FAQ  •  Register  •  Login
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

32c3 talk on restricted key replication

<<

aeporia

User avatar

Familiar Face

Posts: 130

Joined: Sun Jul 05, 2015 2:41 am

Location: Australia

Post Fri Jan 08, 2016 3:08 pm

32c3 talk on restricted key replication

So if you’re like me and you couldn’t make it to Hamburg this year for the annual Chaos Computer Congress then you might have crawled into a little crevice to hide and watch many of the — as usual — great talks that the CCC media team put up almost immediately. >_<

I’m not coming out of my comfy crevice quite yet (moar talks left!) but I figured I’d highlight the lock-related talk from this year, which took everything I was thinking of possibly exploring in the realm of 3D printing and keys in the coming year, and then upped the ante to a whole new level.

tl;dr: two dudes from the Uni of Michigan (Eric Wustrow, Ben Burgess) tested various 3D printing materials for the purpose of producing keys and key blanks; experimented with 3D-modelling keys in AutoCAD and then by hand in OpenSCAD; then automating the generation of key models for any given set of cuts using the OpenSCAD file + some scripting; and then, wrote a webapp that, when given a head-on photo of a pin-tumbler lock + some image thresholding to approximate the profile of a key, which, with some more scripting and OpenSCAD provides ready-to-print 3D printer files, with success. WTF. Waaaay cool.

See https://keysforge.com/

Go watch the video on https://media.ccc.de/v/32c3-7435-replication_prohibited (MP4s, WEBMs, as direct dls, or via official torrents listed on-site). (Talk is in English.)

Code is published on GitHub: https://github.com/ewust/keys

I had an inkling that automation of some kind like this was possible — when I was contemplating using OpenSCAD myself I certainly realised it would be possible to automate the generation of a key with any given cuts once the blank was defined, given the cut depths and offsets would be scriptable — but the work on generating a blank based on just a photo of the keyway is impressive.

My take-way: as 3D printing proliferates, this makes lock systems that rely strongly on good key control much more susceptible to impressioning and bump attacks, as blanks can now be generated fairly easily. I also like how the info-gathering part of this process (snapping a pic with your mobile of a keyway in order to then generate blanks) could be achieved with a similarly low level of suspicion as slowly performing an impressioning attack (little-by-little over successive days, for example).
<<

aeporia

User avatar

Familiar Face

Posts: 130

Joined: Sun Jul 05, 2015 2:41 am

Location: Australia

Post Fri Jan 08, 2016 3:09 pm

Re: 32c3 talk on restricted key replication

Ohyea, and they have an accompanying paper on all this too: https://keysforge.com/paper.html
<<

Papa Gleb

User avatar

Contributor
Contributor

Posts: 1108

Joined: Fri Sep 05, 2014 11:10 am

Location: Brooklyn, NY

Post Fri Jan 08, 2016 5:40 pm

Re: 32c3 talk on restricted key replication

Damn that impressive and scary BUT how many burglers know code or have money for a CNC or even a 3D printer. Granted a Dremel printer is like what $200 or that range. Or maybe Im thinking on a small residencial scale and speaking of a huge corporation in which a laid off employee may want to destroy something then this can be very dangerous.
<<

aeporia

User avatar

Familiar Face

Posts: 130

Joined: Sun Jul 05, 2015 2:41 am

Location: Australia

Post Fri Jan 08, 2016 10:34 pm

Re: 32c3 talk on restricted key replication

At this stage, they no longer need to know how to code, but I agree with your sentiments (as I read them?): I wouldn’t readily add this as a prime technology within my regular burglary threat modelling.

Insider attackers are another altogether, given they almost by definition come from a position that provides/provided higher privileges than a member of the public, e.g. a lower-privilege key within a larger mastered system, from which certain attacks are already a possibility (as noted in the talk, iirc, Matt Blaze’s attack).

Buuuuuh — exciting stuff! (:

Return to Key Making

Who is online

Users browsing this forum: No registered users

Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware