32c3 talk on restricted key replication
Posted: Fri Jan 08, 2016 3:08 pmSo if you’re like me and you couldn’t make it to Hamburg this year for the annual Chaos Computer Congress then you might have crawled into a little crevice to hide and watch many of the — as usual — great talks that the CCC media team put up almost immediately. >_<
I’m not coming out of my comfy crevice quite yet (moar talks left!) but I figured I’d highlight the lock-related talk from this year, which took everything I was thinking of possibly exploring in the realm of 3D printing and keys in the coming year, and then upped the ante to a whole new level.
tl;dr: two dudes from the Uni of Michigan (Eric Wustrow, Ben Burgess) tested various 3D printing materials for the purpose of producing keys and key blanks; experimented with 3D-modelling keys in AutoCAD and then by hand in OpenSCAD; then automating the generation of key models for any given set of cuts using the OpenSCAD file + some scripting; and then, wrote a webapp that, when given a head-on photo of a pin-tumbler lock + some image thresholding to approximate the profile of a key, which, with some more scripting and OpenSCAD provides ready-to-print 3D printer files, with success. WTF. Waaaay cool.
See https://keysforge.com/
Go watch the video on https://media.ccc.de/v/32c3-7435-replication_prohibited (MP4s, WEBMs, as direct dls, or via official torrents listed on-site). (Talk is in English.)
Code is published on GitHub: https://github.com/ewust/keys
I had an inkling that automation of some kind like this was possible — when I was contemplating using OpenSCAD myself I certainly realised it would be possible to automate the generation of a key with any given cuts once the blank was defined, given the cut depths and offsets would be scriptable — but the work on generating a blank based on just a photo of the keyway is impressive.
My take-way: as 3D printing proliferates, this makes lock systems that rely strongly on good key control much more susceptible to impressioning and bump attacks, as blanks can now be generated fairly easily. I also like how the info-gathering part of this process (snapping a pic with your mobile of a keyway in order to then generate blanks) could be achieved with a similarly low level of suspicion as slowly performing an impressioning attack (little-by-little over successive days, for example).
I’m not coming out of my comfy crevice quite yet (moar talks left!) but I figured I’d highlight the lock-related talk from this year, which took everything I was thinking of possibly exploring in the realm of 3D printing and keys in the coming year, and then upped the ante to a whole new level.
tl;dr: two dudes from the Uni of Michigan (Eric Wustrow, Ben Burgess) tested various 3D printing materials for the purpose of producing keys and key blanks; experimented with 3D-modelling keys in AutoCAD and then by hand in OpenSCAD; then automating the generation of key models for any given set of cuts using the OpenSCAD file + some scripting; and then, wrote a webapp that, when given a head-on photo of a pin-tumbler lock + some image thresholding to approximate the profile of a key, which, with some more scripting and OpenSCAD provides ready-to-print 3D printer files, with success. WTF. Waaaay cool.
See https://keysforge.com/
Go watch the video on https://media.ccc.de/v/32c3-7435-replication_prohibited (MP4s, WEBMs, as direct dls, or via official torrents listed on-site). (Talk is in English.)
Code is published on GitHub: https://github.com/ewust/keys
I had an inkling that automation of some kind like this was possible — when I was contemplating using OpenSCAD myself I certainly realised it would be possible to automate the generation of a key with any given cuts once the blank was defined, given the cut depths and offsets would be scriptable — but the work on generating a blank based on just a photo of the keyway is impressive.
My take-way: as 3D printing proliferates, this makes lock systems that rely strongly on good key control much more susceptible to impressioning and bump attacks, as blanks can now be generated fairly easily. I also like how the info-gathering part of this process (snapping a pic with your mobile of a keyway in order to then generate blanks) could be achieved with a similarly low level of suspicion as slowly performing an impressioning attack (little-by-little over successive days, for example).