Archive for September, 2009

What is the lifetime of a ‘public secret’?

Monday, September 28th, 2009

I wrote about public research before. As far as I am concerned research should be done out in the open. And all parties involved should know the vulnerabilities in detail. And parties involved for me are: the (potential) customers, the manufacturer and the rest of the research field (in other words: everybody). It is a fact that if you make a public announcement revealing eighty (or more) percent of your discovery, some clever person will stand up and fill in the missing part. And the more common a lock is, the sooner this will happen (as people have hardware to compare and try attacks on).

Bi-Axial pins

The greatest and most clever ‘lock hack’ I have even seen is a method to bypass some Medeco sidebar locks (on locks with bi-axial pins, filled by the official codebook, manufactured before Q4 2007). Marc Tobias and Tobias Bluzmanis hacked the lock and even wrote a book about it … an all time classic and ‘must read’ if you ask me (and I wrote the foreword). However, the book does not reveal the last twenty percent needed to actually make the so called ‘code setting keys’ that are needed to bump and/or pick open the locks.

I learned some time ago someone did his/her homework and published the findings on the net. A document called ‘code set.zip‘ appeared on a site called ‘mega upload’….

I wonder how long it takes before someone will post a cliq.zip there ….

Macbook died, key copying and transparent lock

Tuesday, September 22nd, 2009

My poor macbook died. I keep backups, so no harm is done, but it sucks to have to work on an old company windows machine for now.

So my posting is going to be a simple one today, using some images I uploaded to blackbag before the crash. One of the things I wanted to share is a couple of pictures taken at HAR from the by now famous ‘transparten lock’. These one, two, three, four images give you a much better idea how nice this lock is than in my original posting. And many people took the opportunity to play with the lock at HAR. If you have large demo locks like this please let me know!

copies made with the quick key system

One other thing mentioning was the round the clock presentations at HAR by my good friend Till. He demonstrated a system to copy mechanical keys called ‘quick key’ (made and designed in Berlin). It uses some sort of two component kind of rubber to make a mould of a key. Till showed that with a little effort almost any mechanical key can be duplicated. He even managed to copy a high security popular French safe lock key.

And to keep in line with my dead macbook … at HAR I have seen the most bizarre picktool case EVER…..

Hope to be back on a Mac sunday for a new update on BlackBag ….

Article in the New York Times

Wednesday, September 16th, 2009

The New York Times visited an Amsterdam Toool gathering last week and wrote a nice article about it (PDF) ….

New York Times on lockpicking

Printing police handcuff keys …

Monday, September 14th, 2009

German SSDeV member Ray is known all around the world for his impressive collection of handcuffs and his fun ways of opening most of them. On top of that he gives great presentations and always manages to add a lot of humor into them!

a plastic 3D printed key that will open the handcuffs of the Dutch police

At HAR he pulled another stunt: He used a 3D printer to print handcuff keys. And not just any ordinary handcuff key … no, it’s the official handcuff key from the Dutch police! At first the police officers at HAR were a little reluctant to event try out the plastic key he printed. But he found another way to verify the key he printed was the correct one. I guess these officers never thought about wearing keys concealed, especially when talking with Mr. Handcuff himself. Given the megapixel camera’s on the market today it was not so difficult to verify the key he printed was the correct one.

Someone is looking at your butt ...

At the end of the day he talked the officers into trying the key on their handcuffs and … it did work! At least the Dutch Police now knows there is a plastic key on the market that will open their handcuffs. A plastic key undetectable by metal detectors….

And Ray made it easy for you. For those of you wanting to print your own Dutch police handcuff key … the STL file is available online at http://ke.y.nu/

The New York Times just came out with an article on European lockpickers, quoting a Dutch Police officer who was not too negative about the lockpick scene. Lets hope they still feel this way after this post …

*Warning* Before you print out your keys please check your local law! Reading the article below (pdf mirror) should be a fair warning! In some places it is not quite healthy to run around wearing police handcuffs ….

Homeless man could get 5 years for wearing handcuff keys

Wed, Sep. 09, 2009
BY DAVID OVALLE

For wearing handcuff keys on a necklace draped around his neck, a homeless Miami Beach man could face years in prison.

Prosecutors on Tuesday formally charged Michael Gonzalez, 22, with disorderly intoxication, marijuana possession and two counts of possession of a concealed handcuff key — a third-degree felony punishable by up to five years in prison.

“It’s an actual felony,” prosecutor Barbara Teresa Govea explained to Miami-Dade Circuit Judge John Thornton, who questioned the charge.

“There’s got to be some kind of constitutional violation in there somewhere,” Assistant Public Defender Michelle Prescott grumbled to the court.

Actually, the Florida Legislature passed the law after the 1998 murders of two Tampa deputies and a state trooper. Hank Earl Carr shot and killed them after he escaped his cuffs using a universal handcuff key hidden on a necklace.

Gonzalez was arrested Aug. 16 after Miami Beach police said he was harassing women on the South Beach sand. In a report, Officer Errol Vidal wrote that he found a small amount of marijuana in the man’s pocket and “two handcuff keys concealed under his shirt on a necklace.”

Also under Gonzalez’s shirt: a tattoo on his right shoulder, with the word “anarchy” and shooting flames.

HAR2009 … dress rehearsal for Turkey 2010

Wednesday, September 9th, 2009

A little delay updating blackback as I am quite busy with non-lock related stuff. But looking back at Hacking At Random’ still makes me smile … it was great! The people, the championships, the lockpick village, the presentations, the atmosphere … it all was magic.

now all say 'Open' !!!

And for us it was the ultimate dress rehearsal for the mega-event that is waiting for us at the 2010 ELF/LockCon conference in Turkey. The most important thing about that conference (for us) is that it will host the first official European lockpick championships. And we will be organizing it. Lockpickers from all over the globe could try to win three full paid ticket to that event at HAR.

From the beginning it was unclear if Julian Hardt could make it to Hacking At Random. But the moment he tapped on my shoulder and we greeted each other I said out loud: there go our tickets to Turkey.

Julian Hardt and Barry Wels

And I was right. Julian won the most prestigious ticket to be won: that of the ‘unofficial european lockpick championships‘. And even though it was a hard battle, it was no surprise the winner would (most likely) be from Germany. And for me personally it was no surprise it would be Julian Hardt. I immediately admit that people like ‘Master of the universe’ Dr. Manfred Bölker or Arthur Meister also had a fair chance to win. But Julian is a multi-talent that keeps impressing us with his skills. He was the only one that managed to open the notorious Lips 6 pin in the finals (containing very nasty serrated pins). And on a side note: we just had another safe opening weekend where Julian proofed to be a bad-ass safecracker by picking open a couple of very high security safes (one of them containing a mauer variator B, 11 lever lock). The big surprise at the lockpick championships was to see Peter Fuhrmann from Labor/Bochum getting second! Arthur Meister and Gerhard Heperle became third and fourth.

Julian also became winner of the safe combination manipulation contest. In the qualifiers he opened his lock in 57 minutes … just three minutes before the end. In the finals he managed to dial open the lock in an impressive 21 minutes! But since Julian already won a ticket in the lockpick championships, second place winner Michael Huebler now won the ‘all in ticket’ to Turkey.

As the Germans have a tradition in winning lockpic games, the Dutch seem to have a reputation to protect when it comes to impressioning. Three out of the last four games were won by Toool members and the absolute world record time of 1 minute and 27 seconds is set by Jos Weyers from Toool too. It is interesting to note that both number two (Oliver Diederichsen) and three (Dr. Manfred Bölker) at HAR broke the previous record of 4:23 (by Olivier Diederichsen) by going well under the magical ‘four minute border’.

Still, we are not really clear about the future of these games in the current setup. For example: at the games in Sneek 2008 Oliver used 52 minutes to open a lock that would normally take him (much) less then ten minutes to open. And a few months ago in Hamburg Jos scored 46 minutes on a lock using six blanks … not to mention me not opening the lock at all.

This all makes it feel like some kind of lottery. So maybe we will sit down with some people before Turkey and work on a new style game to rule out this luck/bad luck factor (for example: people playing against each other on the same locks, using knock-out rounds).

There is so much more to say about HAR that I will split the post. The follow up will be about the presentations, the lockpick village and the more interesting things that happened there …