of other methods of gathering information and opening locks. Most of these methods are not practical, but working them out gives us great joy, and we would like to share the highlights with you.
Walter presented his research of the Anker 3800 magnetic lock. It includes deriving master keyed systems, designing an electronic key/lock decoder, and 3D printing keys.
Talk description from the MCH schedule:The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. Can it be opened without the key? This talk discusses how the lock works in a master keyed system and how it can possibly be defeated. It will cover decoding, picking and key duplication.
The Anker 3800 is a mechanical lock that has both traditional pins as well as magnetic sliders. It was designed by Japanese company MIWA and is sold in the Netherlands under the Anker brand. It is a high security lock that is often used in large master keyed systems.
I wondered: can it be opened without the key? I will present my adventures with the lock, having opened it up to see how it works, and several things I have tried to copy the key, pick the lock, decode the lock and find out what the master key looks like. The talk will include successes and failures and I will discuss designing 3D models, C&C work, electronics, Arduino programming, PCB design, and more.
The talk is aimed at people with an interest in lockpicking. No prior knowledge is necessary.
mh shared his research on bumping electronic locks. As in, opening the electronic locks by using a percussion drill and custom attachment.
Talk description from the MCH schedule:Modern electronic locks are often optimized for cost, not security. Or their manufacturers don’t do security research. Or they ignore it. For whatever reason, many current electronic lock systems are susceptible to surprisingly simple attacks. We’ll look at some of them, and at the underlying basics, so that you can do your own research.
In this talk, we look at a number of modern electronic locks and their security flaws. Surprisingly many current systems are susceptible to very simple attacks, like the equivalent of using bump keys. Of course, there are electronic and/or SW-based attacks, too. We’ll look at some of them, and at the underlying basics, so that you can do your own research. Some of the problems have been fixed by manufacturers, but typically only for future production runs, so you will get some practical advice on how to test your own hardware for these critical flaws.
Jan-Willem presented a basic introduction to threat modeling and uses puzzles as an example.
Talk description from the MCH schedule:Mechanical locks are everywhere and come in all shapes and flavors. But choosing the right lock can be rather difficult. For example, what is better? A lock that is hard to pick, or a lock with hard to duplicate keys. This talk will not give you the answers, but it will help you understand the trade-offs. Furthermore, we will have fun threat modeling our locks.
Is lockpicking a threat you should be concerned about, or is the brick the tool you should care for? Jan-Willem, from The Open Organization of Lockpickers (Toool), will share his ideas on mechanical security and threat modeling. We will make it fun and use several case studies, starting with defining a lock, threat modeling mechanical puzzles, and use several case studies where the threat was overrated. Simply put, attacks against locks range from the trivial to mastery. I’ll share multiple failed attempts of attacks that should be trivial, but were not in practice, and we will analyze them together.
We are happy to present the talk Experiment driven lockpicking by Jan-Willem at HackerHotel 2023.
The talk goes into uncovering information leakage in locks like Bowley Rotasera and Kromer Protector. May this talk inspire to do research and share all the interesting results.
Impressioning competition are all about opening the most locks in the least amount of time. Quite often, every second counts. As we have been playing the game for a couple of decades, it wouldn’t surprise you that the locks become harder, the times have been getting faster, and the openings more consistent.
Most of the players have reinvented their setup multiple times. I’ve seen 3D printed attributes for key marking, and often see the newest inventions. To keep it fair, however, you require sharing the idea before the competition, as to prevent an unfair advantage.
My first improvements have been to watch the masters work, and to copy what they do. Whereas my last improvements are much more subtle. I’ve, for example, reduced the distance between the lock, lamp, and table. And improved my handling process to save seconds here and there. I don’t believe we are done, either, as I’m trying to find a better way of placing my file when I’m not using it.
What is it? It’s a modified cylinder where the pins are replaced by sharp carbide rods. By pressing a key into the pins, the pin positions are marked on the key. Which, in turn, allows a key of all depths one to be made. The process takes a second, instead of preparing a blank with sand paper, a filling jig, or marking the positions one by one with a scribe. To be completely honest, it might not save me too much time, I just like it as a convenience tool.
I’ve built my first version after I impressioned my first lock, early 2018. It’s not the prettiest, but it worked for over a thousand keys. At that time, I impressioned a lock a day for every day in January. At UKlocksport forum, this is known as the January challenge. I’ve got some good stories about it, including a friend that just never stopped and has a streak in the thousands. (Please, Toni, remind me to write a blog about it.)
The key below shows the principle of operation. The scribe replacement tips scratch the surface of the key. For this one, the scratches are deeper than I like, but it shows the idea. You want a mark, but not too deep.
The current version, as shown in the pictures below, are from a small series production I’ve made for LockCon 2022. It was well received, and I’ve helped many of my friends with one of them. Making them commercially is very much not worth it. But if you want one, or the bits to make one, I might have some.
Please remember, even with all the impressioning gadgets, it’s not going to make a difference if you didn’t put in the hours. Consistency is key.
Pictures are copyright CCBY4.0 Jan-Willem Markus @ Blackbag.
This post is a bit of unusual content for this blog, but I believe it to be worth sharing. In summary, I’ve modified a 1500 W space heater to output 400 W heat continuous. This lets me heat up just my computer corner, and subsequently save on my energy bill.
The winter is cold. While not unusual, this year’s energy prices are going through the roof. (For reference, electricity is about €0.8 per kWh and gas goes for €3 per m^3.) This requires us to be smarter about energy use, or pay the price. It doesn’t help that my house isn’t very energy efficient. Luckily, I wasn’t home during the coldest weeks of December. Annoyingly, I’ve paid about €50 in heating for the single day I used my central heating. While I can afford it, I’d rather spend it on locks.
One solution to save on the energy bill is to use a localized heating over central heating. The newest technology in that regard are infrared (IR) panels. They radiate infrared light, which is absorbed by surfaces. This is believed to be more energy efficient than heating the air. The panels are usually mounted to the wall. But I’ve also seen then hanging from the ceiling, or as large format placemats under a computer keyboard. I couldn’t find one that fit my needs, so I modified a fairly useless space heater instead.
Useless, wouldn’t usually be my way of describing these devices. Space heaters work as designed, converting electrical energy into heat. I’ve bought a 2* 750 W version some years ago, but have not used it much. It heats up quickly, and shuts off as it reached it maximum temperature. Heat for 10 seconds, cold for 30. This hysteresis is quite annoying to me. Therefore, I chose to wire the two 750 W elements in series, reducing the power output to approximately 400 W. This appears to be enough to make my workstation habitable. (Given, I’m dressed for the weather as well.)
The difference is, the heater will get less hot, and the temperature is more stable as the tipping point of the thermostat is rarely reached. You might even forget it is even there. (Please don’t, as it’s still a fire risk.) I’m using the heater for about 5h a day on normal winter days, and have not used my central heating for a month.
While the modification isn’t difficult for the average maker, I rather share the complete story and make it more accessible. Do take care, though, as electricity is largely unforgiving, and the dangers are easy to underestimate.
In the figure below, there are simplified two diagrams which represent the original and the modification. In simple terms, electricity flows through a heating element to create heat. As continuous heat can burn out the element, they added a thermostat to regulate the temperature. This is quite a dumb device and consists of a bi-stable thermal switch. The heat builds up, until it trips the temperature dependent switch. The switch is turned on again when the temperature cools down below the set point. The overshoot and undershoot is called the hysteresis.
Switches with a build in lights are added for usability, and the earth is the safety feature to complete the build. It should be connected to the metal case, as a short from line or neutral to ground will trip the ground fault circuit interrupter (GFCI or RCD), or at the worst case, cause your circuit breaker(s) to pop.
In the original configuration, the heater can be used as 750 W or 1500 W heater. Making it into something arguably more useful isn’t hard. I’ve simply wired both heating elements in series, which quadruples the resistance, and sets the power output to 375 W.
The modifications are fairly straight forward, as clip on connectors are used to simplify manufacturing. Swapping the wires is usually enough to make it work. As you will see, I’ve not wired the optional switch light, and reused the cable for another connection.
Please take care of the necessary safety precautions, including unplugging it from the wall. Furthermore, don’t forget to wire the earth, (thermal) fuse, and thermostat correctly as they are life-saving features.
Let’s summarize. I’ve outlined a simple modification to a space heater to output 400 W heat continuously. This is enough for me to heat my work space in moderate Dutch winter weather. For the next winter, I’m very likely to invent in a heated work table surface, and a heated office chair, instead.
Hopefully this inspired you to modify your devices, and save some money on the electricity bill. I’d rather see you spend the money on other necessities, and if possible your lockpicking hobby.
Hi everyone, this is a quick blog post to show off a lockpick set by Lockpick maker Moki who also makes wonderful pick cases, as seen below. These cases are made in part from bicycle inner tube, which appealed to us.
Moki pickcase with a Explorer Set lockpicks and 3D printed PETG handles Bicycle inner tube lockpicking pouch
The Moki set contains three hook sets; small, medium, and deep hook of pointy, flat and round hooks similar style to the Sparrows SSDeV and Law Lock Tools Tipene set. All the lockpick shapes work very well. There is often debate on which is best, but we are open to all lockpick shapes, each has their function.
While we don’t expect to break these lockpicks, it’s an interesting design choice to have a replacement tip in the handle. All lockpicks came heavily polished, more so than any commercial lockpick we have seen.
The set of flat hooks and a triple peak rake. (Don’t look too closely at the reflections).
The lockpicks are longer and wider than standard lockpicks, think Law Lock Tools Pro, or Sparrows Sandman. Due to the size, the picks are quite flexible and are thus heavily improved with handles. Moki sells 3D printed handles from PETG, and has sold thick metal handles in the past. But it wouldn’t take much to make your own.
Experimenting a bit with the size and shape shows 2mm at each side works best. The screws in the set require countersunk holes, and are a bit fiddly to put together.
It is quite interesting working with these different handle materials. The 4mm thick wood is superb in feedback, but is thicker than any usual lockpick.
All plastic handles are an improvement over the handleless lockpicks, but none have the same feedback as glued/welded metal handles. The search for the best handle continues…
Closeup of the handle thickness.The sky is the limit, except for the flex in wood.
Posted in Uncategorized | Comments Off on Lockpick set by Moki
Our friends from Italy organized the Car lockpicking competition this year. Many car door locks, provided by ParmaKey, were picked during the competition.
First place in the competition won a Multipick ELITE pickset, an Italian bag, and a bottle of wine. Second and third place won a Multipick ELITE pickset. All winners got a trophy, and a custom engraved PACLOCK, a book on lock history, and a lock comic book.
Congrats to the winners!
Lasse got 1st placeTom C got 2nd placeNitiflor got 3rd place
During the Saturday, we ran the Lockpicking competition. For the first round, we had eight tables with eight participants each. Which all attempt to pick locks in 5 minute rounds, where everyone at the table gets to try all locks. The first and second best of the table get to the next round, which was four tables of four. The best of each table got to compete in the finals.
This year the competition had a wide selection of locks, from Abus, Corbin, Kibb, Iseo, Kale, Nemef, DMS, Winkhaus, DOM, S2, ERA, and Zeiss-Ikon, just to name a few.
First place in the competition won a custom engraved Abloy Classic lockpick by Jaakko and a Sparrows voucher of €100. Second place won a mh electronic lock bumping kit and a Sparrows voucher of €200. The third place won a set of Multipick LockNoob essentials lockpick kit. All winners got a trophy, and a custom engraved PACLOCK.
Congrats to the winners!
Oli got 1st placeTorsten got 2nd placeImSchatten360 got 3rd place
At LockCon we ran the Impressioning competition on the usual C83 locks. (Abus, Thanks for sponsoring!) For the first round everyone has 1h to attempt the keyed a like locks. 12 people opened the locks in 20 minutes, this time. The best six went to the A Final, the subsequent six to the B Final.
In due time, we expect to publish a report on the key bittings, pins, and the times for each lock.
First place in the competition won a custom engraved Abloy Classic lockpick by Jaakko, and a Sparrows voucher of €100. Second place won a Multipick Artimis electropick. The third place won a set of Multipick Elite 27 lockpickset. All winners got a trophy, and a custom engraved PACLOCK, and an M&C pinning mat.
Congrats to the winners!
Jos opened 4 locks and got 1st placeTorsten opened 3 locks and got 2nd placeLasse opened one lock and got 3rd placeResults A FinalResults B Final
Toool NL has a competition with ~25 locks, which can be picked during Toool meetings. Each member times his opening attempts and points are awarded according to opening times. The competition ran from LockCon to LockCon, which was a bit longer than a year, this time.
First place in the competition won a custom engraved Abloy Classic lockpick by Jaakko. Second place won a Multipick Kronos electropick. The third place won a set of Multipick dimple lockpicks. All winners got a trophy, and a custom engraved PACLOCK.
Congrats to the winners!
Walter got 1st place with 250 pointsTom got 2nd place with 176 pointsJos got 3rd price with 160 points
