Times are pretty hectic so Charlotte and I decided to take off to one of Europe’s nicest cities for a relaxing weekend without the kids. When we entered our hotel room I was thrilled to see it had a chain on the inside … (see my previous post on hotel doors to read why). The chain is a weak link by itself as it was obvious if had been broken and repaired many times before. In my opinion it is not necessary to use force on the chain as it can be bypassed relatively simple.
I did improvise a little and shot a video on how to bypass the chain using nothing more then a rubber band for you. Unfortunately I did not have enough time to experiment on how to lock the chain when being on the outside as I promised Charlotte I would spend my time with her and not geek around too much. But I guess a rubber band and some dental floss could do the trick.
And for those of you who want to test their ‘keyway knowledge’: can you tell by these keyways (12345 and 6) what country we visited? BTW, keyway six is a lock used by the local phone or power company. And I did notice the hotel door keyway was the same as the picture I took of the lock in a completely different country.
Next post (after my short “I am now on twitter” message) is about Lockcon. It will be held the weekend of October 8-9-10. This will allow international visitors to visit the famous large security fair in Essen.
I am reading up on the assassination of Hamas leader Mahmoud al-Mabhouh with red cones. Never ever have so many operational details come out about missions like this. Twenty years ago this would have gone on file as a ‘highly suspicious death’, but in this day and age of CCTV camera’s it did not go unnoticed. What is special this time is that a (must see) video just was released by Dubai police, and it looks like a hollywood production. The link to this blog? … since the murder took place in a hotel, I was immediately interested to read details on how they gained entry. And there still are some things unclear about it, even though this article speaks about “They entered the room using copies of keys they had somehow acquired.”
This could point to the fact a lot of electronic hotel door locks have a mechanical override. Most of the time there is a mechanical lock mounted under the handle of the door that can be opened with a master key. In some cases the lock is even hidden under a sticker or label, but in most hotels I visited there is a lock present in case the electronic lock fails (in some countries it is not legal to rely only on the electronics). I know that in some hotel locks a mechanical opening is still recorded by the electronics in the lock and will end up in the log files. To get hold of the masterkey, one could rent a room in the same hotel and simply (for an intelligence agency that is) take the mechanical lock out the door, take it apart and make the master key based on the now known pin lenght. (Or if you believe the myth, ‘they’ already have done all the fieldwork and collected the mechanical master keys to all important hotels in advance anyway …)
Another way to open some hotel doors would be to simply go under the door and grab the handle from the inside using a special tool. As you can see in this video, it is not so difficult. And the tool used to go under the door is even available in a ‘government only’ version. This version can easily been taken apart into small segments but is only sold to government agents.
And I suggest a slightly modified tool like the one on the video was used for the finishing touch of the murder. To make it look like a natural death, they locked the chain on the inside of the door …
It is all a funny coincidence as the video of the tool was just shot a couple of weeks ago when Han Fey and I did a presentation at the famous IT-Defense security congress Germany. It is a congress where we always meet lots of interesting people and always get a lot of invitations to give more presentations and/or workshops. We were originally invited to just do some hands on workshops and teach people the basic locksport/lockpicking skills, as well as a few simple opening techniques like shimming doors etc. But when some of the conference speakers missed their plane, we were asked to give an ’emergency presentation’ to fill the gap. And as we do not like to give the same presentation twice, we shot some video (using a mobile phone) on the spot late at night about the door opening tool (and how to protect yourself against it) and inserted it into a compilation of existing presentations. Originally I did not intend to release the video as it shows me opening a door, but in this case I make an exception …
And for those of you who want to know more on the inner working of hotel locks, I have blogged about it before (including a video of ‘how it is made’)….
A lot of people asked my opinion about the “Electronic Key Impressioner” that has been in the news lately. The device is not for sale yet and the only thing people have seen so far is a computer model of a device. Technical details are not out yet (as far as I know). This being a news item triggered a lot of people who are now curious if a device like this could really work, and if so, what is the technique behind it.
The automatic key impressioner reminded me on something I saw at a trade-show a couple of years ago. At the stand was a person with a some sort of ‘lock probe’ that could electronically read out the combination on some car locks. This lock probe was connected to a laptop, and after inserting the lock probe in and out of the lock a couple of times, the code of the lock was on the display of the laptop.
Curious on how this technique worked, I spend some time talking with the developer of the system. As we all know, most car locks are wafer locks. These wafers all have the same outer dimensions and the only thing that differentiates (for example) a ‘cut one’ from a ‘cut four’ is the position of the hole in the wafer. To make it a little more clear for people who are not into locks, I took wafers one, two, three and four from a car lock and stacked them on top of each other. You can clearly see a ‘stairway’ pattern if you stack them in incrementing order.
The lock probe I saw at the show used electric current to determine the position of the opening in the wafer. The idea is to put some low voltage on the body of the lock and ‘look for it’ with the contacts in the isolated tip of the lock probe. A high cut wafer will only make contact with the higher contact points in the tip, while a low cut wafer will give a reading on more contact points as the tip slides trough it. And there were a number of different probes for various lock models (variations in the spacing and position of the contact points on the tip of the key). The theory behind this may all look easy and straight forward, but it took them quite some effort to write a decent piece of software to convert the data into a key-code. The developer told me errors could be introduced if users insert the probe too quickly, and sometimes locks ‘in the field’ were so dirty/greased up that contact with the wafers was not reliable.
Of course I can only guess, but I imagine the “Electronic Key Impressioner” works on the same principle. I can’t wait to see the device in real life and be able to test it under some real world conditions. As I can imagine there is a range of wafer locks this technique does not work on. And I wonder if it can compete with some of the more sophisticated mechanical car lock decoders that are out on the market for many years now …
We feared for it some time, but just received a mail that confirmed it. Officially the reason is ‘the crisis’ and that there is not enough budget …
Will report soon about the implications if I have more information …
* update: We are making an inventory of people who already booked an airplane ticket to Turkey. Please send me a mail and let me know (and how much you paid for the ticket).
* update 09/02: We are looking into some options. Latest May 1st we will come out with a statement/program about lockcon and the championships …
In 2002 I already demonstrated the theory behind the ‘foil impressioning‘ method at the H2K2 conference in New York. The foil impressioning method is nice because it will open quite a number of high security locks and requires relatively little skill to do so. The only thing you need to have is a key cut to the deepest position (preferably a little deeper) and some adhesive aluminum tape that is used in the automotive and heating industry. You apply the adhesive tape over the holes of the key, trim the edges a bit and insert it into the lock. All you need to do now is put some turning pressure on the key and make small ‘up and down’ movements. The pins that are not in the correct position will bind and become stuck in the lock. These pins will push the tape in a little when the key is pushed upwards, and in the next round of ‘turning and rocking the key up and down’ these binding pins will keep pushing in the tape deeper and deeper until shear line is reached. The interesting thing is that once a pin reaches the ‘shear line’ (opening position), it is no longer stuck and will not push in the tape deeper. The key will fit itself …
It is a great technique that is around for quite some time. In my collection of picktools I have some impressioning kits made for the locksmith market in 1995 and 1996. These kits use either foil or candle wax to keep the pins in place. If you take a close look on this key for example, you can see they milled a small fraction of the thickness of the key to make room for the foil. The key including the foil will push all pins to the highest position (or so we hope).
This brings us to the two disadvantages with this method. First of all, if there is a high cut and a deep cut next to each other, the foil is not flexible enough to cope with the difference. In this case you must pierce the tape if the lock does not open in a couple of minutes to allow the deep pin to sink deeper into the foil. And if the pin in the lock is short (a low cut in the key), there is a chance the pin will start to bind because it is not exactly on ‘shear line’. And once this short pin starts pushing the foil in, you lost (as it will sink in deeper and deeper and you will never open the lock). One other disadvantage is that if the profile of the key is not fully flat (meaning if has a serious profile) the tape can not be applied correctly. If you try to put tape over (for instance) this profile, the edges of the profile of the lock will tear the tape when entering the lock. But that latest problem has been solved now by a Chinese tool manufacturer!
Just brand new on the market is a kit that uses a clever technique to also open dimple locks that have a serious profile (and are not one solid square piece of metal). The kit was brought to my attention when visiting Israel with Jord Knaap and Han Fey last week. A local locksmith called Raf (well known from the UK bumpkey forum) invited us to his shop and proudly showed me this tool and technique. The way the tool works is that you first take some aluminum foil and make a ‘U shaped’ form (using the special tool to do so) and make small incisions on pre-determined positions. Next thing you do is put the foil over a special blank that already has the profile of your target lock. The clever thing about this tool is that the ‘U shaped foil tube’ is wrapped around some sort of needle, and the foil can not be pushed in when entering the lock! Once the key is inserted, the needle is taken out from the back of the tool, and the pins are now resting on the foil. Because of the cuts in the foil, each pin will stand on it’s own ‘island’ of foil, and when it is pushed in will not disturb the neighboring pin! I have played around with it a little, and the design is really very clever and works fast and reliable!
There is something to complain though. The tool itself is made from ehrm …. not the best quality steel and will break after several tries. Nevertheless it is a great tool for it’s value, and I am sure this new method of ‘foil tubing’ can be applied to many more locks too ….
Thank you Raf (and friends) for the good time, and of course for your excellent video demonstration of this great new tool!
It was just in the news here: Dutch Police forces are on the lookout for new handcuffs. According to Gerrit van de Kamp of Dutch Police association ACP the current cuffs are ‘worn out’ after twenty five years of service. No link was made anywhere to a small little incident that happened last year …
And not just any handcuff will do to become the new standard … there is a huge list of requirements. For instance: they must be ‘comfortable’ (designed with ergonomics in mind). And the material used should of course be strong and durable, must be resistant against corrosion and not cause allergic contact rashes. And because “the Netherlands finest” already carry quite some tools on their belt the cuffs should not weigh more then 340 gram. The color is also specified: black. This is because shiny silver cuffs might trigger aggressive reactions. and talking about color: the tender includes one thousand ‘training cuffs’ in a light blue color.
But the funniest of all requirements is the one that specifies that they can only be opened with the correct key! Not a word if this key should me made out of metal or if a printed plastic copy will do. And most important: the cuffs should resist fifteen minutes of manipulation against someone who can use ‘tools’ like a paperclip, business card, screwdrivers or a split pin. Interestingly, normal household locks have a ten minute time limit against manipulation in the highest SKG 3 star certification. My free advise to the Dutch police: If you are even halfway clever you should invite Ray and ask his opinion about the various handcuffs that you currently have in consideration … it could save you some embarrassment later down the road …
And anyone wants to place a bet how long it takes before someone takes a picture of the key and makes a working copy out of it?
—
And then on a personal level: I will start again with my ‘post on blackbag once a week’ policy. Meaning that around the weekends there will be a post here on blackbag. Next one will be about … LockCon, the ELF conference and the European lockpick championships …
These days a lot of people call me with questions about locks, most of them when they are in some sort of trouble….
Yesterday was no exception. An old friend (who lives far away) called me because his neighbor had a problem with his lock. Not strange if you keep in mind it’s really cold here now and there is a thick layer of snow covering the Netherlands. This neighbor had his house well protected and was using a LIPS OCTRO to lock his house (15 pin dimple lock). And now because of the cold the lock would not open anymore. They did notice the key went in and out the lock smoothly. So they tried heating the key with a lighter and keep the heated key in the lock for some time, yet that did not work. And now they called me for advice.
I did gave them advice but to be honnest that did not open the lock. And a couple of hours later I received a text message with the full story. And I will tell you the details in one or two days.
My question to you is: what would you have advised him to do (or what questions would you have asked)?
* Update: Tom gave the correct answer in the comments …
Some security company is big in the news here today. They hired a marketing company to do a security audit to prove hospitals need better security … even against terrorist threats.
Business news radio asked if I would be interested in talking with the director of the company on the radio. Of course I was interested and I think it turned out pretty well (8 minutes of streaming audio in Dutch).
The ELF conference in Turkey, First european lockpick championships, Lockcon … not to mention work and family life … it is a bit much at the moment…
So I took a rather dramatic step: I decided to officially take some time off from work. Meaning that from January 1st 2010, I will be no longer working full time for CryptoPhone and create some more time for the ELF conference and locks in general (although working at CryptoPhone remains my first priority). There already is a pile of requests for workshops, presentations and other lock related fun. Seems like 2010 is going to be an interesting year ….
I receive a lot of questions about LockCon and the ELF conference. People want to book flights early (while it is still cheap). If you do want to book please let me know (drop me a mail) and make sure to arrive in Istanbul on May 26 (or earlier) as LockCon will officially start on May 27 at 09:00 AM. And maybe (if we can get a lot of high quality content) we might change the opening of LockCon to May 26 20:00 PM. So please make sure you are in Istanbul by then….
On Friday May 28 the first official European lockpick championships will take place at the ELF conference ground. On Friday we will do the first rounds in the lockpicking, impressioning and safe dialing competitions, and on Saturday there will be the finals for these three disciplines. In the evening on Saturday the 29th the champions will be honored at the gala dinner. On Sunday evening most of us will travel back…
The biggest challenge we are currently facing is to find cheap places to sleep for the lockcon attendees. Istanbul is a nice place and in 2010 it is even the official european capital of culture. Meaning that all hotels are booked (or are not offering low prices) because it is ‘the place to be’. We are exploring options to get beds for a low price but can not make any promises yet…. work in progress …
Faithful readers of blackbag know that if I am neglecting my blog only when I am really busy. Somehow this always seems to happen at the end of the year (last year I even closed the blog for a couple of weeks). But I will not do that this time.
Here is my delayed blogposting on the German ‘Handopening’ championships. It was won by … (you could have guessed it): Julian Hardt. Imagine: he won three out of five games he competed in to win a ticket to the ELF European lockpick championships and LockCon. I only hope for Julian he did not peak too early and will also win some prices in Turkey …
In the German games, it works a little different then in any other competition I know. The attendees need to bring their own lock to the competition and pick it in five minutes. If they succeed they are allowed to compete in the games and try to pick the locks from the other contestants. For these other locks they get fifteen minutes. If you did not pick a lock in this time you will get some extra seconds as a penalty added to the fifteen minutes. Julian brought an ASSA Twin 6000 to the games. Up to this date nobody has been able to open it besides Julian …
And since Julian won the handopening games, the ticket goes to the second place winner: Gerhard Hepperle. Gerhard is a very experienced picker who always ends up high in the list of champions. There will be an update on ‘Turkey’ real soon now. Hopefully within one week (two weeks max)….
