1 00:00:01,280 --> 00:00:12,559 [Music] 2 00:00:15,759 --> 00:00:17,520 good evening thank you all for taking 3 00:00:17,520 --> 00:00:19,840 your time to being here with me tonight 4 00:00:19,840 --> 00:00:21,840 um and also welcome to the people on the 5 00:00:21,840 --> 00:00:24,160 stream this talk is about the amiibo 6 00:00:24,160 --> 00:00:25,760 anchor lock 7 00:00:25,760 --> 00:00:27,199 i have one of these logs in my 8 00:00:27,199 --> 00:00:28,880 collection i'm a bit of a lock collector 9 00:00:28,880 --> 00:00:31,439 i used to be a chairman of tool as well 10 00:00:31,439 --> 00:00:33,200 and of course i'm a hacker like most of 11 00:00:33,200 --> 00:00:34,160 you 12 00:00:34,160 --> 00:00:36,399 and i like to figure out how stuff works 13 00:00:36,399 --> 00:00:38,800 and i thought a few years ago already 14 00:00:38,800 --> 00:00:40,640 how does this 15 00:00:40,640 --> 00:00:42,719 specific lock work because it's quite 16 00:00:42,719 --> 00:00:45,520 special in that it uses magnets 17 00:00:45,520 --> 00:00:48,000 so i set up on a trip on figuring out 18 00:00:48,000 --> 00:00:50,239 about this particular lock and this talk 19 00:00:50,239 --> 00:00:52,000 the next 50 minutes i will tell you 20 00:00:52,000 --> 00:00:53,680 about what i've tried to do with the 21 00:00:53,680 --> 00:00:56,320 lock where i failed what not many people 22 00:00:56,320 --> 00:00:58,320 will tell you nowadays when we all have 23 00:00:58,320 --> 00:00:59,920 instagram but i will tell you all the 24 00:00:59,920 --> 00:01:03,039 failures and all the successes as well 25 00:01:03,039 --> 00:01:05,040 i probably don't have enough time to 26 00:01:05,040 --> 00:01:07,200 have a real uh to have questions in 27 00:01:07,200 --> 00:01:09,280 between if you have any questions maybe 28 00:01:09,280 --> 00:01:11,040 we have some time at the end or 29 00:01:11,040 --> 00:01:13,760 otherwise you can find me outside after 30 00:01:13,760 --> 00:01:16,240 the talk 31 00:01:17,040 --> 00:01:19,360 so i have this background tool 32 00:01:19,360 --> 00:01:21,040 and i also have to say i'm writing a 33 00:01:21,040 --> 00:01:23,439 book together with a few friends about 34 00:01:23,439 --> 00:01:24,720 log sport 35 00:01:24,720 --> 00:01:28,560 so this cylinder the anker 3800 or miwa 36 00:01:28,560 --> 00:01:31,439 3800 that originated was invented in 37 00:01:31,439 --> 00:01:33,600 japan as miwa it is sold in the 38 00:01:33,600 --> 00:01:35,200 netherlands as anker 39 00:01:35,200 --> 00:01:37,920 this is a view from the inside and you 40 00:01:37,920 --> 00:01:39,680 see that this log has 41 00:01:39,680 --> 00:01:42,479 four pins which you will find in many 42 00:01:42,479 --> 00:01:44,240 regular locks that you will find on the 43 00:01:44,240 --> 00:01:47,439 door but also here above the pins we 44 00:01:47,439 --> 00:01:48,320 have 45 00:01:48,320 --> 00:01:50,720 sliders with magnets in them and that 46 00:01:50,720 --> 00:01:51,759 makes this 47 00:01:51,759 --> 00:01:55,119 a special kind of cylinder 48 00:01:55,119 --> 00:01:56,799 now here you see the key 49 00:01:56,799 --> 00:01:59,920 and on the bottom of the key there are 50 00:01:59,920 --> 00:02:03,200 these indents the bitting of the key and 51 00:02:03,200 --> 00:02:05,759 you can see that they match for the four 52 00:02:05,759 --> 00:02:09,199 pins that are inside the cylinder so 53 00:02:09,199 --> 00:02:12,319 and on the other side of the key we see 54 00:02:12,319 --> 00:02:16,000 eight black squares those are four sets 55 00:02:16,000 --> 00:02:18,160 of two magnets 56 00:02:18,160 --> 00:02:20,720 and those are samarium cobalt magnets 57 00:02:20,720 --> 00:02:23,040 and they can also be fakes so some of 58 00:02:23,040 --> 00:02:24,800 these black blobs are magnets and some 59 00:02:24,800 --> 00:02:27,120 of them are fakes 60 00:02:27,120 --> 00:02:29,200 and these magnets make tiny little 61 00:02:29,200 --> 00:02:32,480 sliders in the cylinder move 62 00:02:32,480 --> 00:02:34,000 and they need to move to the correct 63 00:02:34,000 --> 00:02:36,800 spot to open 64 00:02:36,800 --> 00:02:39,519 right so here again you see a blown up 65 00:02:39,519 --> 00:02:41,760 version where you can clearly see that 66 00:02:41,760 --> 00:02:43,760 the 67 00:02:43,760 --> 00:02:46,000 what did i do the wrong button 68 00:02:46,000 --> 00:02:48,160 where you can see that the sliders 69 00:02:48,160 --> 00:02:51,120 go from left to right within the plug 70 00:02:51,120 --> 00:02:53,440 and they are operated by the magnets 71 00:02:53,440 --> 00:02:55,680 that you can see here in the key and on 72 00:02:55,680 --> 00:02:59,760 the bottom these pins are operated 73 00:02:59,760 --> 00:03:01,599 now the pins i'm not really going into 74 00:03:01,599 --> 00:03:03,360 lock picking 75 00:03:03,360 --> 00:03:05,120 you can go to other talks or to visit 76 00:03:05,120 --> 00:03:07,280 the tool village here at the campsite 77 00:03:07,280 --> 00:03:08,800 but for lock picking 78 00:03:08,800 --> 00:03:11,040 or for the the pins they need to be 79 00:03:11,040 --> 00:03:13,680 aligned at the shear line so the length 80 00:03:13,680 --> 00:03:16,800 of the red pins need to match the cuts 81 00:03:16,800 --> 00:03:18,480 in the key and when they're all 82 00:03:18,480 --> 00:03:20,000 perfectly aligned 83 00:03:20,000 --> 00:03:21,440 the 84 00:03:21,440 --> 00:03:24,640 plug is free to rotate 85 00:03:24,640 --> 00:03:26,000 well that's not the interesting part the 86 00:03:26,000 --> 00:03:28,400 interesting part is those magnets so we 87 00:03:28,400 --> 00:03:31,040 have here the four sliders 88 00:03:31,040 --> 00:03:32,400 that can slide 89 00:03:32,400 --> 00:03:34,000 in this orientation they slide up and 90 00:03:34,000 --> 00:03:35,120 down 91 00:03:35,120 --> 00:03:36,239 and 92 00:03:36,239 --> 00:03:38,000 so you see there's 93 00:03:38,000 --> 00:03:40,799 four sets of two magnets in the key that 94 00:03:40,799 --> 00:03:44,480 one set per slider 95 00:03:45,200 --> 00:03:47,120 um 96 00:03:47,120 --> 00:03:48,720 now i then did some photoshopping to 97 00:03:48,720 --> 00:03:50,319 create this wonderful slide so i think 98 00:03:50,319 --> 00:03:52,400 this is my photoshop achievement 99 00:03:52,400 --> 00:03:54,799 unlocked although it's a bit crappy but 100 00:03:54,799 --> 00:03:56,799 i'm not a designer i'm a hacker on the 101 00:03:56,799 --> 00:03:59,200 left you see the closed lock and you can 102 00:03:59,200 --> 00:04:00,879 see that the pin is not at the shear 103 00:04:00,879 --> 00:04:03,920 line and also you see this 104 00:04:03,920 --> 00:04:05,920 yellow 105 00:04:05,920 --> 00:04:06,959 slider 106 00:04:06,959 --> 00:04:09,519 it it protrudes into the 107 00:04:09,519 --> 00:04:11,120 edge of the cylinder so that's why it 108 00:04:11,120 --> 00:04:12,879 won't open and there's a little spring 109 00:04:12,879 --> 00:04:14,799 on top 110 00:04:14,799 --> 00:04:17,120 and this green and red thing that's the 111 00:04:17,120 --> 00:04:18,639 magnet 112 00:04:18,639 --> 00:04:20,079 and on the right you see it with the 113 00:04:20,079 --> 00:04:21,918 correct key inserted 114 00:04:21,918 --> 00:04:24,240 so the key pushes the pin to the correct 115 00:04:24,240 --> 00:04:25,199 depth 116 00:04:25,199 --> 00:04:28,400 and also the magnets in the key 117 00:04:28,400 --> 00:04:29,440 will 118 00:04:29,440 --> 00:04:31,520 interact with the magnets in the slider 119 00:04:31,520 --> 00:04:34,000 moving it away to the right 120 00:04:34,000 --> 00:04:36,080 freeing up the plug 121 00:04:36,080 --> 00:04:38,720 so that's basically how it works 122 00:04:38,720 --> 00:04:40,800 and here you see that in this 123 00:04:40,800 --> 00:04:43,199 so i said there are pairs of magnets but 124 00:04:43,199 --> 00:04:44,720 in this case there's only a magnet on 125 00:04:44,720 --> 00:04:46,960 one side of the key 126 00:04:46,960 --> 00:04:49,919 and that is actually quite normal 127 00:04:49,919 --> 00:04:52,240 here you see a key with a piece of 128 00:04:52,240 --> 00:04:54,880 magnetic paper on top of it and you can 129 00:04:54,880 --> 00:04:56,720 clearly make out that there is magnets 130 00:04:56,720 --> 00:04:59,360 in there and i can even also tell that 131 00:04:59,360 --> 00:05:01,440 the bottom two they are either facing 132 00:05:01,440 --> 00:05:03,840 north up or south up and the upper two 133 00:05:03,840 --> 00:05:05,120 they are 134 00:05:05,120 --> 00:05:07,199 facing left or right 135 00:05:07,199 --> 00:05:08,800 so there are different orientations of 136 00:05:08,800 --> 00:05:11,600 magnets and that is what creates the key 137 00:05:11,600 --> 00:05:15,440 in this the the code in this key 138 00:05:15,440 --> 00:05:16,639 and of course you need at least one 139 00:05:16,639 --> 00:05:20,720 magnet per slider to operate the slider 140 00:05:21,919 --> 00:05:23,360 if you would use a 141 00:05:23,360 --> 00:05:24,800 incorrect key 142 00:05:24,800 --> 00:05:25,600 then 143 00:05:25,600 --> 00:05:27,440 maybe the bidding is incorrect which 144 00:05:27,440 --> 00:05:29,759 means that some pins are sticking out 145 00:05:29,759 --> 00:05:32,000 or you have the incorrect magnets which 146 00:05:32,000 --> 00:05:34,400 means that the sliders are sticking out 147 00:05:34,400 --> 00:05:36,080 so they all need to be 148 00:05:36,080 --> 00:05:37,360 correct 149 00:05:37,360 --> 00:05:40,240 for everything to align within the plug 150 00:05:40,240 --> 00:05:43,360 and the plug to rotate 151 00:05:44,160 --> 00:05:46,960 right so this is a the theory um how 152 00:05:46,960 --> 00:05:48,560 this lock works so i hope that is all 153 00:05:48,560 --> 00:05:50,960 clear now let's look at defeating this 154 00:05:50,960 --> 00:05:54,800 lock so what about picking can we pick 155 00:05:54,800 --> 00:05:57,360 this cylinder well the four pins that 156 00:05:57,360 --> 00:05:59,919 are in there they're just for pins and 157 00:05:59,919 --> 00:06:00,880 you could 158 00:06:00,880 --> 00:06:02,560 lock pick them with 159 00:06:02,560 --> 00:06:05,120 regular picking techniques 160 00:06:05,120 --> 00:06:06,479 and actually there's only four of them 161 00:06:06,479 --> 00:06:08,560 whereas most common locks have five so 162 00:06:08,560 --> 00:06:10,319 that should be easier but then there's 163 00:06:10,319 --> 00:06:12,160 also these magnets 164 00:06:12,160 --> 00:06:13,759 now these magnets can also be 165 00:06:13,759 --> 00:06:15,759 manipulated if you take a piece of metal 166 00:06:15,759 --> 00:06:16,720 and 167 00:06:16,720 --> 00:06:18,960 glue a small magnet on the end of it you 168 00:06:18,960 --> 00:06:21,199 can insert in the lock and wiggle it and 169 00:06:21,199 --> 00:06:23,199 manipulate these sliders 170 00:06:23,199 --> 00:06:25,840 and the sliders will move inside of the 171 00:06:25,840 --> 00:06:27,919 cylinder and you can also use audio 172 00:06:27,919 --> 00:06:30,880 magnification to make it easier to to 173 00:06:30,880 --> 00:06:33,120 figure out what is happening and open 174 00:06:33,120 --> 00:06:34,880 this lock 175 00:06:34,880 --> 00:06:37,440 this is not easy when i started my 176 00:06:37,440 --> 00:06:39,039 research which was already quite a few 177 00:06:39,039 --> 00:06:40,240 years ago 178 00:06:40,240 --> 00:06:41,840 i had not seen anybody open this 179 00:06:41,840 --> 00:06:43,280 cylinder before 180 00:06:43,280 --> 00:06:44,560 but 181 00:06:44,560 --> 00:06:45,840 later on 182 00:06:45,840 --> 00:06:47,759 i found well here's at least four videos 183 00:06:47,759 --> 00:06:50,639 on youtube where you can figure out 184 00:06:50,639 --> 00:06:52,560 where you can see this lock actually 185 00:06:52,560 --> 00:06:55,120 being picked by hand 186 00:06:55,120 --> 00:06:56,800 but there's only a few videos so that 187 00:06:56,800 --> 00:06:58,960 already tells you that this is very hard 188 00:06:58,960 --> 00:07:01,680 lock to lockpick because of those 189 00:07:01,680 --> 00:07:04,560 magnets and and 190 00:07:04,639 --> 00:07:07,120 the oldest videos are about two years 191 00:07:07,120 --> 00:07:10,000 old that i found 192 00:07:10,400 --> 00:07:12,960 so what i did was i took an old cylinder 193 00:07:12,960 --> 00:07:15,199 and i 194 00:07:15,199 --> 00:07:17,840 made a test cylinder out of it so in one 195 00:07:17,840 --> 00:07:20,319 side i only kept the pins and the other 196 00:07:20,319 --> 00:07:22,160 side i only kept the 197 00:07:22,160 --> 00:07:25,039 magnetic sliders to 198 00:07:25,039 --> 00:07:26,880 to work with this and my first thought 199 00:07:26,880 --> 00:07:29,280 was can we duplicate the key 200 00:07:29,280 --> 00:07:31,120 because you cannot just duplicate such a 201 00:07:31,120 --> 00:07:32,720 key you need 202 00:07:32,720 --> 00:07:34,240 to call to the factory to get it 203 00:07:34,240 --> 00:07:35,759 duplicated you need to have a 204 00:07:35,759 --> 00:07:37,759 certificate but if you have a key can 205 00:07:37,759 --> 00:07:39,759 you make a copy 206 00:07:39,759 --> 00:07:41,520 and of course you need to 207 00:07:41,520 --> 00:07:43,360 read out the magnets 208 00:07:43,360 --> 00:07:45,120 so we need some kind of device to 209 00:07:45,120 --> 00:07:47,360 measure the magnetic field 210 00:07:47,360 --> 00:07:51,039 now i'm quite an old hacker so 211 00:07:51,039 --> 00:07:53,039 i like to do electronics real ultra 212 00:07:53,039 --> 00:07:54,639 stuff electronics i have a talk about 213 00:07:54,639 --> 00:07:56,319 the gigatron tomorrow night but it's a 214 00:07:56,319 --> 00:07:59,120 different story so i made this i found 215 00:07:59,120 --> 00:08:00,560 this on the internet and i made a 216 00:08:00,560 --> 00:08:02,240 magnetometer 217 00:08:02,240 --> 00:08:04,879 so here's a device that you can use 218 00:08:04,879 --> 00:08:07,039 to measure magnetic fields 219 00:08:07,039 --> 00:08:08,879 and as you can see here i can read out 220 00:08:08,879 --> 00:08:10,720 the magnets and you will see that some 221 00:08:10,720 --> 00:08:13,599 magnets are orientated left right 222 00:08:13,599 --> 00:08:17,120 and some of them are up down 223 00:08:17,120 --> 00:08:19,520 oh that's not true in this particular 224 00:08:19,520 --> 00:08:21,199 key they are all 225 00:08:21,199 --> 00:08:23,919 left right oriented and you can also see 226 00:08:23,919 --> 00:08:26,400 that for for each pair there's only one 227 00:08:26,400 --> 00:08:28,000 that is an actual magnet the other one 228 00:08:28,000 --> 00:08:30,400 is fake 229 00:08:31,199 --> 00:08:33,200 okay reading the 230 00:08:33,200 --> 00:08:36,000 magnets done my electronic batch is in 231 00:08:36,000 --> 00:08:38,159 the pocket 232 00:08:38,159 --> 00:08:42,320 but now i need to create a duplicate key 233 00:08:42,320 --> 00:08:44,399 with these magnets 234 00:08:44,399 --> 00:08:46,800 now the blank keys are cannot be 235 00:08:46,800 --> 00:08:48,399 obtained 236 00:08:48,399 --> 00:08:50,640 so i cannot start off with a blank key 237 00:08:50,640 --> 00:08:53,279 and and put a magnet and make it fit 238 00:08:53,279 --> 00:08:55,600 the magnets are made by factory and i 239 00:08:55,600 --> 00:08:56,880 believe it is in france or spain or 240 00:08:56,880 --> 00:08:57,839 somewhere 241 00:08:57,839 --> 00:09:00,399 and the only 242 00:09:00,399 --> 00:09:01,760 company in the netherlands that has 243 00:09:01,760 --> 00:09:04,720 these is the anchor factory itself 244 00:09:04,720 --> 00:09:07,440 and they won't just give you a key 245 00:09:07,440 --> 00:09:08,959 maybe if you're very good in social 246 00:09:08,959 --> 00:09:10,399 engineering 247 00:09:10,399 --> 00:09:13,360 but anyway i thought i'd make a 248 00:09:13,360 --> 00:09:16,000 magnet setup key so i take an existing 249 00:09:16,000 --> 00:09:17,120 key 250 00:09:17,120 --> 00:09:19,839 try to take out all the existing magnets 251 00:09:19,839 --> 00:09:22,320 so i have holes in which i can put my 252 00:09:22,320 --> 00:09:23,920 own magnets 253 00:09:23,920 --> 00:09:26,880 so i used my dremel and i also took away 254 00:09:26,880 --> 00:09:28,880 the bitting 255 00:09:28,880 --> 00:09:31,360 and my idea was this key 256 00:09:31,360 --> 00:09:33,360 is used to set the magnets 257 00:09:33,360 --> 00:09:35,920 and then i can use this slit in between 258 00:09:35,920 --> 00:09:37,120 to pick 259 00:09:37,120 --> 00:09:38,720 the pins 260 00:09:38,720 --> 00:09:40,640 because uh yeah i cannot form an 261 00:09:40,640 --> 00:09:42,320 existing key i cannot make another 262 00:09:42,320 --> 00:09:44,320 bitting of another key so i thought well 263 00:09:44,320 --> 00:09:46,560 let's make a key with the magnets and do 264 00:09:46,560 --> 00:09:47,680 picking 265 00:09:47,680 --> 00:09:49,600 well that was also an epic fail because 266 00:09:49,600 --> 00:09:52,080 there there's so little room inside this 267 00:09:52,080 --> 00:09:54,080 cylinder that i just could not put my 268 00:09:54,080 --> 00:09:56,080 pick in the 269 00:09:56,080 --> 00:09:57,120 in the lock 270 00:09:57,120 --> 00:09:59,760 and uh yeah not disturb pins that i did 271 00:09:59,760 --> 00:10:01,920 not want to move 272 00:10:01,920 --> 00:10:03,519 so that was a fail 273 00:10:03,519 --> 00:10:06,320 but nevertheless i proceeded i i bought 274 00:10:06,320 --> 00:10:07,920 some two by two by two millimeter 275 00:10:07,920 --> 00:10:09,120 magnets 276 00:10:09,120 --> 00:10:10,079 um 277 00:10:10,079 --> 00:10:11,680 and um 278 00:10:11,680 --> 00:10:13,440 yeah i tried to make the setup key 279 00:10:13,440 --> 00:10:14,640 anyway 280 00:10:14,640 --> 00:10:16,720 because i wanted to do yeah i still was 281 00:10:16,720 --> 00:10:19,120 trying to learn more stuff but this just 282 00:10:19,120 --> 00:10:20,959 didn't work i'm not very good at metal 283 00:10:20,959 --> 00:10:24,240 work it appears and it was too steep a 284 00:10:24,240 --> 00:10:26,320 learning curve for me i didn't have the 285 00:10:26,320 --> 00:10:27,600 right equipment 286 00:10:27,600 --> 00:10:30,720 so the setup key thing was going nowhere 287 00:10:30,720 --> 00:10:32,800 it failed 288 00:10:32,800 --> 00:10:34,240 so i thought 289 00:10:34,240 --> 00:10:36,320 how else well let's let's forget about 290 00:10:36,320 --> 00:10:37,839 these magnets for a while uh let's 291 00:10:37,839 --> 00:10:40,000 suppose that we can create a key with 292 00:10:40,000 --> 00:10:42,079 the correct magnets let's suppose i find 293 00:10:42,079 --> 00:10:44,079 somebody who can do the metal stuff and 294 00:10:44,079 --> 00:10:46,640 create this empty key for me 295 00:10:46,640 --> 00:10:47,920 if i have it 296 00:10:47,920 --> 00:10:49,600 what do i do with the bidding how do i 297 00:10:49,600 --> 00:10:51,040 copy the bidding 298 00:10:51,040 --> 00:10:52,480 well i also 299 00:10:52,480 --> 00:10:54,640 do have 300 00:10:54,640 --> 00:10:56,800 some equipment to make 301 00:10:56,800 --> 00:11:00,000 copies of keys by using molding 302 00:11:00,000 --> 00:11:02,160 so you take some putty you put in the 303 00:11:02,160 --> 00:11:03,040 key 304 00:11:03,040 --> 00:11:04,959 it makes a 305 00:11:04,959 --> 00:11:07,440 you get a mold you pour in molten metal 306 00:11:07,440 --> 00:11:08,390 and you have a copy 307 00:11:08,390 --> 00:11:10,399 [Music] 308 00:11:10,399 --> 00:11:13,120 you see a mold i made of an existing key 309 00:11:13,120 --> 00:11:16,000 so now my idea was if i have a 310 00:11:16,000 --> 00:11:17,680 setup key with the correct magnets i 311 00:11:17,680 --> 00:11:20,320 need to put in this bitting that you see 312 00:11:20,320 --> 00:11:22,000 here 313 00:11:22,000 --> 00:11:23,519 and this is how i did it 314 00:11:23,519 --> 00:11:27,360 so the setup key i combine with the mold 315 00:11:27,360 --> 00:11:29,440 of the key i want to copy 316 00:11:29,440 --> 00:11:33,519 i pour in metal and this is the result 317 00:11:33,600 --> 00:11:35,040 does it work 318 00:11:35,040 --> 00:11:37,839 yeah achievement unlocked 319 00:11:37,839 --> 00:11:39,360 of course this is the cylinder that only 320 00:11:39,360 --> 00:11:41,680 has the pins and not the sliders because 321 00:11:41,680 --> 00:11:42,640 i didn't 322 00:11:42,640 --> 00:11:45,200 succeed in making the setup key 323 00:11:45,200 --> 00:11:46,959 but this proves that if i have a setup 324 00:11:46,959 --> 00:11:49,040 key i could copy the 325 00:11:49,040 --> 00:11:50,730 bidding 326 00:11:50,730 --> 00:11:52,959 [Music] 327 00:11:52,959 --> 00:11:54,959 so to duplicate a key we could make a 328 00:11:54,959 --> 00:11:57,920 skeleton key from the existing key 329 00:11:57,920 --> 00:12:00,959 but that's quite frustrating also 330 00:12:00,959 --> 00:12:02,880 even if i could get this empty key with 331 00:12:02,880 --> 00:12:04,720 the holes to put the magnets in the 332 00:12:04,720 --> 00:12:06,800 magnets that i bought are two by two by 333 00:12:06,800 --> 00:12:09,120 two millimeters and the key is only 2.1 334 00:12:09,120 --> 00:12:10,720 millimeters thick 335 00:12:10,720 --> 00:12:12,480 if you have only point one millimeter 336 00:12:12,480 --> 00:12:14,959 left you yeah it becomes really horrible 337 00:12:14,959 --> 00:12:17,120 to work with 338 00:12:17,120 --> 00:12:19,680 and this was a state of affairs 339 00:12:19,680 --> 00:12:23,360 in at lok con 2019 just before kovit and 340 00:12:23,360 --> 00:12:24,639 i thought well 341 00:12:24,639 --> 00:12:26,720 the only solution i see to get it to get 342 00:12:26,720 --> 00:12:29,440 to advance is to do 3d printing but i 343 00:12:29,440 --> 00:12:31,200 didn't have a 3d printer 344 00:12:31,200 --> 00:12:32,800 and 345 00:12:32,800 --> 00:12:34,880 yeah i left the project 346 00:12:34,880 --> 00:12:37,200 i abandoned it 347 00:12:37,200 --> 00:12:39,600 but then came covert 348 00:12:39,600 --> 00:12:41,200 and i had time 349 00:12:41,200 --> 00:12:42,320 and i also had a little bit of money 350 00:12:42,320 --> 00:12:45,519 left to buy myself a 351 00:12:45,519 --> 00:12:48,320 present which is this creality halo 352 00:12:48,320 --> 00:12:49,920 printer this is a resin printer because 353 00:12:49,920 --> 00:12:52,480 i thought because of the really tight 354 00:12:52,480 --> 00:12:54,720 tolerances i needed a very a printer 355 00:12:54,720 --> 00:12:57,920 that could make really my new details 356 00:12:57,920 --> 00:13:00,160 i bought this printer and i thought and 357 00:13:00,160 --> 00:13:02,480 i was still somehow stupid of me in the 358 00:13:02,480 --> 00:13:05,600 mode of i need to get that setup key 359 00:13:05,600 --> 00:13:09,519 so what i did was i made a setup key 360 00:13:09,519 --> 00:13:11,600 with the slit to do the picking which i 361 00:13:11,600 --> 00:13:13,839 already knew didn't work anyway 362 00:13:13,839 --> 00:13:16,000 and i but this was fun because i needed 363 00:13:16,000 --> 00:13:17,519 to learn about 364 00:13:17,519 --> 00:13:18,800 openscad 365 00:13:18,800 --> 00:13:19,600 and 366 00:13:19,600 --> 00:13:20,639 design 367 00:13:20,639 --> 00:13:22,800 so again achievement unlocked i was able 368 00:13:22,800 --> 00:13:27,279 to create a 3d model of this key 369 00:13:27,279 --> 00:13:30,800 and this has a slit to allow for picking 370 00:13:30,800 --> 00:13:32,560 and this is actually maybe the the 371 00:13:32,560 --> 00:13:34,480 second or third thing i printed on this 372 00:13:34,480 --> 00:13:36,880 printer so i was really chuffed 373 00:13:36,880 --> 00:13:39,199 it did need a little bit of filing to 374 00:13:39,199 --> 00:13:40,480 make it really fit because the 375 00:13:40,480 --> 00:13:41,920 measurements were a little bit a little 376 00:13:41,920 --> 00:13:42,880 bit off 377 00:13:42,880 --> 00:13:45,120 but as you can see the magnets did fit 378 00:13:45,120 --> 00:13:46,800 it didn't break 379 00:13:46,800 --> 00:13:49,120 and best of all it does work on my 380 00:13:49,120 --> 00:13:51,920 cylinder that has just the magnets 381 00:13:51,920 --> 00:13:54,079 so the proof of concept is i can make 382 00:13:54,079 --> 00:13:56,560 this key 383 00:13:57,519 --> 00:14:00,000 still a tiny problem of the slit where i 384 00:14:00,000 --> 00:14:02,160 cannot put in my picking tool without 385 00:14:02,160 --> 00:14:03,120 yeah 386 00:14:03,120 --> 00:14:04,959 doing anything 387 00:14:04,959 --> 00:14:07,839 but i first i i fixed my model to make 388 00:14:07,839 --> 00:14:10,240 it more to make it fit better so this is 389 00:14:10,240 --> 00:14:11,040 a 390 00:14:11,040 --> 00:14:12,720 somewhat later key and this fits right 391 00:14:12,720 --> 00:14:15,600 away after printing 392 00:14:15,600 --> 00:14:17,040 but i still had that problem in the 393 00:14:17,040 --> 00:14:18,800 meantime i had learned from those 394 00:14:18,800 --> 00:14:21,199 youtube videos which were made 395 00:14:21,199 --> 00:14:22,800 after i picked this project up again in 396 00:14:22,800 --> 00:14:24,639 kovit 397 00:14:24,639 --> 00:14:26,320 i find out that the pins are first to 398 00:14:26,320 --> 00:14:28,959 bind in many locks with different rows 399 00:14:28,959 --> 00:14:31,199 of pins of different elements 400 00:14:31,199 --> 00:14:33,199 you need to pick one row first 401 00:14:33,199 --> 00:14:34,240 then the 402 00:14:34,240 --> 00:14:35,839 lock will rotate slightly and then you 403 00:14:35,839 --> 00:14:37,839 need to pick another one the the second 404 00:14:37,839 --> 00:14:39,360 row of pins 405 00:14:39,360 --> 00:14:41,440 now in this particular lock you need to 406 00:14:41,440 --> 00:14:43,519 pick the pins first then it will rotate 407 00:14:43,519 --> 00:14:45,920 a little bit and then you need to 408 00:14:45,920 --> 00:14:50,160 put the sliders in the correct position 409 00:14:50,160 --> 00:14:53,199 so i can actually by applying tension in 410 00:14:53,199 --> 00:14:55,040 the middle of the lock and using a 411 00:14:55,040 --> 00:14:58,720 picking tool i can pick the four pins 412 00:14:58,720 --> 00:15:01,680 and when the four pins have been picked 413 00:15:01,680 --> 00:15:03,839 i can use the setup key that i made by 414 00:15:03,839 --> 00:15:05,519 copying the magnets from the original 415 00:15:05,519 --> 00:15:06,959 key 416 00:15:06,959 --> 00:15:08,800 i can insert it 417 00:15:08,800 --> 00:15:09,680 and 418 00:15:09,680 --> 00:15:11,519 keep the tensioner in place and that 419 00:15:11,519 --> 00:15:13,360 would open the lock 420 00:15:13,360 --> 00:15:16,160 and i tried this and i picked the lock 421 00:15:16,160 --> 00:15:17,600 and actually it was 422 00:15:17,600 --> 00:15:20,240 much harder than i had anticipated 423 00:15:20,240 --> 00:15:21,199 but 424 00:15:21,199 --> 00:15:23,760 achievement unlocked i did open it but 425 00:15:23,760 --> 00:15:26,639 this is not really something that a 426 00:15:26,639 --> 00:15:28,079 non-professional lock picker would 427 00:15:28,079 --> 00:15:29,920 easily do 428 00:15:29,920 --> 00:15:32,079 also the pins in this lock 429 00:15:32,079 --> 00:15:33,920 are anti-picking pins which makes it 430 00:15:33,920 --> 00:15:36,880 more difficult to pick them 431 00:15:37,440 --> 00:15:40,639 yeah but as i said um 432 00:15:40,639 --> 00:15:43,040 oh so the attack factor that we have up 433 00:15:43,040 --> 00:15:45,920 till now is if i have access to a key 434 00:15:45,920 --> 00:15:48,399 even temporary i can read out the 435 00:15:48,399 --> 00:15:52,639 magnets i can create a setup key i can 436 00:15:52,639 --> 00:15:54,720 pick the pins and open it 437 00:15:54,720 --> 00:15:57,360 but of course why am i not just 3d 438 00:15:57,360 --> 00:15:59,199 printing the bidding i was really stuck 439 00:15:59,199 --> 00:16:01,600 on my original train of thoughts of 440 00:16:01,600 --> 00:16:04,160 do continuing what i was doing but of 441 00:16:04,160 --> 00:16:06,399 course you can just print the bidding i 442 00:16:06,399 --> 00:16:08,399 mean that's no no biggie 443 00:16:08,399 --> 00:16:09,600 so i 444 00:16:09,600 --> 00:16:12,079 updated my model and you can now 445 00:16:12,079 --> 00:16:14,800 create a bidding in there as well 446 00:16:14,800 --> 00:16:16,240 and 447 00:16:16,240 --> 00:16:17,920 yeah you can just type in another code 448 00:16:17,920 --> 00:16:19,199 and as you can see 449 00:16:19,199 --> 00:16:20,839 it will 450 00:16:20,839 --> 00:16:23,600 change another bidding so you can just 451 00:16:23,600 --> 00:16:25,360 type in the number of the 452 00:16:25,360 --> 00:16:26,880 the code of the bidding that you want to 453 00:16:26,880 --> 00:16:27,839 have 454 00:16:27,839 --> 00:16:31,279 and you create a key 455 00:16:33,199 --> 00:16:34,000 so 456 00:16:34,000 --> 00:16:36,000 with that here's a such a key that has 457 00:16:36,000 --> 00:16:37,680 been printed 458 00:16:37,680 --> 00:16:41,680 and it does work on both sides 459 00:16:41,680 --> 00:16:44,079 so now we can actually 460 00:16:44,079 --> 00:16:45,839 create a copy of course you also need to 461 00:16:45,839 --> 00:16:47,519 know what the bidding is but 462 00:16:47,519 --> 00:16:49,680 there's only four pins and the depth of 463 00:16:49,680 --> 00:16:51,360 these pins there's only four 464 00:16:51,360 --> 00:16:52,800 possibilities 465 00:16:52,800 --> 00:16:54,160 so that's not much 466 00:16:54,160 --> 00:16:56,079 in many locks you will have seven or 467 00:16:56,079 --> 00:16:58,240 maybe nine possibilities and then you 468 00:16:58,240 --> 00:17:00,320 really have to measure quite well to see 469 00:17:00,320 --> 00:17:01,440 which 470 00:17:01,440 --> 00:17:03,680 which depth it is but in the anchor it's 471 00:17:03,680 --> 00:17:04,880 only four 472 00:17:04,880 --> 00:17:06,480 and if you've been doing this for a bit 473 00:17:06,480 --> 00:17:09,039 of time you can do this with a naked eye 474 00:17:09,039 --> 00:17:11,199 if you give me an anchor key i can see 475 00:17:11,199 --> 00:17:13,439 with the naked eye what the depth 476 00:17:13,439 --> 00:17:14,799 are 477 00:17:14,799 --> 00:17:16,640 so i can 478 00:17:16,640 --> 00:17:19,119 put that in my open scat printer key and 479 00:17:19,119 --> 00:17:21,919 have a duplicate so that's interesting 480 00:17:21,919 --> 00:17:23,599 uh problem is a little bit that the keys 481 00:17:23,599 --> 00:17:26,079 are very brittle 482 00:17:26,079 --> 00:17:27,839 i once dropped the key from this height 483 00:17:27,839 --> 00:17:30,000 and it broken too 484 00:17:30,000 --> 00:17:31,919 and also you have to be careful inside 485 00:17:31,919 --> 00:17:33,039 of the lock 486 00:17:33,039 --> 00:17:36,320 uh so i also did have a key break inside 487 00:17:36,320 --> 00:17:38,320 of the lock and it gave me very hard 488 00:17:38,320 --> 00:17:40,480 time getting that key out again 489 00:17:40,480 --> 00:17:43,039 so that's also why if you do these kinds 490 00:17:43,039 --> 00:17:44,880 of experiments you do them on your own 491 00:17:44,880 --> 00:17:46,559 cylinders that you don't use in a door 492 00:17:46,559 --> 00:17:50,320 or somewhere where you rely upon them 493 00:17:50,320 --> 00:17:51,840 so the keys are brittle so what to do 494 00:17:51,840 --> 00:17:54,320 about that i thought about this and i 495 00:17:54,320 --> 00:17:56,320 thought well if we make the magnets 496 00:17:56,320 --> 00:17:57,760 smaller 497 00:17:57,760 --> 00:17:58,880 there's more 498 00:17:58,880 --> 00:18:01,280 surrounding material making the key more 499 00:18:01,280 --> 00:18:04,080 sturdy so i did find some one by one by 500 00:18:04,080 --> 00:18:07,200 one millimeter magnets now they are so 501 00:18:07,200 --> 00:18:10,080 incredibly small that if you put them in 502 00:18:10,080 --> 00:18:12,240 tweezers and you move them around they 503 00:18:12,240 --> 00:18:15,840 will they will already flip it's 504 00:18:15,840 --> 00:18:17,280 i gave up 505 00:18:17,280 --> 00:18:19,200 and then i talked to a colleague of mine 506 00:18:19,200 --> 00:18:21,679 at work about this uh hobby project and 507 00:18:21,679 --> 00:18:23,039 he said 508 00:18:23,039 --> 00:18:25,679 well why not to use disk magnets 509 00:18:25,679 --> 00:18:28,480 and he actually already started on 510 00:18:28,480 --> 00:18:31,039 printing on his printer a key and he 511 00:18:31,039 --> 00:18:33,520 does not have a resin printer but a 512 00:18:33,520 --> 00:18:35,120 filament printer 513 00:18:35,120 --> 00:18:36,880 and as you can see here on the bottom 514 00:18:36,880 --> 00:18:38,640 this is a key where the magnets are 515 00:18:38,640 --> 00:18:40,000 cylindrical this means that some 516 00:18:40,000 --> 00:18:42,960 cylinders some magnets need to go flat 517 00:18:42,960 --> 00:18:45,280 and some magnets need to be 518 00:18:45,280 --> 00:18:47,280 going deep inside of the key 519 00:18:47,280 --> 00:18:49,760 but of course if you print a key on a 520 00:18:49,760 --> 00:18:52,160 per use basis you can print it any way 521 00:18:52,160 --> 00:18:54,799 you like so you just print it so it fits 522 00:18:54,799 --> 00:18:56,480 the correct magnets 523 00:18:56,480 --> 00:18:58,640 and what's even better you can leave out 524 00:18:58,640 --> 00:19:00,799 the holes where you don't need a magnet 525 00:19:00,799 --> 00:19:03,679 where we have these fake magnets which 526 00:19:03,679 --> 00:19:05,280 will also 527 00:19:05,280 --> 00:19:08,400 strengthen the key more 528 00:19:08,400 --> 00:19:09,440 and 529 00:19:09,440 --> 00:19:11,120 i was worried about the filament print 530 00:19:11,120 --> 00:19:14,400 or not being able to make the key 531 00:19:14,400 --> 00:19:16,240 with such tolerances that it would work 532 00:19:16,240 --> 00:19:20,559 but actually it does work flawlessly 533 00:19:21,919 --> 00:19:24,400 so that's about key copying 534 00:19:24,400 --> 00:19:26,000 but another kind of attack is where you 535 00:19:26,000 --> 00:19:28,960 want to gain an entry to a 536 00:19:28,960 --> 00:19:31,360 or again entry open a lock where you do 537 00:19:31,360 --> 00:19:33,200 not have the original key so this is not 538 00:19:33,200 --> 00:19:34,960 about key copying but about 539 00:19:34,960 --> 00:19:36,559 opening the lock decoding picking 540 00:19:36,559 --> 00:19:38,799 whatever 541 00:19:38,799 --> 00:19:40,080 now here again some wonderful 542 00:19:40,080 --> 00:19:44,080 photoshopping and you see that the 543 00:19:44,080 --> 00:19:46,960 key on the right has a magnet with north 544 00:19:46,960 --> 00:19:50,160 facing up and this matches for this 545 00:19:50,160 --> 00:19:51,360 slider 546 00:19:51,360 --> 00:19:54,320 a magnet where north is facing 547 00:19:54,320 --> 00:19:55,020 right 548 00:19:55,020 --> 00:19:56,559 [Music] 549 00:19:56,559 --> 00:19:59,120 and it always has to be the same if you 550 00:19:59,120 --> 00:20:01,360 if you have this key this 551 00:20:01,360 --> 00:20:03,360 type of magnet in the key you know what 552 00:20:03,360 --> 00:20:05,520 needs to be in the 553 00:20:05,520 --> 00:20:06,480 slider 554 00:20:06,480 --> 00:20:08,900 to make it move in the correct direction 555 00:20:08,900 --> 00:20:10,320 [Music] 556 00:20:10,320 --> 00:20:12,880 and for each of these magnets there's 557 00:20:12,880 --> 00:20:15,840 five possibilities north up north down 558 00:20:15,840 --> 00:20:18,400 north to the left north to the right or 559 00:20:18,400 --> 00:20:20,770 no magnet at all 560 00:20:20,770 --> 00:20:23,600 [Music] 561 00:20:23,600 --> 00:20:26,080 so here you see the arrows represent the 562 00:20:26,080 --> 00:20:28,000 direction the sliders need to move so 563 00:20:28,000 --> 00:20:29,679 two of them move right and two of them 564 00:20:29,679 --> 00:20:32,480 move left and that's the same for every 565 00:20:32,480 --> 00:20:33,679 cylinder 566 00:20:33,679 --> 00:20:35,679 and here you see the magnets that i've 567 00:20:35,679 --> 00:20:37,280 read out 568 00:20:37,280 --> 00:20:39,039 and 569 00:20:39,039 --> 00:20:41,600 i then know if i see this key i know 570 00:20:41,600 --> 00:20:44,080 already that the lock must contain these 571 00:20:44,080 --> 00:20:45,280 sliders 572 00:20:45,280 --> 00:20:47,360 because if this key is inserted in this 573 00:20:47,360 --> 00:20:48,720 specific lock 574 00:20:48,720 --> 00:20:50,559 i know that is the only way that the 575 00:20:50,559 --> 00:20:52,880 sliders will be 576 00:20:52,880 --> 00:20:55,600 moved to the correct position 577 00:20:55,600 --> 00:20:59,360 so knowing the magnets in the key 578 00:20:59,360 --> 00:21:01,200 with that i will learn what the magnets 579 00:21:01,200 --> 00:21:03,360 are in the cylinder 580 00:21:03,360 --> 00:21:04,880 but it's also the 581 00:21:04,880 --> 00:21:06,799 other way around if i know what is in 582 00:21:06,799 --> 00:21:08,240 the cylinder 583 00:21:08,240 --> 00:21:10,960 i then know what is in the key 584 00:21:10,960 --> 00:21:12,880 so i wanted to read out the magnets in 585 00:21:12,880 --> 00:21:15,360 the cylinder 586 00:21:15,360 --> 00:21:16,480 so i use my 587 00:21:16,480 --> 00:21:18,880 wonderful magnetometer try to read out 588 00:21:18,880 --> 00:21:21,360 the magnets but yeah it doesn't fit the 589 00:21:21,360 --> 00:21:22,880 sensor is too big 590 00:21:22,880 --> 00:21:25,840 as i said this lock is a weird shape and 591 00:21:25,840 --> 00:21:28,320 there's really not a lot of space 592 00:21:28,320 --> 00:21:30,559 so this was a fail and um 593 00:21:30,559 --> 00:21:32,640 i looked for smaller ones smaller hole 594 00:21:32,640 --> 00:21:35,360 sensors and i found this in a soft 23 595 00:21:35,360 --> 00:21:37,760 package which is rather small 596 00:21:37,760 --> 00:21:39,520 i bought a few of them 597 00:21:39,520 --> 00:21:40,559 and 598 00:21:40,559 --> 00:21:42,720 then i needed to put this on something 599 00:21:42,720 --> 00:21:44,330 to insert into the cylinder 600 00:21:44,330 --> 00:21:45,679 [Music] 601 00:21:45,679 --> 00:21:46,720 i then 602 00:21:46,720 --> 00:21:49,360 tried the kicad to design a little pcb 603 00:21:49,360 --> 00:21:51,520 just a flat piece of pcb that goes 604 00:21:51,520 --> 00:21:53,280 inside of the cylinder 605 00:21:53,280 --> 00:21:54,480 and 606 00:21:54,480 --> 00:21:56,840 i bought some 0.4 millimeter flexible 607 00:21:56,840 --> 00:21:59,760 pcb and i was told by somebody you can 608 00:21:59,760 --> 00:22:01,919 so that's a keycard achievement 609 00:22:01,919 --> 00:22:04,480 and somebody told me if you print your 610 00:22:04,480 --> 00:22:07,280 keycard design with a laser printer on 611 00:22:07,280 --> 00:22:09,840 inkjet paper and then use an iron you 612 00:22:09,840 --> 00:22:13,120 can transfer it to the pcb and etch it 613 00:22:13,120 --> 00:22:16,080 well for me this failed horribly i don't 614 00:22:16,080 --> 00:22:17,600 know what i did wrong maybe some of you 615 00:22:17,600 --> 00:22:18,400 know 616 00:22:18,400 --> 00:22:20,240 come see me after the talk but i 617 00:22:20,240 --> 00:22:22,480 reverted to a really old-school pcb 618 00:22:22,480 --> 00:22:24,080 making which i've already done years and 619 00:22:24,080 --> 00:22:27,039 years ago it's just using a sharpie and 620 00:22:27,039 --> 00:22:28,320 drawing on it 621 00:22:28,320 --> 00:22:29,039 and 622 00:22:29,039 --> 00:22:31,039 making it so 623 00:22:31,039 --> 00:22:31,919 that was 624 00:22:31,919 --> 00:22:33,919 achieved but still failed because it 625 00:22:33,919 --> 00:22:35,039 didn't fit 626 00:22:35,039 --> 00:22:37,039 here you see on the bottom left you see 627 00:22:37,039 --> 00:22:38,000 that the 628 00:22:38,000 --> 00:22:40,000 sensor is on top of the pcb and together 629 00:22:40,000 --> 00:22:44,000 with the pcb it was still too high 630 00:22:44,000 --> 00:22:46,080 so the solution was to put this the 631 00:22:46,080 --> 00:22:49,600 whole center at the end of the 632 00:22:49,600 --> 00:22:52,080 pcb and glue it on 633 00:22:52,080 --> 00:22:54,960 and for that i needed to extend the wire 634 00:22:54,960 --> 00:22:57,039 so i used 0.1 millimeter wires and 635 00:22:57,039 --> 00:22:59,600 soldered them on and this was the most 636 00:22:59,600 --> 00:23:03,200 hard thing of the whole project 637 00:23:03,200 --> 00:23:04,880 it was really frustrating but it did 638 00:23:04,880 --> 00:23:06,880 work in the end so it was on it was 639 00:23:06,880 --> 00:23:07,760 working 640 00:23:07,760 --> 00:23:09,600 i used it with my magnetometer and it 641 00:23:09,600 --> 00:23:11,600 failed because it uses different voltage 642 00:23:11,600 --> 00:23:14,320 levels than the other wall sensor 643 00:23:14,320 --> 00:23:16,720 so i needed to fix my electronics 644 00:23:16,720 --> 00:23:17,840 but 645 00:23:17,840 --> 00:23:20,080 i thought well let's learn some more 646 00:23:20,080 --> 00:23:23,039 stuff let's do something with an arduino 647 00:23:23,039 --> 00:23:25,039 i mean it's totally overkill for reading 648 00:23:25,039 --> 00:23:27,679 out the whole sensor but it's fun anyway 649 00:23:27,679 --> 00:23:30,159 so here you can see the device in action 650 00:23:30,159 --> 00:23:32,080 so i can insert it i have to wiggle it a 651 00:23:32,080 --> 00:23:33,200 little bit 652 00:23:33,200 --> 00:23:35,039 in case the magnet is going left and 653 00:23:35,039 --> 00:23:36,799 right 654 00:23:36,799 --> 00:23:39,520 but you see i can actually read out the 655 00:23:39,520 --> 00:23:43,840 the magnets that are in the cylinder 656 00:23:47,200 --> 00:23:48,480 and what's interesting is that this lock 657 00:23:48,480 --> 00:23:50,000 has quite a few magnets but we'll get to 658 00:23:50,000 --> 00:23:52,400 that later 659 00:23:52,400 --> 00:23:54,480 and since i was doing this anyway i 660 00:23:54,480 --> 00:23:55,760 thought well let's make it more 661 00:23:55,760 --> 00:23:58,000 beautiful so i ordered this 662 00:23:58,000 --> 00:23:59,760 lcd touchscreen 663 00:23:59,760 --> 00:24:01,039 and 664 00:24:01,039 --> 00:24:03,200 i also programmed in that you can 665 00:24:03,200 --> 00:24:05,120 that will translate from the magnets in 666 00:24:05,120 --> 00:24:07,440 the key to the cylinder and vice versa 667 00:24:07,440 --> 00:24:09,440 it has now an analog mode and a digital 668 00:24:09,440 --> 00:24:11,360 mode to show what the magneti 669 00:24:11,360 --> 00:24:12,880 magnetization is 670 00:24:12,880 --> 00:24:14,880 there's an sd card in there so you can 671 00:24:14,880 --> 00:24:19,440 save the current readout to the sd card 672 00:24:19,440 --> 00:24:22,080 and here you see me reading out a 673 00:24:22,080 --> 00:24:24,960 specific cylinder 674 00:24:24,960 --> 00:24:26,240 and you see it will translate 675 00:24:26,240 --> 00:24:28,240 automatically if the cylinder in this 676 00:24:28,240 --> 00:24:30,840 position has this kind of magnet 677 00:24:30,840 --> 00:24:34,640 then the key must have this other magnet 678 00:24:34,640 --> 00:24:37,600 in that place 679 00:24:42,480 --> 00:24:44,720 and now if i read out the original key i 680 00:24:44,720 --> 00:24:49,120 should get what is depicted on the left 681 00:24:52,159 --> 00:24:55,120 works great so i can now read out 682 00:24:55,120 --> 00:24:58,720 the magnets in a cylinder 683 00:24:58,720 --> 00:25:00,640 so the attack factor is if i have 684 00:25:00,640 --> 00:25:03,440 temporary access to a cylinder 685 00:25:03,440 --> 00:25:05,360 but not the key i can read out the 686 00:25:05,360 --> 00:25:07,600 magnets and i can determine what magnets 687 00:25:07,600 --> 00:25:09,600 need to be in the key 688 00:25:09,600 --> 00:25:12,480 but i don't have the bitings so we still 689 00:25:12,480 --> 00:25:14,640 i can make a setup key but i still need 690 00:25:14,640 --> 00:25:17,120 to do the lock picking for the four pins 691 00:25:17,120 --> 00:25:18,880 for one time opening with a lot of 692 00:25:18,880 --> 00:25:20,080 effort 693 00:25:20,080 --> 00:25:21,679 or i could make 694 00:25:21,679 --> 00:25:23,360 all possibilities because it's only four 695 00:25:23,360 --> 00:25:25,840 pins with four possibilities if i make 696 00:25:25,840 --> 00:25:30,159 if i spend a few days and make 256 keys 697 00:25:30,159 --> 00:25:32,080 i could try them out and one of them 698 00:25:32,080 --> 00:25:34,480 will fit 699 00:25:35,520 --> 00:25:37,760 so that's yeah do we have an alternative 700 00:25:37,760 --> 00:25:41,200 instead of picking or creating 256 keys 701 00:25:41,200 --> 00:25:43,360 so one of the ways that you can also 702 00:25:43,360 --> 00:25:44,720 open a lock 703 00:25:44,720 --> 00:25:47,440 one time is using bumping so i won't 704 00:25:47,440 --> 00:25:48,880 explain everything with bumping but the 705 00:25:48,880 --> 00:25:51,120 idea very shortly is that you 706 00:25:51,120 --> 00:25:54,000 apply a lot of force to the pins that 707 00:25:54,000 --> 00:25:57,279 transform that the force is 708 00:25:57,279 --> 00:25:59,039 moved over to the other pins on the on 709 00:25:59,039 --> 00:26:00,799 top they will 710 00:26:00,799 --> 00:26:03,039 separate for short moment of time and in 711 00:26:03,039 --> 00:26:05,200 that time you can open the lock 712 00:26:05,200 --> 00:26:06,720 can we do bumping 713 00:26:06,720 --> 00:26:08,320 now that's quite hard as well because 714 00:26:08,320 --> 00:26:10,000 for bumping you need a bump key a bum 715 00:26:10,000 --> 00:26:11,679 key is a key 716 00:26:11,679 --> 00:26:13,679 where as you can see here in the in the 717 00:26:13,679 --> 00:26:17,039 movie the the key is cut to the deepest 718 00:26:17,039 --> 00:26:19,120 most position everywhere 719 00:26:19,120 --> 00:26:22,240 but for this i need an existing key 720 00:26:22,240 --> 00:26:23,919 and i also need to have the correct 721 00:26:23,919 --> 00:26:25,679 magnets in there 722 00:26:25,679 --> 00:26:26,960 um 723 00:26:26,960 --> 00:26:29,440 so i could print a uh 724 00:26:29,440 --> 00:26:31,600 so yeah i cannot get a blank key from 725 00:26:31,600 --> 00:26:32,880 the factory 726 00:26:32,880 --> 00:26:35,120 because i won't give it to anybody 727 00:26:35,120 --> 00:26:37,520 but i can print the key well the resin 728 00:26:37,520 --> 00:26:39,919 printed key is much too brittle so i if 729 00:26:39,919 --> 00:26:42,880 i if i yeah smash it it will break 730 00:26:42,880 --> 00:26:46,480 but fortunately the pat g key is strong 731 00:26:46,480 --> 00:26:47,760 enough 732 00:26:47,760 --> 00:26:49,840 so this is pad g on the filament printer 733 00:26:49,840 --> 00:26:51,279 so i have the correct magnets that i've 734 00:26:51,279 --> 00:26:52,799 read out 735 00:26:52,799 --> 00:26:54,720 i use a bump 736 00:26:54,720 --> 00:26:56,000 hammer 737 00:26:56,000 --> 00:26:57,919 and of course i show you the video where 738 00:26:57,919 --> 00:27:00,240 this works in one hit normally it would 739 00:27:00,240 --> 00:27:02,960 take maybe five six seven eight hits 740 00:27:02,960 --> 00:27:04,960 to open it it does require a bit of 741 00:27:04,960 --> 00:27:06,799 practice to be able to do this but it 742 00:27:06,799 --> 00:27:09,120 works and it did work repeatedly so the 743 00:27:09,120 --> 00:27:10,640 key was not 744 00:27:10,640 --> 00:27:12,480 it was still operational 745 00:27:12,480 --> 00:27:14,000 for another bump 746 00:27:14,000 --> 00:27:16,240 after i did this bump 747 00:27:16,240 --> 00:27:17,760 so that's nice that gives me the 748 00:27:17,760 --> 00:27:20,399 possibility to do a one-time opening 749 00:27:20,399 --> 00:27:23,440 if i don't have the key 750 00:27:23,440 --> 00:27:25,600 there's another way of finding the 751 00:27:25,600 --> 00:27:27,200 bidding which is impressioning that's 752 00:27:27,200 --> 00:27:29,120 also a very interesting topic that you 753 00:27:29,120 --> 00:27:31,840 could also talk about for 50 minutes 754 00:27:31,840 --> 00:27:33,440 instead maybe you can watch this video 755 00:27:33,440 --> 00:27:35,840 by joel zveyers he did a great job on 756 00:27:35,840 --> 00:27:37,840 attacking master keith systems how to do 757 00:27:37,840 --> 00:27:39,440 that with impressioning with 758 00:27:39,440 --> 00:27:41,600 impressioning you start with a key that 759 00:27:41,600 --> 00:27:44,320 has all the pins in the top 760 00:27:44,320 --> 00:27:46,000 maximum level 761 00:27:46,000 --> 00:27:49,120 you wiggle it in the lock and it the the 762 00:27:49,120 --> 00:27:52,480 the pins will make tiny marks on the key 763 00:27:52,480 --> 00:27:54,320 so you need to have a key that has 764 00:27:54,320 --> 00:27:56,640 rather soft material like brass not 765 00:27:56,640 --> 00:27:58,000 steel 766 00:27:58,000 --> 00:27:59,600 and you get tiny marks you need a 767 00:27:59,600 --> 00:28:01,760 magnifying glass to see them and where 768 00:28:01,760 --> 00:28:03,279 you see a mark you need to file away a 769 00:28:03,279 --> 00:28:05,760 little bit of material until it yeah it 770 00:28:05,760 --> 00:28:07,919 fits because if you if you file it to 771 00:28:07,919 --> 00:28:10,799 the correct depth it will no longer mark 772 00:28:10,799 --> 00:28:12,880 and here you see a lock so so there's a 773 00:28:12,880 --> 00:28:16,159 key a dimple lock key that i impressions 774 00:28:16,159 --> 00:28:17,600 and you see it looks a bit weird because 775 00:28:17,600 --> 00:28:19,279 i filed straight over the key but it 776 00:28:19,279 --> 00:28:20,960 doesn't matter as long as the place 777 00:28:20,960 --> 00:28:22,960 where the pin drops goes to the correct 778 00:28:22,960 --> 00:28:27,520 spot that is fine now can we do this for 779 00:28:27,520 --> 00:28:30,640 the anchor well not with our 3d printed 780 00:28:30,640 --> 00:28:33,760 keys i mean that material is not suited 781 00:28:33,760 --> 00:28:35,120 for doing impressioning you need to 782 00:28:35,120 --> 00:28:36,640 apply quite a lot of force and these 783 00:28:36,640 --> 00:28:39,840 pins need to mark the key 784 00:28:39,840 --> 00:28:41,600 so we need a brass 785 00:28:41,600 --> 00:28:43,039 setup key 786 00:28:43,039 --> 00:28:44,399 and we don't have those 787 00:28:44,399 --> 00:28:47,360 setup key brass impressioning key 788 00:28:47,360 --> 00:28:49,360 well i was talking to my colleague hido 789 00:28:49,360 --> 00:28:51,200 about this project and he said oh but i 790 00:28:51,200 --> 00:28:53,520 have a cnc machine maybe i can do 791 00:28:53,520 --> 00:28:54,640 something for you 792 00:28:54,640 --> 00:28:55,600 so 793 00:28:55,600 --> 00:28:58,159 actually he did an aluminum key for me 794 00:28:58,159 --> 00:29:00,240 as well so he and from that one he took 795 00:29:00,240 --> 00:29:02,399 some pictures so here you see that he's 796 00:29:02,399 --> 00:29:04,320 creating from a piece of 797 00:29:04,320 --> 00:29:07,440 aluminum a or aluminium i should say 798 00:29:07,440 --> 00:29:08,960 probably here 799 00:29:08,960 --> 00:29:11,520 made a key with the 800 00:29:11,520 --> 00:29:13,600 spaces to put the magnets in 801 00:29:13,600 --> 00:29:15,440 and you can make this a bum key 802 00:29:15,440 --> 00:29:17,520 or an impressioning key 803 00:29:17,520 --> 00:29:18,880 and here's the impression key so this 804 00:29:18,880 --> 00:29:21,360 was made out of brass 805 00:29:21,360 --> 00:29:25,360 and on the bottom left you can see 806 00:29:25,360 --> 00:29:27,360 that under the right lighting you can 807 00:29:27,360 --> 00:29:29,200 see the marks that the pins make on the 808 00:29:29,200 --> 00:29:30,159 key 809 00:29:30,159 --> 00:29:32,399 and there you file away a little bit and 810 00:29:32,399 --> 00:29:34,960 you try again so this is not something 811 00:29:34,960 --> 00:29:36,559 that you can do in a few minutes it 812 00:29:36,559 --> 00:29:37,360 takes 813 00:29:37,360 --> 00:29:39,440 yeah several steps 814 00:29:39,440 --> 00:29:41,360 and quite a bit of time 815 00:29:41,360 --> 00:29:43,360 and 816 00:29:43,360 --> 00:29:45,440 yeah did i achieve it yeah i achieved 817 00:29:45,440 --> 00:29:48,799 impressing a a key to make it fit but i 818 00:29:48,799 --> 00:29:50,640 feel i also kind of failed 819 00:29:50,640 --> 00:29:51,840 because this was 820 00:29:51,840 --> 00:29:53,520 very hard i mean i've done impressioning 821 00:29:53,520 --> 00:29:55,760 in the past with regular locks and the 822 00:29:55,760 --> 00:29:57,200 lock you saw before 823 00:29:57,200 --> 00:29:59,440 that is way more easy than with this 824 00:29:59,440 --> 00:30:01,279 particular lock i'm not really sure what 825 00:30:01,279 --> 00:30:03,279 is the reason for that 826 00:30:03,279 --> 00:30:05,600 maybe it's also the material used but i 827 00:30:05,600 --> 00:30:07,600 found it very hard and it's 828 00:30:07,600 --> 00:30:09,679 not really a 829 00:30:09,679 --> 00:30:13,520 yeah a real life scenario i would say 830 00:30:13,520 --> 00:30:15,440 but still we now have an attack factor 831 00:30:15,440 --> 00:30:17,279 when you have access to the cylinder but 832 00:30:17,279 --> 00:30:19,279 you don't have a key we can read out the 833 00:30:19,279 --> 00:30:21,200 magnets 834 00:30:21,200 --> 00:30:25,360 and we could create a set of key uh 835 00:30:25,360 --> 00:30:27,120 with the deepest cuts to do a one-time 836 00:30:27,120 --> 00:30:28,720 bump so you have opened it but you don't 837 00:30:28,720 --> 00:30:30,320 know what the combination is 838 00:30:30,320 --> 00:30:32,559 or if you're very experienced you might 839 00:30:32,559 --> 00:30:34,240 be able to do impressioning which will 840 00:30:34,240 --> 00:30:35,200 take 841 00:30:35,200 --> 00:30:36,960 quite a bit of time but then you end up 842 00:30:36,960 --> 00:30:39,120 with knowing the correct bitting so you 843 00:30:39,120 --> 00:30:40,960 have an actual key 844 00:30:40,960 --> 00:30:42,640 for a cylinder that you have not seen 845 00:30:42,640 --> 00:30:43,600 the key 846 00:30:43,600 --> 00:30:46,320 for before 847 00:30:48,480 --> 00:30:50,880 now let's talk about something else 848 00:30:50,880 --> 00:30:54,399 which is master keying because 849 00:30:54,399 --> 00:30:57,360 the anchor lock is a high security lock 850 00:30:57,360 --> 00:31:00,080 it was invented in the 1980s i think i 851 00:31:00,080 --> 00:31:01,840 already mentioned it was patented in the 852 00:31:01,840 --> 00:31:03,279 early 80s 853 00:31:03,279 --> 00:31:04,799 the patent has been 854 00:31:04,799 --> 00:31:07,360 is no longer valid by a long time 855 00:31:07,360 --> 00:31:09,679 but they are used in in high security 856 00:31:09,679 --> 00:31:11,200 environments like 857 00:31:11,200 --> 00:31:12,640 hospitals 858 00:31:12,640 --> 00:31:14,240 and such 859 00:31:14,240 --> 00:31:16,080 and in those environments 860 00:31:16,080 --> 00:31:18,960 they use master keying a lot and very 861 00:31:18,960 --> 00:31:20,799 short introduction to master keying 862 00:31:20,799 --> 00:31:22,799 master keying is where you have 863 00:31:22,799 --> 00:31:25,440 cylinders that have that each have their 864 00:31:25,440 --> 00:31:27,279 own key so you have a key that works on 865 00:31:27,279 --> 00:31:29,600 your door in your office but you also 866 00:31:29,600 --> 00:31:32,320 have a key that works on all the doors 867 00:31:32,320 --> 00:31:34,480 on your floor or all the doors in your 868 00:31:34,480 --> 00:31:38,080 building or all the doors on the site 869 00:31:38,080 --> 00:31:39,760 but let's keep it simple and only look 870 00:31:39,760 --> 00:31:40,720 at 871 00:31:40,720 --> 00:31:42,399 i'll show you an example with just two 872 00:31:42,399 --> 00:31:44,559 locks with two individual keys and one 873 00:31:44,559 --> 00:31:47,039 third key that opens both of them how 874 00:31:47,039 --> 00:31:48,159 does that work 875 00:31:48,159 --> 00:31:51,039 in a traditional system 876 00:31:51,039 --> 00:31:53,200 this is a traditional pin tumbler lock 877 00:31:53,200 --> 00:31:55,360 master key so on the left is alice's 878 00:31:55,360 --> 00:31:56,240 lock 879 00:31:56,240 --> 00:31:58,880 and on the right is andy's lock 880 00:31:58,880 --> 00:32:02,240 and here you see alice's key alice's key 881 00:32:02,240 --> 00:32:05,120 will open alice's lock why because all 882 00:32:05,120 --> 00:32:07,760 the pins are 883 00:32:07,760 --> 00:32:10,000 all the pins 884 00:32:10,000 --> 00:32:11,279 are 885 00:32:11,279 --> 00:32:12,720 here 886 00:32:12,720 --> 00:32:15,360 straight at the shear line 887 00:32:15,360 --> 00:32:17,600 so that works but it doesn't work on 888 00:32:17,600 --> 00:32:19,440 andy's lock because as you can see some 889 00:32:19,440 --> 00:32:21,440 pins are still blocking so alice's key 890 00:32:21,440 --> 00:32:24,480 only works on alice's lock 891 00:32:24,480 --> 00:32:26,720 nd has a different key and here you can 892 00:32:26,720 --> 00:32:28,559 see that andy's key will work on andy's 893 00:32:28,559 --> 00:32:30,799 lock but it does not work on alice's 894 00:32:30,799 --> 00:32:32,000 lock 895 00:32:32,000 --> 00:32:33,840 so far so good 896 00:32:33,840 --> 00:32:35,919 and now comes the special key 897 00:32:35,919 --> 00:32:38,399 the master key or master key or 898 00:32:38,399 --> 00:32:40,720 submaster key or whatever you call it 899 00:32:40,720 --> 00:32:42,640 and this key will open as you can see 900 00:32:42,640 --> 00:32:44,080 both locks 901 00:32:44,080 --> 00:32:45,679 and you've also seen that the way they 902 00:32:45,679 --> 00:32:49,039 do this is by cutting up the pins once 903 00:32:49,039 --> 00:32:51,600 more so you have two possible depths 904 00:32:51,600 --> 00:32:52,880 that will open 905 00:32:52,880 --> 00:32:54,080 that will set that pin to the correct 906 00:32:54,080 --> 00:32:55,360 position while there's two correct 907 00:32:55,360 --> 00:32:57,039 positions 908 00:32:57,039 --> 00:32:58,720 and what's also interesting to note is 909 00:32:58,720 --> 00:33:00,640 that the master key that you see here on 910 00:33:00,640 --> 00:33:02,000 top 911 00:33:02,000 --> 00:33:03,760 in this case in this example differs in 912 00:33:03,760 --> 00:33:05,360 two spots 913 00:33:05,360 --> 00:33:07,600 and the master key always has more 914 00:33:07,600 --> 00:33:10,960 material on it than the individual user 915 00:33:10,960 --> 00:33:12,559 keys 916 00:33:12,559 --> 00:33:13,600 and 917 00:33:13,600 --> 00:33:15,279 if you're a real hacker you will 918 00:33:15,279 --> 00:33:17,279 probably figure this out but the reason 919 00:33:17,279 --> 00:33:20,159 is that if you have the user key you 920 00:33:20,159 --> 00:33:22,720 must not be able to create a mask key by 921 00:33:22,720 --> 00:33:25,600 just filing away a little bit of stuff 922 00:33:25,600 --> 00:33:27,120 so you can create an individual key by 923 00:33:27,120 --> 00:33:28,559 the mask key by filing but that's not 924 00:33:28,559 --> 00:33:30,720 really an attack factor 925 00:33:30,720 --> 00:33:33,200 now if you translate that to 926 00:33:33,200 --> 00:33:35,440 anker then you will see that also there 927 00:33:35,440 --> 00:33:38,720 we have master keying in the pins 928 00:33:38,720 --> 00:33:41,600 so the the the pin in red is a is 929 00:33:41,600 --> 00:33:43,919 actually it's now lying flat but it is a 930 00:33:43,919 --> 00:33:45,679 really thin 931 00:33:45,679 --> 00:33:47,919 spacer and on the right middle right you 932 00:33:47,919 --> 00:33:49,760 see the three different spaces that 933 00:33:49,760 --> 00:33:52,320 exist with the depth of one two or three 934 00:33:52,320 --> 00:33:53,679 and you also see the pins with depth one 935 00:33:53,679 --> 00:33:55,360 two three four so with these you can 936 00:33:55,360 --> 00:33:57,919 make all kinds of combinations 937 00:33:57,919 --> 00:33:59,600 so for this 938 00:33:59,600 --> 00:34:02,080 these pins in this cylinder is part of a 939 00:34:02,080 --> 00:34:04,720 master key system and there is two 940 00:34:04,720 --> 00:34:06,720 bittings that will 941 00:34:06,720 --> 00:34:10,240 match to open the lock 942 00:34:10,719 --> 00:34:12,719 so my naive thought 943 00:34:12,719 --> 00:34:14,399 when i started this was to think well if 944 00:34:14,399 --> 00:34:16,399 i have an existing key so let's get back 945 00:34:16,399 --> 00:34:18,000 to the scenario where we do have a key 946 00:34:18,000 --> 00:34:20,320 for a cylinder and we know it's master 947 00:34:20,320 --> 00:34:21,359 keyed 948 00:34:21,359 --> 00:34:23,199 and i have this key i know it's a user 949 00:34:23,199 --> 00:34:26,079 key so i don't have much access 950 00:34:26,079 --> 00:34:28,000 then well this must be the correct 951 00:34:28,000 --> 00:34:30,480 position also for the 952 00:34:30,480 --> 00:34:33,119 master key because otherwise the i could 953 00:34:33,119 --> 00:34:35,199 file away stuff to get to the master key 954 00:34:35,199 --> 00:34:37,839 which is against our rule and this pin 955 00:34:37,839 --> 00:34:40,000 while the muskie might have one 956 00:34:40,000 --> 00:34:41,359 of three other 957 00:34:41,359 --> 00:34:43,440 uh positions there 958 00:34:43,440 --> 00:34:45,839 and this one and we can try them out so 959 00:34:45,839 --> 00:34:46,719 we 960 00:34:46,719 --> 00:34:47,599 we 961 00:34:47,599 --> 00:34:49,839 create we print three keys 962 00:34:49,839 --> 00:34:52,000 and we can uh just 963 00:34:52,000 --> 00:34:55,359 um alter one of the pin stack positions 964 00:34:55,359 --> 00:34:57,280 so we keep three positions the same and 965 00:34:57,280 --> 00:34:59,359 the other one we can vary 966 00:34:59,359 --> 00:35:00,880 and we make three keys and we test them 967 00:35:00,880 --> 00:35:03,760 all and maybe none of them work 968 00:35:03,760 --> 00:35:05,680 that gives us information 969 00:35:05,680 --> 00:35:07,040 and for the third key there's two more 970 00:35:07,040 --> 00:35:09,359 possibilities and we print them and we 971 00:35:09,359 --> 00:35:11,119 try them out and maybe only one works 972 00:35:11,119 --> 00:35:13,760 and for the last one we print three 973 00:35:13,760 --> 00:35:16,720 and also maybe one works 974 00:35:16,720 --> 00:35:18,880 and naively speaking we would say well 975 00:35:18,880 --> 00:35:20,640 it must be the highest positions for 976 00:35:20,640 --> 00:35:21,760 every 977 00:35:21,760 --> 00:35:25,359 for everyone that must be the master key 978 00:35:25,359 --> 00:35:26,800 and we can print that and hopefully that 979 00:35:26,800 --> 00:35:30,480 will open all of the logs 980 00:35:30,480 --> 00:35:31,839 um 981 00:35:31,839 --> 00:35:35,119 it is actually not true 982 00:35:35,520 --> 00:35:38,160 oh yeah we can't copy these 983 00:35:38,160 --> 00:35:40,640 but you can make these keys try them out 984 00:35:40,640 --> 00:35:42,839 and get information about what 985 00:35:42,839 --> 00:35:45,119 works but what's interesting is that we 986 00:35:45,119 --> 00:35:47,599 do not have just the pins we also have 987 00:35:47,599 --> 00:35:49,040 the magnets and that makes this look 988 00:35:49,040 --> 00:35:50,880 much more interesting 989 00:35:50,880 --> 00:35:52,880 and in the magnets we can also do master 990 00:35:52,880 --> 00:35:54,800 keying because the magnets here you see 991 00:35:54,800 --> 00:35:56,480 the the bottom of the 992 00:35:56,480 --> 00:35:58,079 sorry the sliders the bottom of the 993 00:35:58,079 --> 00:36:00,000 slider you see there's place for two 994 00:36:00,000 --> 00:36:02,000 magnets also in the key we have place 995 00:36:02,000 --> 00:36:03,440 for two magnets 996 00:36:03,440 --> 00:36:05,680 and this we can use for master keying so 997 00:36:05,680 --> 00:36:07,280 we can have a key with a magnet on the 998 00:36:07,280 --> 00:36:08,960 left side and another key with a magnet 999 00:36:08,960 --> 00:36:10,960 on the right side and the slider has 1000 00:36:10,960 --> 00:36:13,599 magnets on both sides 1001 00:36:13,599 --> 00:36:15,680 and that's really cool 1002 00:36:15,680 --> 00:36:18,240 in this lock 1003 00:36:18,800 --> 00:36:20,160 here's a key 1004 00:36:20,160 --> 00:36:22,480 this is a key that's part of a master 1005 00:36:22,480 --> 00:36:24,960 key system this is a user key 1006 00:36:24,960 --> 00:36:26,880 if i have this key i can read out the 1007 00:36:26,880 --> 00:36:29,040 magnets and i already know using my 1008 00:36:29,040 --> 00:36:30,640 little device here 1009 00:36:30,640 --> 00:36:33,040 it will tell me what magnets are in the 1010 00:36:33,040 --> 00:36:35,520 cylinder 1011 00:36:37,200 --> 00:36:38,079 so 1012 00:36:38,079 --> 00:36:39,280 but 1013 00:36:39,280 --> 00:36:40,480 uh when i 1014 00:36:40,480 --> 00:36:42,560 let's go again so i know at least these 1015 00:36:42,560 --> 00:36:44,320 are in the cylinder 1016 00:36:44,320 --> 00:36:47,119 and but what is in the master key 1017 00:36:47,119 --> 00:36:49,680 well what i can do is i can also read 1018 00:36:49,680 --> 00:36:50,880 out 1019 00:36:50,880 --> 00:36:54,000 the magnets in the cylinder in my door 1020 00:36:54,000 --> 00:36:56,240 and maybe i will find find some extra 1021 00:36:56,240 --> 00:36:57,760 magnets that are in the cylinder but 1022 00:36:57,760 --> 00:37:01,440 they do not match anything in my key 1023 00:37:01,440 --> 00:37:04,240 now so that gives information 1024 00:37:04,240 --> 00:37:06,160 so first of all i know that the master 1025 00:37:06,160 --> 00:37:07,520 key 1026 00:37:07,520 --> 00:37:09,920 the master key operates on my door 1027 00:37:09,920 --> 00:37:12,320 so it must have the magnets 1028 00:37:12,320 --> 00:37:13,839 to operate it must have magnets to 1029 00:37:13,839 --> 00:37:16,079 operate each slider 1030 00:37:16,079 --> 00:37:17,520 now there are two sliders the middle 1031 00:37:17,520 --> 00:37:18,640 ones 1032 00:37:18,640 --> 00:37:20,480 that only have one magnet so i know that 1033 00:37:20,480 --> 00:37:22,880 the corresponding magnet must be 1034 00:37:22,880 --> 00:37:25,119 in the master key 1035 00:37:25,119 --> 00:37:28,560 so that is something i know for sure 1036 00:37:30,240 --> 00:37:32,480 now there are also 1037 00:37:32,480 --> 00:37:34,880 magnets that are in the master key 1038 00:37:34,880 --> 00:37:36,720 that i did not find corresponding 1039 00:37:36,720 --> 00:37:38,400 magnets in my key 1040 00:37:38,400 --> 00:37:40,160 but there are in the master in the in 1041 00:37:40,160 --> 00:37:42,880 the oh i said master right i the the 1042 00:37:42,880 --> 00:37:44,480 magnets i found in the cylinder that are 1043 00:37:44,480 --> 00:37:46,320 not matched on the key 1044 00:37:46,320 --> 00:37:47,839 but they must be in the cylinder for a 1045 00:37:47,839 --> 00:37:49,040 reason 1046 00:37:49,040 --> 00:37:50,400 um 1047 00:37:50,400 --> 00:37:52,400 i mean you could frustrate hackers and 1048 00:37:52,400 --> 00:37:54,320 put in magnets that do not do anything 1049 00:37:54,320 --> 00:37:56,400 but i'm pretty sure that's not the case 1050 00:37:56,400 --> 00:37:58,320 so these magnets are there 1051 00:37:58,320 --> 00:38:00,160 they are operated by some other key 1052 00:38:00,160 --> 00:38:01,839 other than mikey so that must be the 1053 00:38:01,839 --> 00:38:03,680 master key so the master key must have 1054 00:38:03,680 --> 00:38:07,359 magnets that operate on the blue 1055 00:38:08,079 --> 00:38:11,119 magnets in the cylinder 1056 00:38:13,359 --> 00:38:15,520 what to do with these sliders 1057 00:38:15,520 --> 00:38:17,520 that have two magnets so i still have 1058 00:38:17,520 --> 00:38:18,640 the 1059 00:38:18,640 --> 00:38:21,040 the north up here and i have the south 1060 00:38:21,040 --> 00:38:23,119 up there 1061 00:38:23,119 --> 00:38:25,119 should we put the corresponding magnets 1062 00:38:25,119 --> 00:38:28,160 on the master key or not 1063 00:38:28,160 --> 00:38:30,320 well i can give you 1064 00:38:30,320 --> 00:38:31,680 an example that shows you that you 1065 00:38:31,680 --> 00:38:32,720 should not 1066 00:38:32,720 --> 00:38:34,240 so let's suppose that so this is the key 1067 00:38:34,240 --> 00:38:35,440 we just saw 1068 00:38:35,440 --> 00:38:38,160 and this is my cylinder 1069 00:38:38,160 --> 00:38:40,079 but we all in this master key system we 1070 00:38:40,079 --> 00:38:41,920 also have a different cylinder cylinder 1071 00:38:41,920 --> 00:38:42,720 b 1072 00:38:42,720 --> 00:38:44,640 with its own key 1073 00:38:44,640 --> 00:38:47,520 key b and if you look closely you will 1074 00:38:47,520 --> 00:38:50,640 see that key a does not open cylinder b 1075 00:38:50,640 --> 00:38:54,000 and key b does not open cylinder a 1076 00:38:54,000 --> 00:38:55,680 because 1077 00:38:55,680 --> 00:38:57,280 here is a south 1078 00:38:57,280 --> 00:38:58,960 matching the north south and here's the 1079 00:38:58,960 --> 00:39:00,640 north 1080 00:39:00,640 --> 00:39:03,680 matching the south north so they cannot 1081 00:39:03,680 --> 00:39:05,839 be mixed 1082 00:39:05,839 --> 00:39:08,079 if the master key would have a 1083 00:39:08,079 --> 00:39:10,640 north south there or south north 1084 00:39:10,640 --> 00:39:13,280 it would not open 1085 00:39:13,280 --> 00:39:14,800 one of the keys 1086 00:39:14,800 --> 00:39:15,920 so 1087 00:39:15,920 --> 00:39:17,440 if we 1088 00:39:17,440 --> 00:39:18,880 go to 1089 00:39:18,880 --> 00:39:20,480 cylinder b 1090 00:39:20,480 --> 00:39:22,480 read out the magnets in the key 1091 00:39:22,480 --> 00:39:24,400 we find out that on the bottom left 1092 00:39:24,400 --> 00:39:26,480 there's a north we know that in the mass 1093 00:39:26,480 --> 00:39:28,079 key there should be no magnet that's 1094 00:39:28,079 --> 00:39:30,000 something we learn 1095 00:39:30,000 --> 00:39:30,800 and 1096 00:39:30,800 --> 00:39:32,880 we also learn by reading out the second 1097 00:39:32,880 --> 00:39:33,920 cylinder 1098 00:39:33,920 --> 00:39:35,839 that it has a magnet that we had not 1099 00:39:35,839 --> 00:39:38,320 seen before there's a on the on the 1100 00:39:38,320 --> 00:39:39,760 second 1101 00:39:39,760 --> 00:39:43,280 slider there's a north on the right 1102 00:39:43,280 --> 00:39:45,520 and again this slider only has one 1103 00:39:45,520 --> 00:39:47,280 magnet 1104 00:39:47,280 --> 00:39:49,760 so the master key must operate that one 1105 00:39:49,760 --> 00:39:52,079 magnet so in the key there must be the 1106 00:39:52,079 --> 00:39:53,760 corresponding 1107 00:39:53,760 --> 00:39:56,320 magnet southward 1108 00:39:56,320 --> 00:39:58,480 and for the one on the top 1109 00:39:58,480 --> 00:40:00,960 top left in the mast key we are not sure 1110 00:40:00,960 --> 00:40:04,560 yet we do not have enough information 1111 00:40:04,560 --> 00:40:05,839 it could be 1112 00:40:05,839 --> 00:40:07,359 that there is no magnet in the master 1113 00:40:07,359 --> 00:40:09,440 key or it could be that there is one but 1114 00:40:09,440 --> 00:40:11,440 if there is one it must be a north south 1115 00:40:11,440 --> 00:40:12,480 one 1116 00:40:12,480 --> 00:40:14,880 to operate on these two cylinders 1117 00:40:14,880 --> 00:40:18,319 so this is a process of 1118 00:40:18,319 --> 00:40:20,240 looking at keys 1119 00:40:20,240 --> 00:40:21,839 measuring the magnets measuring the 1120 00:40:21,839 --> 00:40:23,359 magnets in the cylinder going to a 1121 00:40:23,359 --> 00:40:24,560 different cylinder 1122 00:40:24,560 --> 00:40:26,160 measuring the cylinder to a different 1123 00:40:26,160 --> 00:40:28,960 cylinder and each time you see something 1124 00:40:28,960 --> 00:40:30,640 that you haven't seen before you get 1125 00:40:30,640 --> 00:40:33,200 more information to paint a complete 1126 00:40:33,200 --> 00:40:34,880 picture of what the master key will look 1127 00:40:34,880 --> 00:40:36,079 like 1128 00:40:36,079 --> 00:40:38,880 as far as the magnets go 1129 00:40:38,880 --> 00:40:41,040 and the last one the last magnet well we 1130 00:40:41,040 --> 00:40:42,720 didn't see any magnets neither in the 1131 00:40:42,720 --> 00:40:44,640 key or in the cylinder so we just don't 1132 00:40:44,640 --> 00:40:47,200 know yet 1133 00:40:47,200 --> 00:40:48,960 but you could make a key with these 1134 00:40:48,960 --> 00:40:51,200 magnets and and see if it works as a 1135 00:40:51,200 --> 00:40:52,720 master key 1136 00:40:52,720 --> 00:40:54,319 and 1137 00:40:54,319 --> 00:40:56,000 if it doesn't work you need to read out 1138 00:40:56,000 --> 00:40:58,960 more cylinders 1139 00:41:00,800 --> 00:41:03,520 so getting master key 1140 00:41:03,520 --> 00:41:06,240 well 1141 00:41:06,240 --> 00:41:09,200 the what i said before about filing away 1142 00:41:09,200 --> 00:41:11,200 uh that was a bit naive also in in the 1143 00:41:11,200 --> 00:41:14,160 anchor system because you have both pins 1144 00:41:14,160 --> 00:41:16,000 and magnets 1145 00:41:16,000 --> 00:41:18,079 that means that if you have a key 1146 00:41:18,079 --> 00:41:20,400 that is that could be filed to the 1147 00:41:20,400 --> 00:41:22,720 master key biting that's not an issue if 1148 00:41:22,720 --> 00:41:24,640 the magnets are different because if you 1149 00:41:24,640 --> 00:41:26,640 are an end user and you file away well 1150 00:41:26,640 --> 00:41:28,079 you have you do not have the the 1151 00:41:28,079 --> 00:41:30,800 capabilities to exchange the magnets 1152 00:41:30,800 --> 00:41:33,119 at least i don't i don't have the cnc 1153 00:41:33,119 --> 00:41:35,760 stuff 1154 00:41:35,760 --> 00:41:37,040 um 1155 00:41:37,040 --> 00:41:39,920 so if you take your key to another lock 1156 00:41:39,920 --> 00:41:41,599 and you you wonder if it's the most key 1157 00:41:41,599 --> 00:41:43,440 and it doesn't work well that's a bit of 1158 00:41:43,440 --> 00:41:45,359 an issue you can read out the magnets in 1159 00:41:45,359 --> 00:41:47,040 the cylinder to figure out what the 1160 00:41:47,040 --> 00:41:49,839 correct magnets are but you cannot 1161 00:41:49,839 --> 00:41:52,400 figure out what the correct bidding is 1162 00:41:52,400 --> 00:41:53,920 so what do you need to do what you can 1163 00:41:53,920 --> 00:41:54,640 do 1164 00:41:54,640 --> 00:41:55,839 is to 1165 00:41:55,839 --> 00:41:58,000 check all other possible 1166 00:41:58,000 --> 00:42:00,480 uh biddings 1167 00:42:00,480 --> 00:42:02,480 in the original 1168 00:42:02,480 --> 00:42:04,000 lock so you have the first lock with 1169 00:42:04,000 --> 00:42:05,119 your own key 1170 00:42:05,119 --> 00:42:06,880 and for each pin 1171 00:42:06,880 --> 00:42:09,200 you try the other three possibilities 1172 00:42:09,200 --> 00:42:11,359 and that will give you information about 1173 00:42:11,359 --> 00:42:13,119 all the possibilities that are present 1174 00:42:13,119 --> 00:42:17,200 in the master key for the bidding 1175 00:42:17,200 --> 00:42:18,720 and then you can make a whole lot of 1176 00:42:18,720 --> 00:42:21,839 keys but not 256 but at most 80 1177 00:42:21,839 --> 00:42:24,160 depending on the mastery system and try 1178 00:42:24,160 --> 00:42:26,079 them out and try which fits in the 1179 00:42:26,079 --> 00:42:28,319 second log 1180 00:42:28,319 --> 00:42:30,079 so it's interesting um the more 1181 00:42:30,079 --> 00:42:31,839 cylinders you see and the more cylinders 1182 00:42:31,839 --> 00:42:34,240 you measure 1183 00:42:34,240 --> 00:42:36,319 the better you are able to get the uh 1184 00:42:36,319 --> 00:42:38,880 the master key or as i call it gold mode 1185 00:42:38,880 --> 00:42:41,440 the key to all 1186 00:42:41,440 --> 00:42:43,359 but it's surprisingly hard 1187 00:42:43,359 --> 00:42:45,440 just and the reason is this combination 1188 00:42:45,440 --> 00:42:47,359 of the pins and the magnets so i'm 1189 00:42:47,359 --> 00:42:48,960 actually quite impressed with this 1190 00:42:48,960 --> 00:42:51,599 system that is already 40 years old and 1191 00:42:51,599 --> 00:42:54,880 it still has such a resistance against 1192 00:42:54,880 --> 00:42:56,480 finding out the master key it certainly 1193 00:42:56,480 --> 00:42:58,880 is a lot harder than with regular pin 1194 00:42:58,880 --> 00:43:01,839 terminal locks only 1195 00:43:01,839 --> 00:43:03,599 so let's summarize 1196 00:43:03,599 --> 00:43:05,280 i may even have time for a few questions 1197 00:43:05,280 --> 00:43:07,040 i see which is great 1198 00:43:07,040 --> 00:43:09,119 summarizing here for the people who are 1199 00:43:09,119 --> 00:43:12,160 more visually 1200 00:43:12,160 --> 00:43:14,160 you start if you have a key 1201 00:43:14,160 --> 00:43:15,599 if you don't have a key 1202 00:43:15,599 --> 00:43:16,960 now let's start yeah let's start with 1203 00:43:16,960 --> 00:43:18,560 not having a key you don't have a key 1204 00:43:18,560 --> 00:43:20,160 then you can decode at least the magnets 1205 00:43:20,160 --> 00:43:21,599 in the cylinder so you know which 1206 00:43:21,599 --> 00:43:23,520 magnets are in the key 1207 00:43:23,520 --> 00:43:26,319 then for the pins well either you can 1208 00:43:26,319 --> 00:43:28,079 pick but that's very hard that's why 1209 00:43:28,079 --> 00:43:29,520 it's in light blue i don't think that's 1210 00:43:29,520 --> 00:43:33,119 really a realistic way of doing it 1211 00:43:33,119 --> 00:43:34,880 you could bump i think bumping is quite 1212 00:43:34,880 --> 00:43:37,280 realistic but then you have a one-time 1213 00:43:37,280 --> 00:43:38,880 opening 1214 00:43:38,880 --> 00:43:40,400 if you are able to do impressioning 1215 00:43:40,400 --> 00:43:43,359 which is also very very hard you could 1216 00:43:43,359 --> 00:43:45,839 get a working key so getting a working 1217 00:43:45,839 --> 00:43:47,119 key 1218 00:43:47,119 --> 00:43:48,480 without having one 1219 00:43:48,480 --> 00:43:51,119 at start is very hard but 1220 00:43:51,119 --> 00:43:52,640 opening once 1221 00:43:52,640 --> 00:43:57,119 is for a very determined hacker doable 1222 00:43:57,119 --> 00:43:58,880 if you already have a key an end user 1223 00:43:58,880 --> 00:44:02,000 key a user key then you can decode the 1224 00:44:02,000 --> 00:44:03,760 cylinder and the key gives you more 1225 00:44:03,760 --> 00:44:06,079 information you can duplicate the key 1226 00:44:06,079 --> 00:44:08,560 and if it is master keyed you can try 1227 00:44:08,560 --> 00:44:10,720 with creating a lot of other well with 1228 00:44:10,720 --> 00:44:12,800 the 12 keys find the other bittings and 1229 00:44:12,800 --> 00:44:14,480 then you can go to other 1230 00:44:14,480 --> 00:44:16,319 cylinders read them out 1231 00:44:16,319 --> 00:44:17,280 and 1232 00:44:17,280 --> 00:44:18,960 maybe you need to print quite a lot of 1233 00:44:18,960 --> 00:44:21,520 keys but if you are persistent you will 1234 00:44:21,520 --> 00:44:23,839 be able to in the end find the mast key 1235 00:44:23,839 --> 00:44:27,040 but that is still quite hard 1236 00:44:27,040 --> 00:44:28,400 now there's one thing i didn't really 1237 00:44:28,400 --> 00:44:30,720 discuss which is that if you have opened 1238 00:44:30,720 --> 00:44:32,880 the cylinder once 1239 00:44:32,880 --> 00:44:35,359 what you could also do is open the 1240 00:44:35,359 --> 00:44:36,720 cylinder 1241 00:44:36,720 --> 00:44:38,800 and look at what's inside so you don't 1242 00:44:38,800 --> 00:44:40,640 have to make all the setup keys but you 1243 00:44:40,640 --> 00:44:43,119 just open it up look at the pins and the 1244 00:44:43,119 --> 00:44:44,000 depth 1245 00:44:44,000 --> 00:44:45,680 and you can maybe reassemble it or throw 1246 00:44:45,680 --> 00:44:46,960 it away 1247 00:44:46,960 --> 00:44:48,839 but this is also quite 1248 00:44:48,839 --> 00:44:51,760 hard if you have a cylinder like this 1249 00:44:51,760 --> 00:44:53,760 well at least i'm not able to to 1250 00:44:53,760 --> 00:44:55,520 disassemble this but i'm able to 1251 00:44:55,520 --> 00:44:57,839 disassemble it but i'm not able to then 1252 00:44:57,839 --> 00:44:59,200 reassemble it 1253 00:44:59,200 --> 00:45:00,880 if it would be a half cylinder that is 1254 00:45:00,880 --> 00:45:02,720 doable 1255 00:45:02,720 --> 00:45:05,839 still quite quite hard 1256 00:45:06,960 --> 00:45:08,640 so that's actually where i am with the 1257 00:45:08,640 --> 00:45:10,400 uh investigation it took me quite a lot 1258 00:45:10,400 --> 00:45:12,720 of time i i did have a bit of a risk 1259 00:45:12,720 --> 00:45:14,640 list wish list but i didn't have time 1260 00:45:14,640 --> 00:45:16,839 enough to implement this before 1261 00:45:16,839 --> 00:45:18,400 mch 1262 00:45:18,400 --> 00:45:21,119 so i wanted to build a 1263 00:45:21,119 --> 00:45:23,680 arduino shield where you have 16 hole 1264 00:45:23,680 --> 00:45:25,839 sensors so you can put on a key and get 1265 00:45:25,839 --> 00:45:27,440 a reading immediately for the complete 1266 00:45:27,440 --> 00:45:28,640 key 1267 00:45:28,640 --> 00:45:30,960 but obviously it doesn't really add to 1268 00:45:30,960 --> 00:45:32,720 what i've been saying but 1269 00:45:32,720 --> 00:45:34,560 it's just a nice project to to do 1270 00:45:34,560 --> 00:45:37,359 another pcb and some electronic stuff 1271 00:45:37,359 --> 00:45:39,119 and what also would be really nice is to 1272 00:45:39,119 --> 00:45:41,520 make a device that would read out all 1273 00:45:41,520 --> 00:45:42,480 the 1274 00:45:42,480 --> 00:45:44,720 magnets from a cylinder in one go and i 1275 00:45:44,720 --> 00:45:46,960 did later find out that there are uh 1276 00:45:46,960 --> 00:45:49,599 devices that magnetomaters that are 1277 00:45:49,599 --> 00:45:50,960 suitable for that 1278 00:45:50,960 --> 00:45:52,000 um 1279 00:45:52,000 --> 00:45:56,079 but yeah this is harder to solder and 1280 00:45:56,079 --> 00:45:59,440 i didn't really pursue this yet 1281 00:45:59,440 --> 00:46:00,800 so the conclusion 1282 00:46:00,800 --> 00:46:02,960 with the advent of 3d printers copying 1283 00:46:02,960 --> 00:46:04,960 keys has become much more easy 1284 00:46:04,960 --> 00:46:06,720 for regular 1285 00:46:06,720 --> 00:46:08,160 standard keys 1286 00:46:08,160 --> 00:46:09,920 it's become super easy 1287 00:46:09,920 --> 00:46:10,960 and 1288 00:46:10,960 --> 00:46:12,480 yeah if you show your key to somebody 1289 00:46:12,480 --> 00:46:14,000 and it's a regular key somebody can just 1290 00:46:14,000 --> 00:46:16,640 make a picture of it and make a copy and 1291 00:46:16,640 --> 00:46:18,319 3d print it 1292 00:46:18,319 --> 00:46:20,400 with these it's still a bit more 1293 00:46:20,400 --> 00:46:22,000 complicated with these keys because if 1294 00:46:22,000 --> 00:46:23,359 you have a picture you could see the 1295 00:46:23,359 --> 00:46:25,359 bidding but you can't see the magnets 1296 00:46:25,359 --> 00:46:27,680 but of course if you have the bidding 1297 00:46:27,680 --> 00:46:30,319 you can go to the cylinder it should the 1298 00:46:30,319 --> 00:46:32,079 the key fits in and read out the magnets 1299 00:46:32,079 --> 00:46:34,319 and then you have everything as well so 1300 00:46:34,319 --> 00:46:37,440 you should still always 1301 00:46:37,520 --> 00:46:39,440 keep your keys in your pocket or at 1302 00:46:39,440 --> 00:46:42,319 least non-visible to others 1303 00:46:42,319 --> 00:46:44,240 but the attacks are also in this law 1304 00:46:44,240 --> 00:46:46,000 quite difficult because there is such a 1305 00:46:46,000 --> 00:46:49,040 constrained space 1306 00:46:49,599 --> 00:46:51,200 find the grand master key i thought it 1307 00:46:51,200 --> 00:46:52,960 was it would be quite easy but in the 1308 00:46:52,960 --> 00:46:55,040 end it is quite complicated 1309 00:46:55,040 --> 00:46:58,000 much more than with conventional locks 1310 00:46:58,000 --> 00:46:59,359 and please do not test stuff on 1311 00:46:59,359 --> 00:47:01,440 cylinders that you that are not yours or 1312 00:47:01,440 --> 00:47:03,119 that you do not use 1313 00:47:03,119 --> 00:47:05,119 and in the end i would really spend like 1314 00:47:05,119 --> 00:47:07,280 to spend a minute on 1315 00:47:07,280 --> 00:47:08,720 hiro who has helped me out quite a lot a 1316 00:47:08,720 --> 00:47:11,040 colleague of mine but also ankerslaught 1317 00:47:11,040 --> 00:47:12,960 so in the process of responsible 1318 00:47:12,960 --> 00:47:14,800 disclosure i talked to ancelott a while 1319 00:47:14,800 --> 00:47:16,240 ago saying that i was going to do a 1320 00:47:16,240 --> 00:47:18,400 presentation and i wanted to hear their 1321 00:47:18,400 --> 00:47:20,400 thoughts about it and they were really 1322 00:47:20,400 --> 00:47:22,559 super about it so the lead developer 1323 00:47:22,559 --> 00:47:24,480 invited me to the factory in amsterday 1324 00:47:24,480 --> 00:47:26,800 he showed me around he talked about this 1325 00:47:26,800 --> 00:47:29,119 he knew about these things 1326 00:47:29,119 --> 00:47:30,800 and he was really a great sports about 1327 00:47:30,800 --> 00:47:33,040 it so i would like to if he's watching i 1328 00:47:33,040 --> 00:47:36,000 would like to thank him very much 1329 00:47:36,000 --> 00:47:38,000 and in the end i would like to thank you 1330 00:47:38,000 --> 00:47:40,079 for spending your time to being here 1331 00:47:40,079 --> 00:47:43,960 with me tonight thank you very much 1332 00:47:43,960 --> 00:47:53,440 [Applause] 1333 00:47:53,440 --> 00:47:55,280 thank you we've probably got time for 1334 00:47:55,280 --> 00:47:57,920 maybe one or two questions um if 1335 00:47:57,920 --> 00:48:00,640 anyone's got any 1336 00:48:01,119 --> 00:48:02,960 oh i've got one quickly 1337 00:48:02,960 --> 00:48:04,400 could you 1338 00:48:04,400 --> 00:48:06,640 could you've used electromagnets um 1339 00:48:06,640 --> 00:48:08,720 instead of putting magnets in 1340 00:48:08,720 --> 00:48:11,520 i i i have contemplated electromagnets 1341 00:48:11,520 --> 00:48:13,280 but it was too much of a hassle to fight 1342 00:48:13,280 --> 00:48:15,599 to make or find electromagnets and do it 1343 00:48:15,599 --> 00:48:16,640 and 1344 00:48:16,640 --> 00:48:18,240 yeah it would be very interesting 1345 00:48:18,240 --> 00:48:19,599 because you could make a sort of setup 1346 00:48:19,599 --> 00:48:21,680 key and maybe flip through all the 1347 00:48:21,680 --> 00:48:23,040 possibilities and do a brute force 1348 00:48:23,040 --> 00:48:24,720 attack or just 1349 00:48:24,720 --> 00:48:26,960 click and you have the key 1350 00:48:26,960 --> 00:48:28,960 but it would be just too hard for this 1351 00:48:28,960 --> 00:48:31,040 project to actually make i'm already 1352 00:48:31,040 --> 00:48:32,640 very happy with the result i have so far 1353 00:48:32,640 --> 00:48:35,200 i spent a lot of times in on it and i 1354 00:48:35,200 --> 00:48:36,720 learned a bunch of stuff about a lot of 1355 00:48:36,720 --> 00:48:38,160 things and 1356 00:48:38,160 --> 00:48:40,319 that's where it ends for me now okay no 1357 00:48:40,319 --> 00:48:41,680 super thanks 1358 00:48:41,680 --> 00:48:42,800 does anyone else have any other 1359 00:48:42,800 --> 00:48:47,160 questions oh we've got one here 1360 00:48:49,359 --> 00:48:51,200 since you've talked to a anchor as an 1361 00:48:51,200 --> 00:48:53,920 ethical hacker is there a recommendation 1362 00:48:53,920 --> 00:48:56,559 you have for for them to improve their 1363 00:48:56,559 --> 00:48:58,000 locks so it's 1364 00:48:58,000 --> 00:49:00,800 even harder to pick 1365 00:49:00,800 --> 00:49:02,720 well they're already i would say big 1366 00:49:02,720 --> 00:49:05,599 proof i mean for uh for 1367 00:49:05,599 --> 00:49:07,839 for a company that buys a lock that that 1368 00:49:07,839 --> 00:49:11,520 that wants to deter uh burglars 1369 00:49:11,520 --> 00:49:14,800 this is secure enough this is fine 1370 00:49:14,800 --> 00:49:16,079 and they're still selling these 1371 00:49:16,079 --> 00:49:17,680 cylinders and they sell quite well i 1372 00:49:17,680 --> 00:49:19,040 believe but of course they're also 1373 00:49:19,040 --> 00:49:20,400 working on new ideas so i talked to the 1374 00:49:20,400 --> 00:49:22,559 developer they also put magnets in their 1375 00:49:22,559 --> 00:49:24,079 standard line they have an infinity line 1376 00:49:24,079 --> 00:49:26,400 that also has a magnet and they're also 1377 00:49:26,400 --> 00:49:27,920 making some they are actually making 1378 00:49:27,920 --> 00:49:29,760 some improvements to this specific 1379 00:49:29,760 --> 00:49:31,599 cylinder so yeah there's still a bit of 1380 00:49:31,599 --> 00:49:34,000 development going on there 1381 00:49:34,000 --> 00:49:36,079 but otherwise yeah i think this 1382 00:49:36,079 --> 00:49:38,079 you should also not change too much on 1383 00:49:38,079 --> 00:49:40,240 the design to prevent introducing other 1384 00:49:40,240 --> 00:49:41,200 flaws 1385 00:49:41,200 --> 00:49:42,960 so maybe they they will come up with a 1386 00:49:42,960 --> 00:49:45,839 completely new design 1387 00:49:46,319 --> 00:49:47,200 okay 1388 00:49:47,200 --> 00:49:48,079 great 1389 00:49:48,079 --> 00:49:50,400 well thank you very much indeed for 1390 00:49:50,400 --> 00:49:54,760 explaining that to us it's fascinating 1391 00:49:59,920 --> 00:50:02,000 you