As some of you might know I run a small 24/7 locksmith in the Amsterdam area called Intact-Noodopening.nl
The idea behind intact is to open locks, doors, cars and safes without damaging the lock. Basically I am being paid to practice in the field what I teach in my classes.
Truth is that at this moment not a whole lot of work is coming trough. And I outsource most of it since I simply do not have much time.
Never the less I decided I needed a good logo for this venue. Instead of annoying my standard logo designer I took another route: putting it for bid on 99 designs.com . So far there are three designs thar stick out.
Sorry for the low volume of blogpostings but I am currently involved in many projects. For example: with Lock-Experts I am preparing some private classes that involve interesting locks to study and come up with solutions.
And with the help of some friends I have set up a locksmith service with the name intact-noodopening.nl (intact emergency opening). The idea behind intact-noodopening is to practice what I preach during the lock-experts classes and open locks in the field without damaging them. It is the best of both worlds: make people happy by opening their locks make some money while learning. For the moment Intact-Open is active in the Amsterdam region in the Netherlands. For special projects we are available wherever needed.
You know the drill: Barry is busy. Sad but true. Then again, don’t be sad as I would not want it any other way.
Just to give you an idea about my next few days: tonight there is a Toool gathering in Amsterdam, and it is going to be nice as a lot of our friends from abroad will be visiting it. Then tomorrow morning we will drive to Essen for the security show, and on Friday we will all go to Sneek for LockCon. On Monday Han and I fly to Malaysia for Hack in the Box, and after that things will settle down a bit.
During the last weeks I have been quite active in lock research, to prepare my presentations for both LockCon and Hack in the Box. Han and I always try to focus on the locks they use in countries we visit, and in the case of Malaysia it is ‘disk style locks’. Han Fey being ‘Mr Abloy’ knows a lot about disk locks, although there is a small difference in quality from the kind of locks they use there. As far the organizers of Hack in the Box have told me, the ‘solex brand’ is the lock to beat. And when the lock sells for just a 10 or 15 dollar, there seems to be a lot of counterfeiting going on. It is hard to understand a $10 or $15 dollar lock is counterfeited, and it is even harder to understand they are using high security holographic seals to fight this.
After doing a little study on some sample locks we got, we decided to do a hand-on class on picking these locks. People can register for the class, and pay a small fee to get a pick and disk lock and try to open it at our two hour course/class (and later at the lockpick village).
Sometimes I get bizarre requests. And people can come up with the weirdest excuses for me to tell them how to open certain locks. But the mails below are the most bizarre scam mails so far. Or at least I hope it’s a scam …
Begin forwarded message:
Subject: FW: Help!
Date: Tue, 17 Aug 2010 13:00:24 +0300
We are forwarding this e-mail from XXX XXXXX. We requested a help to get out from the Rebelions leader close camp in the border to XXXXXX. The guys are comming and kill people everyday claiming to show where the goverment soldiers has gone. No one knows. but they have already killed 27 peoples up to this morning.
We can’t escape our death as the camp is made of steel shipping containers and the steel doors are all locked with Mul-T-Locks. We need the help on instruction to open this locks so we can run our death. Please Help us… We are dying….
From: John HXXXX [mailto:johnhXXXX@hotmail.com]
Sent: 14 August 2010 11:13 AM
To: XXX XXXXXX
We are 124 XXX (country BW) citizen kidnaped by rebels near the border to XXX (country BW). They come and shot dead one person in front of us everyday! We was 132 up to now remained 124 only and they still come to kill us..
The building doors are all made of steel. But all the padlocks are MUL-T-LOCKS.
One of us has managed to hide her mobile phone connected to internet. We now use this phone to seek for you help to unlock these 3 locks and run away from our death.
Can you please tell us what to do with this locks to resque our life please…..
It has been a little slow with my weblog. Maybe it’s because I now use twitter to burst short messages instead of blogging, but the silence here does not mean nothing is happening. On the contrary, a lot is happening….
I like a challenge and am using the vacation I am in now to study the four wheel lock(s). Jord Knaap was kind enough to let me use one of his cut-away demo locks for this research/test. The lock is neatly mounted on a stand, and as Jord had an eye for details, he even included the anti-drill ‘hard plate’ on the stand (it’s the yellow layer between the dial and the house of the lock). The interesting part is that these locks have false cuts in their wheels, and the position of the false cuts seems to be different on some wheels. Maybe there is a pattern, but it is too early to say … It’s just the first day of my holiday today ;)
Behind the scenes we are busy preparing lockcon (October 8-9-10). It’s gonna be good as more and more people from all over the globe are attracted to it, and the presentations will be high quality as always. And I will use this two week vacation to reply to some mails people have send me. I am running a little behind but will be back on track before the holiday is over …
One of the things I am really looking forward to is spending a weekend between the good old Dutch safe techs and their visitors. These guys are organizing yet again a fabulous penetration party on June 11-12-13. These parties are the ultimate for safe technicians as they cover the latest in state of the art in safe opening. Picking, drilling, manipulation, decoding … the works. And if you are into the legal safe opening business you are invited to join in! Just send a mail to Paul Crouwel if you want to attend.
And I am currently more focused on other things then safe opening but I definitely want to try some new toys I bought at my latest trip in the US.
Hope to see the usual suspects in less then two weeks!
I am reading up on the assassination of Hamas leader Mahmoud al-Mabhouh with red cones. Never ever have so many operational details come out about missions like this. Twenty years ago this would have gone on file as a ‘highly suspicious death’, but in this day and age of CCTV camera’s it did not go unnoticed. What is special this time is that a (must see) video just was released by Dubai police, and it looks like a hollywood production. The link to this blog? … since the murder took place in a hotel, I was immediately interested to read details on how they gained entry. And there still are some things unclear about it, even though this article speaks about “They entered the room using copies of keys they had somehow acquired.”
This could point to the fact a lot of electronic hotel door locks have a mechanical override. Most of the time there is a mechanical lock mounted under the handle of the door that can be opened with a master key. In some cases the lock is even hidden under a sticker or label, but in most hotels I visited there is a lock present in case the electronic lock fails (in some countries it is not legal to rely only on the electronics). I know that in some hotel locks a mechanical opening is still recorded by the electronics in the lock and will end up in the log files. To get hold of the masterkey, one could rent a room in the same hotel and simply (for an intelligence agency that is) take the mechanical lock out the door, take it apart and make the master key based on the now known pin lenght. (Or if you believe the myth, ‘they’ already have done all the fieldwork and collected the mechanical master keys to all important hotels in advance anyway …)
Another way to open some hotel doors would be to simply go under the door and grab the handle from the inside using a special tool. As you can see in this video, it is not so difficult. And the tool used to go under the door is even available in a ‘government only’ version. This version can easily been taken apart into small segments but is only sold to government agents.
And I suggest a slightly modified tool like the one on the video was used for the finishing touch of the murder. To make it look like a natural death, they locked the chain on the inside of the door …
It is all a funny coincidence as the video of the tool was just shot a couple of weeks ago when Han Fey and I did a presentation at the famous IT-Defense security congress Germany. It is a congress where we always meet lots of interesting people and always get a lot of invitations to give more presentations and/or workshops. We were originally invited to just do some hands on workshops and teach people the basic locksport/lockpicking skills, as well as a few simple opening techniques like shimming doors etc. But when some of the conference speakers missed their plane, we were asked to give an ‘emergency presentation’ to fill the gap. And as we do not like to give the same presentation twice, we shot some video (using a mobile phone) on the spot late at night about the door opening tool (and how to protect yourself against it) and inserted it into a compilation of existing presentations. Originally I did not intend to release the video as it shows me opening a door, but in this case I make an exception …
And for those of you who want to know more on the inner working of hotel locks, I have blogged about it before (including a video of ‘how it is made’)….
These days a lot of people call me with questions about locks, most of them when they are in some sort of trouble….
Yesterday was no exception. An old friend (who lives far away) called me because his neighbor had a problem with his lock. Not strange if you keep in mind it’s really cold here now and there is a thick layer of snow covering the Netherlands. This neighbor had his house well protected and was using a LIPS OCTRO to lock his house (15 pin dimple lock). And now because of the cold the lock would not open anymore. They did notice the key went in and out the lock smoothly. So they tried heating the key with a lighter and keep the heated key in the lock for some time, yet that did not work. And now they called me for advice.
I did gave them advice but to be honnest that did not open the lock. And a couple of hours later I received a text message with the full story. And I will tell you the details in one or two days.
My question to you is: what would you have advised him to do (or what questions would you have asked)?
* Update: Tom gave the correct answer in the comments …
Wednesday a Toool delegation went to the 11th Pecha Kucha night in Amsterdam. For those who do not know pecha kucha: it a series of small presentations. Each presentation contains of twenty slides and each slide will be shown for exactly twenty seconds. And I can tell you: twenty seconds is fast when you are on stage. I also did a presentation and it went ok, although I must admit it was not my best performance ever.
After the presentation we put up a lockpick table and did a hands on session. From the three hundred attendees quite a large number learned to pick locks that evening. Worth mentioning is that the evening was organized in a former bank building. Guess who we found drooling over the huge safe (containing Lips four wheel combination locks)?
The last slide of my presentation was about an idea we have for quite some time now. We are looking for a ‘mechanical hacker space’ (or a Toool playground, hardware shop etc). A room to have our toool meetings but also a permanent workshop and possibly even training room.Currently we are exploring all sorts of relatively low costs rooms (like a 40m2 and 90m2 room at the Volkskrant building). After the presentation someone came to us and gave some more leads to cheap places were creative people come together. Lets see if this place ever becomes more then just an idea. If you have a nice space for rent we are interested to hear about it …
I was wondering how to call this post: Lockpicker-paranoia or paranoia lockpick-zophrenia. But in all seriousness, ever since we have been in the New York times (that was followed up on by various media) I have received lots of calls and e-mails from people who are ‘troubled by a lockpicker’. The story all these people tell is more or less the same and basically boils down to this: there is a lockpicker who picks the lock of their house, goes inside and does nothing but just move the furniture a little or leave subtle clues they have been inside. And all people who contact me have one burning question: What lock should I buy to keep this evil lockpicker out. *sigh*
I know that no matter what lock I will advise, they will always come back to ask more questions as the lockpicker will always be able to get in and ‘move stuff’. In one case I advised to install a 3KS+ lock and ensured them that I personally do not know people who can open them without damaging the lock. Yet, one day later I received a call from the same person questioning my advice. *more sighs*
Now the interesting part: I spoke with some people about this, and they too receive inquiries like this once in a while. What intrigued me most was one quote from someone who told me he personally knew of two cases where there actually was someone picking the lock (or duplicating a key) and moving stuff! In one case the ‘lockpicker’ even cleaned the house of his victim and used a vacuum cleaner to clean the carpet! Asked why these ‘lockpickers’ went to all this trouble to harass someone the motive was a little vague. Someone who does not like their neighbors or personal motives concerning intimate relationships.
I was baffled to hear about this an am very curious if other sources can confirm stories like this. Anyone got juicy stories to tell?
As far as I can see now, 2009 will be the year of exploits for electronic and electro-mechanical locks. As you can read on Marc Tobias his blog they will talk about some exploits against these kind of locks at Defcon. And so will Han Fey and me (in more detail) at the HAR conference two weeks after Defcon.
And there are others doing the same thing. Take for example a mysterious group calling themselves ‘lockbeepers’. They just published a report about the BurgwÃ¤chter TSE 3000, showing two interesting attack vectors.
The image above shows the heart of the BurgwÃ¤chter TSE 3000. For those unfamiliar with the lock: it is a fully electronic lock that replaces a mechanical lock. Instead of using a key you have to enter a PIN on a keypad.
The lockbeepers seem to have had a hell of a time analyzing it as you can read in their report (PDF).
In the report they explain two possible ways of attacking this lock. The first attack is locating the cable the pin numbers are being transported by (in the clear). Hooking up a small chip on that line would allow anyone to record and replay the pin-numbers captured.
The second attack is more practical: it shows you where to apply power on the circuit board and open the lock. According to the lockbeepers it is not difficult to reach that point.
I would like to thank the lockbeepers for their document and hope to see more work from their hands. If they do you will most likely read it on blackbag …
All over Amsterdam billboards are popping up saying: “from now on, all that deserve PUNISHMENT will get PUNISHED”. It is a ridiculous poster by the Dutch VVD political party. And good old Viola did not like to see the threatening words ‘punishment’ and ‘punished’ all over the place and decided to fix the problem. She made prints with the words ‘something sweet’ and put them over the billboards. So now it says: “From now on, all that deserve SOMETHING SWEET will get SOMETHING SWEET”.
I had dinner with Marc Tobias last week, and one of the things we spoke about was ‘disclosure’.
It is my philosophy you should warn a lock company if you find a (new) flaw in their product and give them time to fix it and inform their customers. Marc however defended the standpoint to only give them time if they promise to exchange the locks in the field, or apply a patch, free of charge. It is a dilemma, especially if you see how companies like Uhlmann & Zacher suffered from anonymous youtube videos that popped up out of the blue.
The other side of the medal is that lock companies sometimes are sloppy and do not take this all too serious. I still have not fully made up my mind about the future of disclosing issues, but tend to lean in Marc’s direction. If companies promise to compensate/exchange the flawed products the consumer wins. If the manufacturer does not want to fix the problem, the consumer needs to know the lock needs replacement. And most likely replace it with a product from a company that does take it’s customers serious….
But I guess it is a decision we will make case by case, as not all locks and flaws are equal …
To be continued for sure … (and I am curious to hear your opinion about this …)
This is one of these topics that I wanted to write about before, but never managed because of my little break last year.
As you might know Abloy’s Protec cylinder has quite a reputation as being an outstanding lock. For the moment it is very difficult to pick/manipulate (although there are rumors someone developed an opening tool). One other feature is keycontrol: it is quite difficult to have copies made if you do not have the certificate. And in case you need it for a high security installation the housing of the lock can be delivered in an extra strong steel body that is difficult to break and drill. All in all it is a very nice and secure cylinder that many people in the locksport community use on their front door ;)
But … as always: if a product becomes ‘too popular’, some clever person will come up with a tool to defeat it. Unfortunately (for us lockpick tool lovers) the clever person came up with a destructive opening technique (instead of a non-destructive method).
But the method of opening the lock is extremely simple and effective (as you can see in this youtube video). In less then a minute the lock is open. Ok, it might not be completely silent, but it sure is fast! … And to make things worse: the tool even seems to work on the hardened version of the lock.
If clever tools show up on youtube, they most of the time can be ordered at Wendt ….
Organizing an event the size of the (formerly known) Dutch Open takes a lot of my time. So still no official updates on that, although the outlines are getting clearer and clearer by the minute….
I still receive a lot of feedback on my keyway king milling machine. Many people are curious what the modification is, and if the device is already in Amsterdam. I can be clear about that: it is still work in progress. My good friend modifying the devices sends me pictures from time to time. The idea behind that is to make some sort of ‘modification manual’ for other keyway king owners. The last image my friend mailed me was called ‘destruction‘ …. ahum … I assume it will take some time before the device will be in Barry’s blackbag lab. But knowing my friend, it will be worth to wait …
Furthermore I learned audio of all ‘last hope’ presentations is online now (for a little while already). A great (free!) service, allowing everybody to learn from the wonderful speakers and presentations. If you want to hear the story behind the ‘skin-pression’ image you see above, you can listen to the presentation by Han and me at the last hope in high quality MP3 and find out.