Archive for August, 2008

No ‘Dutch Open’ this year ….

Monday, August 25th, 2008

No, don’t worry. There will be an event in Sneek this year (Oct 9,10,11,12). It just will not be called ‘The Dutch Open’.

What is missing is a good name for the event. What started as a ‘simple’ lockpick championship turned out now into a multiple day conference that also happens to hosts the championships. More about that on the bottom of this post.

And we are not ready to release a full detailed program for the Dutch Open. The rough outlines are there, but the fine details are missing.

Here is some info already:

I am very proud of the people that will give a presentation at the event in Sneek this year. Just like last year, Peter Field will kick off the open with a 4 or 5 hour presentation about various locking mechanisms from around the world. And to clarify: Peter started off last year by saying he was here to talk about locks, not how to bypass them. It is very clear that he learns from us how we think we can bypass certain techniques, yet will not talk about vulnerabilities he might know off. Another heavyweight presentation will be that of Marc Tobias and Tobias Bluzmanis. They will explain in detail how they cracked the Medeco codebook and how to pick and bump some of the locks. For this purpose Han and I managed to purchase a collection of Medeco bi-axial locks and keys, and even have a special key cutter that can cut angled cuts. In other words: enough material to see if the Tobias hacks really work will be available. Besides Peter and the two Tobiases, Matt Fiddler, Mike van der Stelt, Jord Knaap, Paul Crouwel, St.john Goldfinger, Nigel Tolley, Michael Huebler and hopefully handcuff wizard ‘Ray’ will give presentations.

Besides the missing name for the conference we are not sure how to organize a ‘safe combination lock contest’. Giving every attendee a different lock and having them all open it at the same time sounds a little unfair. As no two locks are alike, it will be a matter of chance who has got the lock that marks easiest. On the other hand, having one or two combo locks available for people to try upon will cause people to have to wait a long time before they can compete. And once someone successfully opened the lock, he could (in theory!) tell a friend and have him open it in ‘an amazing time’. Or you can change the combination of the lock after a successful opening, but that will also cause it to be more or less difficult as the previous combination (as no two combinations are equally difficult on a lock). If people have ideas about how to solve this in a fair matter, or have experience in this kind of game, I am very interested to learn from them.

Of course there will be a classical Dutch Open lockpick championship as well as an impression championship.

And then there is the issue with the name for the event. Looking at the event, the following is taking place there: presentations, championships, exchange information on an informal basis, making new friends and contacts (internationally) and getting drunk on ‘free’ beer. The question is what would be a good name for such an event? It is not a requirement, but it would be nice if Toool was part of the new name for this event. So far, people have come up with the following names and acronyms: Toool-Con, Lock-Con, unlock-con, openlock-con, Lock 2008, LockFest, LockLands, Dutch Toool Symposium, Toool’s annual Alter State, Annual Alter State meeting, Alter State Symposium, The Dutch Lock Symposium

KEYHOLE (Knowledge Extends Your Handling Of Locks Europe) or replace Extends with Excites or Expands
‘TOOOL International Networking Gathering’
TOOOLS (The Open Organisation Of Lockpickers Seminars) or sessions or
P.I.C.K. 2008 (Penetrate, Investigate, Communicate, Know)
P.I.C.K 2008 (Prevent Intrusion, Cultivate Knowledge)

If you prefer one of the above, or (even better) think you can come up with something more suitable, we would love to hear from you (in the comments).

There will be a Toool meeting on Wednesday regarding the event, and if all goes well a full scheduled program will be posted on this weblog real soon. Stay tuned …

Keyway king

Sunday, August 17th, 2008

So … back from Las Vegas and still not fully recovered from it. The heat is overwhelming there, and recovering two jetlags in a couple of weeks is taking it’s toll.

But nevertheless we had an extremely good time and learned to know a lot of people. Besides the people I already knew, the people from ‘Fool’ pleasantly surprised me. Very friendly, very knowledgeable, and most important: they seem to have ‘the drive’. Hopefully they will make it to the Dutch Open in Sneek this year. We are currently very busy planning the Open, and next week’s posting will be a long one informing you about it.

Keyway King

As always my suitcases were loaded to their limit when coming back. Got a lot of tools and gadgets, and a lot new blanks for my collection. But what is more important is that I now got a device to create my own blanks! I took advantage of the low dollar and purchased a ‘keyway king‘. It is a horizontal milling machine that comes with 16 different cutting wheels. The idea is you measure the cuts in an existing key or keyway and then try to reproduce them on an uncut key (a true blank with no grooves in it). It is also an ideal machine to cut grooves in existing blanks as some manufacturers only use a few ‘basic blanks’ and just take away some grooves to make them fit one specific profile.

The device is currently still in the US as it was too heavy to carry with me. And a very good friend is making modifications to this machine that will make it much more easy to use and will ship it when he is ready. Of course I will share the details on how he modified it with you when the device arrives …

Now packed my bags for a few day’s Berlin. At least I will be in the same timezone now ….

Defcon is ehrm … different

Sunday, August 10th, 2008

wow

There is a time to write, and there is a time to party. And when you are in Vegas you party …

I must say Defcon is not like any other conference I have ever been to. Not necessarily better or worse then other conferences, but different for sure. And if you ask what is different … I leave that to your imagination.

No time to write more, but I do make the promise to follow up and write some serious postings in the weeks to come … Back to the party now ….

hi

Images from ‘copying high security keys’

Sunday, August 3rd, 2008

I do not like to depend on other peoples images, and try to create my own if I can. The images for my presentation at the ‘Last Hope’ conference were no difference.

Dutch phone phreak key

On this image (click on it for a high res version) you see a copy of a high security key, made by Dutch phone phreaks around 1995. Because these phreaks could not get the blank key for the target lock, they found a metalworker who ‘simply’ 3-D measured the key and cut a copy out of a solid piece of brass. What is special about this key profile is that the key has got ‘ribs’. These ribs are scanned by the lock, and on one spot there has to be metal, while on an other part there must not be metal. Sort of like checking for 0 or 1. If the expected value is not present, the lock will jam after 90 degrees and ‘eat’ the key. In most cases probing the side channel with a thin paperclip will release the lock again….

Unfortunately, for this photo-shoot I did not have the original key, so I photographed the brass copy next to a similar key (from a different system).

The bottom line I was trying to make with the presentation is that no matter how complex the manufacturer can create a mechanical key, a bad guy with enough time and motivation can create a copy.

I got a busy week ahead, so my next posting will most likely be from Las Vegas (Defcon).