KeysForge will give you printable key blueprints using a photo of a lock Hackers have been gifted with an online web service that can produce blueprints for 3D printed keys from nothing more than a photograph of a lock. Eric Wustrow The KeysForge application developed by an academic trio drastically simplifies the complexities in developing keys, allowing amateurs to snap a photo of a lock and …
For years, maybe over 40, you could get a strong, real key for that old stiff lock from a photo by taking a photo to a locksmith. One used the Prison Officer's uniform buttons to get the size right first time.
Most 3D printers can't print a strong enough key, but I suppose any shoe and key bar can replicate the plastic printout in a couple of minutes with the key grinding machine.
That will work if your lock has a master key in the first place. Not all do. In fact, some countries local regs (Germany if memory serves me right - not 100% sure though) prohibit the sale of end-user consume locks with a master key.
You have to be a company and you have to order a batch to get one.
Would be to attach the business end of a remote-control cattle prod on steroids to the other side of a metal lock (or simply the metal doorknob). Doesn't work on plastic keys, perhaps, but just stiffen the lock so you have to use metal ones.
The remote control handed to beancounters or various bosses might of course be faulty. Shocking, really shocking, the lack of proper QC in those (cheap) remote controllers the beancounters wanted us to buy .....
" I was scratching my head the whole article wondering how you could photograph the inside of a lock..."
As I read it. The photograph is taken of the keyhole to determine the profile of the key cross-section. Then it discusses ways to discover the required pin heights one at a time for particular types of locks.
"An end on picture of the lock allows them to extrude the required shape for a key blank."
Ah, that makes more sense, I found the article a bit confusing about that as well. Although in that case, it doesn't seem particularly useful. OK, so you can now make a key blank from a picture of the lock without needing to go anywhere near it. And then you need prolonged physical access to said lock in order to slowly test lots of keys made from your blanks until you've figured out what shape you need to actually open it. If you have the time to do that, there are any number of other methods you could already have used to break into a house, many of which will be significantly quicker and easier while looking less suspicious. Maybe useful for James Bond if he doesn't want anyone to know he's been there, but for someone planning on robbing the place a good kick or a brick through the window is generally going to be more effective.
Keys aren't secure. It's as simple as that. Possession of the device for a fraction of a second is enough to make a copy (a movie scene with Sean Connery comes to mind, in a train station, with some plasticine), and an image of the device will allow you to create an indistinguishable copy.
In the days of house insurance, and the legal definition of "break-in" (i.e. they have to force entry for you to be eligible for a payout), keys are worthless.
Unfortunately, electronic locks can be worse if the users are careless. They are "as secure" physically, but you are reliant on the electronics to authenticate the user properly. An RFID with a fixed number is worthless and similarly copy-able in seconds with a radio scanner. Even 1-wire protocol tags aren't secure. Nor are a lot of the MiFare kits sold today.
It's a difficult problem. Much better to spend your money on being informed when people use any key to open the door (e.g. an alarm that sends you a text) than shoring up the keylocks against simple attacks like this that aren't new just because they use 3D printers. You've been able to do this for years.
It is often easy to use the letterbox to open the door lock from the inside of the house. My upvc double-glazed door has a triple-turn deadlock that also slides latches on three sides of the door. That defeats credit card or jemmy attacks. Still doesn't stop a burglar using a gas burner to remove the glass panels.
Any home intruder protection is designed to persuade them to try an easier one elsewhere.
Precisely.
I have CCTV.
My neighbours were burgled not long ago.
I ramped up the CCTV and adjusted angles to cover my neighbour's (with their permission).
They came back a few months ago, did the other neighbour.
I checked on the CCTV... I have a video of a car crawling along at 2mph along the street, looking into all the houses, stopping and starting (presumably to take notes). Incredibly suspicious. I gave the footage to the police.
However, they quite obviously crawled past my first neighbour's and my house, and decided to do the next instead.
Not claiming that CCTV stops anything at all, but it discourages more than nothing at all.
Oh, and both neighbours were broken into by getting round the back and destroying the door frame.
As AC says, whatever you do to make it harder at one point merely serves to persuade them to try something else that is now the easiest method.
For the casual burglar that's enough, he'll go down the street to someone else's house. If he's targeting your house and you make your door impregnable he'll go through a window or even a wall - unless your home has reinforced concrete walls, it is surprising easily to saw through (including brick walls, as the mortar joints are very easy to cut through)
All you need is a location where you cutting a hole in the wall isn't likely to be observed by the neighbors and a time when the sound won't be heard (wait for a thunderstorm or really windy day) Or heck maybe even if you are observed if you're quick once inside maybe you don't care if you know you can beat the response time of the police!
I worked at a place I cannot name where they had dial locks, and combinations were changed every 2 weeks. Our team tended to come in early, and one guy we had on the team took just a few minutes to open our cupboards, BEFORE we were given the new combination. He was ex Navy, and apparently the night shifts tended to be boring enough for him to quietly work this out.
I can't tell you how pissed off the security people were when he did that - this went on for months :). I think Matt Blaze once published an article about that, but it's not the sort of thing you start experimenting with at work :)
We once had a floppy disk fire safe to which the key had been lost. The safe manufacturer was supplied with the model and the engraved key number - but said there was no way to determine the key. Took the key number to our local key bar - and in a week he had obtained a working key for us.
In the dim and distant past I was the junior dogsbody for an IT project where it was decided that we needed more keys for the project office. I was sent out to procure them. The local locksmiths told me that they were high security keys, and I needed a letter of authorisation to get them copied. Some months later we managed to lock ourselves out. The building manager turned up with a standard issue catering services knife, inserted it between the door and the jam and gave it a sharp tap. Door opened. So much for high security.
We once had a floppy disk fire safe to which the key had been lost
I once worked at a place that had one of those lockable plastic disk boxes. The boss was insistent that only certain specified members of staff had access to the keys.
He was most put out when I popped the hinges and took the disks out of the back...
Vic.
Title and first line of the article are a bit misleading. This won't give you a key, it will give you a blank.
It doesn't really matter though, most physical locks are not secure against a sophisticated attack / brick through the window. We all know that if we call a locksmith they will almost certainly be able to pick our door lock and get in to the house. It doesn't bother us though because in the physical sphere we understand the idea of layers of security and deterent and that they don't all need to be utterly impermeable to have value.
I find the paralells between physical locks and computer security very interesting.
You'll find many comentards on here happy to yell "WHAT! You used MD5?! You KNOW that's not collision resistant, you DESERVE to be hacked!" But far fewer people saying "You used a standard yale lock on your front door? You know they can be picked, you deserve to be burgled"
@Duncan
Absolutely, I've got nothing against MD5 at all, that's why I picked it as an example. It does it's job and it does it well. Much like my front door. It also offers security which although imperfect is perfectly adequate for the intended purpose, much like my front door.
The difference comes with people's attitude to it. People can grasp the strengths and limitations of a door in a way that they can't for algorithms. So if for example HM Inspector of Prisons issues a report saying that my brand of door lock can be broken and is not to be used on cell doors, no-one is concerned. However, if a report is issued saying that the encryption used on my run tracking app can be broken, people panic even though they shouldn't.
Meat, sleeping tablets, 5 minutes.. If your house looks interesting enough to rob and you really use them as guard dogs you should at least train them not to eat any food unless it's given by you or relatives, for their own good.
On the plus side, I don't think you can get done for excessive force when the dogs go after a burglar. After all, he/she would not have been harmed if they had not entered the premises without permission.
You know the one when Edmund decides to travel the Cape of Good Hope in an attempt to impress Queenie? Raleigh believes it to be impossible and exclaims it 'rains so hard it makes your head bleed'. Blackadder retorts that some sort of hat may be in order.
I read this and think 'some kind of escutcheon is in order'. Problem solved. Or am I totally misunderstanding this whole article? Still clever mind.....
Our local scouts have a money raising game that they use at the town fair. It consists of a box with a cylinder lock - and a bag of keys from which you can blindly fish one out. It's surprising how many keys don't quite fit the lock insertion profile.
In the old,days a cylinder lock had a round faceplate with the manufacturer's name - although the key insertion profiles varied even for one manufacturer. Nowadays double glazed doors appear to have a standardised cut-out - and many different manufacturers' locks can be used along with different key shapes The visible lock profile is too small for any identification markings.
"Wouldn't it be easier to look at the lock, see the 'Weiser' or 'Yale' or whatever stamped on the case, and run to your nearest key shop to get a matching blank?"
Cheaper too. The article says it costs $10-25 for a metal key blank made this way, but it's only around a fiver to get a metal key cut at Timpsons, including the blank, labour, and their profit. So compared to traditional burglary techniques this method is slower, more expensive, and still requires you to spend hours fiddling around with someone's door in an incredibly suspicious manner.
Since the software involves looking for the dark part in the photo, presumably it could also be foiled by simply paining your lock black.
This is really rather limited in scope, most keyways for key blanks are standard in the US, your options are pretty much schlage or kwikset. Those 2 keys will get you into 99% of locks. unless it's something more obscure like a medeco (which requires pin rotation and thus this attack is useless), or some other restricted key blank system, of which there are very few in use outside of high security government installations, a photo of the keyway would do you very little good.
requires a computer to attach to this devices USB connector and when the probe is inserted in to a lock, the pins are analysed / profiled. The data is then used to cut keys.
Locks that use 'flat' keys, where the inserted part of the key has no profile other than dimples, it is possible to 'pick' the lock with two simple tools. Totally insecure.
Locksmiths often suggest the use of German locks as they have very low tolerances and therefore less susceptible to picking. On the other hand, Chinese locks are less secure as they often make batches of 500 or 1000 locks all with the same combination. The combination is changed and another batch is made.
The various batches are then 'mixed' by hand, in Mahjong this is called 'dry swimming', so there is some variety on the shipped product.
This post has been deleted by its author
In the '60s I watched a builder let himself in various unfinished homes with a master key. He claimed the the key would cease to work after the new homeowners used their personal keys the first time, but I always wondered if that was true.
... that picking key-locks is trivial.
Never mind "bump keys", a couple bits of street sweeper tines cut/bent/broken into the right shape can open any simple key-lock known to man. Lock-picks are not illegal to own, either ... unless you are using them for illegal activity.
"Not quite ... PC Plod could decide that you're "going equipped" and get you that way."
So, essentially, PC Plod can nick your dear old gran if she uses hair pins?
There is something dreadfully fucked up about that concept ...
Pin locks are pathetically weak. After improvising with paperclips and such for years, I recently got myself a decent set of picking tools. I opened my house door in 20 seconds, a padlock in 30 seconds. And I'm not even that good. My record for opening secure filing cabinets with a bent paperclip and nail (rake and wrench) is 10 seconds. When I used the picks on the filing cabinets, I accidentally removed the lock cylinder, lol. I don't know or use "bump keys", but I gather they're easy and reliable.
Pin locks are pathetic. Like gun laws, they're a polite request for the law-abiding, not anything that remotely stops criminals.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
