FAQ  •  Register  •  Login
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

Electronic Lock - Torn Down and "Manipulated"

<<

escapenrv

Familiar Face

Posts: 209

Joined: Sat Jul 19, 2014 9:13 am

Location: Florida and NC in USA

Post Sat Mar 21, 2015 2:23 pm

Re: Electronic Lock - Torn Down and "Manipulated"

Nice work. makes me want to get out my old logic probe and see what I can get into. I have not done a lot of that since my KIM-1 days. (Yes, I am old.)
Puzzles are always neat to my way of thinking. Keep up the good work......

Steve
<<

rohare

Familiar Face

Posts: 34

Joined: Sat Sep 21, 2013 8:56 pm

Location: Los Angeles, CA

Post Sun Mar 22, 2015 1:18 pm

Re: Electronic Lock - Torn Down and "Manipulated"

escapenrv wrote:Nice work. makes me want to get out my old logic probe and see what I can get into. I have not done a lot of that since my KIM-1 days. (Yes, I am old.)
Puzzles are always neat to my way of thinking. Keep up the good work......

Steve


Sweet. I had to look it up, but the KIM-1 was a nice piece of work. And the day after I read up on it, Chuck Peddle, one of the lead designers of the KIM-1 did a really interesting interview. Check out http://www.theamphour.com/241-an-interv ... oryphaeus/ for some nostalgia.
<<

mbpick34

User avatar

Familiar Face

Posts: 146

Joined: Sun Jun 13, 2010 6:55 am

Location: Norway

Post Wed Aug 03, 2016 12:13 pm

Re: Electronic Lock - Torn Down and "Manipulated"

Most of these cheap electronic "safes" ship with BJ8P153 micro controller.
<<

madsamurai

User avatar

Active Member

Posts: 368

Joined: Tue Jan 03, 2017 10:13 pm

Location: Germantown, Ohio

Post Tue Jun 06, 2017 6:47 pm

Re: Electronic Lock - Torn Down and "Manipulated"

Agree with Jaakko... I can think of quite a few very good reasons to go with a mechanical dial over an electronic lock unless you're in a situation where multiple people need access and combinations need to be changed frequently, like a business. I would agree that some high-end electronic locks may be more secure than many mechanical dial locks, but the electronic locks currently sold in the majority of consumer-level safes right now are not those locks. There's almost no security advantage and a whole lot more potential for failure of at least one part within the first few years... If the chinese solenoid actuator fails, you're SOL and looking for a guy with a drill... the bubble-buttons on the face crack within a few years, sooner if it's in your garage or basement... the wire can get cut or broken, especially on elocks with removable faces, and that's potentially also a drill-remedied problem. I also learned today there are override codes that sales reps have access to (we had a big-brand rep in today to open one of our safes where a customer had changed the combo on us) that will open a particular brand or model... that kinda surprised me, I expected a hardware tool would be needed.

Anyway, a good group 2M or even group 1 mechanical lock is probably going to cost roughly the same, will keep out all but the very best manipulators (and likely take them hours), and should easily last 30 years plus without issue. Unless you're in a business situation and need to manage or log employee access, or you have some physical problem that keeps you from being able to turn a dial, I have yet to hear a legitimate good reason to go digital over mechanical.
<<

TeamStarlet

Familiar Face

Posts: 26

Joined: Tue Dec 17, 2013 9:18 am

Location: Boston, MA.

Post Fri Oct 11, 2019 10:56 am

Re: Electronic Lock - Torn Down and "Manipulated"

Sorry for Grave Robbing this old thread!

Not sure if you're still working on this but I've got quite a bit of experience with reverse engineering complicated electronic locks so feel free to hit me up with any questions!

There is some simple code that will enable to you connect some probes to the pins on the EEPROM and read all the data. Unless there is read-protection enabled or other anti-tamper measures you should be able to dump the entire contents.

A small logic analyzer like this will also allow you to read exactly what is being transmitted in real time and the software will even decode the SPI and I2C protocols on the fly.
<<

10ringo10

User avatar

Prolific Poster

Posts: 1357

Joined: Fri May 14, 2010 11:45 am

Location: EUROPE

Post Tue Oct 15, 2019 6:34 am

Re: Electronic Lock - Torn Down and "Manipulated"

TeamStarlet wrote:Sorry for Grave Robbing this old thread!

Not sure if you're still working on this but I've got quite a bit of experience with reverse engineering complicated electronic locks so feel free to hit me up with any questions!

There is some simple code that will enable to you connect some probes to the pins on the EEPROM and read all the data. Unless there is read-protection enabled or other anti-tamper measures you should be able to dump the entire contents.

A small logic analyzer like this will also allow you to read exactly what is being transmitted in real time and the software will even decode the SPI and I2C protocols on the fly.


Sounds cool and not that far fetched - chip after all said and done ... Any dump or address photo post them up !

thanks for sharing.... anymore info on this moving forward is appreciated
<<

Werewolf

Familiar Face

Posts: 234

Joined: Sat Jun 11, 2011 4:00 am

Location: Belgium

Post Sun Oct 20, 2019 2:04 pm

Re: Electronic Lock - Torn Down and "Manipulated"

TeamStarlet wrote:A small logic analyzer like this will also allow you to read exactly what is being transmitted in real time and the software will even decode the SPI and I2C protocols on the fly.


Thanks for the tip.
Why didn't i think of that ? It make so much sense.
Earlier this year, i've been probing a Burg Wachter Secutronic with a logic analyzer. I hooked it up between the keypad and the lock.
But i kind of put it aside after i couldn't get the Manchester encoding to work with zero to little effort. Haven't went back to it since.

I never tought of reading the on board EEPROM.
So, armed with this knowledge i spend this afternoon reading EEPROMS from secutronic safes. I have a few, different generations, lying around.

Long story short: i can now recover the code if i can access the EEPROM (it's on the inside of the safe).

*edit: after looking around for a short while, i found a Manchester decoder for my software. Looks like many sleepless nights ahead.

**Placeholder for pics and download links**
"Who are you and how did you get in here ?"
"I'm the locksmith , and i'm a locksmith"
Previous

Return to Safes, Strongboxes & Combination Locks

Who is online

Users browsing this forum: No registered users

cron
Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware