Deviant Ollam "Mastering Master Keys" [HOPE Number 9]

Video Statistics and Information

Video

Captions Word Cloud

Captions

hmm thanks for hanging with us we're having a think I think a very successful day and we're going to have a very successful evening and into the morning and just don't plan on sleeping a lot for the next three days up next is all about mastering we're going to talk about mastering the master keyed system by the master of the master keys deviant splash thank you great hey doing so thank you thank you very much this talk was originally going to be Babak and i Babak is still as far as i know waiting for a flight that's about to take off from Las Vegas where he is at the Aloha show so just because we hate ourselves and love you guys he is at Aloha I was here coming off of Chaka Khan he's flying back from Vegas to be here for two nights then we both go to lock Khan the International Congress of lock-picking held this year in Kentucky then he gets to go right back to Vegas where he was because you can never get enough of 114 degrees feet on the ground trained at blackhat run things at Def Con and then come home and then because I hate myself I'm going to tour camp and everything else that I can't even think of until then how many people get to other conferences around the world around the country excellent support other cons support your hackerspaces support your makerspaces support anyone who wants to learn fun stuff and we love it love it love it when people come by the lock-picking area we love that in the lockpick village most people get it that locks are not these magical black boxes that you're not supposed to look inside we we think that you should look in and play with all of them and see how they work understand what your locks are doing understand what they're capable of understand what you're capable of and we're going to talk a lot about that right now so yes I'm up here because I'm dressed in a black t-shirt you know that I am with tulle if you see me in nicer clothes I'm usually with my company but all in the same they kind of just we do the same thing we we break into stuff one because we think it's fun if I'm with tulle and if I'm with my core company I'm getting paid to break into stuff so if you've never considered a career in physical pentesting uh I can tell you it's a hoot running down stairwells while like Security's coming after you and you got a backpack full of financial records and you're totally never going to jail for it it's is pretty choice I'll let you know so tool where we don't get paid is actually where we honestly have even more fun tool is the open organization of lock pickers and all we do is go around teaching people about this because we think locks our beautiful little puzzles that should be dissected and understood tool was founded in Holland tool is now here in the US and as long as you follow the two golden rules of lock picking or lock opening will che you're usually fine legally we're not lawyers ask Alex or pay him Alex months or somebody else and they'll tell you the law but ultimately if you do not pick locks that you don't own and if you do not try to open locks on which you rely regularly you should always avoid hassle and we can get into more about what we mean there and we always top off every lesson in the lockpick village with these rules but ultimately none of this knowledge is illegal unless you do illegal things with it so really quickly just in case you haven't been downstairs where we show you that all these different mechanisms are really one in the same I want to give a quick hit on how locks function just to make sure we're all starting on the same page then we'll go through the real meat which is master keyed systems most of you do know I think that locks involve pins somewhere in the most locks involve pins right so internally this is a pin tumbler lock from the outside you can only see a little piece of one pin here this is this reddish pin we would call that the key pin inside you see it's the key pin and the driver pin here topped off by a spring making this pin stack now at rest this lock cannot be turned if you have no key in it because that driver pin is binding it is in the way every time you use a lock every time you operate it with a key key goes in that lifts the pin stack just enough so that the sheer line between those two pins is at the edge of the plug everything is free to turn because there nothing obstructing makes sense very good this is from the side same song different verse it's just a number of pin stacks reaching back into the lock and they're all the same construction it's just different heights on those red key pins every time you use your key the cuts on your key that's called the bitung of the key has to have the exact right combination of up-down up-down matching all the heights and there you are makes sense again everybody not nice and clear diagrams yes using lock picks if you come down to the village you will learn that it's possible to get those pins into the right position to get all the pins right at the edge of the plug without a king we're happy to show you how to do that it involves basically just stressing the system slightly as with a lot of hacking you you twist and bang on it and see what falls out you know you stress the system and just the right way you cause some force and some tension and some binding and you reach around and you can manipulate pins with sort of a hunting seeking action please come on down if you've never tried it once again let's see those hands who's done some lock-picking is it easy yes who has never opened a lock with picks before beautiful I want all those people downstairs I want you downstairs after ray does his handcuffed demo we're going to stick around or around all weekend we love for you to come by we really appreciate whenever you come by learn and it's just as easy as pop pop pop pop pop now let's say you don't have picks or let's say you're in a situation where you're attacking a more complicated lock something not quite so simple let's say you're in a large institution type building big offices often will not want to have a billion different keys for every door big institutions of education colleges a lot of college campuses and dorms all of these are master keyed systems many of you are probably familiar with this term yes where there's different levels of permission some keys will only open one door other keys will open a whole series of doors etc which is you know I realize it's not a very applicable talk you don't have like a lot of big buildings in this city but there are probably a couple I'm gonna guess that our master keyed how does it work in a nutshell this is it solidus additional pins in some or all but usually just some of the pin stacks so we have our red key pins that we saw before blue pins are all just drivers we saw them but a couple of these pin stacks you'll see they have small pins in the middle there there's little teal colored ones those would just be called master pins occasionally locksmiths who are the trade for many years you hear them call those master wafers because they're so thin their wife out of thin but I've got how many cons can you go to where people get an old Python reference really come on that's awesome I disliked saying master wafers basically because if anybody who's done a lot of lock picking you know there's a whole other kind of lock called a wafer lock also found in big office buildings on file cabinets and the like but instead of muddling those terms you'll always hear me say keep in driver pin master pin and the introduction of master pins in some of these chambers causes the potential for multiple shear lines just at different heights so here you see it's possible to line everything up at a shear line yes but if you have an eight cut on one of your keys because all those bidding cuts they're specifically noot numbered every manufacturer has you know starting it like zero would be a blank key they have a one two three four they have depths and that you can look up depth charts and keying charts most manufacturers do not ever exceed nine a lot of them don't even go that far quick set the most common locks around anywheres most goes to six actually goes to seven in master keyed environments but that's not common but if you have an eight cut on one of your keys sorry my second is an eight cut well you don't really know if that eight cut is operating a single pin stack or a pit a six plus a two which might also operate at a sixty that you don't know so unless you take the lock apart how do you know what's going on well it turns out if you have a key that works in any door to a master keyed system you can with very little effort very little cost and virtually no suspicious activity completely extrapolate out the top master key it's really really simple wanna learn how it works alright imagine a hypothetical office in this office we have Alice and we have Bob and they work on different floors they work in completely different departments they have keys to their offices their keys only work their doors and to round out our example we have a few more people we'll talk about here's Andy Andy works on the same floor as Alice but again his key only works his door doesn't work anywhere else there's also a janitor Charlie and Charlie he's in charge of Alice and Andy's wing of the building so his key will work in their office course his key does not work in Bob's door Bob is more secure environment and you don't have to start scribbling down a whole lot of maths and things but I'm going to give you this is a real master key system we're about to build and various times in this talk I'll talk about these numbers these bidding values as we go around all their keys whenever you read off a bidding value if you say need to key have a key code cut there are machines that will cut by code we'll talk about that you would start from the shoulder of the key and work your way out so with Alice's key remember low numbers like a zero it would be no cut one low numbers means smaller cuts so here we have a three six two three five does that make sense all right let's talk about the locks in their building well here's same way you just saw the people here's alice's door below that is Bob's door here's Andy's door Charlie he just sits in the boiler room he doesn't really matter but you know he can operate a lot of doors because of these different values of master pins mixed in with the key pins so if Alice were to walk around the whole building this is Alice's key being attempted in many doors Alice's key naturally opens her door all the pins are right at the edge of the plug Alice's key looks like it almost would work in Andy's store but it's not perfect there's a few positions that don't work Alice's key does not work in Bob's door that is Alice's key how about Andy well Andy his key doesn't work in Alice's door but it sure as shootin works in his and of course Bob can't get anywhere that's Andy's key Bob well he can't do anything on floor a but of course he can operate his own door this is Bob's key now something I just wanted to show you with Charlie the janitor this is what we would call an intermediate master key if the system is built in such a way Charlie can open Alice's door he can open andis door he cannot open Bob's door even though it looks kind of close he can't quite make it some of you in the front can see that and it's possible depending on how technically you know you really want to delve into it you can build all different layers of intermediate mastering I owe a huge debt of gratitude as do most of us I'd say really all of us in the hacker community to Matt blaze a professor down at UPenn right near where I live in Philly Matt blaze if you are not familiar with him I don't know what rock you've been living under and not receiving radio signals but he has put together some of the best research into crypto awesome code-breaking he's you know he's a professor he's this academic type but he has this wonderful hacker ish spirit that he's carried with him through his original days at phone company labs and engineering and he's done work on p25 radio encryption he's done work in so many great fields Google his name it pops up everywhere he has done great work even in physical security which is not his you know field but he approaches it in this very beautiful computer scientist way this crypto analyst way where he's talked about safe cracking and he's also talked about this master key vulnerability this is a published attack which when I first started biessing with some people about it I said you know this would be neat if we talked about this to somebody who hasn't really heard about it before because this is this has been out there I wonder if you know where and someone said do you should you should pitch that I'm like no like that wouldn't make a lot of sense everyone's heard this and I would said yeah but like we don't really do it like no one's ever really actually done this as an activity maybe you maybe there's interest and I asked around and that's kind of the reaction I got everyone said well yeah like everyone knows Matt but I've never really like seen that done so then now we're friggin here so thank you to Matt for all the work that he's put together thank him for all the flack he took from locksmiths like I'm pretty sure there was like a week-long period and pen might have been opening his mail because he was getting really angry letters from people saying why do you talk about this but of course you guys in this room you know talking about a problem or talking about anything doesn't make it bad in fact in the end it usually makes people a lot better and a lot safer so I thank you guys for getting that and I thank you for being here in this talk I want to paint a little picture for you it involves Alice let's say Alice has grown tired of her time with this company and she wants to leave but maybe a nefarious you know other firms says hey you're that you're that Alice lady right so if you're leaving which Co we want some of these papers that are in Bob's office you know Bob right can you get into Bob's office and Alice's like I wouldn't do that what no I can't I don't have a key that does that and I like will totally pay you fifty thousand dollars and she's like I'll find a way into Bob's office well Alice doesn't have to break down any doors she doesn't have to bribe guards she can keep her whole 50 K you know being unscrupulous cuz you wouldn't do this only bad people would do this for profit Alice doesn't even have to do anything around Bob's office that's where if you really your fault this is like this is holy kind of moment you'll see Alice has a key right she's been working at this company for years it opens her door Alice has bidding depths on her key it is called a change key by the way because that's the lowest rung on the totem pole of mastering using only her change key and only her door Alice can with the aid of some blanks in a hand file extrapolate out the top master key let's talk about how that works well her key which works in her lock you know she can infer a few things but not a lot she says well all the pins right now I mean they're all at the edge somewhere clearly it's not binding if I can turn the key right but beyond that you know she doesn't know if it's all solid pins it's probably not if she's in a big building she's like I'm pretty sure there's mastering in this building I've seen Charlie the janitor he doesn't have 76 keys and this is like a 10 floor building but she doesn't know what specific details are going on and short of taking the lock apart she know that how you know these details are completely hidden inside the cylinder so what's she going to do well alice is going to prepare exploratory Keys and work them as follows this is exploratory key number one this first position she's leaving at a zero cut and she'll populate out the rest of the key with bidding depths that she already knows our valid valid on her change key so we've got zero and then six two three five with me so far now alice is going to simply sweep this whole range and see what falls out so right now you should be aware unless you're a locksmith you really don't have to get deep into it what is called max maximum adjacent cut specification but be aware locks can behave strangely let's say if you violate max too badly they either will not open with valid bidding depths or sometimes keys will get stuck for the most part we're not going to get heavily into that but I'll touch on it just when it arises in this case this is not a valid key Alice might even just file down to a one position in this first case well nothing is ever zero like there's never a blank position can be I've made locks that way in contest because I'm a bastard but no there could be but let's say she starts at one she can do this hand filing pretty easily with the use of what's called a key gauge or a key decoding card you just take a key slide it in to the notch until it stops and you know what value that depth is it's very convenient easier than calipers let's say so Alice has this key that she's made technically this is still a max violation but again we're not going to concern ourselves too much with that Alice walks up to her door which she does every day everyone's hey how you doing how's the baby tries the key doesn't work oh well she quickly has pawned her other key so she saw this is funny switches it out and her other she goes in so she knows that's not a valid cut depth she says well that doesn't do anything for me and maybe in the privacy of her office or in a bathroom stall or depending how covert you are in a pen test you can hide in janitors closets and other things I've done filing in weird places and office buildings but you file down to the next bidding depth so now she's got a two six two three five how are you guys with seeing those bidding values can we see them on the screen okay all right maybe the front row is getting a little screwed but now notice this looks different because of course she's hand filing but the two opposite this was machine cut but it's the same value if they're both a to depth this is no longer a max violation and I know this because this big head on the key this is a quick set style head I can tell it's a quick set system quick set has a max of four Schlage is like a nicer you know spec Schlage pointy pins max if I think six or seven but she tries the key again two six two three five nope doesn't open all right take the key out file it down again tries this in the lock hey it opened but that was probably expected does anyone remember why that was her original key remember her change key had that same value so she has just duplicated that but this does tell her good information she has learned that even though she hasn't checked these pins out at all yet she knows this key pin is solid she knows there are no intermediate values from zero to three there could still be something going on up here though so Alice continues file down again stick it in the lock open nope try again file down again we've got a five stick it in the lock a nope file down again she's got six six two three five how about this hey now that's a little bit of news what does Alice figured out now well clearly all drivers have to be out of the pin out of the plug out of the shear line so everything is raised this is the current picture so now again we haven't touched these other chambers but Alice says all right I know this I know this maybe there's more shear lines but personally if I were in Alice's shoes I would just call it good I would stop and start start checking other things out in the system there's you can always go back you can always take notes you can always be scribbling and say let me revisit this I'm going to give you the most efficient way to bang through this process and as you try later maybe somebody's got a lock opening contest involving this technology maybe you're going to want to be as efficient and fast as you can so again you could keep on going if you want to try a seven hey okay it didn't do anything you could keep on going to the bottom but remember kwikset's don't go past seven so if there is more to the bidding range you could hit it I wouldn't even be doing that at this point but now alice is alright I'm going to prepare another exploratory key analysis really breaking the bank considering that blank Keys or what a dollar fifty at Home Depot so alice is discovered a master value in this first chamber does anyone remember what it was the six she's going to leave a blank value in this position here zero cut anyone remember the last three of her change key yes two three five the value she already knows stick this in the lock now of course the zero depth is never used so you could save time you could start with the one depth max of course being violated don't worry about it too much but you worry about Max when the key doesn't come back out I'll be annoyed at you if you up my contest locks you'll be much more into it yourself if it's like 2:00 a.m. and you're on a pen test job and you can't get keys out of a lock and you're like oh this sucks I've totally done that so all right we've got a six one two three five try the key doesn't open all right take it out file down six two two three five max is okay how we doing here try the key doesn't open file down again six three two three five try the key nope file down again keep on going easy to do notice you don't need a new key every time you can just keep working the same blank key you paid a whole dollar 54 Hey look at that six for 235 lock just opened now Alice knows a serious bit of business here clearly the drivers have to be at the plugs edge she already knew the first chamber that she explored but look here now what we have we have a new line she knows there's another one up here already from her key this is a lot of good information we don't know anything about these further depths but now this chamber is kind of done why is that well it's not just because it's rare to find more than one shear line it's not impossible but in most environments although you're dealing with a huge environment it's kind of rare there's also the consideration of master pins that are too small what do I mean by that well we know obviously that this is a shear line so there's got to be a double height master pin here we're basically done why because master pins that are really small and I mean like one depth in height are a bad thing they up sometimes they flip they get messed up if the lot they cause headaches and most locksmiths will try to avoid using them it's not to say you'll never see them I've built master systems that I still had to use one of once in a while if the master system is big enough but it's not common especially not common to stack two of them together so Alice would say well all right look it's unlikely that a five depth is going to exist you could take the key you know you could just try the six to make sure you're still filing correctly because some people really am I really doing this right how's my file and yeah it opens us alright and now what is what's deeper than that well in this system you know seven is the only deep depth that it exists beyond this well what would that involved that would also involve a single depth master which is probably a bad idea so again if I were doing this I would just toss it and move on I would say all right I think I've discovered my other shear line move on and prepare another another key to explore the next chamber so if we're going to prepare a third exploratory key what value is going to go right up at the shoulder say it yes six what value of we discovered at the next position it will be a four without the floor is this a valid key no because max is violated but again don't worry about that so here was what for yes how about the next position right on zero goes in the blank cuz you're about to sweep that range and the rest is what exactly you guys are paying attention sweet I like what people listen don't fall asleep three five so now it's time to sweep this range right it's time to explore or is it let's talk about being a little bit more efficient in here does anyone remember her known depth it was a - so what's right above - one what's right below - three you don't really need to explore the one in the three because that would involve a single depth master which would be bad you don't really need the friggin two either because if you're confident you've been filing a few times now you kind of know what you're filing is doing so you can honestly start this one at four why waste your effing time try this much more efficient range to explore all right this Keys prepared Alice goes in tries it in the lock doesn't turn by the way has Alice walked to any other office yet in this process no takes the key out file this position down a little bit you got a five cut try this in the lock well come on whoa open that's always nice to hear isn't it you say open when you get a lock open so now what do we got Alice says the pins have to be at the edge and it's probably like this she knew her own depth she found a depth below it I would call that good let's explore these guys we're gonna find things out about them this is pretty dialed in here again why waste your time you can always go back later you can he was always go back with another key if you really think you screwed something up so all right would we need to explore the six steps on this I wouldn't know I mean there's there's a chance but again bad idea how about a seven I wouldn't move the hell on prepare the fourth key you guys already know what's going on what you found so far give it a zero round it out with what you know sweep this range this of course violates max as long as it's not getting stuck in the door we're not going to tell anyone so there is a third depth here if you know that you could always skip the two in the four so you can just go one five six seven why not like again stay away from single away values so start off with the one throw it in the lock does it work no start off next if you really wanted you could go to the value you know again just to test your filing doesn't hurt to make sure you're filing correctly yeah it opened I was expecting that all right so we got it I would file down again I'd skip and go down to five try it in the lock nope you say all right file down to a six try that in the lock the seven I mean I know that deviance said they sometimes you seven in master systems with quick-set let's try the try the seven so now you got a problem now you're like dammit that frigging guy told me to be all efficient and I'm skipping values like a maniac and damn WTF mate well maybe that's the facts maybe that's not sometimes you have you know chambers that just aren't mastered you might question whether you filed correctly but I would just question the lock maybe position four is not mastered give it a little re there's my value give a little question mark on your paperwork come to hell back to it later if you have a problem so this is what we think we got so far maybe three the same value that was on her change key might just be the master value might just be the only value so we've got to prepare a fifth key right what we know what we want sweep the range sweep the leg Johnny all right prepare because again I'm going to skip the zero what there's probably never a zero value of course if you want it you know it doesn't hurt take a second to try it it's always easy to file instead of trying to glue shavings back on a kit you can't put a key back together right so maybe you try it maybe you don't but start at the one if you want stick it in the lock what happens whoa open that that was a quick hit on that lottery that is a heaping bowl of win because you have probably got this whole system now you have probably decoded it all you know that there's another value out here you don't give a about it you could sweep the rest you could say maybe there's intermediate mastering I don't know what's going on here let's keep filing the hell with that I would just start throwing this key and a lot of doors and start seeing what the hell it does maybe you make a nice fresh cut copy of it if you have access to a code cutting machine if you don't you'll be walking around the key it looks like this a little suspicious if someone's walking right up to you but again unless they're looking at closely this is the first time you will ever be walking around to a door that's not yours if you're trying this so now Alice can walk around and wham wham wham wham him every door in the building open to her not with picking not with crouching not with looking over his shoulder just walk up to the door act like you belong you guys know social engineering you're on the phone what they can't put me on the 905 have you told them about my frequent flyer miles all right now though I'm going to the meeting you know just breeze right in if you've got a key no one's going to question that absolutely easy to do man the only thing you're going to really screw yourself on with hand filing is not being noticed by security unless you're like filing at your desk don't do that you know one time we did in a meeting room like we just got tired of running back down with a lobby bathroom in this one building we're penetrating we just sat in a meeting room sometimes it's a great story I wish I'd actually get take credit for this like looking like you belong there I knew a person who breezed in with a briefcase and it was full of like family photos a coffee mug and they just sat at a cubicle and put all their stuff out and like nobody questioned they went back each day for a week and they had like card from the wife and no we just took a meeting room and I was in there like filing filing babak's like on his machine boning a network and some guy comes in is like oh I thought this room was free and we're like no we're in here we had it blocked off on the calendar on the internal website that I hope this company has that I'm referencing so yeah the only you're not going to get noticed unless you're crazy the only problem with filing you may actually have is what I call canyoning canyoning is going to get your keys stuck you see understand why if the key the pins are riding up the front blade nice and easy if they drop in getting that key back out that's gonna be harder so again this is the internals of Alice's Lock these little marks if you can see the white lines they represent the mastering depths that Alice has discovered you can have an alternate lock in the system I think this is Bob's lock if I recall and again the key you just discovered it'll work in there it should work in every door if it's the top master key that you've decoded so super winner is you man like this is easy stuff to pull off and most locks are vulnerable can you mitigate against this I mean sort of there's the idea of restricted key ways or restricted blanks all that means is that the key way profile the actual shape has been patented or copyrighted it's under protection in in basically in the art so manufacturers of blank keys who aren't the company who make the lock those blanks can't get on the market as easily you can still mill blank keys with a machine called an easy entry machine it just reads the side profile of keys and starts milling them a lovely story I don't think I have a photo of it the easy entry company got you know they didn't get into some trouble with their clients who are locksmiths they said hey we're going to start telling these locksmiths that they're violating you know restricted Blanc rules if they start copying people's blunt you know making keys that's our profile so easy entry wonderful German company they're their billets of metal that go in there called Rolex the billet of metal had two holes here and a hole in and it would mill down the side so if you have they said all right here's what we're gonna do if you have a profile and it's restricted so the lock might have a ward of metal here and a ward of metal here so if you want to mill a key make a blank that would be a cut here and a cut here and they say no no that's restricted you can't do that so easy entry said all right turn on you know like special copy beater fuck-you mode and it'll do this it'll go a cut here cut here for no reason cut here and a couple more here and it's a new shape and the Rolex that they start shipping the blanks they have a hole here hole here and a nice smiley face right on the key so they're like oh yeah you got the restricted blank but in truth you know you don't mitigate this just by restricting the metal that's out there people getting blanks can happen you should have secondary monitoring systems you should have door open sensors if you have a big proper building you should be auditing when people can come and go you can have completely separate zones in your building we're just the mastering of one really top-tier floor that has nothing to do with the bidding cuts or the mastering pins of anywhere else in the building separate ring keys entirely but essentially if you really want to be highly awesome you can move away to other badass lock designs just move away from playing pins sidebar based locks examples would be the AUSA twin the Schlage the Schlage Primus these are all systems that interact with extra elements on the key that yes it's possible to attack some of these but it's harder it's certainly harder than just you know sitting there with a hand file you're not going to make sidebar cuts now there's a little iffy nasir in the fact that if you have a sidebar based system like this in one door of a building and that door is mastered it's probably likely that the same sidebar is in every other door in that building there are some companies who've made ways of around this but for the most part if you have access if you are the authorized user of a door and you have that key it may leak a lot of information out at you that you can use some locks have only a sidebar so you have this awesome wafer base lock from the Austrian company Ewa whom we love this is their 3ks their three curve system uses these sliders rotating disk locks are excellent in this regard rotating disk locks have a little wheel pack that essentially it's like a miniature safe a bunch of wheels all have to be turned exactly right so that gates or notches line up a bar drops in it's a beautiful design you can master rotating disk systems you can actually build extra wafers blank wafers when you put the stack together we don't have to get into the whole functioning of how these how these locks work but when you build the pack up you can put you can you can put blank wafers in some lower-level locks you can actually make the system master bolt now not every locksmith out there knows how to do this there is one locksmith you know here at Hope who actually can if anybody goes downstairs and talks to the guys of the security snobs anybody know Mitch have you seen Mitch's security snobs booth him and Sam are down there talk to them Mitch's and ABLOY dealer he's a full disclosure he's a friend of ours we'd lo mine thrown in business he's one of the only people who can build a boy systems like this but he can build you a secure you know mastered ABLOY system one in which even if someone you know steals the low-level lock like I have a lot of locks I use when I travel someone could take the lock and just cut it open and it's not going to leak out the full top master level codes because you understand that too right like if Alice were not so finesse minded she could just rip the doorknob off and dump all the pin she could measure the pins and just get all the bidding codes right there but again you're not going to do that with a rotating disc system you're not also going to have an easy time of it with a magnetic base lock the Meatwad company in Japan uses these amazing magnetic sliders on the you know that work with the key the again ever company in Austria boy the best magnet base lock I've ever seen you may have heard us talk about at the MCs the magnetic code system it's got this amazing key right and you see says oh wow look at this little is wavy track on the side and these big magnetic paddles so they must be like maybe there's some North's and South's in there there is just not the way you think there are possibly this key has these you know big round dots on both sides and a lot of people see it and they say cool magnet II lock right I mean which how often do they switch north and south they do a lot because each one of those discs is a discrete zone of north-south that is rotated into different axial positions and flipped opposite on the other side the internal workings of the lock have many rotors that spin to allow fingers of a side bar to drop in do you think that the plug wall by the way in the key way has to be open in any way for that to work no it's a sealed system the magnetism just radiates out through the housing it's a beautiful lock resistant against dirt fouling corrosion resistance against all kind of attacks trying to make you know keys that are restricted and I gonna make this key our German friends made a fake key once by using tiny chunks of neodymium and key they kind of set it up and glued it into place and they got it to open one time after reading the real key and I think one of the magnets might have popped off in the lock I don't know how well that worked but I mean like no seriously the guy's an SS Dev they're just like boom these are my balls we're awesome it was amazing to see it to happen but it's still it's not a practical attack in the real sense I mean that's a damn secure system so again beautiful stuff is out there but most locks aren't like this most locks are just plain pins and if you want to try to attack them well I don't want you to do this in a building where you're not supposed to be doing this so why don't you do it here and hope we have a new contest for you at hope we have some interesting things for you you're going to start to see starting tomorrow these pillars appear around different spots in the con space there's going to be four of them and these towers have locks in them please just believe me when I tell you this is not me throwing you dumb misdirection and false info each lock is the same lock in every tower why did I do it three side three times each tower because some numbnuts is going to file the key wrong and get it stuck or break something I didn't want the contest to come crashing down when that happened so I built the locks three times that said please don't up my locks during this contest people will get mad at you I will get mad at you but these locks represent part of a master key system there's going to be tower a B C and D by the way these towers which are all wood could really use some weight on the back of them to hold them up if you are buying how many people had the cub matza here coop Martha yeah if you have the empties to those bring them back down to the guys in the mezzanine level give them to them they're going to put them in cases for us we're gonna use that to weigh down the pieces of wood if you could be so kind but you'll see these towers around the grounds there's going to be a box of keys that we have there is a small buy-in to this contest there's a lot of different ways that you can kick in money to help support tool but I'll explain in a minute but for a very small buy-in price probably five bucks you can reach into this bin and pull out a key and the reason we are charging is to dissuade people from trying to brute the attack by just trying to keep getting all the keys pone all the keys like because if you compare a bunch of different keys you can start to already get information about a master keyed system you can start hey this looks a little close to that one so we're trying to dissuade people from doing that now if you want to be like Big Joe moneybags whatever you can just keep throwing fives at us we're not going to let you see what you're grabbing so you might just pull out five-letter ace and be like that might happen but you know you get yourself a key you can do it with one key if you want find where it works find the lock tower that works get yourself some blanks blanks are a buck come on anyone can cough up a buck right there are key gauges I think they are here they should be delivered to the hotel under my name I have to go ask there will be key gauges if people want to buy them to work on them that's fine you can't buy them all there will be a couple reserved in the village for people to do this for free you can decode your key start building yourself a chart there are hand files for you to file down set up keys exploratory Keys start sweeping with the keys if you don't trust your filing skills or if you want to you know get a little extra help there was one other thing I threw in my luggage on the way here yes we did bring a Nilka ultra code machine with us to hope it might be really noisy so don't applaud yet until the Statler guys have like thrown a lot of stuff at us from making too much noise or in a radio booth but we will code cut you a key again you want to brute force this entire contest you can fund tool like throw money a tool will cut you a bunch of keys whatever tools nonprofit and we could use the help but you go around you say alright I got my key I'm gonna try it do this do that try it again run it back down why do I say run them back down well because the key machine is going to live in the village and we're going to impose a rule that if the staff here will work with us and if you can you know point it out to someone else no filing of keys outside of the village so much like in an office where you don't want to look suspicious if other teams see you like trying to ki filing a heat trying to keep if they snap a photo of you filing a key outside of the village you are DQ'd you are disqualified you are not covert so running back down to the village file a key measure key run back up wherever the thing is try the key run back to there's gonna be a lot of hackers losing some weight this weekend hopefully if you think you've figured out the top master key you could double check yourself and run around to the other locks that you fit in hey is working here awesome but this big lock board with these three which again I promise you they're all the same is going to be in the lockpick village at our front table if you walk up the first three teams to give us keys boom boom boom that starts to turn these locks if the key goes in it turns by the way we ask you to keep it in there so no one else is sneaking a peek you get prizes what prizes we haven't figured it out yet I'm gonna go buy this you know top of my head and say free admission to hope next year that tool will pay for a hundred dollar credit in the village $50 credit in the village sound good what do you think all right Thank You Babak for missing your flight I just made that rule up out of my ass the directors vote by proxy is that one so yeah are you gonna win are you gonna try I don't know I think you can I think you could totally pull this off if you do that would be awesome we would really love that we want to see people trying this out how many people have ever actually done an escalation attack like this not too many hands and you probably did it in college or something where you're trying to get another dorm rooms and stuff like that yeah so we wanted this contest because we think it is kind of material that even though people have talked about not a lot of people have done so that's why I came up with this little game you know tool is all about games and public fun tool is you know all about just teaching the community we love all these locks board groups that are showing up we love all the friends that we're making if you've seen any of the groups here that aren't even tool go by say hi see what they do see where they'll be maybe they're visiting another con near you we do say that you know tool is the only nonprofit in the scene as far as we know - we make our own equipment we just we put all anything we get just just back into the you know into the organization because we want people to try this we want people to have fun with this so if how many people think they might try this all right I am going to have to cut some more star turkeys because I only have about five four lakh but you know I'll just start working that ultra code tonight we're setting this all up tomorrow we don't want any locks out at night because even though y'all look pretty trustworthy I don't want anyone banging the locks apart reading the pins and cheating everyone out I want this first time that we ever you know have our game of escalator action to be really really good and to work well alright old Nintendo players get the title reference yeah so I I hope this will be fun maybe it'll be a giant trainwreck but I think everyone here is polite enough to try to not just brute force and I mean don't just damage force anything please be respectful to everyone else who wants to play the game and we'll see how this goes other than that we'll be downstairs in the village all day tomorrow all day on Sunday Ray's going to be down there after his cuff talk he's going to give lessons and I appreciate you listening thank you so much you

Info

Channel: DeviantOllam

Views: 112,313

Rating: 4.9097743 out of 5

Keywords:

Id: aVPSaKLKHd4

Channel Id: undefined

Length: 45min 14sec (2714 seconds)

Published: Thu Mar 06 2014

Reddit Comments

I stumbled across this last night, and I figured you guys might enjoy Deviant's talk on figuring out the bitting for a master key.

👍︎︎ 2 👤︎︎ u/xxc3ncoredxx 📅︎︎ Nov 16 2018 🗫︎ replies

Old but good. He skips a couple of pertinent details though.

One difficulty you may encounter is just getting the blanks. Commmercial master key implementations are almost always made using restricted keyways. You might get lucky with older buildings that use something you can put your hands on, but you should never see a KwikSet KW1 master-keyed implementation used commercially. If you did, you likely wouldn’t need to reverse a master key; just rake open every lock you encounter!

Second, you better have some mad key filing skills. ;)

👍︎︎ 1 👤︎︎ u/randombits 📅︎︎ Nov 16 2018 🗫︎ replies