There is a lot to say and write. Lots of interesting things happening. As always. And 2012 will be an interesting year. In many aspects.

Instead of writing an exiting blogposting I wasted some time on making a puzzle. How many lock related terms/names/organizations (etc) can you spot? (click on the image for a bigger version)

Note: there is no hidden message, just a bunch of words. Any foul language you find is purely accidental.

Somehow this exercise reminds me of a trip I took with Han Fey in 2007. Except this time I am with some other people and in a different country. But the idea is the same: first time at an exhibition trying to explore new markets.

I have a good feeling about it. If you are visiting MiliPol be sure to stop by our booth in Hall 1 B093.

The LockCon 2011 announcement It’s about time

The big question always is: how to pack a four of five day event in just one weekend? The answer lies in the (preliminary) LockCon 2011 schedule:

Friday, October 21 2011

Visitors are advised to arrive before 18:00 (if possible). Toool representatives will be present in the hostel from Thursday on, and be available all day to assist visitors and assign them rooms and explain the (simple) rules of the event.

18:00 – 19:00. Dinner will be served. We hope the kitchen stays open till 19:30/19:45 for latecomers.

Friday 20:30 – 21:30 “Masterkeys for a non-masterkeyed system” by Han Fey

Han Fey likes to investigate. On the second hand market he found locks from a facility with180 individual locks. These locks were not masterkeyed. Han did however discover a flaw in the system, allowing a relatively small set of try-out keys to open all the locks. In this presentation he goes into detail how he identified the flaw, narrowed down the keyspace and optimized his attack. Fascinating material.

Saturday, October 22 2011

08:00 – 09:00 Breakfast.

Saturday 09:00 – 14:00 “5 hours, 50 locks, 500 slides” By Peter Field
(Includes Lunch around 12:00)

As many LockCon attendees know, Peter Field has an extraordinary way of looking at locks. Like a pathologist, he cuts locks in many thin slices and captures the result with high quality photography. This unique methods of creating a cutaway view is world renowned. With it he has set a standard many people tried to copy but only very few can even get close.

We are proud and honored to have Peter over for yet another long presentation about the different elements in high security cylinder lock design. Combining his unique cut-away imagery with illustrations from old patents, he will explain how engineers classify the cylinder elements, modify them, develop new ones, and re-combine them all to invent new products for the constantly evolving security market. You will leave this presentation with an outline and a clear understanding of the design constraints and functions of most of the various elements you may find in any lock cylinder.

About Peter Field: he started locksmithing in 1960, and in 1978 was asked to join Medeco Security Locks, where he is now Director of Research. He has over 15 US Patents pertaining to high security locks, with several more patents pending. Being a employee of Medeco one thing is clear: Mr. Field will not discuss any opening techniques. As he told us in previous years: “I am here to talk about locks. How to open them is up to you ….”.

15:00 – 15:45 “State of the art locks in the Stasi era” by Oliver Diederichsen

Oliver Diederichsen managed to get his hands on some unique material: complete Stasi manuals of the department responsible for covert entry operations. Many of the techniques and tools can still be converted to work on modern locks. Oliver will highlight one part of the files that talks about the state of the art in locks around the late eighties, and how far the stasi got in bypassing them.

16:00 – 17:00 “Magnetic locks and how to defeat them” by Datagram

Datagram is a well known expert in the field of lock forensics, but also does lots of other interesting research. Magnetic locks are still considered amongst the most high-secure locks. And in some cases rightfully so. During his presentation Datagram will show what progress he made on bypassing some of these magnetic locks, and demonstrate his custom made opening and decoding tool.

17:15 – 18:00 “Impressioning Abloy Classic” by Jaakko Fagerlund

Jaakko Fagerlund is a big fan of Abloy locks and knows a lot about them. And of course he is interested how to tackle the system/ Together with Jord Knaap they improved on Barry Wels his ‘reduced contact area‘ impressioning technique for disc-locks. They found a way to get better marks and make the process more easy, and share their findings in this workshop.

18:00-19:00 dinner

20:00 – 23:00 Impressioning championships.

Impressioning is the fine art of opening a lock by filing a key from a blank. It is an ancient technique that still works on an amazing number of (high security) locks. The championships speak for themselves: who will be the fastest filing a working key to a lock his year? The impressioning championships will be played by the new rules. Meaning 45 people start with impressioning the same lock, and the first six people to open the lock will move on to the finals. Abus reserved some old stock just for these games and donated the C83 cylinders and blanks again this year. Thank you Abus!

Sunday October 23

08:00 – 09:30 Breakfast.

10:00 – 11:00 “Fichet F3D lock analysis” by Michael Huebler

The Fichet F3D lock is one of the most intriguing locks that came out in a long time. Not easy to get, quite expensive and contains many, many parts. The innner working of the lock also is quite interesting and unique. Michael will take you trough the lock step by step, and there will be an interesting discussion on how this lock maybe could be bypassed.

11:30 – 15:30 Dutch Open lockpick championships.

We are not going to play the one-on-one, and ‘winner takes all” that we did last year. It will be fair and balanced how we do it, and it will allow for many small picking contests against a direct opponent. In these games two people will be playing against each other, and the one with the most locks opened, or the fastest time if the same amount of locks are opened, will go trough to the next round. If the two contestants do not manage to open any of the locks they are both out of the game. In case we have an odd number of contestants, there will be three people competing against each other and the fastest two go trough. The last man standing wins!

There always is question about the selection of locks that will be used in the game. The brands will be kept secret, but we will try to arrange just two types of locks and make sure one of these locks is ‘relatively simple’ to open by an experienced picker. The locks used will be ‘standard’ five or six pin locks (so no dimple locks or special high security locks in the finals).

16:00 honoring the LockCon champs

17:00 Early dinner for those who need to travel

More information on how to register for LockCon2011 can be found here.

Expect this posting to change a little in the days to come.

Just a quick reminder: Lockon 2011 will take place in the weekend of October 21-23.

The location is the good old Sneek hostel, and the rules are more or less the same as last year(s). I expect to come out with more news on LockCon around Monday September 12.

We are still looking for people who want to give a presentation (although we already have quite some excellent talks scheduled).

Places are limited, so if you would like to come now would be a good time to let us know.

Hope to see you all there!

It is time to come out with my new company: lock-experts.com

Over the years I have been being hired by some of the most serious players in the lock industry. Normally for things like training, presentations, workshops, education, plain advice, R&D, special toolmaking and more. It is work I love to do, and with the help of some friends I am going to expand it.

More about lock-experts.com soon. I hope the website is up before visiting Aloa …

(small update 19/07/11 : created a PGP key)

Jos Weyers got another notch on his guitar. He won the German impressioning championships in Hamburg yesterday. For those who know Jos this will not come as a surprise. And right after Jos came Arthur Meister. Arthur is as steady as Jos, just a fraction slower. And after six locks this adds up.

Jord Knaap turned out to be the surprise. Before this weekend he barely impressioned a lock, but after an evening of practice with the ‘meisters’ he managed to get into the finals and open all six locks. Scoring a solid third place!

Impressioning heavyweights Oliver Diederichsen and Dr. Manfred Bölker became fourth and fifth.

There was a time it was unthinkable to have a non-German people win these games, let alone the top three contain two Duchies 😉

I knew I was not likely to end in the top three in this competition (due to lack of training) and scored a sixth place.

Thanks everybody for a great weekend!

Just a quick post before going to Hamburg for the German impressioning championships.

We have a date for LockCon! It is going to happen the weekend of October 22-23, and already some interesting speakers have promised to give a presentation! The location most likely is going to be the good old hostel in Sneek, but if other options (in the Netherlands) come up we might be persuaded.

Hope to see you all there!

Frank brought this nice little key-duplicating robot to my attention. The ‘minuteKey’ seems like a great idea! (check their site or see the FAQ for the limitations)

I am not sure how wise it is to have your home keys scanned and analyzed by a robot and then identify yourself to it by paying with a credit-card (no cash payment possible). On top of that it needs your e-mail address in order to mail you a receipt. The first thing that comes to mind is that all this data quickly turns into a pretty interesting database, especially if the minuteKey becomes popular and widespread.

Interesting times we live in …

As you can see on the image above I am doing fine. The image is a picture made by Dutch Panorama Magazine a couple of weeks ago at the Amsterdam Toool meeting. Panorama interviewed me and wrote a pretty nice article about me.

One of the topics covered in the article is the flood of professional lock-related work I do at the moment. It is one of the reasons blackbag has not been updated for some time. Just too busy traveling, preparing courses, trainings, paid R&D and even work in the field of lock-forensics. When I say forensics it is not always answering the question if a particular technique was used to open a specific lock, it can also be in a role of expert witness to explain (or show) a particular lock can be opened quickly in court. I hope to follow up on the specific incident mentioned in Panorama when the case is final.

Next week we will be at ‘Hack In The Box’ in Amsterdam (may 19 and 20). We will have the Amsterdam Toool meeting on Wednesday (May 18) in our traditional hangout (the Kamers cafe/restaurant), and might later in the evening move to the prestigious Krasnapolsky Hotel at Dam square in Amsterdam to set up the booth. Thursday and Friday we will be at the Hotel for sure. If you want to learn about IT security and hobby-lockpicking, “Hack in the Box” is the place to be. I can offer a special discount if you want to attend “Hack in the Box”, so mail me for details.

One of the other courses we are preparing is for the blackhat sessions at DefCon (July 30-31). A two day hands on impressioning and safe-combo-manipulation course. Gonna be quite nice.

Still have a lot of work to do before I can announce LockCon 2011 …

Scott Buckey mailed me the following on my little challenge to see what you could make out of two scrambled audio messages. Not a 100% score, but good enough if an unknown message went trough the air. And I believe the attack can be optimized some more (giving better audio quality).

—
@ Scott:
It’s a rolling code inversion scrambler that changes inversion point approximately every 3 seconds.

On the recording the first 3 second ‘frame’ is missing, sorry 🙁

[Start]

[Start of first frame] Cryptomuseum test tape [End of first frame] -Decoded at 3.729Khz
[Start of second frame] of the Icom Analog *broken; ‘Public?’* Scrambler [End of second frame] – Decoded at 4.441Khz
[Start of third frame] by saying some random numbers related to *broken; the ?* radio [End of third frame] – Decoded at 3.940Khz
[Start of forth frame] *broken; Five? or Niner ?* Five Four Seven [End of forth frame] – Decoded at 3.120Khz
[Start of fifth frame] *broken; Five ? or One? * Six *eight A ? *[End of fifth frame] – Decoded at 2.000Khz
[Start of sixth frame] one four six [End of fifth frame] – Decoded at 3.067Khz
[Start of seventh frame] two seven *broken; nine? or five?*[End of seventh frame] – Decoded at 4.352Khz
[Start of eighth frame] *broken; Something? or simply?* like this (bleeps) [End of eighth frame] – Decoded at 4.263Khz
[Start of ninth frame] (Bleeps) *Broken; and? or TION?* [End of Ninth frame] – Decoded at 4.263Khz
[Start of tenth frame] (Bleeps) End of test [End of tenth frame] – Decoded at 3.023Khz
[End]
—
He also mailed me the following audio sample. If you compare it to the original descrambled wav file there still is a big difference, but still I take my hat off for Scott.

Koos thought the first sample was recorded over a trunked network, but that is not the case. The ‘bursts’ in the sample are used for synchronization in the (slow) rolling code.

The reason you hear me count and whistle in the samples is because it is a quick and easy way of testing the effectiveness of analog scramblers. Listening to the whistles in the scrambled output will give you a pretty good idea if the scrambling is static, repetitive and what the possible scrambling technique and change rate is. And it is always interesting to see how many numbers you can identify ‘by ear’ on these kind of systems.

The descrambled audio of the second file can be found here.