61
Attack the Key Own the Lock by datagram & Schuyler Towne Defcon 18 (2010) Las Vegas, NV

Attack the Key Own the Lock

Tags:

Embed Size (px)

DESCRIPTION

by datagram & Schuyler Towne Defcon 18 (2010) ‏ Las Vegas, NV. Attack the Key Own the Lock. Schuyler TOOOL US NDE Magazine Wheel of Fortune. About Us. Datagram Forensic locksmith Douchebag No game shows :(. How Locks Work. How Locks Work. How Locks Work. How Locks Work. - PowerPoint PPT Presentation

Citation preview

Page 1: Attack the Key Own the Lock

Attack the KeyOwn the Lock

by datagram & Schuyler Towne

Defcon 18 (2010)Las Vegas, NV

Page 2: Attack the Key Own the Lock

About Us

Datagram– Forensic locksmith– Douchebag– No game shows :(

Schuyler– TOOOL US– NDE Magazine– Wheel of Fortune

Page 3: Attack the Key Own the Lock

How Locks Work

Page 4: Attack the Key Own the Lock

How Locks Work

Page 5: Attack the Key Own the Lock

How Locks Work

Page 6: Attack the Key Own the Lock

How Locks Work

Page 7: Attack the Key Own the Lock

Key Control

Availability of blanks Distribution Duplication/simulation

Page 8: Attack the Key Own the Lock

Attacking the Key

Bitting depths/code Keyway Model of the lock

Additional security features

Page 9: Attack the Key Own the Lock

Physical Access to Keys

Holy Grail Duration = Attack Quality Wrist Impressioning

Page 10: Attack the Key Own the Lock

Direct Measurement

Key gauges Micrometer Calipers

Page 11: Attack the Key Own the Lock

Copy Impressioning

Page 12: Attack the Key Own the Lock

Copy Impressioning

Page 13: Attack the Key Own the Lock

Copy Impressioning

Page 14: Attack the Key Own the Lock

Visual Access to Key

Sight reading Estimation Photography

Page 15: Attack the Key Own the Lock

Visual Access – UCSD

Page 16: Attack the Key Own the Lock

Visual Access - UCSD

Page 17: Attack the Key Own the Lock

Visual Access - Diebold

Page 18: Attack the Key Own the Lock

Visual Access – NY MTA

Page 19: Attack the Key Own the Lock

Key Blanks

Impressioning Overlifting “Reflecting” keys Sectional keyways Rake keys Key bumping

Page 20: Attack the Key Own the Lock

Universal Handcuff Keys

Page 21: Attack the Key Own the Lock

Overlifting

Page 22: Attack the Key Own the Lock

Overlifting

Page 23: Attack the Key Own the Lock

Rake/Gypsy Keys

Page 24: Attack the Key Own the Lock

Impressioning

Page 25: Attack the Key Own the Lock

Impressioning

Works Forever!

Page 26: Attack the Key Own the Lock

Reflecting Keys

Page 27: Attack the Key Own the Lock
Page 28: Attack the Key Own the Lock
Page 29: Attack the Key Own the Lock
Page 30: Attack the Key Own the Lock

Sectional Keyways

Page 31: Attack the Key Own the Lock

Sectional Keyways

Page 32: Attack the Key Own the Lock

Incorrect Key

Master key decoding Bumping Skeleton keys Sidebar attacks Passive component bypasses Decoding attacks

Page 33: Attack the Key Own the Lock

Master Key Systems

Page 34: Attack the Key Own the Lock

Master Key Systems

Page 35: Attack the Key Own the Lock

Master Key Systems

Page 36: Attack the Key Own the Lock

Master Key Systems

Page 37: Attack the Key Own the Lock

Master Key Systems

Page 38: Attack the Key Own the Lock

Key Bumping

Basic physics

Specialized key

Easy, effective

Vendor response

Page 39: Attack the Key Own the Lock

How Bumping Works

Page 40: Attack the Key Own the Lock

Creating Bump Keys

Any key that fits Cut “999” key (deepest pin depths)

Use key gauges

Cut with Hand file, dremel, key cutter

Page 41: Attack the Key Own the Lock

Bump Keys

Page 42: Attack the Key Own the Lock

Key Bumping

Page 43: Attack the Key Own the Lock

Key Bumping

Page 44: Attack the Key Own the Lock

100% Efficiency...?

Page 45: Attack the Key Own the Lock

Don't underestimate

attackers...

Page 46: Attack the Key Own the Lock

Bumping Hammers

Page 47: Attack the Key Own the Lock

Side Pins

Page 48: Attack the Key Own the Lock

Side Pins

Page 49: Attack the Key Own the Lock

Side Pins

Page 50: Attack the Key Own the Lock

Side Pins

Page 51: Attack the Key Own the Lock

Side Pins

Page 52: Attack the Key Own the Lock

Regional Sidebar Attacks

ASSA Twin Combi Schlage Primus Fichet 480 The list goes on...

Schlage is doing it wrong.

Page 53: Attack the Key Own the Lock
Page 54: Attack the Key Own the Lock
Page 55: Attack the Key Own the Lock
Page 56: Attack the Key Own the Lock
Page 57: Attack the Key Own the Lock

One Last Way Schlage Is Doing It Wrong: LFIC

BEST SFIC Small Format

Interchangable Core

Schlage LFIC 6.5 Control Key

Page 58: Attack the Key Own the Lock

Passive Components

Page 59: Attack the Key Own the Lock

What have we learned?

Page 60: Attack the Key Own the Lock

Resources

openlocksport.com lockwiki.com lockpickingforensics.com ndemag.com

KICKSTARTER

Page 61: Attack the Key Own the Lock

Meet us at Q&A!


Important Sportservice Information - Delaware North/media/target field/2… · Web viewYou must provide your own key lock and all belongings must be removed along with your lock at

Important Sportservice Information - Delaware North/media/target field/2… · Web viewYou must provide your own key lock and all belongings must be removed along with your lock at

Documents
Cardiology - westernbiomed.weebly.comwesternbiomed.weebly.com/uploads/1/5/4/7/15477822/section_11... · •Watch Your Own Heart Attack . Women's Heart Attacks Misunderstood | Video

Cardiology - westernbiomed.weebly.comwesternbiomed.weebly.com/uploads/1/5/4/7/15477822/section_11... · •Watch Your Own Heart Attack . Women's Heart Attacks Misunderstood | Video

Documents
CODE LOCK, RFID LOCK - lista.com · 1 × Beep 3 × Beep. 11 PROGRAMMIERUNG RFID LOCK PROGRAMMATION RFID LOCK PROGRAMMAZIONE RFID LOCK PROGRAMACIÓN RFID LOCK PROGRAMMING RFID LOCK

CODE LOCK, RFID LOCK - lista.com · 1 × Beep 3 × Beep. 11 PROGRAMMIERUNG RFID LOCK PROGRAMMATION RFID LOCK PROGRAMMAZIONE RFID LOCK PROGRAMACIÓN RFID LOCK PROGRAMMING RFID LOCK

Documents
55472045 How to Make Your Own Professional Lock Tools Eddie the Wire From HemiSync Vol 1

55472045 How to Make Your Own Professional Lock Tools Eddie the Wire From HemiSync Vol 1

Documents
If You Fall Victim To A Cyber- Attack By No Fault Of Your Own,

If You Fall Victim To A Cyber- Attack By No Fault Of Your Own,

Documents
LNCS 8042 - Fuming Acid and Cryptanalysis: Handy Tools for … · Keywords: Access control, electronic lock, reverse-engineering, real-world attack, hardware attack, cryptanalysis,

LNCS 8042 - Fuming Acid and Cryptanalysis: Handy Tools for … · Keywords: Access control, electronic lock, reverse-engineering, real-world attack, hardware attack, cryptanalysis,

Documents
How to Make Your Own Professional Lock Tools Eddie the Wire From HemiSync Vol 1

How to Make Your Own Professional Lock Tools Eddie the Wire From HemiSync Vol 1

Documents
superware lock & lock

superware lock & lock

Documents
Attack the Key, Own the Lock - defcon.org

Attack the Key, Own the Lock - defcon.org

Documents
BUILD YOUR OWN SOLUTION - Snap-on„¢ by Snap-on Tools Company is an innovative custom designed concept for your service ... professional work ... Every unit has it’s own lock

BUILD YOUR OWN SOLUTION - Snap-on„¢ by Snap-on Tools Company is an innovative custom designed concept for your service ... professional work ... Every unit has it’s own lock

Documents
‘Evil Twin’ Wireless Access Point Attack · 2015-05-11 · ‘Evil Twin’ Wireless Access Point Attack 11 Configuring SSLStrip, enable the replacement favicon with a lock picture

‘Evil Twin’ Wireless Access Point Attack · 2015-05-11 · ‘Evil Twin’ Wireless Access Point Attack 11 Configuring SSLStrip, enable the replacement favicon with a lock picture

Documents
Quick Guide: Simulating a DDoS Attack in Your Own Lab...actually functions in a real attack, what level of service you are able to provide while under attack, and how your people and

Quick Guide: Simulating a DDoS Attack in Your Own Lab...actually functions in a real attack, what level of service you are able to provide while under attack, and how your people and

Documents
Business Start-ups, The Lock-in E ect, and Capital … · Business Start-ups, The Lock-in E ffect, and Capital Gains Taxation ... entrepreneurs to manage their own enterprises and

Business Start-ups, The Lock-in E ect, and Capital … · Business Start-ups, The Lock-in E ffect, and Capital Gains Taxation ... entrepreneurs to manage their own enterprises and

Documents
Quick Guide: Simulating a DDoS Attack in Your Own Lab...simulation, using virtualized computing resources in your own lab. BreakingPoint can simulate DDoS attacks, and has much more

Quick Guide: Simulating a DDoS Attack in Your Own Lab...simulation, using virtualized computing resources in your own lab. BreakingPoint can simulate DDoS attacks, and has much more

Documents
MitM attacks on multi-platform banking applications · MitM attacks on multi-platform banking applications ... This attack was not successfully ... MitM attack provide an own DNS

MitM attacks on multi-platform banking applications · MitM attacks on multi-platform banking applications ... This attack was not successfully ... MitM attack provide an own DNS

Documents
Combination lock - Northern Diver Rescue … · Combination lock User Instructions: The lock is set at the manufacturer to open at 000. You can keep it as your own combination, or

Combination lock - Northern Diver Rescue … · Combination lock User Instructions: The lock is set at the manufacturer to open at 000. You can keep it as your own combination, or

Documents
How to Make Your Own Professional Lock Tools Eddie the Wire From HemiSync Vol 3

How to Make Your Own Professional Lock Tools Eddie the Wire From HemiSync Vol 3

Documents
Attack the Key Own the Lock

Attack the Key Own the Lock

Documents
Model No. 643DWD Set-Your-Own Combation Lock …content.masterlock.com/masterlock/resources/...Title: Model No. 643DWD Set-Your-Own Combation Lock Instruction Sheet Author: The Master

Model No. 643DWD Set-Your-Own Combation Lock …content.masterlock.com/masterlock/resources/...Title: Model No. 643DWD Set-Your-Own Combation Lock Instruction Sheet Author: The Master

Documents
Heart Attack and CAD - Houston MDs Handouts/Heart Attack...heart attack is well below 100 and probably less than 50 mg/dl. Oral medicines called Statins lock up the assembly line for

Heart Attack and CAD - Houston MDs Handouts/Heart Attack...heart attack is well below 100 and probably less than 50 mg/dl. Oral medicines called Statins lock up the assembly line for

Documents
Vocabulary. VOCABULARY WORD MAP Definition / DenotationUse in a sentence of your own. An attack on the person____________________________ rather than

Vocabulary. VOCABULARY WORD MAP Definition / DenotationUse in a sentence of your own. An attack on the person____________________________ rather than

Documents
Combination lock - Northern Diver · 2016. 2. 26. · Combination lock User Instructions: The lock is set at the manufacturer to open at 000. You can keep it as your own combination,

Combination lock - Northern Diver · 2016. 2. 26. · Combination lock User Instructions: The lock is set at the manufacturer to open at 000. You can keep it as your own combination,

Documents
How To Make Your Own Professional Lock Tools Eddie …index-of.co.uk/Tutorials-2/How To Make Your Own Professional Lock... · HOW TO MAKE YOUR OWN PROFESSIONAL LOCKTOOLS by eddie

How To Make Your Own Professional Lock Tools Eddie …index-of.co.uk/Tutorials-2/How To Make Your Own Professional Lock... · HOW TO MAKE YOUR OWN PROFESSIONAL LOCKTOOLS by eddie

Documents
Unlock iCloud Lock, SIM Lock, Lock Screen, FRP Lock for Phone · Unlock iCloud Lock, SIM Lock, Lock Screen, FRP Lock for Phone

Unlock iCloud Lock, SIM Lock, Lock Screen, FRP Lock for Phone · Unlock iCloud Lock, SIM Lock, Lock Screen, FRP Lock for Phone

Documents
Ignoring Your Own Policy Evidence: the Government’s Attack on the Primary Care System

Ignoring Your Own Policy Evidence: the Government’s Attack on the Primary Care System

Documents
Enterprise CIODecisions - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../EntCIO_Decisions_final_vol4.pdf · enterprise cio decisions • september ... to own or rent? lock in colocation prices

Enterprise CIODecisions - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../EntCIO_Decisions_final_vol4.pdf · enterprise cio decisions • september ... to own or rent? lock in colocation prices

Documents
Analysing an Advertising Campaign “Watch Your Own … a Campaign_Heart... · Analysing an Advertising Campaign “Watch Your Own Heart Attack ... Analysing an Advertising Campaign

Analysing an Advertising Campaign “Watch Your Own … a Campaign_Heart... · Analysing an Advertising Campaign “Watch Your Own Heart Attack ... Analysing an Advertising Campaign

Documents
A Video-based Attack for Android Pattern Lock · Graphical-based passwords, like the Android pattern lock, are widely used as a protection mechanism to prevent sensitive information

A Video-based Attack for Android Pattern Lock · Graphical-based passwords, like the Android pattern lock, are widely used as a protection mechanism to prevent sensitive information

Documents
EMP LOCK CONTINUED Lock EMP LOCK CONTINUED Index 1 2 3 5 6 6 ... choosing to install the safe on your own ... (physical or to your property) that may occur* Tools Needed: • 1

EMP LOCK CONTINUED Lock EMP LOCK CONTINUED Index 1 2 3 5 6 6 ... choosing to install the safe on your own ... (physical or to your property) that may occur* Tools Needed: • 1

Documents
DECEPTIONGRID 7.0 DeceptionGrid - A powerful defense ... · specific motivations. • Build Your Own Trap (BYOT) - Gives users the ability to create their own unique attack surfaces

DECEPTIONGRID 7.0 DeceptionGrid - A powerful defense ... · specific motivations. • Build Your Own Trap (BYOT) - Gives users the ability to create their own unique attack surfaces

Documents