I wrote about public research before. As far as I am concerned research should be done out in the open. And all parties involved should know the vulnerabilities in detail. And parties involved for me are: the (potential) customers, the manufacturer and the rest of the research field (in other words: everybody). It is a fact that if you make a public announcement revealing eighty (or more) percent of your discovery, some clever person will stand up and fill in the missing part. And the more common a lock is, the sooner this will happen (as people have hardware to compare and try attacks on).
The greatest and most clever ‘lock hack’ I have even seen is a method to bypass some Medeco sidebar locks (on locks with bi-axial pins, filled by the official codebook, manufactured before Q4 2007). Marc Tobias and Tobias Bluzmanis hacked the lock and even wrote a book about it … an all time classic and ‘must read’ if you ask me (and I wrote the foreword). However, the book does not reveal the last twenty percent needed to actually make the so called ‘code setting keys’ that are needed to bump and/or pick open the locks.
I learned some time ago someone did his/her homework and published the findings on the net. A document called ‘code set.zip‘ appeared on a site called ‘mega upload’….
I wonder how long it takes before someone will post a cliq.zip there ….
I didn’t have the chance to compare the results from “code_set.zip” to the actual Medeco “himmel-schlüssel”. Did the anonymous uploader come to the right conclusions?