Breaking news from the Dutch Ministry of internal affairs website:

Radboud university fully broke myfair classic.

“With little effort abuse is possible and cards can be cracked and copied easily.”

Below is my rough translation of their letter to inform our parliament.

Between the lines I read panic ….

March 12

Radboud University in Nijmegen (the Netherlands) had recently notified me their research group ‘Digital Security’ developed a method to easily crack and duplicate a large number of chipcards.

This concerns all (access control)cards containing the so called ‘mifare classic-chip’, used in applications that do not rely on additional security measures (like our nation wide transport card).

We guess around two million access control cards are in use in the Netherlands, worldwide we assume one billion.

In various Governmental and private sector this chiptechnoligy is in use.

Our national intelligence agency (AIVD) has, on my request, checked the method at the Radboud University, and confirmed their claim is correct and works.

I have ordered AIVD to follow up and conduct more research.

It must be taken into account as soon as details of the university research become public, the possibilities of abuse are going to be so easy that additional measures are necessary to maintain ‘the level of security’.

The new ‘governmental ID card’ (using a different technology) was supposed to be rolled out the fourth quarter of 2008. I am looking into if this can be speeded up.
I have requested AIVD to advise on security measures of the gevernmental ID card.

In the meantime government wide additional security measures will be taken.

I have requested my colleague ministers to inform the (public) sectors they are responsible for, so additional measures can be taken.

The Minister of internal affairs.
—

At 16:00 Radboud Univeristy will issue a press conference. By that time a report and video will be available on http://www.www.ru.nl/veiligheid-toegangspassen

It has been a busy week.

First being at CeBit with the CryptoPhone booth, and yesterday attending the Wendt open house party.

So this is going to be a short post …

There has been quite some speculation on who the ‘world class speaker’ is that is going to bring out a book this summer.

And who it is that is going into details about the severe shortcomings of this specific ‘unpickable high security lock’ at our Dutch Open.

Some of you guessed it right: it is Marc Tobias, and the lock company is Medeco.

For those of you who might think this is about bumping Medeco locks…. It is not.

Marc and a counterpart went deep on Medeco. Deeper than anyone (outside Medeco) ever did.

Some of their findings are already out there, but trust me when I say that the best (and most amazing) is yet to come.

The Dutch Open is not going to be a Medeco bashing event, we will just give Marc a timeslot to tell his amazing story to a critical and technical audience.

But I know already the audience will admire what they came up with…. amazing stuff.

And the call for speakers for the event is already a success. I am so happy Last years top speaker told us he will most likely do a follow up this year!

I being charged up with positive energy just thinking about the Dutch Open….

The open and relaxed atmosphere, the knowledgeable people, the world class presentations, the hands-on workshops, the flow of creative energy, the championships, the most beautiful prizes to win, the unique locks and tools people show and sell, the parties, the ‘free beer’…. and so much more….
It has become the place where the industry meets the lockpickers and vice versa.

As far as I know it is a one of a kind, non-commercial, event.

And for us it is a big challenge to organize it. Every year we manage to create a bigger and better event, and every year the quality of speakers and presentations goes up.

This year is no exception, as we will try to raise the bar again. We promise: the Dutch Open 2008 will be bigger and better then ever before.

Already, a world class speaker committed to disclose in depth details of one of the most ingenious lock hacks I have ever encountered. I was briefed last year on this attack, and I must say I never ever have seen anything like it. Pure brilliance! The implications of this ‘hack’ are severe. At best, one of the most influential lock companies will ‘only’ have its reputation shred to pieces. Worst case scenario is they will go bankrupt over it. My guess is that millions of owners of this ‘unpickable’ high security lock are going to demand an upgrade or lock replacement. This summer a book will be released covering this amazing story. I am sure it will cause quite a stir in the US. Of course this book will be available at a very high discount in Sneek.

If you want to hear the full story (including gory details), and if you want to try this opening technique yourself, you will have to attend the 2008 Dutch Open ….

Sneak preview: some images that do not make any sense now, but surely will after the presentation ….

Because of this special presentation, and because we expect lots of international visitors, we decided to add one extra day for presentations at this years event. So the event will be from Thursday evening till Sunday evening.

And this years Dutch Open will be held in October, not November or December.

The reason we selected October is to give international visitors more value for money. After all, in October the famous ‘Essen Security Show‘ is held. So why not have our international guests join us and enjoy one of the biggest physical security shows on the planet.

Because that is what the security show in Essen (7-10 October) is. Here you can learn about the latest innovations in the area of physical security. Check companies present, and check my blog posting on the security ’06 show. Can you imagine a better way to kick off the Dutch Open?

Including the security show visit, the schedule for this years Dutch Open is following:

October 6-7-8 pick up various visitors from airport and drop at local hotels or friends places.
October 8 (wednesday) 20:00-23:00 visit the regular Toool meeting in Amsterdam
October 9 (thursday) Wake up early and visit the security show in Essen. In the evening drive to Sneek.
(people not attending Essen can go directly to Sneek)
October 10 (Friday) Presentations and workshops.
October 11 (Saturday) Championships (lockpicking, impressioning, combo manipulation (?))
Champions are honored at the ‘Dutch Open party’ later that evening.
October 12 (Sunday) Final presentations and the end of the event.

And even though we already have a world class presentation, we are placing a call for papers.

Because we added an extra day, we have room for more speakers, more presentations, more hands-on workshops, more lock pick challenges and other topics.

Please do not hesitate and send us your proposal before July 20, 2008.

On August 1 we will post the full Dutch Open 2008 schedule.

So tell your boss you will take some day’s off in October, and register now ….
The number of available seats is limited to 100 … and … First-come first served!

Mail us at: dutch-open-2008@toool.nl

(To give you an idea what to expect, some links about previous Dutch Open’s: click 1 2 3 4 5 6 7 or 8)

As mentioned a couple of weeks ago, Toool visited the Dutch Ankerslot factory.

It is nice to see they have come up with some clever techniques to solve problems.

Take for instance their electro-mechanical lock. Their system uses both a mechanical protection as well as an RFID chip. As being pioneers in this area (in the Netherlands?), they encountered the problem of welding/glueing RFID elements in the head of a key.

If the glue is too aggressive, or if the temperature to weld the two parts together is too hot, the RFID element could be damaged. And then there is the risk of the head of the key splitting apart, causing the user to loose the RFID chip.

The way Ankerslot solved this is by ultrasonic welding. Two plastic elements are rubbed against each other at very high speed, causing them to become very hot for a very short period of time, on a very specific area.

This fast rubbing causes a nasty high tone squeak. But after this short burst, the parts are stuck together in a way they will never be separated again.

As always I shot some video of this process (Quicktime 7 Mb or click the above youtube clip).

And WikiPedia has the answers for people who really want to know everything about Ultrasonic welding.

I am still busy trying to get better impressioning marks using ultraviolet light.

Below is a cartoon from a Dutch magazine, and CSI also seem to be using UV for better traces. It took me a little while to figure out the joke, but I think it is very funny. I just hope you have the same sense of humor ….

An interesting article describing the struggle againts black box e-voting in the Netherlands.
Written by my good friend Rop Gonggrijp (the driving force of the ‘against e-voting campaign’ in .NL).

(Source Wired. Originally published in 2600 magazine, Winter issue – #4, 2007)

What it means to be a hacker

by Rop Gonggrijp

My most recent confrontation with what it means to be a hacker started in March of 2006, after I went to vote for the local council of Amsterdam. At the polling station, I had to use a brand-new electronic voting machine that the city was renting from a company called Sdu. In fact, Amsterdam had contracted the entire election as a turnkey service, Sdu was even training the poll-workers. This “voting machine” was in fact a computer with a touch screen running Windows. To make maters worse: inside each computer was a GPRS wireless modem that sent the election results to Sdu, which in turn told the city. I had not been blind to the problems of electronic voting before, but now I was having my face rubbed in it, and it hurt.

Perhaps I should quickly introduce myself. My name is Rop Gonggrijp and I’m a dutch national that lives in Amsterdam, The Netherlands. Some of you will know me as I have been mentioned in this magazine as well as been a regular guest on Off the Hook for almost as long as the show exists. I’m one of the main organizers for these Dutch hacker events. Between 1989 and 1993 I published Hack-Tic, a magazine not unlike 2600 except that it was written in Dutch. During the late Hack- Tic years I co-founded XS4ALL, which still is one of the larger ISPs in The Netherlands.

I guess I became part of the hacker community sometime during the early 1980s while playing with my fathers 300 baud acoustic modem, although arguably I was hacking before when I was soldering FM- transmitters together with a friend at age 12. But after reading Steven Levy’s book ‘Hackers, heroes of the computer revolution’, I knew what I was and that I was to be part of a global community, even if I could only knew a few other hackers around me.

… read the full article at Wired

Laura Balver of the Dutch program ‘Ik op TV’ visited Toool Amsterdam. Click to see Dutch clip….

Phew … I made it … here is the Sunday Blackbag posting of the week …

I made the most of my days in Barcelona. From 09:00 to 19:00 I was behind the booth at the 3GSM show, never to return home before 01:00 from meetings with Spanish lockpickers and locksmiths.

(click on image to enlarge)

Very generous people I met, as I ended up with 55 kilo’s(!) of locks and blanks. Enough to keep me busy for quite some time….

Normally I would not have been able to transport all this precious metal. Luckily for me, a Dutch friend (Vincent ‘Norman’ Vlaming) was doing his internship at our company, and he and his father helped me out by taking kilos and kilos of locks in their luggage.

But back to Spanish locks: A high number of lever locks are in use there, as well as lots of dimple locks.

Some of the lever locks (Orenco for example) have something remarkable. The keys miss a small part at the bottom, making the lower finger of the key stick out a little. This is the part that keeps the lock under pressure. This is a cheap and simple counter measure to avoid opening the lock using a classic hobbs pick. There just is no room for the tensioner of the Hobb’s pick, as a little ring deep inside the lock takes away all the space.

As it is a popular lock, of course there is a pick for it. And I got a demonstration of it. Unfortunately I did not shoot any photo’s, but it is a classical Hobb’s pick and … a hollow file (tube shaped). The file is inserted into the lock and the ring at the bottom of the lock is simply filed away. After removing that part, the classic Hobb’s pick can be used to open the lock.

I have also seen some special and remarkable models. Take for instance this Inceca lock with it’s round key. I have not tried, but people told me it can be opened relatively quickly with a sort of tubular pick.

Another special lock was the JIS, with it’s two rows and nine pins.

Twenty of the most interesting Spanish locks will be used in the 2008 Toool competition. The JIS lock will be in it for sure, so we will soon know if two rows of pins make life real difficult for us lockpickers. We always shoot high quality images of the competition locks, so … stay tuned for more Spanish lock info…

I am right now in Barcelona. Unfortunately the internet connection at the apartment we rented is broken, so this message is written from an internet cafe (and in a hurry) …

The good news is I met a local locksmith yesterday that gave me a ‘small present’ … A box containing 25 Kilograms of locks!

There are some real treasures in this big box, and when I am back in Amsterdam I will make some nice detailed images of some of them.

It contains lots of dimple locks, some ‘normal’ pin tumbler locks and also many lever locks! Real nice, real weird sometimes …

The blanks I brought with me cover 50% of the (pin tumbler) locks I received. Not a bad score. Tonight I will try to impression a few locks, and teach the friendly locksmiths the basics of impressioning….

End of the week I will be visiting Barcelona for a couple of days. To be more precise, from Sunday 10 to Thursday 14 February I will be at the CryptoPhone stand at the 3GSM show.

Whenever I travel abroad I try to estimate the most common locks and order (ten of each of) the most popular blanks. In case of Spain I understood they use a lot of dimple locks like TESA T-60 and T-80, MCM 4SE, CISA, STS (CS-5, CS-6, CS-8 etc), ISEO, Ezcurra S-10 and DS-15 and LINCE. So I collected around twenty different type of blanks. Of course this is not enough to cover all the locks, but I hope it covers some of them.

As far as I see, Impressioning dimple locks is the same as impressioning a ‘normal’ pin tumbler locks. Problem is I only tried around ten different locks (Iseo, Lips, Dom, Keso, Abus, Mul-t 7X7 etc). And except the mul-t-lock 7X7 I succeeded in opening all of them. I hope to get my hands on some (used) spanish dimple locks while there and be able to practice some more.

Are there Spanish blackbag readers that would like to meet for a cup of coffee, and maybe trade locks and/or blanks? I will be staying in the Plaza España area in Barcelona.

Advice on what other locks/blanks are popular in Spain is welcome too, please use the comments (or mail me: barry at toool.nl) if you have any info….