As many of you might know, I have a passion for clever ways to bypass electronic locks (YouTube).

And I just got a mail from a ‘blackback informer’ that pointed me to a highly interesting YouTube video.
The only problem with YouTube video’s is that you never know if it is a hoax or not.

However this video seems genuine and I believe the following trick could work!

On the video we see a euro profile cylinder, supposably a ‘Uhlmann & Zacher‘ electronic door lock, that seems to open when charged with static electricity.

When a metal ring is turned clockwise the lock seems to be charged, allowing it to open and close, even when no transponder key is present.
Turning the ring counterclockwise seems to discharge the static electricity and the lock remains closed.

I would like to thank the blackbag informant who reported this great and interesting video.
Now all I need is one of these locks to see if this really works or not …

Han just received some locks from GeGe. It is nice to see people keep their promises…

This is what Han has to say about them:

The locks in the picture are some locks we got from Gege, from the left to the right: P-extra, AP2000, AP3000, ANS-2 and the AP4000.

They all have an exotic looking keyway, but besides that here is a lot to tell about the inner live of these cilinders, they contain for example horizontal sliders, undercuts, cogwheel, special anti-bump pins, key copy protection, spring loaded axial pins, carbide sintered steel insert, etc.

I intend to write an article about these high security locks, so that you will learn more about these cilinders.

Click the image for a high-detailed version.

The new NDE magazine is out. For the real die-hards nothing new, it has been out for a few days now.

But it is good to see the quality of the magazine getting better and better with each new number coming out. And it gives me a god feeling to see Schuyler doing so well. He came up with a crazy idea (NDE magazine) and instead of just talking about it simply executed his plan. And it seems he was able to find the right people to support him. I am curious where this will go to as it has the potential to get really big (with locksport getting big aswell). It brings back memories from a time I was involved in a small magazine that had trouble getting new numbers out in time ….

I surely enjoyed reading the ‘Medecoder’ story, and the tension they are building up, not to mention the fact Medeco is changing their production because of it. Something very special has been achieved with that! And to finally see Jaakko Fagerlund’s exploit against Abus Plus series out in the open. The rest you will have to read yourelf, but it is a must read for visitors of this blog.

On a personal level: I am done writing long pieces of text under time pressure. First there was the deadline on the foreword of Marc Tobias his book, and on Saturday I finally completed the article for 2600 magazine. The article came out nice, and is an introduction to my presentation at the ‘final hope‘ conference that will be about “high security key duplication”.

Yesterday we accepted an offer we could not refuse.

It was not cheap, but we managed to buy a medeco bi-axial key cutting machine and some bi-axial locks and blanks. Very nice material for the Dutch Open in Sneek.

The machine must be kept out of reach with children, as the metal particles that come from the keys are very sharp and nasty. I had to move the machine to a place with a concrete floor because cutting a few keys almost ruined my carpet 😉

But finally having locks, blanks and a key cutter will allow us to verify Marc Tobias his claims and play around with the system ourselves. And it is a great asset for the Dutch Open in Sneek ….

Now all we need is an ARX pinning kit to make things complete. Anyone got one for sale?

Locksport is really getting somewhere in the US.

We see some interesting copies of concepts we know all so well, and names that vaguely sound familiar …

Take for instance ‘Fools‘ (Fraternal Order Of Locksport). Looking on their website it is a small initiative, but hey … so were the European locksports groups when they started.

An other name that rings a bell is T.O.O.L. (Tennessee Organization of Locksmiths). Admitted, they are not a lockport group, but it is funny to see they coincidentally picked that name 😉

For now this short blogposting: I am currently busy writing a column for 2600, and Han and I are on a secret mission today (preparing for Sneek already!). More on that soon …

Tonight Marc Tobias will be the special guest in the “Off the hook” radio show.

Topics covered are his new book, and the role lockpicking is going to play at the ‘last hope conference’.

And on top of that, some special offers will be made that are only valid during the show!!

“Off The Hook” airs every Wednesday night at 7:00 PM EST in New York City on listener supported WBAI 99.5 FM. It can also be followed by this audio stream, or as a high quality podcast (only available one week from now).

Even tough I never met him, I am starting to like Ian Cecil.
In the comments of the previous posting read had a different theory about what actually happens when you bump a lock.

This is what he wrote:

—
Every theory even so called facts have to be challenged.

So here is an experiment everyone can do.

1. Make a cutaway cylinder so you can see the top pins.

2. When you hit the Bump Key, what would you expect to see? The current theory would suggest you would see the top pins fly up above the shear line, just for a millisecond. Also you would see the top pin with a large bottom pin fly up further?

3. So keeping the cylinder perfectly lined up bump away…

4. Anyone with a high speed camera should be able to photograph the pins separated. (personally i have not seen this). They only separate when slight turning pressure is applied no matter how hard you hit it.

I would also suggest that the practice of turning the bump key just at the right time is also not correct. It is better to have a constant pressure like picking.
No pressure at all dose not cause any separation of the pins. so no point trying to get the timing correct.
—

Now, I like this way of thinking. Never assume anything, test and see for yourself. It is the only way to learn and find out new ideas.

So I followed Ian’s advice and assembled a cut-away lock.

And Ian is right. If you just hit the key, you do not see the pins move. But …. does this mean the pins do not move?
I think it just happens too fast for you to see, and maybe the blow of the hammer on the key causes your eye to close for a split second …

Unfortunately I do not have access to a high speed camera, so now I had to figure a way to ‘capture’ events that occur in a split second.

In my first experiment I used a thin piece of wire and bended it in a L shape. Then I just hung it in the top of the spring, the
The little wire was so short it did not made contact with the top pin. Yet, when I bumped without turning pressure, the L shaped wire jumped right out of the plug.

So something was moving, and I suspected the pin to push it out. But in theory it could also be the spring.

My next experiment was using grease. I greased up the springs and clearly photographed the cut away lock. This is the ‘before’ picture.

After that I hit the key ten times (without tensioning the key), and the result is the image on top of this posting. As you can see, all the grease was pushed out severely (here is a ‘before/after’ image). And most interesting on pin 1 and 5, there was now grease on the side of the top pins!

The fact there is a grease residue on the pins prove to me the pins did travel. And you can also see by the way the grease was pushed out of the chamber.

Of course I could be wrong, but for now I am still convinced the bumping theory works as advertised ….

For a long time Han and I are doing tests for various lock manufacturers. At the beginning, most of the requests were concerns if the ‘bump proof’ pins they came up with were really bump proof. And most of the time they were not.

On average it took three rounds of testing (and back to the drawing board) before we could not bump open the lock anymore. In some instances we supported the manufacturer with some technical advice to really make the lock bump proof (or highly bump-resistant).

And of course we have been thinking about designing our own bump-proof pin. We labeled it ‘the search for the golden pin’.

In our view, the golden pin has to have (at least) the following properties:

1) Prevent bumping one hundred percent (bump-proof, must withstand ‘advanced bumping’)
2) If possible, make other kind of attacks more difficult (like picking, impressioning and decoding)
3) The solution must contain not too many parts and must be easy to manufacture
4) Easy to Add to a classic 5 pin tumbler lock without modifying the core or house (too much)
5) If possible the ‘golden pin’ must be implementable in dimple and or other pin-tumbler style locks
6) Free of patents

Han and I have been partly successful in this search. And still we are having new ideas and brainstorm/try out sessions on a regular basis.

But ever since our trip to Vienna, our way of looking at the problem has changed.

We learned that if you ever want to have your invention implemented by a lock manufacturer, stop searching for a ‘golden pin’, and start searching for a ‘golden key’!

That is right, lock manufacturers are under constant pressure to come up with new patents on keys. A ‘patented key’ is required in all serious projects, and when a patent is ‘end of life’, so is the commercial success of the lock. Or actually a couple of years before the expiration of the patent (after all, who wants to buy something that will lose it’s ‘copy protection’ in three of four years?).

In a way it is a very healthy system. It keeps lock companies innovative. They can not just design a lock once and live of that design for ever. It forces them to keep investing in engineering.

The flip side it that great locking systems all of a sudden become ‘worthless’ because of the patent expiration. And in some instances that is not fair if you look at the level of security the lock and keys are still providing.

Looking at our mailbox, we are not the only ones looking for the golden pin….

A couple of times per month we receive mail from people who came up with pins or solutions against bumping. In almost all cases the six above properties are not met.

One of the last mails I recently received was from a gentleman called Ian Cecil from Australia. His invention is somewhat smart and makes use of the ‘floating pin’ principle. With that I mean that one of the pins is not reaching the ‘9’ position. We have first seen this solution in CES locks where they simply did not drill the hole in the plug all the way. And other floating pins can be found in systems like GeGe Pextra, Nemef and Master padlocks.

But before I take you to all the solutions we found in various locks, back to Ian:

Ian cam up with the following idea: Use a short spring that is connected to the ‘stopper plug’ and the ‘bottom pin’. And the bottom pin is by magnetic force attracting the top pin. If you keep the top pin small (0-3), the bump key can not make contact and obviously does not work. As I said, a nice invention but far from ‘bump proof’. The lock can still be opened by ‘advanced bumping’.

How does advanced bumping works? If I know there is a floating pin inside a lock, all that is required is a set of probe keys to determine the position and minimum depth of the floating pin. And once that info is decoded all I need to do is cut a 99949 key and open the lock.

Still, Ian makes a lot of sense on his website and shows he does know what he is talking about. Who knows, maybe he will come up with a ‘golden key’ one day ….

We are in the process of having a special pickset designed for ‘the last Hope‘ conference, and are thinking of other cool gadgets/merchandise we can bring with our logo on.

Even though the ‘LED ring‘ is a nice gadget, it might send out a wrong signal having it handed out with the Toool logo stamped on it.

The last thing I want to do is give our hobby a bad name or bad reputation. And images like the one above certainly can be interpreted wrong. But the idea of using an LED ring for picking locks is just too funny not to mention.

And they are pretty cheap too (mirror) …

I admit, I have got a lock fetish. Especially when it concerns government or military locks.
But for readers of this blog it might even be the reason for visiting here ….

Well … Yesterday at some sort of flea market in Amsterdam I found some interesting suitcases.

Some with labels and stickers that caught my attention.
Triggers like: Nato unclassified, Nato Awacs, and various other stickers.

But the best was yet to come: some cases had locks on them, with complicated looking keyways!

So getting the cases for 10 euro each was not a problem and I immediately took them to my favorite locksmith. He studied the lock for a minute orso, and then tried a DOM blank (silca DM28)…. It was the correct blank …

On one hand I was happy he had blanks for me, on the other hand I was a little disappointed the locks were not extreme high security and had restricted profiles.

Needless to say I went home and tried to make a key for the locks via impressioning. But that was much harder as I thought as the plastic from the side of the case the lock was mounted in absorbed my movements.

So I first had to pick the small five pin locks in order to open the cases, then remove the lock and mount them in a vice.

But after that it went relatively smoothly and a correct key was made in a couple of minutes.

Now I just need to find a purpose for the damn cases …..

* Update: in the comments, Agent X is asking for more images of the cases.
Here they are, enjoy: cases1.jpg, cases2.jpg, cases3.jpg and label.jpg