Archive for the ‘Dutch Open’ Category

« Older Entries

LockCon 2010 “the winner takes it all”

Monday, August 16th, 2010

This year’s LockCon theme is: the winner takes it all.

That is right, after experimenting with knock-out systems in the games last year at the HAR conference, we will now expand this and let the knock-out system play an important role in the competitions at LockCon. We are real curious to see how this will work out in the lockpick competition.

So what’s the exact schedule? Please keep in mind that LockCon is a very dynamic and last minute changes can always be made. And we kept Friday evening open for last minute presentations and/or time to socialize. This is the schedule we have in mind :

Friday, October 8 2010

People are requested to arrive between 11:30 and 12:30 at the hostel. Toool representatives will be present at the hostel from 11:00 AM on to greet the guests and assign them a room. It is important to be on time as the first presentations begins at 13:30!

Friday 13:30 -15:30 Lock forensics: the more advanced stuff. By datagram

Datagram is a well known expert in the field of forensic locksmithing. His site http://www.lockpickingforensics.com/ is a one of a kind source on this topic. And we are very honored to have Datagram open lockcon with his presentation on advanced forensic locksmithing.

At this two hour presentation, Datagram will quickly go from the basics in forensic locksmithing to the more advanced stuff. He will go into detail on what traces are left in high-security locks when opening attempts are made with special decoder and picktools. And on Sunday Datagram will talk about the vulnerability in a lock many people thought to be ‘pick proof’.

16:00 – 17:00 “Wanna bet”?!? (Wetten Dass … 1986!). By Han Fey

Wetten DassHan makes friends all over the globe, and one of these friends is Mr. Frank Peter Wiersma. Back in 1986, when there were only a handful of television stations, Mr. Wiersma became a small celebrity in the locksmith community. He appeared on the popular show ‘wanna bet ?!?’, and accepted the challenge to try and file a working key to a lock in under three minutes (without trying the key in the lock!). His only tools: some files, one blank key, and just the ‘code number’ of a randomly chosen lock. In this presentation Han will give answers to questions like: did Mr. Wiersma succeed? What was his plan of attack? And just in case Han does not have the answers to all the questions … Mr. Wiersma is a guest of honor at lockcon and will be present too.

17:15 – 18:00 Medeco advanced and ARX pins. by Barry Wels

ARXMedeco lately introduced special pins in the commercial product line to make their locks more resistant against picking and decoding attacks. And rumor has there are even more advanced pins in locks that are used in locations ‘that really matter’. These later pins are supposedly called “ARX” (stands for: Attack Resistance Xtended). What do we know about them? Do we know what these pins look like? How many different types are there? And do they really offer extra resistance against sophisticated attacks? This presentation does not have all the answers, but hopefully will give you some new insights. And a note to the public: If you have any information on ARX pins (pinning kit, individual pins, images, suggestions) please mail arx@blackbag.nl.

18:00-19:00 dinner

19:00 and later: time to socialize, give a ‘last minute’ presentation or compete in the combination lock manipulation competition.

Saturday, October 9 2010

08:00 – 09:30 Breakfast.

Saturday 10:00 – 15:00 The return of the lock Pathologist. By Peter Field
(Lunch 12:00-13:00)

As many LockCon attendees know, Peter Field has an extraordinary way of looking at locks. Like a pathologist, he cuts locks in many thin slices and captures the result with high quality photography. This unique methods of creating a cutaway view is world renowned. His lectures have been attended by locksmiths, security personnel, lock company engineers and Patent Office Examiners from many countries. And this will be the third time Mr. Field will give a presentation at LockCon. Peter Field’s presentations on locks is one of these things in life one can never get enough of.

Peter Field, Lock Pathologist

He will yet again give a four hour(!) presentation about many of the different elements of high security cylinder lock design. Combining his unique cut-away imagery with illustrations from old patents, he will explain how engineers classify the cylinder elements, modify them, develop new ones, and re-combine them all to invent new products for the constantly evolving security market. You will leave this presentation with an outline and a clear understanding of the design constraints and functions of most of the various elements you may find in any lock cylinder.

About Peter Field: he started locksmithing in 1960, and in 1978 was asked to join Medeco Security Locks, where he is now Director of Research. He has over 15 US Patents pertaining to high security locks, with several more patents pending. Being a employee of Medeco one thing is clear: Mr. Field will not discuss any opening techniques. As he told us in previous years: “I am here to talk about locks. How to open them is up to you ….”.

15:30 – 16:30 Just a handful of keys. By Julian Hardt

Many keysJulian Hardt found a vulnerability in a number of certified (and non-certified) safe locks. Due to this vulnerability, the amount of possible keys one normally should have to try (the so called ‘key space’) can be greatly reduced. In some cases the key-space goes down from 280.000 keys to a number small enough that it might be possible to just cut the few remaining keys (or build a set-up key) and open the safe with just a handful of keys. In our community it is common to report these kind of vulnerabilities to the manufacturer(s). And that is exactly what Julian did. Thing is: they just have not responded yet …. maybe this announcement helps.

16:30 – 17:30 The Cromer Novum alarm lock decoder. By Till

Decoder pickThis year, Till will present an old but very nice opening-tool. It is a tool to open Cromer Novum alarmlocks. And even though these kind of locks are not very common anymore, it is definitely worth showing the tool. The nice thing about this tool is that it makes use of pin and cam technology to decode the lock. Once the levers in the lock are identified, a set up key can be build to actually open the lock. Old but fascinating technology to open what was once a high security lever lock (and probably still is high security if you do not have the proper tool to bypass it). If you ask nicely, Till might let you try the decoder yourself.

18:00-19:00 dinner

20:00 – 23:00 Impressioning championships.

impressioning
Impressioning is the fine art of opening a lock by filing a key from a blank. It is an ancient technique that still works on an amazing number of (high security) locks. Besides an old-school locksmith skill it is a technique still in use today by intelligence agencies worldwide for their blackbag operational needs. The championships speak for themselves: who will be the fastest filing a working key to a lock his year? The impressioning championships will be played by new rules too (very close to German rules). More about that soon, but we can already say that only “standard Abus five pin locks” will be used.

Sunday October 10

08:00 – 09:30 Breakfast.

10:00 – 11:00 Beating the BiLock. By Datagram

BiLockIn this presentation Datagram will tackle a lock many people in our community thought was ‘pick proof’. BiLock products are well known for their double sidebar locks and two rows of ‘hard to pick’ pins. In the industry they are considered one of the most high security locks. In this presentation you will hear all the details on how the lock works, how the attack was discovered, what tools were made and how the company responded when they were informed ‘there might be a small problem’.

11:15 – 12:00 Mult-Lock MT5+ layer attack. By Jord Knaap and/or Han Fey

MT5+
The latest Mul-T-Lock product range is the MT5-line. The MT5 is a high security cylinder that makes use of two security layers: an interactive element (the so called Alpha spring) and pin-in-pin technology. The top of the line product currently is however the MT5+. At the “+” series, an extra layer is added to the lock: a clever mechanism that uses sliders and a sidebar. In this attack we will focus on this new slider mechanism. Jord Knaap found a gap that in some cases can be used to bypass the slider mechanism and did the right thing: he informed Mul-T-Lock about it. And now, after they have been given time to fix the problem, you will hear about it at LockCon.

12:00 – 13:00 Lunch

13:30 – 15:30 Dutch Open lockpick championships.

championshipsWe are going to play one-on-one, and ‘winner takes all’. In these games two people will be playing against each other, and the one with the most locks opened, or the fastest time if the same amount of locks are opened, will go trough to the next round. If the two contestants do not manage to open any of the locks they are both out of the game. In case we have an odd number of contestants, there will be three people competing against each other and the fastest two go trough. The last man standing wins!

There always is question about the selection of locks that will be used in the game. The brands will be kept secret, but we will try to arrange just two types of locks and make sure one of these locks is ‘relatively simple’ to open by an experienced picker. The locks used will be ‘standard’ five or six pin locks (so no dimple locks or special high security locks in the finals).

16:00 honoring the LockCon champs

17:00 Early dinner for those who need to travel

More information on how to register for LockCon2010 can be found here.

Tags:
Posted in Dutch Open, English, news | 7 Comments »

What I do on vacation …

Sunday, August 1st, 2010

It has been a little slow with my weblog. Maybe it’s because I now use twitter to burst short messages instead of blogging, but the silence here does not mean nothing is happening. On the contrary, a lot is happening….

combination safe lock manipulation minor difference

First there was the safe opening weekend. I am sorry to be repetitive, but the weekend was a great success. Julian picked open four safes, amongst them yet another couple of real monsters , and lots and lots of other safes were opened in more destructive ways. I really was eager to try to open a safe by manipulating a combination lock, but failed as the only lock around was a four wheel lips lock. I am by now reasonably experienced in opening three wheel ‘group two’ locks, but this four wheel lips lock was just a little too much for me. We ended up drilling a hole in the safe and using a scope to read the combination.

I like a challenge and am using the vacation I am in now to study the four wheel lock(s). Jord Knaap was kind enough to let me use one of his cut-away demo locks for this research/test. The lock is neatly mounted on a stand, and as Jord had an eye for details, he even included the anti-drill ‘hard plate’ on the stand (it’s the yellow layer between the dial and the house of the lock). The interesting part is that these locks have false cuts in their wheels, and the position of the false cuts seems to be different on some wheels. Maybe there is a pattern, but it is too early to say … It’s just the first day of my holiday today ;)

false cuts on four wheel safe combination lock to make manipulation more difficult

Behind the scenes we are busy preparing lockcon (October 8-9-10). It’s gonna be good as more and more people from all over the globe are attracted to it, and the presentations will be high quality as always. And I will use this two week vacation to reply to some mails people have send me. I am running a little behind but will be back on track before the holiday is over …

Tags: , , , , , , ,
Posted in Dutch Open, English, Uncategorized, news, picktools | 2 Comments »

When every second counts: formula 1 impressioning tool

Sunday, June 6th, 2010

impressioning speed up tool

Our German friends from SSDeV decided to change the rules of the impressioning games. Instead of the fastest time on one lock, now more locks need to be opened and the person opening the most locks in the least amount of time wins. In the comments of this Hackaday post Jos explains the exact rules:

“First round everybody gets a keyed alike lock (so same amount of work) this round takes an hour. The six fastest go to the finals: during six rounds (20 min. each) all the contenders open one lock, which then gets swapped. So all finalists open the same 6 locks. The used keys are put in closed boxes so there is no way you know the key is supposed to look like.”

And with opening times of less then a minute these games are more and more looking like formula 1 pit stops. And so people are trying to come up with ideas and tools to shave off a few seconds left or right. The expert on the field of impressioning is Oliver Diederichsen. It was his research and book that really got us all started at this. And he came up with a new tool. It is a modified euro-profile cylinder that contains five sharp solid pins that will scratch the blank at the position the pins will make contact with it. Once these marks are on the blank, it is just a matter of filing them down to code 1-1-1-1-1 and start impressioning.

Before and after

As Oliver is one of the most fair people I know, he shared the design and allowed others to copy it for future games. So Jord Knaap made a nice handle that contains a half euro profile with the steel pins. And the euro-profile core in Jord’s tool is interchangeable. At the back of the tool there is a small hole that will allow you to push out the cylinder and change it for another brand.

To come back to the games: they were won by good old Atrhur Meister, followed by Oliver Diederichsen and Jos Weyers. Congratulations guys. Looking forward to the impressioning games at Lockcon in a couple of months …

the champs

Tags:
Posted in Dutch Open, English, news, picktools | 8 Comments »

Call for papers: LockCon 2010

Monday, May 10th, 2010

As always we are organizing our yearly LockCon. On the Toool website you can always read the latest news about it (http://toool.nl/LockCon)

If you are interested in attending, or want to give a presentation or lecture please let us know. The call for papers is officially open until June 10 and we still have room for interesting talks. Before the end of June we will come out with the complete program.

Here is the first information about LockCon 2010 in FAQ style ….

Q: What is LockCon?
A: LockCon is an international conference about … locks. Although we are modest people (ahum), LockCon is hosting some pretty innovative and unique presentations. (And we would like to hear from you if you have an interesting lecture you want to give). Besides these high quality presentations, there will be championships in lockpicking, impressioning and possibly (if time allows) safe combo-lock manipulation. One important issue about LockCon is that it is a place where creative energy flows and you can make friends for life (and an occasional enemy). It is the place where top lockpickers meet one another, and contacts are made between lockpickers and the lock industry. In other words: it is a unique event. To give you an idea read here about previous events.

Q: When will LockCon be held this year?
A: The weekend of October 8-9-10. This will allow international visitors to also visit the famous Security show in Essen Germany October 5-8 and come to LockCon when the show in Essen is over.

Q: Where will LockCon be held?
A: The location for this event is the StayOkay youth hostel in Sneek (Friesland) in the Netherlands (youtube video). This has been the home for many years now for LockCon and is a perfect location for an event like this.

Q: Who will attend LockCon?
A: A lot of interesting people. There will be lockpickers, safe technicians, locksmiths, 24-hour opening services, lock manufacturers, lock tool manufacturers, hackers, members of the law enforcement community, spies and an occasional beautiful girl. And a pretty big number of them will be overseas visitors.

Q: How Much is the entrance fee for LockCon?
A: The ‘full event’ price is €125 for three days. This price includes three dinners, two breakfasts, two lunches and two overnights in the hostel. It also includes drinks, beer, wine etc and a basic supply of snacks. Visitors who only visit one day will pay €65.

Q: Wow, where do I sign in?
A: Not so fast. LockCon is an ‘invitation only’ party for the locksport community. It is open for members of Toool.NL, Toool.US and SSDeV, but we reserve the right to deny people even if they are member of these organisations. If you are a member of another well respected locksport organisation there is a good chance you are welcome as well. If you are non of the above, you will need to find someone to introduce you and hope there is place left. We have set the maximum number of attendees to one hundred. For this event we have reserved ten to fifteen seats for people we never met before. If you think you have something to contribute, or just are a very enthusiast lockpicker that does not have the right connections yet, please mail us anyway. We are open to interesting people and might be able to work something out. Just give it a try, you might get lucky :) Mail registration@lockcon.com to register or for more information.

Q: So what’s the exact schedule?
A:Please keep in mind that LockCon is a very dynamic event and not everybody has submitted their presentation(s) yet. What we know now is that Peter Field will give a presentation (most likely on Saturday) and there will be championships in Lockpicking, Impressioning and (if time permits) combination safe manipulation.

Below is roughly what we have in mind, but things can still change. It all depends on the number of presentations we get offered from the community.

Friday October 8

People are requested not to arrive before 13:00 and a toool.nl representative will be present at the hostel from 16:00 on to greet the guests and assign them a room. 19:00 Dinner will be served a little late because some of the attendees will be arriving from the security show in Essen. People arriving after 20:00 will not be served dinner! At 21:00 we will officially kick off with the first presentation(s).

Saturday October 9 2010

08:00-09:20 Breakfast 09:30-12:30 A presentation by Peter Field.

People who were fortunate enough to see Mr. Field’s presentation last years know his unique way of presenting things: he combines patent drawings with very detailed images. We are honored to have him as a speaker again, and are real curious what kind of exotic locking techniques he will display this time. Since Mr. Field is a member of the lock industry (Medeco), he will not discuss any opening techniques. As he told us previous years: “I am here to talk about locks. How to open them is up to you ….”. Lets see if he can break his previous record of a five hour presentation! 12:30-13:30 Lunch

13:30-15:00 Peter Field presentation part II, hopefully with some room for questions.

15:15-18:00 Impressioning championships. Most likely according to new rules. Impressioning is the fine art of opening a lock by filing a key from a blank. It is an ancient technique that still works on an amazing number of (high security) locks. Besides an old-school locksmith skill it is a technique still in use today by intelligence agencies worldwide for their blackbag operational needs. The championships speak for themselves: who will be the fastest filing a working key this year?

18:00-19:00 Dinner 20:00 More presentations

Sunday October 10 2010

08:00-09:30 Breakfast 10:30-12:30 First round of Dutch Open lockpick championships 12:30-13:30 Lunch 13:30-15:00 Follow up Dutch Open lockpick championships and finals 15:15-16:00 Award ceremony The closing ceremony and distribution of the prices for the Dutch Open lockpick championships, the impressioning championships, the safe combination-lock manipulation contest and the Toool 2010 ongoing lock competition. More updates to this schedule and other information will follow soon. Please keep checking this space for further updates.

Q: I thought I heard LockCon will be held in Turkey this year?
A: That was the idea. We were invited by the president of the Turkish chapter of the ELF to organize our event in Turkey. They even promised us some sponsoring to get the locksport community to Turkey. Unfortunately the Turkish backed out of the deal after we fulfilled our obligations, blaming the crisis for not being able to organize the funds. We know from other sources this is not the full story and it just proves that the locksmith community is not ready for this … but all it will take is just a little more time. If there ever will be a next time we will make sure to ask a big downpayment :) Fortunately we have the word of one of the sponsors that he will personally take care of the promises/costs that were made.

We are highly motivated to make this the best LockCon everrrrrr ….

Tags: ,
Posted in Dutch Open, English, news | 13 Comments »

More “hotel door hacking” and lockcon

Monday, March 29th, 2010

Times are pretty hectic so Charlotte and I decided to take off to one of Europe’s nicest cities for a relaxing weekend without the kids. When we entered our hotel room I was thrilled to see it had a chain on the inside … (see my previous post on hotel doors to read why). The chain is a weak link by itself as it was obvious if had been broken and repaired many times before. In my opinion it is not necessary to use force on the chain as it can be bypassed relatively simple.

Chain on the inside of a door

I did improvise a little and shot a video on how to bypass the chain using nothing more then a rubber band for you. Unfortunately I did not have enough time to experiment on how to lock the chain when being on the outside as I promised Charlotte I would spend my time with her and not geek around too much. But I guess a rubber band and some dental floss could do the trick.

And for those of you who want to test their ‘keyway knowledge’: can you tell by these keyways (1 2 3 4 5 and 6) what country we visited? BTW, keyway six is a lock used by the local phone or power company. And I did notice the hotel door keyway was the same as the picture I took of the lock in a completely different country.

Next post (after my short “I am now on twitter” message) is about Lockcon. It will be held the weekend of October 8-9-10. This will allow international visitors to visit the famous large security fair in Essen.

Tags: ,
Posted in Dutch Open, English, news | 33 Comments »

Lockpick Championships in Cologne (DE) this weekend

Thursday, October 29th, 2009

Just returned from a week of Gitex in Dubai. Always interesting but also tiring and internet is not the same as we know it. And quite busy with a million different things … and not everything in my life is lockpick related you know …

German lockpick championships organized by SSDeV

This weekend lockpicking will play a role of importance again. If you can pick locks and want to earn the last available ‘free’ ticket to the 2010 European Lockpick Championships in Turkey … Cologne is the place to be this weekend. Our friends of the biggest and oldest locksport organisation “Sportsfreunde der Sperrtechnik – Deutschland e.V” organize their championships in the friendly environment of the NaturFreundehaus (youth hostel) in the ‘Kalk’ area of Cologne. Even if you don’t want to pick locks … just come and have a look. It is always a spectacular sight to see locks opened in seconds. During two days quite a lot of different games are played (as you can see on the schedule). The person winning the prestigious “Handöffnung” games (hand opening) will win a ticket to ELF/LockCon 2010!

Personally I put my money on this friendly gentleman ….

Looking forward to see you all in Cologne!

Tags:
Posted in Dutch Open, English, news | 2 Comments »

Macbook died, key copying and transparent lock

Tuesday, September 22nd, 2009

My poor macbook died. I keep backups, so no harm is done, but it sucks to have to work on an old company windows machine for now.

So my posting is going to be a simple one today, using some images I uploaded to blackbag before the crash. One of the things I wanted to share is a couple of pictures taken at HAR from the by now famous ‘transparten lock’. These one, two, three, four images give you a much better idea how nice this lock is than in my original posting. And many people took the opportunity to play with the lock at HAR. If you have large demo locks like this please let me know!

copies made with the quick key system

One other thing mentioning was the round the clock presentations at HAR by my good friend Till. He demonstrated a system to copy mechanical keys called ‘quick key’ (made and designed in Berlin). It uses some sort of two component kind of rubber to make a mould of a key. Till showed that with a little effort almost any mechanical key can be duplicated. He even managed to copy a high security popular French safe lock key.

And to keep in line with my dead macbook … at HAR I have seen the most bizarre picktool case EVER…..

Hope to be back on a Mac sunday for a new update on BlackBag ….

Tags: , , , , ,
Posted in Dutch Open, English, news, picktools | 7 Comments »

Article in the New York Times

Wednesday, September 16th, 2009

The New York Times visited an Amsterdam Toool gathering last week and wrote a nice article about it (PDF) ….

New York Times on lockpicking

Tags: , , , , , , , ,
Posted in Dutch Open, English, news | 6 Comments »

HAR2009 … dress rehearsal for Turkey 2010

Wednesday, September 9th, 2009

A little delay updating blackback as I am quite busy with non-lock related stuff. But looking back at Hacking At Random’ still makes me smile … it was great! The people, the championships, the lockpick village, the presentations, the atmosphere … it all was magic.

now all say 'Open' !!!

And for us it was the ultimate dress rehearsal for the mega-event that is waiting for us at the 2010 ELF/LockCon conference in Turkey. The most important thing about that conference (for us) is that it will host the first official European lockpick championships. And we will be organizing it. Lockpickers from all over the globe could try to win three full paid ticket to that event at HAR.

From the beginning it was unclear if Julian Hardt could make it to Hacking At Random. But the moment he tapped on my shoulder and we greeted each other I said out loud: there go our tickets to Turkey.

Julian Hardt and Barry Wels

And I was right. Julian won the most prestigious ticket to be won: that of the ‘unofficial european lockpick championships‘. And even though it was a hard battle, it was no surprise the winner would (most likely) be from Germany. And for me personally it was no surprise it would be Julian Hardt. I immediately admit that people like ‘Master of the universe’ Dr. Manfred Bölker or Arthur Meister also had a fair chance to win. But Julian is a multi-talent that keeps impressing us with his skills. He was the only one that managed to open the notorious Lips 6 pin in the finals (containing very nasty serrated pins). And on a side note: we just had another safe opening weekend where Julian proofed to be a bad-ass safecracker by picking open a couple of very high security safes (one of them containing a mauer variator B, 11 lever lock). The big surprise at the lockpick championships was to see Peter Fuhrmann from Labor/Bochum getting second! Arthur Meister and Gerhard Heperle became third and fourth.

Julian also became winner of the safe combination manipulation contest. In the qualifiers he opened his lock in 57 minutes … just three minutes before the end. In the finals he managed to dial open the lock in an impressive 21 minutes! But since Julian already won a ticket in the lockpick championships, second place winner Michael Huebler now won the ‘all in ticket’ to Turkey.

As the Germans have a tradition in winning lockpic games, the Dutch seem to have a reputation to protect when it comes to impressioning. Three out of the last four games were won by Toool members and the absolute world record time of 1 minute and 27 seconds is set by Jos Weyers from Toool too. It is interesting to note that both number two (Oliver Diederichsen) and three (Dr. Manfred Bölker) at HAR broke the previous record of 4:23 (by Olivier Diederichsen) by going well under the magical ‘four minute border’.

Still, we are not really clear about the future of these games in the current setup. For example: at the games in Sneek 2008 Oliver used 52 minutes to open a lock that would normally take him (much) less then ten minutes to open. And a few months ago in Hamburg Jos scored 46 minutes on a lock using six blanks … not to mention me not opening the lock at all.

This all makes it feel like some kind of lottery. So maybe we will sit down with some people before Turkey and work on a new style game to rule out this luck/bad luck factor (for example: people playing against each other on the same locks, using knock-out rounds).

There is so much more to say about HAR that I will split the post. The follow up will be about the presentations, the lockpick village and the more interesting things that happened there …

Posted in Dutch Open, English, news | 5 Comments »

Let’s keep the discussion about locks and physical security open.

Tuesday, August 25th, 2009

I have been looking forward to the HAR conference for a long time. After all, it was going to be the moment to publicly talk about our discovery on bypassing the electronic locking part on the first generation Mul-T-Lock Cliq. More then one year ago we discovered the samples we had in some instances could be opened with the so called ‘magnetic ring’ (you still needed to have the correct mechanical key or bypass the mechanical part). An important discovery as the attack would not show up in the electronic logfile in the lock. And the integrity of the logfile is a key issue in these kind of systems. So we immediately informed Mul-T-Lock about this problem. And even though communication did not always go smooth we came to an agreement. We agreed to go into full detail about this at the HAR conference in 2009. And that is what we just did. At the presentation we showed the problem was not magnetism … it was vibration!

At the presentation we explained how the blocking of the electronic part of these locks work.

In the meantime Mul-T-Lock came out with a new version and we even received some samples to test. How successful the fix was still has to be determined. And communication is still slow. Marc Tobias and Tobias Bluzmanis claimed at DefCon to be able to still open the latest generation Mul-T-Lock Cliq locks (and a wide range of other electronic and electromechanical locks). They briefed us behind closed doors and I can only say their claims look solid (as was to be expected from these clever and high-profile security experts!).

At the HAR presentation we also demonstrated attacks on electronic locks that make use of the basic Dallas Ibutton key. This key is nothing more then a device that spits out a 64 bit number. If the number is on the list of the lock it will open. I read somewhere 175 million of these keys are in use. We found it is not difficult to duplicate these keys.

What is more interesting is that we found a way to scan for keys on some of these locks. Scanning a 64 bit key can take forever (at approximately one key per second!). However … we discovered sometimes these keys are handed out in batches with numbers following up or in close range of each other. In those cases it might be possible to scan for numbers in a known range.

And our presentation contains some other attack vectors you might enjoy….

To see the entire presentation you need to go to: www.rehash.nl , select ‘HAR2009′ and enter ‘lockpicking’. Unfortunately there is no deeplink to our presentation yet….

Presenting these hacks was nice, but more important to me we also tried to address a more serious topic. That of disclosure and dealing with lock manufacturers.

I like to keep things simple. If we discover a vulnerability in a lock we will notify the manufacturer. We will tell them what we know and most of the time an interesting and technical discussion is started. And sometimes the manufacturer is a little reluctant and barely wants (or dares) to communicate. Especially in the US the stakes can be high for them because of the ‘I will sue you’ culture. So in a way we understand both approaches and are fine with them, as long as it is clear we will go public on the vulnerability at one moment in time. In general we are talking giving them three to six months, although a longer period can be negotiated if that time is needed to update specific projects or customers.

The philosophy behind this is approach is to give the manufacturer some time to fix the problem, inform it’s customers, exchange locks or prepare a press statement. The fact they know a publication is coming should be enough to motivate them to do the right thing. Going public on the vulnerability will send out a clear signal: better make good locks! There are motivated people out there paying attention to what you do and who will write about it if weak spots are discovered.

So far so good ….

What we have seen lately is that lock manufacturers (try to) fix problems but no longer openly want to discuss their fixes. It could be because of this ‘I sue you culture’, but it also creates a lot of ‘security trough obscurity’. And to me that is a sign of weakness. After all, how can we evaluate the ‘new and improved’ product if the manufacturer is reluctant to release information on how they (supposedly?) fixed a problem? The ‘just trust us, we know what we are doing’ approach is not something that gives me a warm fuzzy feeling … at all.

By not saying anything about the fix the researchers are delayed. Or if they have a limited number of locks to test they might even miss an important new feature that is incorporated in some of the new locks. But at the end of the day the information leaks out or is distilled from a greater pool of locks. And since the researchers are highly motivated, the product will fall anyway. Only by it taking a little longer to fall, more locks are sold and more locks are affected when it happens.

Interestingly enough it now seems some security researchers are going the same route as the lock manufacturers. They claim specific locks can be bypassed but refuse to tell the manufacturer how they did it. Only if the manufacturer promises to exchange all the locks in the field (free of charge) they are willing to explain how the technique works. The idea behind this is they are trying to do the end customer a favor. After all, nobody knows how to bypass the customers lock and the manufacturer has to change it free of charge before anyone else hears about it. Logically the lock manufacturer will first try to find the problem itself, but now learns what it feels like to be kept in the dark. Even if they find a vulnerability they can never be sure it is the same one the researchers found. So a fix created does not necessarily means it actually works against the unknown attack…. or if the fix introduces an even bigger problem! And instead of being happy, the end customer is getting nervous. What if someone else finds out about the problem?

There may well be a few extreme cases where putting lots of pressure on some manufacturer is justified because they are really screwing over the public interest. But in general we feel everyone benefits if we try to keep as much information available to as many parties as possible, as quickly as possible. That way, consumers can make informed choices, manufacturers still make their own judgments (and face public scrutiny on them) and manufacturers and enthusiasts can continue to learn from eachother.

Let us try to keep the research area open and transparent and all learn from these discoveries…..

Tags: , , , ,
Posted in Dutch Open, news | 9 Comments »

87 seconds …. Jos Weyers!

Monday, August 17th, 2009

Newsflash: The LockCon #2 impressioning games were won by Jos Weyers (Toool.nl).
His time: 1 minute and 27 seconds (that is 87 seconds for a five pin lock …).

Some technical background on the lock: Abus 5 pin, non-masterkeyed, type C83, pin depths 3-2-6-7-4.

Now I need some time to relax.
When my internal battery is charged up a little I will try to write a nice post about HAR ….

Posted in Dutch Open, English, news | 16 Comments »

Update on HAR, ELF and LockCon 2010 in … Turkey!

Tuesday, July 28th, 2009

Hurrying to finish this post before I start packing for DefCon in Vegas. Exciting news: it looks as if LockCon 2010 and the accompanying lockpicking championships will be held in Turkey. The events will coincide with the convention of the ELF, the European Locksmith Federation. This means that participants and visitors to LockCon can also visit this (rather cool) lock-related ELF convention. More details can be found below, and I will probably also re-visit this topic in the coming weeks and months.

On another front, there’s more information about lock-related events at the HAR convention that is happening just two weeks from now. Most of that information is written FAQ-style, as you will see below.

My next post will most likely be from sunny Las Vegas…

ELF – Turkey – LockCon 2010 – Lockpicking championships

Wow … Just received an exiting call I have been waiting on for weeks now … we have ‘green light’!

ELF - European Locksmith Federation

At the ELF meeting in Poland I was approached by the President of ELF Turkey. I learned the Turkish Locksmiths now officially became part of ELF (European Locksmith Federation) and will organize the yearly ELF convention in 2010 in Turkey. He then asked me if it was possible to organize our yearly lockpick championships at this ELF convention in 2010. A great offer, especially if you keep in mind they are willing to sponsor us financially to make it all happen. But instead of saying ‘yes Sir’ immediately, I asked for some time to think about it. After all, the lockpick championships we have in Sneek (The Netherlands) are the most international lockpick championships in the world, but only because they are part of our yearly ‘lockcon’ conference. It is the combination of LockCon and the Lockpick championships that make it such a great event.

After some thinking about it, we made him a counter offer: we are willing to organize the lockpick championships in Turkey, but only if we can also host LockCon at the same event (a day before the ELF convention). And today I (finally) received the green light!

Personally I am thrilled about this deal as it really means something for the locksport community to be taken this serious by the industry. With only nineteen days before this years championships at the HAR conference in Vierhouten (The Netherlands) I have an important announcement to make: As part of the sponsorship deal with ELF, the winners of this years lockpick championships at HAR 2009 will win an ‘all in’ ticket to LockCon/ELF Turkey 2010 (‘all in’ means plane and hotel *). The same goes for the winner of the impressioning games and the combination lock manipulation game. So three ‘all in’ tickets can be won! (* disclaimer at the bottom of this posting)

The same goes for the lockpick championships in Germany. The winner of the German SSDeV ‘hand opening lockpick contest’ will win an ‘all in’ ticket’ to Turkey too. And since Oliver Diederichsen already won the 2009 impressioning games in Germany he will get his trip to Turkey sponsored too.

The last ticket we will get sponsored is for the winner of the US lockpick games at DEFCON17. Toool.US will be organizing these games in the lockpick village at DEFCON, and the winner of these games can represent the US locksport community at the official first European lockpick championships in Turkey 2010!

And I will personally see we all (the participants of previous LockCon events) will benefit from this sponsorship deal. So you do not have to win any of the games to get a good deal!

I am now packing my gear to go to DEFCON17 (Las Vegas) and look forward to see my friends in the lockpick village soon!

Hacking At Random 2009

Hacking at Random

The HAR LockPick championship FAQ

Normally Toool’s Dutch Open lockpick championships are held at the youth hostel in Sneek (Friesland, NL). However, if there is a special event or location that wants us there we can be persuaded to move to that location. And this has happened at previous Dutch hacker camps and will happen again at HAR.

It is crucial you read the following FAQ and register for the championships as fast as possible! Registration closes at August 5! (*Edit Barry: please mail lockcon09 @ toool nl)

First question in the FAQ:

Q: what kind of championships are there at HAR?
A: There will be three kinds of games: lockpicking, impressioning and safe combination lock manipulation.

Lest start with the lockpick championships:

Q: When will the Dutch Open lockpick championships be held?
A: On Saturday August 15 the games will start at 11:30. Depending on how fast the rounds go, the finals will most likely be at 18:30.

Q: Where will it be held?
A: As the games are part of the HAR conference, it will be held at the HAR campsite. For a moment we were tempted to do the games at the Lockpick village tent but at the end preferred to spend some money and battle on ‘solid ground’. For this purpose we rented the ‘paasheuvel zaal’ building for the entire saturday.

Q: What kind of locks will be used at the championships?
A: To give lockpickers from all over the planet a fair chance we decided to keep the exact brands secret until two minutes before the games.

Q: What can I win?
A: Traditionally we offer great prizes (as the contacts with the lock industry are pretty good and we always manage to arrange nice cut-away locks as prizes). This year we have something even more special: an all exclusive ticket (plane + hotel) to the first official European Lockpick championships at the ELF (European Locksmith Federation) conference in 2010 in Turkey! (* read disclaimer!) Of course the second and third prize winners will also receive something worthwhile.

Q: I am not a star lockpicker … why should I attend?
A: Lockpicking is fun, fun, fun, and you can only become good at something if you try and get more experienced. Not to mention that by lottery we will give away a nice cut-away lock, an official Toool pickset and some other nice prizes.

Q: How many people can attend?
A: There is room for a maximum of sixty people, so register fast!

Q: Is it possible to just visit the lockpick games?
A: This is possible. We have made a deal with the HAR organizers that (a limited number of) ‘known’ lockpickers can buy a special ‘day ticket’. These day tickets are valid on Saturday and Sunday. And we managed to squeeze a good deal out of them: for just 25 euro’s you can visit the championships on Saturday and stay till Sunday. This will allow you to see the lockpick presentations at 20:00 and 21:00 on Saturday evening. Just a small warning: you have to be a lockpicker to be able to make use of this deal! Please mail lockcon09 @ toool nl to apply for this deal!

Q: how are the games played?
A: The games are played (as always) according to the ‘Dutch rules’. These rules were optimized to give each participant a fair chance. This means (in short): per round, two people play against each other and will each receive a lock from us. If they manage to open the lock in under seven minutes, they write down their time. After seven minutes they switch locks, and again try to pick it in seven minutes. The person opening the most locks always wins, as two locks open is always better as one lock opened (no matter what times are scored). If both persons opened the same number of locks, the person doing so in the least amount of time wins. The winners of each round will receive a point, and in the next round pools will be made of people who do have one point and people who have zero point. At the next round, sets of two people will be made that have one point and they will play against each. In the other pools sets are made by people who have zero points. And so on, until four people have collected six point (* depending on the number of participants this number can change). In the semi-finals we will traditionally have special, more difficult, locks to pick. The rules will be discussed in detail before the games start. and other questions will be answered at the lockpick village.

Q: I still have a hard time imagining this …
A: Read the excellent article in Wired about one of the previous Dutch Open games, or view the video impression of the games and interview with last event’s winner Torsten Quast (MP4 17 minutes, 139 MB).

The impressioning games

Q: What is impressioning?
A: Impressioning is the art of filing a working key to a closed lock without any prior knowledge about the original key or the lock.

Q: How is this possible?
A: That is a little difficult to explain in a few sentences. Oliver Diederichsen (2009 champion of the impressioning games in Germany and holder of the record time of four minutes and XX seconds) wrote a book about this topic and there will be room to explain and demonstrate the impressioning technique at the lockpick village.

Q: When are the games?
A: We are not 100% sure yet, but most likely it will be on the last day of HAR: Sunday August 16 at 10:00 or 10:30 AM.

Q: Where will it be held?
A: We hope renting the ‘paasheuvel zaal’ building for the lockpick games on saturday is a 24 hour deal. As the impressioning games only take 60 minutes (and the winner will most likely open the lock in under five or six minutes) this would mean we can get the most of out if. If this is not the case we might have to shift the games to Saturday evening/night after the lockpick presentations, or play on sunday in the lockpick village tent.

Q: What kind of locks are used?
A: Abus is sponsoring the event with locks and blanks. The lock used will be a standard abus C83.

Q: What can I win?
A: First of all: your name will be added to the special challenge cup. This cup contains a special Abus watch that was a reward for winning the last Dutch Open impressioning games. Oliver Diederichsen turned the watch into a challenge cup that will move from winner to winner (read the full story here). And besides fame, we also offer a free ‘all inclusive’ ticket to the first European impressioning games at the ELF convention in 2010 in Turkey!

Q: I still have a hard time imagining this …
A: Have a look at this video. It was shot by Steffen Wernéry at the last Dutch Open impressioning championships and should give you a good idea about what the games look like.

The safe combination dial contest

Q: What is ‘safe combination lock manipulation’?
A: It is a technique used to open the combination lock used on safes without damaging it. It is the kind of thing you see in movies when they listen to the ‘clicks’ in the lock to open it.

Q: How does it work?
A: Standard safe combination locks can be opened by measuring small mechanical tolerances in the lock. Instead of listening for clicks we are achieving this by dialing known combinations and closely looking at the dial for fluctuations. Again, just as with impressioning this topic will be explained in the lockpick village.

Q: When are the games?
A: The finals will be held on Sunday, the qualifiers in the days before that.

Q: How do I qualify for the finals?
A: First of all you have to register! After we know exactly how many people will attend we can make a schedule. This is the rough outline of the games (it can change as it is only the second time ever such a championship is organized inside the locksport community) In short: it’s a knock-out system. At random, two players will be selected that will both receive an identical safe lock. Both locks will have the same combination and the same mechanical properties. Both players will start on the lock at the same time, and the person opening the lock first will go on to the next round! Depending on how many people attend there might be room for a ‘wildcard’. So just maybe all the people that get knocked out can battle for a place in the finals through a separate round. On Saturday evening/night there will be (limited) room for the people arriving on Saturday with a dayticket to earn a place into the finals on Sunday.

Q: What can I win?
A: Fame: If you win, you will be the first person to have ever won a safe combo game (in the locksport community). But if you managed to read all trough the bottom of this FAQ, you can guess it: the winner gets an ‘all inclusive’ flight+hotel ticket to the 2010 European safe combination contest at the ELF tradeshow in Ankara Turkey.

Q: I still have a hard time imagining this …
A: For more technical details read Matt Blaze his excellent article (PDF) on safe combo manipulation.

* and last but not least, an important disclaimer: I have reached a verbal agreement with ELF regarding this LockCon/Championships sponsorship deal. I completely expect them to come through on this one, but someone advised me to insert the following disclaimer anyway: Toool (and/or it’s members) can not be held responsible in any way, shape, or form if this sponsorship deal bounces after all.

Tags: , , ,
Posted in Dutch Open, news | 6 Comments »

Anthony Fox: Probably the most fair person on the planet

Monday, July 20th, 2009

Is this cool or what ?!?

A little while ago a good friend informed me about a ‘must have’ lock that was for sale on e-bay. It was a large unique masterpiece lock made out of plexiglass. It is the kind of lock you normally only see at trade shows, and I am quite sure that this is the reason the lock was ever made in the first place.

Anthony Fox aka Lordfairfox

Anthony Fox aka Lordfairfox

As I said, the lock is a masterpiece! It comes with two keys: one ‘normal’ dimple key (including the famous DOM ball) and one ‘split key’ that consists of two parts. The idea behind it is that if two people have one half of the key they can only open the lock when they are together. A nice idea and a piece of art if you see it magnified in plexiglass ….

The moment I saw the first images this lock I immediately clicked the ‘buy now’ option and paid with trembling fingers …. this lock is cool :) Communication with seller “lordfairfox” (aka Anthony Fox) went smooth. He did send the lock straight away and when I received it in good order I send him a nice ‘thank you’ mail. He did reply me to following: “A gentleman from the Netherlands offered me 1,500 euros for it when the listing was finished! I was tempted but could not go back on our deal. I hope you enjoy your lock”.

I later learned the identity of this mysterious person who made the offer, and know for a fact Anthony spoke the truth. To me Anthony proved to be worthy of his nick ‘Lord Fair Fox’! And with this post I would like to thank him and make sure many people will enjoy looking at it and playing with this remarkable lock at the HAR conference!

And speaking of HAR: Today is the last day you can order tickets for the ‘pre-sale’ price. I am working on a somewhat long and hopefully inspiring piece of text for HAR, but lack inspiration :) But for now I can only direct you to the HAR WIKI to read about the lockpick village …. Hopefully inspiration comes quickly. There will be an update in a couple of days …

Detailed information on the lock and it’s security features can be found on page 11 on Han Fey’s excellent article on DOM IX (PDF) .

Tags: , ,
Posted in Dutch Open, English, news | 4 Comments »

Back from Spain…

Monday, July 6th, 2009

Just got back from an intense weekend in Spain. The Spanish APECS locksmith organisation asked us to give an impressioning course.

APECS advanced impressioning sheet Testa T5

APECS asked us to focus on the practical part of impressioning so the members can use it in the field to open cars and doors. But still a quarter of the total time was spend on presentations and explanations. The course was a big success: In this two days we brought them up to speed to what is possible and how the technique can work in their favor. Two classrooms were formed and Han and I assisted the students in each room. Before the course we did ask them to bring a sturdy vice (so the locks do not wiggle too much), and some people took our advice very serious (it took two people to carry the vice in).

For this course I bought a Dino Lite USB microscope (with polarizing ‘anti glare’ filter) and stand, to be able to show the marks on the key on the beamer, and to shoot some nice images for my powerpoint presentation.

pin pair

Before the course we received lock samples and Han and I managed to discover some interesting things the local locksmiths never thought of before. We made the security features of the lock work against it. More about this at the lockpick village at HAR

All in all a very successful weekend. One that most likely will be followed up in a couple of months (if they manage to fill another class)….

More images on the APECS foto gallery soon I guess …

Tags: , ,
Posted in Dutch Open, English, news, picktools | 1 Comment »

Creating opportunities … LockCon 2010!

Wednesday, May 27th, 2009

As you might know Han and I invest a lot of time and money visiting lock related fairs all over the globe. Huge investments, but they pay off. Because of it, our LockCon (formerly known as Dutch Open) attracts a lot of international attention and certainly does not go unnoticed in the ‘real’ lock(smith)world. I think it is fair to say it bridges the gap between the locksport community and the ‘professional’ lock(smith) community.

lockcon 2010!

We are currently negotiating a deal to have LockCon hosted outside the Netherlands in 2010! That is right: maybe there is a sponsor that is willing to host LockCon and it’s famous international lockpick championships (lockpicking / impressioning / safe combo dialing). If we can pull it off it will be really spectacular and a big breakthrough for all of us. And if we can not pull it off we will put our energy in organizing the event in Amsterdam in 2010 (although there are a few other options left as well). But we have good faith to be able to come out with some spectacular news in the weeks to come …

My first priorities now are the impressioning championships in Hamburg this weekend. I will have to defend my title against some friends who really believe it is time to bring it back to Germany. And rumor has my friends have been practicing a bit too ….

But so have we (yes, ‘we’: some other Toool members also are into impressioning a lot lately). My gut feeling says the record time of five minutes and thirteen seconds will be smashed, and we might even be looking at times in the three minute range! (depending a bit on how many ‘long pins’ there are in the lock).

I will make sure to bring my watch ….

Posted in Dutch Open, English, news | 8 Comments »

« Older Entries