FAQ  •  My feedback  •  Feedback
UKLockpickers.co.uk Lockpicking supplies such as Lockpicks, tools, and more! COMMANDOLOCK.COM Military grade padlock systems lockpickshop.com A source for lockpicking supplies such as lockpicks, locksmith tools, and more!

MCS Pick??

<<

G-lock

Newbie

Posts: 7

Joined: Wed Dec 14, 2016 3:21 pm

Location: Michigan

Post Tue Mar 28, 2017 6:05 am

Re: MCS Pick??

Congratulations thats a impressive pick. Im still kinda new here so please dont be offended but i have a few questions, feel free to not answer any or all of them if there are secrets that you do not want to reveal.
1) how is it possible to manipulate the rotors through the wall of the plug with what looked like a hook?
2)i also have quite a few gen 1 evva mcs euro cylinders & the one i gutted on LP101 has different rotors in it & it is impossible to insert the key with the rotors exposed or they will fly out. Yours are obviously different. Any idea why?
3) this is where im completely stumped, on my mcs locks the rotors will not stay where there put if you spin them. The magnets in them are attracted to something in the plug so if you were to manipulate 1 of them, when you move your tool it would not stay where you put it & spin back to where it was before you moved it. So you would need to manipulate possibly all 8 rotors at once or find a way to keep them in place while you let off tension to spin them 1 at a time. Do your mcs locks not do this? Or did you figure out a way to beat it?
<<

Patrick Star

User avatar

Familiar Face

Posts: 208

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Tue Mar 28, 2017 9:44 am

Re: MCS Pick??

If this attack actually works in the wild on reasonably current MCS's you should perhaps consider filing for a patent, if you can find someone to bankroll it (the lawyers to write the patent are expensive, and you need to be prepared to defend it in court if challenged).
AFAIK you have 1 year from publication to file.

Still impressive if not though!

G-lock: As to your question 1), obviously the tip is magnetic. Probably he just used an existing pick handle/shaft and stuck a small magnet to the tip, or similar. You can see how he's using a strip of metal to shield the magnets on one side while manipulating rotors on the other. Note also that he's turning the pick over.

As to the rest of the questions, maybe someone who actually knows MCS well (I don't) could elucidate the different generations/versions?
The ones I've seen have the gates on little plastic discs that aren't on a central spindle. I have a vague memory the speculation was that this prevented some vibration attack against the earlier ones?


By the way, is it just me who is a bit disappointed in EVVA? The oh-so-great key control turns out to be not-so-great... a bunch of guys on Keypicking can produce keys to code with a bunch of magnets and piano wire. Very good guys admittedly :) but AFAIK doing the same for say Protec or even the 3KS still requires a sizable budget for toys, and while you can produce copies of them by molding being able to do it to code is far worse since it lets you do a Dayton attack on master key systems.
Then this, which could very well put it below good 25 year old safe lock in terms of time required to NDE without a key. Even if it turns out not to work on newer locks, it still shows that the operating principle in no way makes it immune from the good old Hobbs principle.
<<

G-lock

Newbie

Posts: 7

Joined: Wed Dec 14, 2016 3:21 pm

Location: Michigan

Post Tue Mar 28, 2017 12:22 pm

Re: MCS Pick??

Patrick Star wrote:G-lock: As to your question 1), obviously the tip is magnetic. Probably he just used an existing pick handle/shaft and stuck a small magnet to the tip, or similar. You can see how he's using a strip of metal to shield the magnets on one side while manipulating rotors on the other. Note also that he's turning the pick over.

I see the magnet now. Im not sure if this method will work on the gen 1 mcs locks with plastic rotors because the rotors dont stay put after you set them at least not on the one i gutted. I have quite a few gen 1 mcs euros. If the OP wants to try the technique on the other type it could be arranged for nothing but shipping costs?
<<

droshi

Familiar Face

Posts: 48

Joined: Wed Oct 19, 2016 2:37 pm

Post Tue Mar 28, 2017 2:31 pm

Re: MCS Pick??

G-lock wrote:Congratulations thats a impressive pick. Im still kinda new here so please dont be offended but i have a few questions, feel free to not answer any or all of them if there are secrets that you do not want to reveal.
1) how is it possible to manipulate the rotors through the wall of the plug with what looked like a hook?
2)i also have quite a few gen 1 evva mcs euro cylinders & the one i gutted on LP101 has different rotors in it & it is impossible to insert the key with the rotors exposed or they will fly out. Yours are obviously different. Any idea why?
3) this is where im completely stumped, on my mcs locks the rotors will not stay where there put if you spin them. The magnets in them are attracted to something in the plug so if you were to manipulate 1 of them, when you move your tool it would not stay where you put it & spin back to where it was before you moved it. So you would need to manipulate possibly all 8 rotors at once or find a way to keep them in place while you let off tension to spin them 1 at a time. Do your mcs locks not do this? Or did you figure out a way to beat it?

1) yes the tool itself has a magnet on it, otherwise manipulating the rotors would be impossible
2) I'm not sure on your lock, but if I do insert the key forcefully they can jump out. I only have this lock for now, but I'm getting a gen 2
3) I figured out a way to not only isolate the rotor, but figure out which is binding and only work on that one. It does take some time to try different positions, otherwise it would just be open in a couple minutes, this is still a great lock IMO

Patrick Star wrote:If this attack actually works in the wild on reasonably current MCS's you should perhaps consider filing for a patent, if you can find someone to bankroll it (the lawyers to write the patent are expensive, and you need to be prepared to defend it in court if challenged).
AFAIK you have 1 year from publication to file.


I'm up for the challenge to try a lock in the wild for anyone interested in purchasing a patent haha! With my current skill level and only working on a single lock with master keying, I don't know how long it would take, but I'm certain I can eventually open it. This is inclusive of the gen 2 MCS as huxley noted it can also be opened.

Patrick Star wrote:By the way, is it just me who is a bit disappointed in EVVA? The oh-so-great key control turns out to be not-so-great... a bunch of guys on Keypicking can produce keys to code with a bunch of magnets and piano wire. Very good guys admittedly :) but AFAIK doing the same for say Protec or even the 3KS still requires a sizable budget for toys, and while you can produce copies of them by molding being able to do it to code is far worse since it lets you do a Dayton attack on master key systems.
Then this, which could very well put it below good 25 year old safe lock in terms of time required to NDE without a key. Even if it turns out not to work on newer locks, it still shows that the operating principle in no way makes it immune from the good old Hobbs principle.


I'm not too disappointed in this lock, it's still a VERY good mechanical lock. No mechanical lock is impervious, and eventually any other un-pickable lock will be picked by someone.

Tooling is not super complex with my method as you see, but an integrated tool could be made to make everything easier and faster rather than just doing it free-hand as seen. Some of the above CAD mockups look great :)
<<

droshi

Familiar Face

Posts: 48

Joined: Wed Oct 19, 2016 2:37 pm

Post Tue Mar 28, 2017 2:32 pm

Re: MCS Pick??

G-lock wrote:
Patrick Star wrote:G-lock: As to your question 1), obviously the tip is magnetic. Probably he just used an existing pick handle/shaft and stuck a small magnet to the tip, or similar. You can see how he's using a strip of metal to shield the magnets on one side while manipulating rotors on the other. Note also that he's turning the pick over.

I see the magnet now. Im not sure if this method will work on the gen 1 mcs locks with plastic rotors because the rotors dont stay put after you set them at least not on the one i gutted. I have quite a few gen 1 mcs euros. If the OP wants to try the technique on the other type it could be arranged for nothing but shipping costs?


I'm purchasing a Gen 2 lock at full retail, but yes, if you are skeptical you can certainly send me your lock and put it in a padlock body without the key. If you do something crazy with it and set it in concrete I'd just ask that you make sure the lock still works with the key haha!
<<

G-lock

Newbie

Posts: 7

Joined: Wed Dec 14, 2016 3:21 pm

Location: Michigan

Post Tue Mar 28, 2017 4:07 pm

Re: MCS Pick??

[/quote]
I'm purchasing a Gen 2 lock at full retail, but yes, if you are skeptical you can certainly send me your lock and put it in a padlock body without the key. If you do something crazy with it and set it in concrete I'd just ask that you make sure the lock still works with the key haha![/quote]

I would have to say that if your technique works on the new gen 2 MCS then it would be pointless to see if it works on the different types of gen 1 locks. I would have to think that most MCS locks out there being used in a high security application would be the newer model. However if you wanted to try one with the plastic rotors in it let me know?

I apologize if i sounded skeptical cause i dont mean to come off that way at all. I just have questions & wanted to know if you had to face the same challanges that i am facing with this MCS that has plastic rotors in it.
<<

droshi

Familiar Face

Posts: 48

Joined: Wed Oct 19, 2016 2:37 pm

Post Tue Mar 28, 2017 5:09 pm

Re: MCS Pick??

G-lock wrote:I would have to say that if your technique works on the new gen 2 MCS then it would be pointless to see if it works on the different types of gen 1 locks. I would have to think that most MCS locks out there being used in a high security application would be the newer model. However if you wanted to try one with the plastic rotors in it let me know?

I apologize if i sounded skeptical cause i dont mean to come off that way at all. I just have questions & wanted to know if you had to face the same challanges that i am facing with this MCS that has plastic rotors in it.


Oh nothing wrong with skeptical, though not believing no matter the proof would be a little funny, though I could see the manufacturer or places that have heavily invested in the MCS not wanting to believe.

I certainly want to make sure my technique works on gen 2, and having more examples of them would be better, again, anyone wanting to send me a lock for verification is welcome to. Unfortunately I would not be too willing to fully disassemble someone else's lock so I think getting my own is still needed. The plastic bit between the inner and outer sidebar is fairly fragile. The first time they are extremely tight fitted into the housing, so even as I struggled on my video, it's way worse the first time to get it apart. I'm sure EVVA doesn't sell spares to guys like me either haha!
<<

tumbl3r

User avatar

Familiar Face

Posts: 134

Joined: Sat Feb 27, 2016 6:01 pm

Location: California

Post Tue Mar 28, 2017 6:11 pm

Re: MCS Pick??

Just wanted to chime in here and congratulate you on this huge accomplishment! It's a very exciting time to be in locksport. This is really inspiring work and it's been a real joy to watch it from start to finish :) Well done my friend!
<<

Patrick Star

User avatar

Familiar Face

Posts: 208

Joined: Sun Apr 10, 2016 9:40 pm

Location: Sweden

Post Tue Mar 28, 2017 6:52 pm

Re: MCS Pick??

So who does Protec next? :) Though unlikely to be "SPP" (SDP?)...

As to EVVA MCS and its qualities, it's just that the ratio of price to YoutubeMinutes<TM> suddenly doesn't appear very good. Lots of locks at this (or cheaper) price point last 9 minutes (or more) under YouTube picking conditions. Plus the whole issue of key control - although I suspect this is becoming more and more irrelevant for purely mechanical systems with the advances in hobbyist additive manufacturing and CNC.
And yes, everything is pickable, etc. But there certainly are locks that can buy you quite a bit of time - enough to make other layers against NDE a lot more effective.
It'll be very interesting to see what time can be reached for blind picking of the MCS though!

PS. If I come across as bitter or skeptical or something, that's just my usual tone :) Also I'm a bit annoyed by the fact that this attack seems a lot simpler (in the good way) and more elegant than what I had imagined!
<<

droshi

Familiar Face

Posts: 48

Joined: Wed Oct 19, 2016 2:37 pm

Post Tue Mar 28, 2017 7:36 pm

Re: MCS Pick??

Patrick Star wrote:So who does Protec next? :) Though unlikely to be "SPP" (SDP?)...

As to EVVA MCS and its qualities, it's just that the ratio of price to YoutubeMinutes<TM> suddenly doesn't appear very good. Lots of locks at this (or cheaper) price point last 9 minutes (or more) under YouTube picking conditions. Plus the whole issue of key control - although I suspect this is becoming more and more irrelevant for purely mechanical systems with the advances in hobbyist additive manufacturing and CNC.
And yes, everything is pickable, etc. But there certainly are locks that can buy you quite a bit of time - enough to make other layers against NDE a lot more effective.
It'll be very interesting to see what time can be reached for blind picking of the MCS though!

PS. If I come across as bitter or skeptical or something, that's just my usual tone :) Also I'm a bit annoyed by the fact that this attack seems a lot simpler (in the good way) and more elegant than what I had imagined!


As a basis of comparison you can see the other high-sec locks I've picked on my channel. I want to say in general my average opening times are around 5 minute mark. I try not to get familiar with a particular lock and follow as much the protocol advocated by LPL on never picking the same lock twice in a row. I'm sure someone more skilled can open a Medeco or MTL in less time than me, and layers of complexity like the MT5+ certainly add more time. Also keeping in mind my MCS is master-keyed, which I'm sure cut a few minutes off the total time.

One thing to take away is that total number of permutations possible on a lock really has no bearing on anything except maybe a rake attack. If SPP is possible, it's really just down to a matter of time. Speaking of blind picking, I am really interested to see what it will take also. I'm guessing the more locks I get the better my practice can be.

BTW, I was expecting more outright denial of plenty more people. My channel isn't popular so maybe will take a few years to really hear the critics. :) I tell you disassembly of the lock feels harder than picking sometimes, I'm glad it went OK on camera. Reassembly is also up there on my list of last things I like doing along with flossing alley cats.
<<

huxleypig

User avatar

The Prestigious and Powerful Porcine Prelate

Posts: 886

Joined: Wed Jul 14, 2010 10:59 am

Location: West Mids, UK

Post Wed Mar 29, 2017 12:19 am

Re: MCS Pick??

Patrick Star wrote:So who does Protec next? :) Though unlikely to be "SPP" (SDP?)...

As to EVVA MCS and its qualities, it's just that the ratio of price to YoutubeMinutes<TM> suddenly doesn't appear very good. Lots of locks at this (or cheaper) price point last 9 minutes (or more) under YouTube picking conditions. Plus the whole issue of key control - although I suspect this is becoming more and more irrelevant for purely mechanical systems with the advances in hobbyist additive manufacturing and CNC.
And yes, everything is pickable, etc. But there certainly are locks that can buy you quite a bit of time - enough to make other layers against NDE a lot more effective.
It'll be very interesting to see what time can be reached for blind picking of the MCS though!

PS. If I come across as bitter or skeptical or something, that's just my usual tone :) Also I'm a bit annoyed by the fact that this attack seems a lot simpler (in the good way) and more elegant than what I had imagined!


Once I had finished designing the early Abloy Classic stuff, I concentrated on Abloy High Profile and Exec/Sentry/Sento. I was originally tempted to go straight for Protec but I didn't because it has already been done. In several ways. That's not to say I don't have a couple of exploits for Protec 2 anyway but I keep most of my work off the internet now.
<<

Ronchopathe

User avatar

Familiar Face

Posts: 29

Joined: Mon Jan 30, 2017 4:51 pm

Location: Occitanie - France

Post Wed Mar 29, 2017 4:43 pm

Re: MCS Pick??

Gentlemen I would say only one word: Bravo! :cool:
<<

tomasfuk

Newbie

Posts: 6

Joined: Tue Mar 28, 2017 8:11 pm

Location: Czechia

Post Tue Apr 04, 2017 10:03 am

Re: MCS Pick??

Hi droshi,
congratulations! A magnificent job!
I am looking forward to the latest news concerning MCS G2 (and thinking about some improvements which should make the attack more difficult :-) ).
<<

droshi

Familiar Face

Posts: 48

Joined: Wed Oct 19, 2016 2:37 pm

Post Mon Apr 17, 2017 8:48 pm

Re: MCS Pick??

Have been busy with this, I made this video a week or so ago, but was working in other areas before posting publicly.

https://www.youtube.com/watch?v=h9xDqDNzAPk

This is a full pick and gut of a brand new lock from Security Snobs, came out of a padlock. Also, as you can see towards the end, there's one gate per rotor, so should be the worst case scenario. I believe the pick added 1.5m compared to Gen 1. Overall it's about average, though the length increase is entirely due to no master-keyed rotors.

If anyone would like to send me a challenge lock in a padlock, I would welcome the chance.

Also looking for one of the un-released Gen 3 locks with active sliders!
<<

indigoalpha6

Newbie

Posts: 15

Joined: Wed Jan 25, 2017 10:24 pm

Post Tue Apr 18, 2017 3:55 pm

Re: MCS Pick??

congrats and an awesome job! saw this on reddit as well. good work!
PreviousNext

Return to Lock Picking

Who is online

Users browsing this forum: Cheesehead, CommonCrawl [Bot]

Don't forget to visit our sponsors for all of your lockpicking needs!
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Grop
"CA Black" theme designed by stsoftware