More LockCon

September 8th, 2011

Just a quick reminder: Lockon 2011 will take place in the weekend of October 21-23.

The location is the good old Sneek hostel, and the rules are more or less the same as last year(s). I expect to come out with more news on LockCon around Monday September 12.

We are still looking for people who want to give a presentation (although we already have quite some excellent talks scheduled).

Places are limited, so if you would like to come now would be a good time to let us know.

Hope to see you all there!

lock-experts.com

July 15th, 2011

It is time to come out with my new company: lock-experts.com

Over the years I have been being hired by some of the most serious players in the lock industry. Normally for things like training, presentations, workshops, education, plain advice, R&D, special toolmaking and more. It is work I love to do, and with the help of some friends I am going to expand it.

More about lock-experts.com soon. I hope the website is up before visiting Aloa

(small update 19/07/11 : created a PGP key)

SSDeV impressioning games 2011

June 13th, 2011

Jos Weyers got another notch on his guitar. He won the German impressioning championships in Hamburg yesterday. For those who know Jos this will not come as a surprise. And right after Jos came Arthur Meister. Arthur is as steady as Jos, just a fraction slower. And after six locks this adds up.

Jord Knaap turned out to be the surprise. Before this weekend he barely impressioned a lock, but after an evening of practice with the ‘meisters’ he managed to get into the finals and open all six locks. Scoring a solid third place!

Impressioning heavyweights Oliver Diederichsen and Dr. Manfred Bölker became fourth and fifth.

There was a time it was unthinkable to have a non-German people win these games, let alone the top three contain two Duchies 😉

German impressioning games 2011 in Hamburg

I knew I was not likely to end in the top three in this competition (due to lack of training) and scored a sixth place.

Thanks everybody for a great weekend!

Lockon 2011 : October 22-23

June 10th, 2011

Just a quick post before going to Hamburg for the German impressioning championships.

We have a date for LockCon! It is going to happen the weekend of October 22-23, and already some interesting speakers have promised to give a presentation! The location most likely is going to be the good old hostel in Sneek, but if other options (in the Netherlands) come up we might be persuaded.

Hope to see you all there!

The robotic key duplicator

May 18th, 2011

Frank brought this nice little key-duplicating robot to my attention. The ‘minuteKey’ seems like a great idea! (check their site or see the FAQ for the limitations)

I am not sure how wise it is to have your home keys scanned and analyzed by a robot and then identify yourself to it by paying with a credit-card (no cash payment possible). On top of that it needs your e-mail address in order to mail you a receipt. The first thing that comes to mind is that all this data quickly turns into a pretty interesting database, especially if the minuteKey becomes popular and widespread.

Interesting times we live in …

What is up with Barry?

May 15th, 2011

Toool meeting Amsterdam

As you can see on the image above I am doing fine. The image is a picture made by Dutch Panorama Magazine a couple of weeks ago at the Amsterdam Toool meeting. Panorama interviewed me and wrote a pretty nice article about me.

One of the topics covered in the article is the flood of professional lock-related work I do at the moment. It is one of the reasons blackbag has not been updated for some time. Just too busy traveling, preparing courses, trainings, paid R&D and even work in the field of lock-forensics. When I say forensics it is not always answering the question if a particular technique was used to open a specific lock, it can also be in a role of expert witness to explain (or show) a particular lock can be opened quickly in court. I hope to follow up on the specific incident mentioned in Panorama when the case is final.

Next week we will be at ‘Hack In The Box’ in Amsterdam (may 19 and 20). We will have the Amsterdam Toool meeting on Wednesday (May 18) in our traditional hangout (the Kamers cafe/restaurant), and might later in the evening move to the prestigious Krasnapolsky Hotel at Dam square in Amsterdam to set up the booth. Thursday and Friday we will be at the Hotel for sure. If you want to learn about IT security and hobby-lockpicking, “Hack in the Box” is the place to be. I can offer a special discount if you want to attend “Hack in the Box”, so mail me for details.

One of the other courses we are preparing is for the blackhat sessions at DefCon (July 30-31). A two day hands on impressioning and safe-combo-manipulation course. Gonna be quite nice.

Still have a lot of work to do before I can announce LockCon 2011 …

Decrypted (descrambled) audio

March 2nd, 2011

Scott Buckey mailed me the following on my little challenge to see what you could make out of two scrambled audio messages. Not a 100% score, but good enough if an unknown message went trough the air. And I believe the attack can be optimized some more (giving better audio quality).


@ Scott:
It’s a rolling code inversion scrambler that changes inversion point approximately every 3 seconds.

On the recording the first 3 second ‘frame’ is missing, sorry 🙁

[Start]

[Start of first frame] Cryptomuseum test tape [End of first frame] -Decoded at 3.729Khz
[Start of second frame] of the Icom Analog *broken; ‘Public?’* Scrambler [End of second frame] – Decoded at 4.441Khz
[Start of third frame] by saying some random numbers related to *broken; the ?* radio [End of third frame] – Decoded at 3.940Khz
[Start of forth frame] *broken; Five? or Niner ?* Five Four Seven [End of forth frame] – Decoded at 3.120Khz
[Start of fifth frame] *broken; Five ? or One? * Six *eight A ? *[End of fifth frame] – Decoded at 2.000Khz
[Start of sixth frame] one four six [End of fifth frame] – Decoded at 3.067Khz
[Start of seventh frame] two seven *broken; nine? or five?*[End of seventh frame] – Decoded at 4.352Khz
[Start of eighth frame] *broken; Something? or simply?* like this (bleeps) [End of eighth frame] – Decoded at 4.263Khz
[Start of ninth frame] (Bleeps) *Broken; and? or TION?* [End of Ninth frame] – Decoded at 4.263Khz
[Start of tenth frame] (Bleeps) End of test [End of tenth frame] – Decoded at 3.023Khz
[End]

He also mailed me the following audio sample. If you compare it to the original descrambled wav file there still is a big difference, but still I take my hat off for Scott.

Koos thought the first sample was recorded over a trunked network, but that is not the case. The ‘bursts’ in the sample are used for synchronization in the (slow) rolling code.

The reason you hear me count and whistle in the samples is because it is a quick and easy way of testing the effectiveness of analog scramblers. Listening to the whistles in the scrambled output will give you a pretty good idea if the scrambling is static, repetitive and what the possible scrambling technique and change rate is. And it is always interesting to see how many numbers you can identify ‘by ear’ on these kind of systems.

The descrambled audio of the second file can be found here.

Cryptomuseum.com and my donation

February 19th, 2011

The blackbag banner says: locks, encryption and the RF spectrum. These two last topics did not get much attention yet. It is not that I do not have a lot to tell about it, it’s just that locks take up all of my time and interest at the moment. That is why I decided to donate a big part of my encryption device collection to the (virtual) crypto museum. Just take a look on their site, it is really a great place that will give you an idea about the radio side of things of the field I am interested in, and that are the foundations of my work for GSMK Cryptophone.

cryptomuseum

I know the people behind cryptomuseum.com from some time ago. They are the same that asked me to make a working key for an enigma some time ago at a Toool meeting. What is real funny is that twelve years ago I had the same idea, and even registered the cryptomuseum.com domain for a couple of years. But hey, then I got so involved with locks and lockpicking that I decided to put my focus on that. But before that I was quite serious about is, and even made some audio samples of encrypted and decrypted radio scramblers. For now I will only post two samples of these analog scrambling devices. If you listen carefully to these samples, you might be able to get some words, or even part of a sentence. You can post your guesses (or decrypted wav’s) in the comments. I will post the ‘decrypted’ audio in a couple of days from now.

Mottura C38 in new blackbag category: Cut to pieces

January 29th, 2011

Mottura C38

It has been a while since I added a category to blackbag, but now there is a new one called “cut to pieces”, and it is greatly inspired by the work of Peter Field.

On the “cut to pieces” image I share with you today is the inner working of the Mottura C38 lock. It is nice lock, that contains many nice features. Today I cover the magnetic pin. The pins in one of the chambers are not spring loaded, and gravity pulls the plug pin below sheer line. If the magnet in the key is at the right position, and has the right polarity, the magnetic pin in the house is pulled towards the key, also lifting the housing pin.

I hope the image(s) speaks for itself. (click on the image for a bigger version)

I am currently making quite a nice collection of images of various locking systems for my presentations and workshops. I will try to share some of the work here to keep you posted on what I am doing …

Assa d12

December 29th, 2010

2011 will bring some interesting papers on advanced locks. Both Michael Huebler and Han Fey are working on articles on some unique locks. Han’s article will be about the latest lock from Assa, the d12.

ASSA700 In my previous posting I asked what two locks had in common. I will now give you the answer. The bottom lock is the famous ‘seven pin’ ASSA 700 lock, and contains some extremely nasty anti-pick pins. In short: if you tension the lock and lift a few pins, the lock will ‘freeze’. Once a pin is locked between the core and the house you can only move it again after (almost?) fully releasing tension. We learned this seven pin lock was developed and produced already over a period of 50 years (!), and is still a very common ‘medium security’ lock in Sweden.

And they call it medium security. Sure, if you compare the seven pin version to locks like the Assa Twin system (pdf) (like Twin Combi and DP) there is still a huge difference between them. But I dare to call the design of the 700 high security anyway.

assa d12

The top image from my previous posting shows the new ‘medium security lock’ by Assa. It is a new design to replace the Assa 700 lock and it is called the d12. So that is what they have in common.

ASSA d12Han’s preview of the d12 article already covers twenty pages(!). Here is some basic info about this amazing new lock. The pin has two tips, and there can be an offset between the left and right contact points. This gives very interesting properties for masterkey-systems. To prevent the pins from twisting, they are equipped with little wings that fall into a slot in the channel of the core. And the wings also make some of the pins ‘float’, so a ‘999’ key will not make contact with all pins. If you look at the image, you can see the fifth pin is much longer and is being operated by a lower portion of the key. And if you manage to get your picktool inserted, the lock has the same anti-pick properties as the 700 series. You will have to be patient for Han’s article to read all the ins- and outs of this system, but I can just say it is neat to see groundbreaking new technology like this enter the market.

And last but not least: there was a small error in Han’s image in my previous post. Pin six was not positioned correct (as Michael Huebler pointed out in the comments). Below is the correct image.

Assa d12

To be continued (somewhere in 2011) …