cutting holes in cars …

October 16th, 2010

I am just wasting time on an airport in Malaysia and read some bizarre news on some Dutch website. It seems thieves in the Netherlands are currently very fond of build in navigation systems. The latest way of opening the vehicles is far from subtle … They ‘simply’ cut a hole in the side of the door, cut a cable that runs trough the door and is hooked up to the alarm system and open the door. According to the website ‘Over Eindhoven’ the thieves cut holes in at least 62 verhicles!

hole in door

More shocking images can be found at OverEindhoven….

Jos Weyers: impression champion LockCon 2010

October 9th, 2010

Just a short post: Jos Weyers won the impression games … again. Life is good 🙂 Time for yet another beer …

Jos Weyers

Hack in the box, lockcon, security show essen … and more

October 6th, 2010

You know the drill: Barry is busy. Sad but true. Then again, don’t be sad as I would not want it any other way.

Just to give you an idea about my next few days: tonight there is a Toool gathering in Amsterdam, and it is going to be nice as a lot of our friends from abroad will be visiting it. Then tomorrow morning we will drive to Essen for the security show, and on Friday we will all go to Sneek for LockCon. On Monday Han and I fly to Malaysia for Hack in the Box, and after that things will settle down a bit.

disk lock picks

During the last weeks I have been quite active in lock research, to prepare my presentations for both LockCon and Hack in the Box. Han and I always try to focus on the locks they use in countries we visit, and in the case of Malaysia it is ‘disk style locks’. Han Fey being ‘Mr Abloy’ knows a lot about disk locks, although there is a small difference in quality from the kind of locks they use there. As far the organizers of Hack in the Box have told me, the ‘solex brand’ is the lock to beat. And when the lock sells for just a 10 or 15 dollar, there seems to be a lot of counterfeiting going on. It is hard to understand a $10 or $15 dollar lock is counterfeited, and it is even harder to understand they are using high security holographic seals to fight this.

After doing a little study on some sample locks we got, we decided to do a hand-on class on picking these locks. People can register for the class, and pay a small fee to get a pick and disk lock and try to open it at our two hour course/class (and later at the lockpick village).

Got to continue working … time is running out!

Help … we are dying … (WTF?!?)

August 24th, 2010

Sometimes I get bizarre requests. And people can come up with the weirdest excuses for me to tell them how to open certain locks. But the mails below are the most bizarre scam mails so far. Or at least I hope it’s a scam …

Help

Begin forwarded message:

From: johnhXXXX@hotmail.com
To: barry.wells@toool.nl

Subject: FW: Help!
Date: Tue, 17 Aug 2010 13:00:24 +0300

Hello there.

We are forwarding this e-mail from XXX XXXXX. We requested a help to get out from the Rebelions leader close camp in the border to XXXXXX. The guys are comming and kill people everyday claiming to show where the goverment soldiers has gone. No one knows. but they have already killed 27 peoples up to this morning.

We can’t escape our death as the camp is made of steel shipping containers and the steel doors are all locked with Mul-T-Locks. We need the help on instruction to open this locks so we can run our death. Please Help us… We are dying….

John.

From: John HXXXX [mailto:johnhXXXX@hotmail.com]
Sent: 14 August 2010 11:13 AM
To: XXX XXXXXX
Subject: Help!

Dear XXX,

We are 124 XXX (country BW) citizen kidnaped by rebels near the border to XXX (country BW). They come and shot dead one person in front of us everyday! We was 132 up to now remained 124 only and they still come to kill us..

The building doors are all made of steel. But all the padlocks are MUL-T-LOCKS.

One of us has managed to hide her mobile phone connected to internet. We now use this phone to seek for you help to unlock these 3 locks and run away from our death.

Can you please tell us what to do with this locks to resque our life please…..

John.

LockCon 2010 “the winner takes it all”

August 16th, 2010

This year’s LockCon theme is: the winner takes it all.

That is right, after experimenting with knock-out systems in the games last year at the HAR conference, we will now expand this and let the knock-out system play an important role in the competitions at LockCon. We are real curious to see how this will work out in the lockpick competition.

So what’s the exact schedule? Please keep in mind that LockCon is a very dynamic and last minute changes can always be made. And we kept Friday evening open for last minute presentations and/or time to socialize. This is the schedule we have in mind :

Friday, October 8 2010

People are requested to arrive between 11:30 and 12:30 at the hostel. Toool representatives will be present at the hostel from 11:00 AM on to greet the guests and assign them a room. It is important to be on time as the first presentations begins at 13:30!

Friday 13:30 -15:30 Lock forensics: the more advanced stuff. By datagram

Datagram is a well known expert in the field of forensic locksmithing. His site http://www.lockpickingforensics.com/ is a one of a kind source on this topic. And we are very honored to have Datagram open lockcon with his presentation on advanced forensic locksmithing.

At this two hour presentation, Datagram will quickly go from the basics in forensic locksmithing to the more advanced stuff. He will go into detail on what traces are left in high-security locks when opening attempts are made with special decoder and picktools. And on Sunday Datagram will talk about the vulnerability in a lock many people thought to be ‘pick proof’.

16:00 – 17:00 “Wanna bet”?!? (Wetten Dass … 1986!). By Han Fey

Wetten DassHan makes friends all over the globe, and one of these friends is Mr. Frank Peter Wiersma. Back in 1986, when there were only a handful of television stations, Mr. Wiersma became a small celebrity in the locksmith community. He appeared on the popular show ‘wanna bet ?!?’, and accepted the challenge to try and file a working key to a lock in under three minutes (without trying the key in the lock!). His only tools: some files, one blank key, and just the ‘code number’ of a randomly chosen lock. In this presentation Han will give answers to questions like: did Mr. Wiersma succeed? What was his plan of attack? And just in case Han does not have the answers to all the questions … Mr. Wiersma is a guest of honor at lockcon and will be present too.

17:15 – 18:00 Medeco advanced and ARX pins. by Barry Wels

ARXMedeco lately introduced special pins in the commercial product line to make their locks more resistant against picking and decoding attacks. And rumor has there are even more advanced pins in locks that are used in locations ‘that really matter’. These later pins are supposedly called “ARX” (stands for: Attack Resistance Xtended). What do we know about them? Do we know what these pins look like? How many different types are there? And do they really offer extra resistance against sophisticated attacks? This presentation does not have all the answers, but hopefully will give you some new insights. And a note to the public: If you have any information on ARX pins (pinning kit, individual pins, images, suggestions) please mail arx@blackbag.toool.nl.

18:00-19:00 dinner

19:00 and later: time to socialize, give a ‘last minute’ presentation or compete in the combination lock manipulation competition.

Saturday, October 9 2010

08:00 – 09:30 Breakfast.

Saturday 10:00 – 15:00 The return of the lock Pathologist. By Peter Field
(Lunch 12:00-13:00)

As many LockCon attendees know, Peter Field has an extraordinary way of looking at locks. Like a pathologist, he cuts locks in many thin slices and captures the result with high quality photography. This unique methods of creating a cutaway view is world renowned. His lectures have been attended by locksmiths, security personnel, lock company engineers and Patent Office Examiners from many countries. And this will be the third time Mr. Field will give a presentation at LockCon. Peter Field’s presentations on locks is one of these things in life one can never get enough of.

Peter Field, Lock Pathologist

He will yet again give a four hour(!) presentation about many of the different elements of high security cylinder lock design. Combining his unique cut-away imagery with illustrations from old patents, he will explain how engineers classify the cylinder elements, modify them, develop new ones, and re-combine them all to invent new products for the constantly evolving security market. You will leave this presentation with an outline and a clear understanding of the design constraints and functions of most of the various elements you may find in any lock cylinder.

About Peter Field: he started locksmithing in 1960, and in 1978 was asked to join Medeco Security Locks, where he is now Director of Research. He has over 15 US Patents pertaining to high security locks, with several more patents pending. Being a employee of Medeco one thing is clear: Mr. Field will not discuss any opening techniques. As he told us in previous years: “I am here to talk about locks. How to open them is up to you ….”.

15:30 – 16:30 Just a handful of keys. By Julian Hardt

Many keysJulian Hardt found a vulnerability in a number of certified (and non-certified) safe locks. Due to this vulnerability, the amount of possible keys one normally should have to try (the so called ‘key space’) can be greatly reduced. In some cases the key-space goes down from 280.000 keys to a number small enough that it might be possible to just cut the few remaining keys (or build a set-up key) and open the safe with just a handful of keys. In our community it is common to report these kind of vulnerabilities to the manufacturer(s). And that is exactly what Julian did. Thing is: they just have not responded yet …. maybe this announcement helps.

16:30 – 17:30 The Cromer Novum alarm lock decoder. By Till

Decoder pickThis year, Till will present an old but very nice opening-tool. It is a tool to open Cromer Novum alarmlocks. And even though these kind of locks are not very common anymore, it is definitely worth showing the tool. The nice thing about this tool is that it makes use of pin and cam technology to decode the lock. Once the levers in the lock are identified, a set up key can be build to actually open the lock. Old but fascinating technology to open what was once a high security lever lock (and probably still is high security if you do not have the proper tool to bypass it). If you ask nicely, Till might let you try the decoder yourself.

18:00-19:00 dinner

20:00 – 23:00 Impressioning championships.

impressioning
Impressioning is the fine art of opening a lock by filing a key from a blank. It is an ancient technique that still works on an amazing number of (high security) locks. Besides an old-school locksmith skill it is a technique still in use today by intelligence agencies worldwide for their blackbag operational needs. The championships speak for themselves: who will be the fastest filing a working key to a lock his year? The impressioning championships will be played by new rules too (very close to German rules). More about that soon, but we can already say that only “standard Abus five pin locks” will be used.

Sunday October 10

08:00 – 09:30 Breakfast.

10:00 – 11:00 Beating the BiLock. By Datagram

BiLockIn this presentation Datagram will tackle a lock many people in our community thought was ‘pick proof’. BiLock products are well known for their double sidebar locks and two rows of ‘hard to pick’ pins. In the industry they are considered one of the most high security locks. In this presentation you will hear all the details on how the lock works, how the attack was discovered, what tools were made and how the company responded when they were informed ‘there might be a small problem’.

11:15 – 12:00 Mult-Lock MT5+ layer attack. By Jord Knaap and/or Han Fey

MT5+
The latest Mul-T-Lock product range is the MT5-line. The MT5 is a high security cylinder that makes use of two security layers: an interactive element (the so called Alpha spring) and pin-in-pin technology. The top of the line product currently is however the MT5+. At the “+” series, an extra layer is added to the lock: a clever mechanism that uses sliders and a sidebar. In this attack we will focus on this new slider mechanism. Jord Knaap found a gap that in some cases can be used to bypass the slider mechanism and did the right thing: he informed Mul-T-Lock about it. And now, after they have been given time to fix the problem, you will hear about it at LockCon.

12:00 – 13:00 Lunch

13:30 – 15:30 Dutch Open lockpick championships.

championshipsWe are going to play one-on-one, and ‘winner takes all’. In these games two people will be playing against each other, and the one with the most locks opened, or the fastest time if the same amount of locks are opened, will go trough to the next round. If the two contestants do not manage to open any of the locks they are both out of the game. In case we have an odd number of contestants, there will be three people competing against each other and the fastest two go trough. The last man standing wins!

There always is question about the selection of locks that will be used in the game. The brands will be kept secret, but we will try to arrange just two types of locks and make sure one of these locks is ‘relatively simple’ to open by an experienced picker. The locks used will be ‘standard’ five or six pin locks (so no dimple locks or special high security locks in the finals).

16:00 honoring the LockCon champs

17:00 Early dinner for those who need to travel

More information on how to register for LockCon2010 can be found here.

What I do on vacation …

August 1st, 2010

It has been a little slow with my weblog. Maybe it’s because I now use twitter to burst short messages instead of blogging, but the silence here does not mean nothing is happening. On the contrary, a lot is happening….

combination safe lock manipulation minor difference

First there was the safe opening weekend. I am sorry to be repetitive, but the weekend was a great success. Julian picked open four safes, amongst them yet another couple of real monsters , and lots and lots of other safes were opened in more destructive ways. I really was eager to try to open a safe by manipulating a combination lock, but failed as the only lock around was a four wheel lips lock. I am by now reasonably experienced in opening three wheel ‘group two’ locks, but this four wheel lips lock was just a little too much for me. We ended up drilling a hole in the safe and using a scope to read the combination.

I like a challenge and am using the vacation I am in now to study the four wheel lock(s). Jord Knaap was kind enough to let me use one of his cut-away demo locks for this research/test. The lock is neatly mounted on a stand, and as Jord had an eye for details, he even included the anti-drill ‘hard plate’ on the stand (it’s the yellow layer between the dial and the house of the lock). The interesting part is that these locks have false cuts in their wheels, and the position of the false cuts seems to be different on some wheels. Maybe there is a pattern, but it is too early to say … It’s just the first day of my holiday today 😉

false cuts on four wheel safe combination lock to make manipulation more difficult

Behind the scenes we are busy preparing lockcon (October 8-9-10). It’s gonna be good as more and more people from all over the globe are attracted to it, and the presentations will be high quality as always. And I will use this two week vacation to reply to some mails people have send me. I am running a little behind but will be back on track before the holiday is over …

“Hack in the box” in Amsterdam July 1&2

June 14th, 2010

Hack in the box Amsterdam

It is pretty exiting … the “Hack in the Box” conference is coming to Europe. And the good news is that it will be organized in my home town: Amsterdam. Over the years our friends of Toool.US always manned the lockpick village in the overseas “hack in the box’ events, but since the next one is organized in the Netherlands, the Toool.nl crew was asked to run it. Of course we accepted and are very motivated to make it a great event and a special lockpick village!. And besides the village we will also organize a two hour hands on presentation. So far Han, Jos and I volunteered to run the village but I expect more Toool members to join in.

And because of our support, members of Toool and readers of blackbag can get a nice discount on the entrance fee! Drop me a mail if you want to attend and I will make sure you will get a nice discount!

Another big thing of course is the next Hope conference in New York. Han and I will do a presentation and we will assist the other usual suspects to run the lockpick village there …

When every second counts: formula 1 impressioning tool

June 6th, 2010

impressioning speed up tool

Our German friends from SSDeV decided to change the rules of the impressioning games. Instead of the fastest time on one lock, now more locks need to be opened and the person opening the most locks in the least amount of time wins. In the comments of this Hackaday post Jos explains the exact rules:

“First round everybody gets a keyed alike lock (so same amount of work) this round takes an hour. The six fastest go to the finals: during six rounds (20 min. each) all the contenders open one lock, which then gets swapped. So all finalists open the same 6 locks. The used keys are put in closed boxes so there is no way you know the key is supposed to look like.”

And with opening times of less then a minute these games are more and more looking like formula 1 pit stops. And so people are trying to come up with ideas and tools to shave off a few seconds left or right. The expert on the field of impressioning is Oliver Diederichsen. It was his research and book that really got us all started at this. And he came up with a new tool. It is a modified euro-profile cylinder that contains five sharp solid pins that will scratch the blank at the position the pins will make contact with it. Once these marks are on the blank, it is just a matter of filing them down to code 1-1-1-1-1 and start impressioning.

Before and after

As Oliver is one of the most fair people I know, he shared the design and allowed others to copy it for future games. So Jord Knaap made a nice handle that contains a half euro profile with the steel pins. And the euro-profile core in Jord’s tool is interchangeable. At the back of the tool there is a small hole that will allow you to push out the cylinder and change it for another brand.

To come back to the games: they were won by good old Atrhur Meister, followed by Oliver Diederichsen and Jos Weyers. Congratulations guys. Looking forward to the impressioning games at Lockcon in a couple of months …

the champs

Next stop: Safe opening weekend June 11-12-13

May 31st, 2010

One of the things I am really looking forward to is spending a weekend between the good old Dutch safe techs and their visitors. These guys are organizing yet again a fabulous penetration party on June 11-12-13. These parties are the ultimate for safe technicians as they cover the latest in state of the art in safe opening. Picking, drilling, manipulation, decoding … the works. And if you are into the legal safe opening business you are invited to join in! Just send a mail to Paul Crouwel if you want to attend.

Lever lock picking

And I am currently more focused on other things then safe opening but I definitely want to try some new toys I bought at my latest trip in the US.

Hope to see the usual suspects in less then two weeks!

More russian spy locks

May 23rd, 2010

Well … it is clear I can’t keep my promise of posting at least once a week. So you’d better subscribe to the RSS feed or follow me on twitter.

Just got back from a small tour trough the US. Visited three lock factories, a couple of interesting companies and met lots and lots of interesting people. And all these people had things to tell and … locks to show. As you might know I am a big fan of ‘the rare russian lock’, and was in the blessed circumstance to have held three different models of these masterpieces in my hand in just one day at different locations. And I managed to shoot some images of two of them.

Russian spy combo lock

I will start first with a version that was unknown to me. It is a ‘combination only’, and to be honest I was in such a hurry I don’t even know how many digits the code of the lock is. What is clear is that is was used for the same purpose of the other lock I covered in this blog some time ago. The idea is that the lock goes over a keyhole and a safe or door can only be opened if the correct code is dialed first. I also like the details of the hand engraved serial numbers on the back and in the inner ring of the lock, as well as side pins that lock and unlock the lock (and the red seal paint on the screws).

The other lock was already covered here once, but here is an image of the one I saw last week. So nothing new except another key as before and serial number that is just six numbers off the one we knew before….

As I am writing this blogposting, the impressioning championships in Hamburg are in progress …. curious to hear who wins! Getting life sms’es and will edit the post once the score is known …