FAQ  •  My feedback  •  Feedback
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

Bypassing Electronic Safe locks

<<

Daggers

User avatar

Active Member

Posts: 585

Joined: Thu Jan 12, 2012 12:33 am

Location: Florida, US

Post Mon Apr 07, 2014 12:45 pm

Re: Bypassing Electronic Safe locks

mdc5150 wrote:Cheap electronic safe locks can often be bypassed and more often than not in less than a minute. Some of the better locks though will leave you having to drill.

Locks like Amsec and S&G will lock you out after three incorrect combo attempts. There is a 15 minute lockout time and any button pressed in that time resets the timer.


Do you know how to bypass the Amsec's and S&G's?
<<

mdc5150

User avatar

Contributor
Contributor

Posts: 1050

Joined: Tue Jan 25, 2011 4:35 am

Location: Arizona

Post Mon Apr 07, 2014 1:11 pm

Re: Bypassing Electronic Safe locks

Daggers wrote:
mdc5150 wrote:Cheap electronic safe locks can often be bypassed and more often than not in less than a minute. Some of the better locks though will leave you having to drill.

Locks like Amsec and S&G will lock you out after three incorrect combo attempts. There is a 15 minute lockout time and any button pressed in that time resets the timer.


Do you know how to bypass the Amsec's and S&G's?


I do not know of any bypasses for those. I am still learning a lot about safe openings though and have had to drill a couple of the S&G locks. It all boils down to knowing where to drill.
<<

jones

I've Been Banned!!
I've Been Banned!!

Posts: 326

Joined: Tue Apr 08, 2014 11:40 pm

Location: AZ, USA

Post Thu Jun 19, 2014 5:38 am

Re: Bypassing Electronic Safe locks

Daggers wrote:
mdc5150 wrote:Cheap electronic safe locks can often be bypassed and more often than not in less than a minute. Some of the better locks though will leave you having to drill.

Locks like Amsec and S&G will lock you out after three incorrect combo attempts. There is a 15 minute lockout time and any button pressed in that time resets the timer.


Do you know how to bypass the Amsec's and S&G's?


Amsec bypass is easy, once you have registered your company with them. They will give you a series of code to enter into the lock, if the safe hasn't received it's dedicated combo it will reset to it's original factory setting. Some of the easiest money I have made opening safes except for the batteries :hbg: Some distributors will be happy to help with lost combos on safes they stock.
<<

Simon Dog

Newbie

Posts: 1

Joined: Sun Feb 11, 2018 10:57 pm

Post Sun Feb 11, 2018 11:04 pm

Re: Bypassing Electronic Safe locks

Most of the consumer/commercial grade electronic safe locks "leak" information via such things as very subtle differences in current draw, time to beep, etc.depending on the validity of an entered digit. Taylor Security sells an interesting gadget (The "Phoenix'") for aboout $3000 that uses this leakage to open these in about 15 minutes for $3000. I asked the regional S&G salesman if the claim that this will open an S&G Titan without the combination in 15 minutes and the answer was "Yes, you are very likely to run into a crook with one of those tools".

With the development of the Phoenix, I am surprised that these locks have been able to keep their UL Group I rating.

The exceptions are the GSA rated locks like the Kaba Mas -## series and the S&G 2740B.
<<

MartinHewitt

User avatar

Active Member

Posts: 654

Joined: Sat Nov 26, 2016 6:19 pm

Location: Germany

Post Mon Feb 12, 2018 1:02 am

Re: Bypassing Electronic Safe locks

I guess this is due to commercial interests. The cost of certification should be low. In Europe I think it costs 1500 to 3000 Euro. That's not enough to analyse and attack an electronic lock in the way of the Phoenix tool. If something is certified then cancelling that would be a statement of error in the certification process. And perhaps it is a weak spot in the test specification. In the European lock standard there is a building specification for key locks which removes the need for an attack test, when the manufacturer implemented it. Unfortunately the building specification does not guarantee a lock which can resist picking for 15 minutes as required for level A. One could try to change the building specification so the result will be a lock resisting picking for 15 minutes. Or one can keep the building specification and adjust the target resistance. This has been done in the new standard draft. Level A locks are only required to resist picking for 5 minutes. These type of locks are good for safes with an insured value of 100000 Euro in Germany.
In case you wonder ... Martin Hewitt is a fictional detective in stories by Arthur Morrison:
Martin Hewitt, Investigator Chronicles of Martin Hewitt
<<

Patrick Star

User avatar

Active Member

Posts: 254

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Mon Feb 12, 2018 7:00 pm

Re: Bypassing Electronic Safe locks

Sidechannel analysis (like measuring power draw or timing) isn't exactly a new concept - it's probably most well known for being used to attack smartcards (lots of not-extremely-technical people have even done it - think pirate satellite TV).
I'm surprised even many supposedly "good" locks aren't protected against it. Or maybe I shouldn't be too surprised, considering the average level of computer security when it comes to electronic access control...

IMHO, the big problem with relying purely on electronic locks is that it's very hard for the end-user to evaluate the security. With mechanical locks, you can open them up and at least be sure that they aren't backdoored and that the basic security features are there.
For people with advanced threat models I'd even consider electronic locks almost useless now that intelligence agencies regularly intercept hardware in shipping and backdoor it.
<<

MartinHewitt

User avatar

Active Member

Posts: 654

Joined: Sat Nov 26, 2016 6:19 pm

Location: Germany

Post Mon Feb 12, 2018 7:50 pm

Re: Bypassing Electronic Safe locks

Certification of safe lock: 3000 Euro
Certification of smart card: 300000 Euro
In case you wonder ... Martin Hewitt is a fictional detective in stories by Arthur Morrison:
Martin Hewitt, Investigator Chronicles of Martin Hewitt
<<

Patrick Star

User avatar

Active Member

Posts: 254

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Sun Feb 18, 2018 1:11 am

Re: Bypassing Electronic Safe locks

Is it really just 3000 EUR? Getting an alarm transmitter certified here sets you back around 30000 EUR, and that's not exactly rocket science (sending small messages over a network connection is pretty much a solved problem in the world of computers :D ).
And then they often fail miserably and certify utterly unreliable junk and/or things with severe security vulnerabilities... sigh.
<<

MartinHewitt

User avatar

Active Member

Posts: 654

Joined: Sat Nov 26, 2016 6:19 pm

Location: Germany

Post Sun Feb 18, 2018 9:39 am

Re: Bypassing Electronic Safe locks

See page 4:
http://www.ecb-s.com/_data/gbo_ecbs_01.2018_e.pdf

Actually it is 300000 Euro just for the smart card software. For the smart card hardware itself it is another probably 500000 Euro.
In case you wonder ... Martin Hewitt is a fictional detective in stories by Arthur Morrison:
Martin Hewitt, Investigator Chronicles of Martin Hewitt
Previous

Return to Bypassing

Who is online

Users browsing this forum: CommonCrawl [Bot]

Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware