Bill Graydon - Duplicating Restricted Mechanical Keys

Bill Graydon - Duplicating Restricted Mechanical Keys - DEF CON 27 Conference

Рет қаралды 105,163

Күн бұрын

Secure facilities in North America use lock systems like Medeco, Abloy, Assa and Mul-T-Lock partly to resist lock picking, but also to prevent the duplication and creation of unauthorised keys. Places such as the White House and the Canadian Parliament buildings go so far as to use a key profile exclusive to that facility to ensure that no-one is able to obtain key blanks on which to make a copy. However, there are tens of thousands of unrestricted key blank profiles in existence - many match very closely to these restricted key blanks, and can be used instead of the real blanks to cut keys on. Moreover, keys are just pieces of metal - we will present numerous practical techniques to create restricted keys without authorisation - including new attacks on Medeco, Mul-T-Lock and Abloy key control systems. We will touch on all aspects of key control, including patents and interactive elements, and discuss how to defeat them and how facility managers can fight back against these attacks.
Bill Graydon
Bill Graydon is a principal at GGR Security Consultants, and is active in research in electronic surveillance and alarm systems, human psychology in a secure environment and locking systems analysis. He received a Masters in computer engineering and a certificate in forensic engineering from the University of Toronto, applying this at GGR to develop rigorous computational frameworks to model and improve security in the physical world.
Website: ggrsecurity.com/DEFCON
Robert Graydon
Robert is a principal at GGR security. With a strong interest driving him forward, he is researching lock manipulation, picking, bypass, and other vulnerabilities, to discover and evaluate possible flaws or methods of attack. He has well-honed skills such as lock picking, decoding, locksmithing, as well as a thorough understanding of the mechanics and function of many types of high security locks, and electronic security systems and components, allowing him to effectively search for and test methods of cracking high security systems.

Пікірлер: 97

@bjfincher773 4 жыл бұрын

A master key will unlock anything, a Master lock will secure nothing.

@makebreakrepeat 4 жыл бұрын

This should be called "When lockmakers cut corners"

@TRowland223 4 жыл бұрын

haha . . . cut . . . corners

@jrchicago9216 4 жыл бұрын

As a locksmith and expert witness, Do Not Copy or Do Not Duplicate is an only an instruction to the holder of the key not to copy it. The exception are US Postal and US Government keys which make it unlawful to copy. State Universities may also have a State law protecting them. Then there are patent controlled keys, which the manufacturer has the option to sue anyone who replicates those keys. If the manufacturer determines a threat to the patent, they may sue - even if they just want to prove a point and drain your bank account and run up your credit cards in legal fees. Medeco is a good example of a company that has an aggressive legal position. Holding a key you copied is also potentially a legal burglary tool. I also have the side milling machine in this presentation and it’s a royal bitch to get it right. The side milled key is not held in place as well as it’s a bit sloppy. The high security locks are really tight tolerances. Literally one thousands on an inch can be the difference in a working key and not. I don’t agree it’s easy to use a lathe to copy these. The spacing is so tight that you will be spending a great deal of time. Many test keys get ruined. And I know exactly what I am doing... It’s never impossible, but really something far more for machine precision type of people who are THE most determined and willing to accept a slow and for some endlessly agonizing torment and defeat. There is a big difference between an experienced locksmith and am amateur in reality.

@kapcsford Жыл бұрын

Very interesting!

@Novers 4 жыл бұрын

Losing a lock is a threat model I've always found interested

@JlerchTampa 4 жыл бұрын

Paging lockpickinglawyer and BosnianBill please pick up the pink courtesy phone.

@saltyroe3179 4 жыл бұрын

My favorite security system was Rand Corporation in Santa Monica in 1970. There was a guard who knew everyone and had book of individuals authorized.

@DrTune 4 жыл бұрын

Tough audience; I was applauding ;-)

@MikeHarris1984 Жыл бұрын

2-man rule has two different keys too... to prevent someone from duplicating... so that is not a huge risk. 2man rule is also done via software for high security areas, like inside an HSM... where two or more people have a "password" and when all people type in their "password" it makes the master password via salting the final insert to match the encrypted master.

@boshypatry 4 жыл бұрын

35:15 you can simply rotate all the disks as far clockwise as they will go and then get the pick that LockPickingLawyer and BosnianBill made

@thorlancaster5641 4 жыл бұрын

Good luck with that Protec2. No one has picked that lock (yet)...

@ahmadaamer6 3 жыл бұрын

Thor Lancaster kzfaq.info/get/bejne/bLuKadeU283IaYk.html

@johnhendy1281 4 жыл бұрын

This was fantastic. Really great stuff!

@LockpickingDev 11 ай бұрын

Great research and work. Thanks for a great presentation!

@curiouslockpicker8971 4 жыл бұрын

Fantastic talk! Thank you for sharing =) Are there plans to publicly release the keyway-comparison software?

@AveragePicker 4 жыл бұрын

excellent talk

@samsunglg6671 3 жыл бұрын

I made several copies of the public housing keys for my friends using Jet's commercial/AIR NS blanks [green color] for 6-pin Biaxials while I worked in my dad's hardware store. 1) Configured the copies by the Medeco machine 2) Then use an automatic machine to trim down the sides of the neck, with a monster-locking-wrench for stability They all work seamlessly, I charged $10.00 for each copy, I have no licenses of any kind for key cutting just working out of passion.

@danielluna7648 4 жыл бұрын

Never been interested in locks, but this is fascinating.

@ericrieckers2321 4 жыл бұрын

Interesting presentation. I rarely encourage an end user to buy restricted keyway locks because the lock cylinders and key blanks have a 4-6 week lead time from any given manufacturer. On top of that the owner must provide a letter of authorization for a distributor to purchase these products and it must be snail-mailed to the manufacturer (most commercial hardware manufacturers only sell to authorized distributors, not directly to end user). If a building owner needs keys in a hurry that ain't gonna happen. I'm skeptical that the average hacker will have the skills to make a restricted keyway as shown in the clip but I admire their ability to do so. Bottom line: there's faster and easier ways to breach physical security.

@Chirael 4 жыл бұрын

Great presentation 😊

@TheLoiteringKid 4 жыл бұрын

that titan 2 key looks exactly like my ring of newspaper rack keys. . . .

@huxleypig69 4 жыл бұрын

Does the AWS disc at the rear of Protec II not have any bearing?

@BboxBoy24 4 жыл бұрын

Medeco gets defeated. Bowley: Hold my pick set.

@huxleypig69 4 жыл бұрын

Pff, Bowley aint a patch on Medeco.

@olepigeon 4 жыл бұрын

For a few months, my local Fry's Electronics had one of those automatic key machines. This one must have been configured differently, because it would duplicate ANY key. You could do electronic car fobs and restricted keys, too. It didn't ask. I had my mail key, pool key, and gate keys all duplicated (good thing, too, since I lost one of the pool keys at the pool.) The apartment complex where I was living at the time charged $50 for replacement keys. Unfortunately it was eventually changed to do only house keys. Bah. It's also how I discovered that the USPS does _NOT_ change the locks on the apartment complex's mail box. You have to pay the post office (or maybe the apartment? I remember paying at the post office, though) $25 for a mail key because they claim they have to have a new one made every time someone moves into/outof an apartment. After I had moved out, I still had the key duplicates and had forgotten about them for well over a year. I went to the apartment to drop them off, and out of curiosity I tried my mail key on my old post box. Still worked.

@daa3417 4 жыл бұрын

Billy’s a big boy!

@jamesnekechuk7830 4 жыл бұрын

7:50 Machine is a Wenxing WX-22

@langeludo 7 ай бұрын

There's one huge difference between hacking a software lock and a physical lock. For the former the « thief » can possibly take all the time he wants before even being noticed, whereas the later the « thief » needs to be fast. That to say if your house is harder to get into un-noticed than your neighbour you're already diminishing by a lot the odds of being robbed.

@Riyame 4 жыл бұрын

The funny thing about those USPS arrow keys is that is is a felony to even posses them.

@JGnLAU8OAWF6 4 жыл бұрын

It should be a felony to use same key on multiple locks instead.

@RookieLock 4 жыл бұрын

I want that software! 9:15 Is it available for download ?

@BlackHeartScyther 4 жыл бұрын

Lookup "Key Blank Cross Reference" I found one site that gives a pdf of 190 most common for free and another site that gives access to their database of over 84k for $20/yr (4,500 pictures)

@mrfrenzy. 4 жыл бұрын

Keyline and Silca sell machines that has complete databases of key profiles inside. Just insert your key and it will show which blanks fit and how much filing needs to be done. Locksmiths have used these for decades.

@goofygal27 4 жыл бұрын

An XTS3000? Might as well be rocking an Astro Saber

@MineTheSkyrimDimonds 4 жыл бұрын

You know this seems like a fuck ton of work when you could probably slip the latch or do other more low tech attacks

@iraniansuperhacker4382 Жыл бұрын

that leaves visible and distinct tool marks on locks whereas this wouldnt. Its for sure a rare occurrence but sometimes its important to breech a lock without anyone being able to know because of an obvious brute force entry or less subtle marks made on pins when a lock is picked.

4 жыл бұрын

Well, Rob Ford got in to the Toronto City Hall...

@mgjk 3 жыл бұрын

The man knew his cracks.

@jamcdonald120 Жыл бұрын

what about keys with magnetic elements?

@samiraperi467 4 жыл бұрын

I believe LockPickingLawyer did a video on decoding master keys.

@Wesrl 4 жыл бұрын

Deveint has a talk about it as well

@luisbautista5176 4 жыл бұрын

All that pointing to the screen and walking away from the mic could have been avoided with a 2 dollar laser

@XanCalGil 4 жыл бұрын

This doesn't help with my combination. I've been trying to get into the box for 13 years, now

@destrierofdark_ 4 жыл бұрын

Solve it algorithmically.

@tybrady64 4 жыл бұрын

So basically, James Bond could still make a quick clay model of a key and still get laid! Excellent!

@nrok113 4 жыл бұрын

whyyyy vertical videos?!

@jfan4reva 4 жыл бұрын

The Two Man Rule can be overcome with one man,two keys, and some string....

@theycallmefilip 4 жыл бұрын

Or abnormally long arms.

@ferencszabo3504 4 жыл бұрын

Yeah, "safe places" do exists but only in our imagination! It's only a matter of invested time to go through any security measures, either physical or cyber! The question is: to who are you standing in the way!?! Between the illegal government activities, and the "civilian" AKA not backed up by corrupt law enforcement groups the lines are very blurred!

@barongerhardt 4 жыл бұрын

Is a safe place like a safe space, because master lock makers might get triggered.

@DigitalYojimbo 4 жыл бұрын

Nuclear missile example, that's if the keys are the same.

@km5405 4 жыл бұрын

i seem to recall atleast the russian ones needing special alloys due to the heat the equipment generates.

@Hellsong89 4 жыл бұрын

Excellent point, does anyone have info what ever that is the case? Easy enough to fix, but again cloning key if you are one of the operators is not that difficult.

@DigitalYojimbo 4 жыл бұрын

@@Hellsong89 yes I would think the training and gaining entry would be more difficult. Not to mention that the missiles would have to be prepped ?

@AKAtheA 4 жыл бұрын

@@km5405 firstly, the russian ones need codes to arm the warhead. Not sure about the Titan II, but all newer US ones do as well. Those codes are what actually keeps the nuclear arsenal safe.

@SyphistPrime 4 жыл бұрын

For the 2 keys it would be best to get unique keys, possibly from 2 manufacturers. The government would have the type of money to spend on having a completely unique key made for such things.

@NormReitzel 4 жыл бұрын

A nit. The color is magenta, not pink.

@phischtv4497 4 жыл бұрын

Not talking about "black boxes" and how they work isn't very hacker-ethical, no?

@bbbbeeeaar 4 жыл бұрын

I think it’s because it was too expensive for them to get their hands on one. They mentioned the price was prohibitive. Also it’s more valuable to learn about the cheaper and easier methods they discussed.

@l0ckmanjohn 4 жыл бұрын

The version a locksmith can buy is right around $10,000 and uses proprietary software that doesn't allow for you to cut restricted keyways. They do also offer a version of software to law enforcement that supposedly does allow for restricted keyways .However i have never heard of it being made available to the public.

@fdsafdsafdsafdsafd 4 жыл бұрын

Go on then big guy, go buy one and reverse engineer it. Afterwards publish the results with your full name attached to it. We're all waiting.

@hornylink 4 жыл бұрын

locks, security by obscurity at its finest, or it's dumbest

@daa3417 4 жыл бұрын

The latter for sure, being that security>obscurity is 100% impossible. Now the feeling of security is a completely different thing, I call that delusional thinking.

@thharrimw 4 жыл бұрын

Love the canadian

@blakeeverett6267 4 жыл бұрын

These nerds brought it but why do they keep stepping away from the mic to breath?????

@theycallmefilip 4 жыл бұрын

If there's anything Chocolate Rain taught me, is to move away from the mic to breathe.

@tybrady64 4 жыл бұрын

Filip Suciu Ha! That’s got to be one of the best replies I’ve ever read! Seriously.

@blakeeverett6267 4 жыл бұрын

I’m glad someone got the reference 😂

@tybrady1935 4 жыл бұрын

@@blakeeverett6267 Ahhhhhhhhhh, ok. So you created the (chocolate rain) comment first that allowed Filip to make his excellent reply. I see! I thought Filip had the most excellent reply to some totally random message. So Filip's reply is still most excellent, but quite as excellent as I first thought. lol.

@lawrenceredmacher4382 4 жыл бұрын

why does this guy always sound like he's asking a question when he talks

@thharrimw 4 жыл бұрын

He is Canadian

@thespiritof76.. 4 жыл бұрын

If you don’t cut the damn lock in half wtf you need a key for?

@arthurmoore9488 4 жыл бұрын

Because this talk is about when you want permanent access to a facility with hundreds of locks. Where they've spent money to have a "special" keyway unique to that facility / organization. This talk can be summed up as, if someone manages to steal at least one of those facilities locks, then they can make master keys for the entire building!

@Travelinmatt1976 4 жыл бұрын

Vertical filming on all their demonstrations.

@andreassjoberg3145 4 жыл бұрын

Lots of locks today combines Key + NFC-Code sent by the key. Still can be defeated by serious hackers, but if you use the same model as for car-keys it basically becomes a total bother to defeat, and the intruder will have to get hold of a legit key instead.

@andybaldman 4 жыл бұрын

Can someone give a TL;DW for this?

@arthurmoore9488 4 жыл бұрын

There are many different things here, but this is one that should stand out. If someone manages to steal at least one of a facilities locks, then they can make master keys for the entire building!

@Teeveepicksures 4 жыл бұрын

i love these videos but that tactical vest is some cringy shit

@Nikkeftw 4 жыл бұрын

Its fairly easy to make aut, that these guys are from Canada, aye? Its funny how easy they get around with out saying "Like" every 3 word. Makes them sound so much smarter than their southern neighbor.

@Gennys 4 жыл бұрын

Jesus, there are simply too many presentations on keys. WAY too many.

@rickc2102 4 жыл бұрын

If you ignore half of them, you'll reduce your stress by 50%.

@ShahabSheikhzadeh 2 жыл бұрын

So many decent concepts but not sharing anything with the community isn't really useful and doesn't bring anything forward. Also no mention of individuals who did a lot of the work before You is pretty lame.