The blackbag banner says: locks, encryption and the RF spectrum. These two last topics did not get much attention yet. It is not that I do not have a lot to tell about it, it’s just that locks take up all of my time and interest at the moment. That is why I decided to donate a big part of my encryption device collection to the (virtual) crypto museum. Just take a look on their site, it is really a great place that will give you an idea about the radio side of things of the field I am interested in, and that are the foundations of my work for GSMK Cryptophone.

I know the people behind cryptomuseum.com from some time ago. They are the same that asked me to make a working key for an enigma some time ago at a Toool meeting. What is real funny is that twelve years ago I had the same idea, and even registered the cryptomuseum.com domain for a couple of years. But hey, then I got so involved with locks and lockpicking that I decided to put my focus on that. But before that I was quite serious about is, and even made some audio samples of encrypted and decrypted radio scramblers. For now I will only post two samples of these analog scrambling devices. If you listen carefully to these samples, you might be able to get some words, or even part of a sentence. You can post your guesses (or decrypted wav’s) in the comments. I will post the ‘decrypted’ audio in a couple of days from now.

It has been a while since I added a category to blackbag, but now there is a new one called “cut to pieces”, and it is greatly inspired by the work of Peter Field.

On the “cut to pieces” image I share with you today is the inner working of the Mottura C38 lock. It is nice lock, that contains many nice features. Today I cover the magnetic pin. The pins in one of the chambers are not spring loaded, and gravity pulls the plug pin below sheer line. If the magnet in the key is at the right position, and has the right polarity, the magnetic pin in the house is pulled towards the key, also lifting the housing pin.

I hope the image(s) speaks for itself. (click on the image for a bigger version)

I am currently making quite a nice collection of images of various locking systems for my presentations and workshops. I will try to share some of the work here to keep you posted on what I am doing …

2011 will bring some interesting papers on advanced locks. Both Michael Huebler and Han Fey are working on articles on some unique locks. Han’s article will be about the latest lock from Assa, the d12.

In my previous posting I asked what two locks had in common. I will now give you the answer. The bottom lock is the famous ‘seven pin’ ASSA 700 lock, and contains some extremely nasty anti-pick pins. In short: if you tension the lock and lift a few pins, the lock will ‘freeze’. Once a pin is locked between the core and the house you can only move it again after (almost?) fully releasing tension. We learned this seven pin lock was developed and produced already over a period of 50 years (!), and is still a very common ‘medium security’ lock in Sweden.

And they call it medium security. Sure, if you compare the seven pin version to locks like the Assa Twin system (pdf) (like Twin Combi and DP) there is still a huge difference between them. But I dare to call the design of the 700 high security anyway.

The top image from my previous posting shows the new ‘medium security lock’ by Assa. It is a new design to replace the Assa 700 lock and it is called the d12. So that is what they have in common.

Han’s preview of the d12 article already covers twenty pages(!). Here is some basic info about this amazing new lock. The pin has two tips, and there can be an offset between the left and right contact points. This gives very interesting properties for masterkey-systems. To prevent the pins from twisting, they are equipped with little wings that fall into a slot in the channel of the core. And the wings also make some of the pins ‘float’, so a ‘999’ key will not make contact with all pins. If you look at the image, you can see the fifth pin is much longer and is being operated by a lower portion of the key. And if you manage to get your picktool inserted, the lock has the same anti-pick properties as the 700 series. You will have to be patient for Han’s article to read all the ins- and outs of this system, but I can just say it is neat to see groundbreaking new technology like this enter the market.

And last but not least: there was a small error in Han’s image in my previous post. Pin six was not positioned correct (as Michael Huebler pointed out in the comments). Below is the correct image.

To be continued (somewhere in 2011) …

Really, I think highly of you. And Han and I are just curious if people know the relationship between these two locks shown below, and how long it will take before the correct answer is given in the comments. After Christmas I will come back with the answer here anyway.

Han and I get more and more work as expert witnesses in court cases and in lock-forensics these days. It is one of the reasons we invest a lot in Macro Photography.

It seems more criminals are using clever opening techniques to break into places, and in the Netherlands not many people have the expertise to be able to show what happened. News about this kind of ‘burglaries without a trace’ cases even make it to the front page of Dutch newspapers.

The article was about the ‘Twente case’. Dutch Police in Twente (.NL) arrested a twenty-five year old male on November 4th. A witness gave the police a description of a person who most likely broke a window at a shop at the Heutinkstraat in Enschede. Police noticed a person on a bicycle who matched the description, but the man tried to escape when they approached him. After a short chase the man was arrested, and the first official report (mirror) about this incident mentioned the man possessed ‘burglary tools’.

A later report (mirror) stated the man was taken into custody and his house was searched. At his house a lot of stolen goods were discovered, as well as a ‘large amount of cash’. Police soon discovered the man used manual lockpicking to break into houses. His territory was a range of houses of elderly people at the Marthastraat and C.F. Klaarstraat in Enschede. So far he confessed thirteen burglaries committed over an 18 months period. He mostly went out at night and used a lockpick set to gain entry. As police stated, the man ‘worked very clean’, and in some of the cases the owners of the house never even realized they had been burglarized! He managed to take away expensive goods, silver and cash without leaving a trace. To make things worse, he even used the burglarized houses for mail order fraud. He successfully mail ordered gold and expensive goods without the owners of the houses knowing.

According to police spokeswoman Chantal Westerhoff, the burglar had ‘very sensitive fingers’. She said “Lockpicking is a special trade, and not a lot of people can do what this guy did”.

After his confession, and showing lots of remorse, the man was released from custody. He will soon have to account for his behavior in court. I hope I can find out what day the court case is, and I will try to follow up on the story. Any information on the case is welcome, so feel free to mail me if you know more about it.

* Note December 2: I received additional information about the case. The trial will be held in February 2011 (no date set yet). And it is going to generate a lot of media attention as there are some very interesting angles to the story.

Just a few weeks I felt like a kid in the candy-store at the small exhibition about the history of our Dutch intelligence service AIVD. And even though the exhibition was relatively small, there was a lot to see. The great thing is they showed items that were in real use at the service before. I will cover some subjects that interest me (and hopefully you) a lot.

Take for instance hidden transmitters (bugs). I remember reading about the famous 1977 train-hijack in the Netherlands in a book about counter terrorism. The hijackers requested at one moment of time a crate full of soda and a band-aid box. In the book they mentioned it took the intelligence services great difficulties to find a soda crate that could be prepared with an audio-transmitter. For that purpose they traveled all trough the country trying to find an older type wooden ‘coca cola’ crate . The actual crate they used was at the exhibition, and showed the transmitter and hidden compartment in detail. The transmitter in the soda case makes sense to me, but the at the band-aid box I am not sure if they only show the batteries, or that I do not understand the structure of the transmitter(s).

One other thing that interests me is encryption. At the exhibition was a Hagelin C 446 A encryption device, (build in 1945). I am always very interested to see what kind of lock is installed on devices like that, because it reflects the state of the art in locks at that time. The Hagelin is equipped with an Ikon ‘cross beard’ lock. Often at these kind of devices you see the serial number is stamped into the key. Besides the lock on the Hagelin machine there was only one other display that covered keys. It showed a hollow key used to smuggle messages.

But they had more crypto stuff. It is widely known that “one-time pad encryption (OTP)” is a type of encryption that has been proven impossible to crack if used correctly. For the fine details check out wikipedia. In an OTP system the sender and receiver make use of a small ‘code book’ or ‘code table’ that is only used once. Agents that were sent out sometimes had to smuggle this code material with them, and at the exhibition they showed how that was done. They used hollow batteries, a travel “comb and mirror kit” and even the good old ‘hollow heel shoe trick’ to hide the thin sheets containing the codes. It seems from the material at the show they only used numbers on their code sheets.

Other methods of transferring messages that are on display are ‘dead letterboxes’ and a ‘burst transmitter’. The dead letterbox they showed was nothing more then a piece of cement with some messages inside. This ‘rock’ would be dropped at a known location by one agent, and later picked up by another. This way the agents should not have to meet face to face, and if one of them was under surveillance the surveillance had to be pretty strict to see the agent throw or pick up a rock from the ground. The burst transmitter is another way of communication. The message was prepared by the agent, and then transmitted at high speed (in a burst) via a special shortwave transmitter. Because the length of the transmission was short, there was little chance of detection, let alone allow for radio location measurements.

It is worth visiting the exhibition in Zoetermeer, especially if you have kids. There is a real mission for them, and they have to complete a puzzle search to get a small prize. It is open for the public until February 27 2011.

Seems like some interesting assignments are coming up. And if whether or not the assignments will materialize, one can always make good use of the kind of repro-stand I just purchased.

I was also persuaded to buy some special ‘daylight’ lamps that came it and came from the same manufacturer, so for the moment I have a nice ‘basic’ setup. There still is a chance light from just two sources will not quite do it, but for the moment I am happy and can at least make some small series of images. I made some test shoths with my crappy old camera, and am not too unhappy with the result. Just to show a few, here is some images of IKON DLC, IVANA NECOLOCK, Federal, LIPS and some other locks. Now waiting for Christmas to see if Santa will bring me a nice(er) camera and maybe a couple of lenses …

I am just wasting time on an airport in Malaysia and read some bizarre news on some Dutch website. It seems thieves in the Netherlands are currently very fond of build in navigation systems. The latest way of opening the vehicles is far from subtle … They ‘simply’ cut a hole in the side of the door, cut a cable that runs trough the door and is hooked up to the alarm system and open the door. According to the website ‘Over Eindhoven’ the thieves cut holes in at least 62 verhicles!

More shocking images can be found at OverEindhoven….

Just a short post: Jos Weyers won the impression games … again. Life is good 🙂 Time for yet another beer …

You know the drill: Barry is busy. Sad but true. Then again, don’t be sad as I would not want it any other way.

Just to give you an idea about my next few days: tonight there is a Toool gathering in Amsterdam, and it is going to be nice as a lot of our friends from abroad will be visiting it. Then tomorrow morning we will drive to Essen for the security show, and on Friday we will all go to Sneek for LockCon. On Monday Han and I fly to Malaysia for Hack in the Box, and after that things will settle down a bit.

During the last weeks I have been quite active in lock research, to prepare my presentations for both LockCon and Hack in the Box. Han and I always try to focus on the locks they use in countries we visit, and in the case of Malaysia it is ‘disk style locks’. Han Fey being ‘Mr Abloy’ knows a lot about disk locks, although there is a small difference in quality from the kind of locks they use there. As far the organizers of Hack in the Box have told me, the ‘solex brand’ is the lock to beat. And when the lock sells for just a 10 or 15 dollar, there seems to be a lot of counterfeiting going on. It is hard to understand a $10 or $15 dollar lock is counterfeited, and it is even harder to understand they are using high security holographic seals to fight this.

After doing a little study on some sample locks we got, we decided to do a hand-on class on picking these locks. People can register for the class, and pay a small fee to get a pick and disk lock and try to open it at our two hour course/class (and later at the lockpick village).

Got to continue working … time is running out!