Archive for June, 2007

New record: hacking e-voting computers in 60 seconds…

Saturday, June 9th, 2007

A few weeks ago we were asked to see how long it would take us to swap the ROM’s in a Nedap voting computer. The exact time would be needed in a German report from the Chaos Computer Club. They did research on voting computers and their vulnerabilities and came out with their analysis today.

In order for them to calculate how long an outsider would need to hack the elections they needed an estimate on how long it would take to swap the two ROM chips on a Nedap voting computer. The complete voting computer software is loaded from these two ROMs, and the person/entity installing the ROMs on these black box voting computers has complete power over the elections. There is no safeguard as there is no ‘paper trail’ and a recount is not possible.

Fair elections ... gone in 60 seconds here to see the video

If you want to know more details: recently a subtitled version of a Dutch TV item became available online for those interested in the situation in the Netherlands and our atempts to hack the Nedap’s. I think it gives a nice overview.

For us doing the ‘ROM swap job’ was a fun assignment. We stopped when setting the ‘record’ to one minute. One minute per machine is a nice statement and we decided not to push the limits any further.

And of course we backed up our 60 second claim with a video clip that will only take one minute of your valuable time (in Windows Media or on YouTube).

* Update June 10: The CCC report is getting extremely good press. Read the article from the prestigious ‘Der Spiegel’ magazine.

New weblog on the block : ‘Locks and Security’

Saturday, June 9th, 2007

Last night I received a link to a blog called ‘locks and security’. The first thing that came to mind reading ‘locks and security’ is that it would have something to do with Marc Tobias, author of ‘locks, safes and security’. But Marc’s new informative weblog is called ‘the sidebar’.

This ‘locks and security’ weblog is clearly something else, but nevertheless a very good source of information. It shows the author’s drive for knowledge and passion to change normal locks into the lockpickers most desired object: the ‘cutaway lock’.

Click here to go to 'locks and security'

I really like the way he shares his thoughts on ‘plan of attack’ to certain locks and his great eye for detail. And to read he will phone fifteen different locksmiths trying to get his hand on a specific lock part for a fair price. Personally I would have tried to visit the shops instead of calling them. Although calling is a lot faster, having face to face conversations can be much more productive.

Reading ‘safe and security’ reminded me of ‘the good old days’ were I as a 16 year old kid visited most of the Amsterdam locksmiths. Asking countless questions, most of the time being thrown out of the shop without answer. However, if you just keep on trying, and learning from your mistakes, you will find someone who will recognize your talent and share your passion for locks. At age of sixteen I already made some friends with locksmiths that still are close friends and valuable contacts to this day.

The darkest blackbag page

Friday, June 8th, 2007

As you might know by now Toool members like Han Fey and myself are pretty active writing papers and blog entries on high security locks and bypass techniques. But the fact you are here reading this probably means you know all this.

And when ever we publish something, whether it is about locks or opening methods, we always try to be as accurate as possible and come up with evidence of our claims. And I can tell you it takes lots and lots of time trying to be accurate.

One of the reason for us to want to be so accurate is that we know the complete lock industry is looking over our shoulder. Another reason is that it is directly linked to our name and reputation as we do not hide behind aliases. We are proud of what we write and take full responsibility and credits.

But maybe the most important reason to give full disclosure is to avoid not being taken serious and fueling up endless discussions and speculations about not the fully disclosed facts. In our opinion you either give full disclosure or you keep your mouth shut.

darkest page

Some people have other standards. Take for instance a visitour of the Dutch Open 2006 hiding behind the initials PW.

On the item on this weblog about the RKS system he posted a comment, claiming he opened the RKS lock four times in five minutes. And stating that he is not going to tell us how he did it and wait for the lock to be released, “just like Toool always does” (?)

To me this was like someone was waving a red flag. A big one. But It tried to respond in a calm matter. It was no use.

What happened next is one of the most dark pages of my weblog. An old style flamewar followed, one with no winners.

The silly flamewar kept my mind busy for a long time, consuming lots of cycles that could have better be used doing other, more positive things.

Speaking about what was on my mind with some close friends, I came to the conclusion I will never be provoked to such a nasty flamewar ever again.

From now on I will only respond to online arguments if people back up their claim with as much technical details and facts as we do, preferably under their own name.

Can you see the light?!?

Wednesday, June 6th, 2007

Last weeks/months I did spend a lot of time impressioning locks. I try to open at least one lock per day with this tecnique. And most of the time I succeed in that, and it is giving me quite a confident feeling.

But when I tried to open a relatively simple abus 5 pin cylinder that was mounted in a door, on a rainy day in the middle of the night, this confidence was nowhere to be found. Before you ask ‘why was Barry in the middle of the night trying to open a lock?’ … it was because the owner lost his key. To make a long story short, trying to open that lock became a disaster. And there is no one to blame but myself, except maybe the bad lighting conditions on the scene. I just could not see the marks.

MBA 10X magnifier impressioning tool

So I went search for better light sources that could be used for impressioning ‘in the field’. A few weeks before the disastrous Abus adventure, someone pointed me out that a company called MBA (in the US) sold a special impressioning magnifier. At first I did not think much of it. After all, how good a tool can it be for just $29 US? And using the Velleman loupe on my desk I never had a real reason to look for better light and view anyway.

But now I needed something portable and started my search for the perfect ‘in the field’ impressioning aid. I tried out lots of lights and magnifiers. But not one could come close to the superb Velleman magnifier with it’s build in TL tube. The problem with all other light sources is that when you shine focused light on a blank you get blinded by the reflections. And all magnifiers with build in light I tested had some sort of focused spotbeam that was way too intense.

At around the same time Oli pointed out an aid used for examining gems. It is a simple detachable unit that fits a maglite flashlight. And inside is a filter to diffuse the light and a prism to create a nice indirect effect when looking at the object. The interesting thing is it showed great similarities to the MBA unit I ordered.

I guess there are the same, especially when I finally received them in the mail and could take a close look. I suspect MBA did modify the unit a bit to make it better suitable for examining long metal objects.

I must say I like the tool a lot. Light on the blank is the best I have seen so far for a portable unit. And the magnification of 10X is also very helpful.

clearly visible mark on a blank seen trough the eyes of an MBA 16A tool

Still there are some minor disadvantages. One of them is the short range where the blank is ‘in focus’ when looking trough the magnifier. It seems to require some skill to keep the blank at the right distance. But maybe this will change if you practise some with it. Another small disadvantage is that when you see marks on the blank they disappear from the naked eye when you remove the blank from the tool. This leaves you with the question where on the blanks the marks are you could see so clearly under the light. Adding some marks on the side of the blank (using a marker or make some scratch marks) will solve that problem. You only have to count at around what mark on the side of the blank you have to start filing.

Before I will attempt to open doors in the field again I will make very sure to be fully confident with this tool. And even tough I like this tool, the search for the ideal light is still on ….