Page 6 of 6
Re: MCS Pick??
Posted:
Tue Apr 18, 2017 1:26 pmby plugspin
Since we’re dropping 0-days on the MCS now… (and congrats on the open, assuming this all shakes out as valid). Great work droshi!!
Here was my tool I made back in 2008 (I believe referenced by datagram earlier in this thread). It’s not capable of opening the MCS, but merely proved that individual rotors could be manipulated 360 degrees with some precision. Thanks to Barry Wels & Hans Fey I had the opportunity to show to this to EVVA at the Essen security show that year on a V1 MCS. This particular tool (stamped with a 1) I traded to Barry for a V2 MCS. I still have tool #2. The magnet used is a rotor magnet from a V1 lock which I drilled a second tiny hole in to attach the wire. The post is actually from the rotor shell which encases the magnet, I cut the post out and glued it to the center of the hole, works like a charm. These parts are only available from the V1 lock which used metal rotors and thicker magnets, so limited supply. Due to the way the wire has to be guided this tool really can’t scale to rotate 4 magnets or use a V2 magnet. But the basic concept works at least.
While at Essen that same year I had the opportunity to meet Mr. Drumm (of the Geminy Drumm lock protector). He doesn’t speak English so the conversation was via translation. But he described making a tool he claimed to defeat the MCS. This is to be taken with a grain of salt of course as his thing was trying to prove why you needed to buy the Gemini lock protector. However he indicated his tool worked by somehow spinning the rotors in the lock very fast as you applied tension, the rotors would all catch quickly. I heard multiple versions of the story where he claimed he mailed this tool to an SSDEV member and it was “lost in the mail”. Again, grains, salt, and rumors of things that no one ever actually laid eyes on.
Anyway, these are some old ghost stories from an old fart. Again, big congrats to droshi.
Re: MCS Pick??
Posted:
Tue Apr 18, 2017 2:02 pmby droshi
Cool idea and tool design. I have been thinking about different designs that would be less "free hand", but the problem is the space is quite limited. I'm sure someone will be able to design one eventually to manipulate all the rotors. First step is manipulating, once you can do that faster and more reliably, it should in theory make picking faster!
Re: MCS Pick??
Posted:
Tue Apr 18, 2017 2:19 pmby Patrick Star
My idea was to do it using electromagnets. This would theoretically also allow you to read the state of the rotors via back-EMF (or any of the other applicable magnetic/electric forces).
However, PCB design/wiring gets tricky to say the least, and I haven't done the math to see if you can actually get enough force to move the rotors in the size available for the magnets and wiring.
Re: MCS Pick??
Posted:
Tue Apr 18, 2017 2:27 pmby huxleypig
Cool idea plugspin. I know that story about the tool getting lost in the mail but I heard it was a Stazi tool and for the predecessor to Evva having the lock, when it was Zeiss Ikon. Did you drill a hole in that rotor magnet? Moving a pick like this with precision is something I struggled with for quite a while. For a while my design used a tiny rubber band and was exceedingly impractical
The rotors don't need much magnetic force to move them at all but cramming 8 electromagnets into there...I gave that up for dead a long time ago.
Evva know damn well that it isn't invincible and they always have.
Re: MCS Pick??
Posted:
Tue Apr 18, 2017 2:44 pmby plugspin
Thanks guys.
Patrick Star wrote:My idea was to do it using electromagnets. This would theoretically also allow you to read the state of the rotors via back-EMF (or any of the other applicable magnetic/electric forces).
However, PCB design/wiring gets tricky to say the least, and I haven't done the math to see if you can actually get enough force to move the rotors in the size available for the magnets and wiring.
With electromagnets you have your choice of high-current or high-winding count to reach the field strengths needed. I tried the high-current route by wrapping enamled wire around a brass shim just to see if I could get the magnets to move at all. Dumped enough current into the winding (probably about 24 gauge) that the enamel started boiling away and I did not see any movement at all in the rotors. This was about the largest wire I could get into the keyway.
That leaves high-winding count to reach the field strengths needed. At the time I could not find winding wire in the 40-60 guage range, but it does exist (old cassette tape heads use wire about this size). I never did the math to see what kind of winding is required to get anything useful to happen.
huxleypig wrote:Cool idea plugspin. I know that story about the tool getting lost in the mail but I heard it was a Stazi tool and for the predecessor to Evva having the lock, when it was Zeiss Ikon. Did you drill a hole in that rotor magnet? Moving a pick like this with precision is something I struggled with for quite a while. For a while my design used a tiny rubber band and was exceedingly impractical
The rotors don't need much magnetic force to move them at all but cramming 8 electromagnets into there...I gave that up for dead a long time ago.
Evva know damn well that it isn't invincible and they always have.
Yea, like I said, I've heard multiple stories about Drumm's MCS tool getting lost in the mail so who knows. That's all part of the fun and lore of this stuff
. The rotor magnet had an original hole in the middle and I drilled a tiny second hole so the wire could hold onto it and rotate the magnet. One problem to scaling up is that there is no way to have more than one of these mechanisms side-by-side.
I think something that simply rotates 4 magnets inside a tool "body" is all you need for faster opening. There's so little space in there that you just can't get much in there. I've been very impressed with some of the work that has happened here on the MCS in the past few years. However simplicity is king. Raking is not a precise picking method, but it works and it often works damn fast...
.
And I have no ill-will towards EVVA, they do some amazing work. Locks are made and locks age out with time and patience.
Re: MCS Pick??
Posted:
Sat Aug 12, 2017 9:31 pmby droshi
Here it is, the video everyone has been waiting for, the how-to:
EVVA MCS - How to Pick Any Generation
Re: MCS Pick??
Posted:
Sun Aug 13, 2017 7:47 amby Patrick Star
So, you were listening to the lock in the proof-of-concept Youtube clips? Very cool concept!
Nothing visible IIRC, but then we didn't exactly look for it since it's somewhat unexpected.
Could this be mitigated by mounting the lock in a way that you can't access the front of it and/or covering it in soundproof material?
Like, for round Scandinavian cylinders there is this cover (NoWay Security NCH4S and NCH4TV) that covers all of the outside except a small area around the keyhole with a thick layer of hardened steel.
What about other form-factors? If others are actually available - I have mostly seen MCS as Euro cylinders.
Re: MCS Pick??
Posted:
Sun Aug 13, 2017 8:23 pmby droshi
Patrick Star wrote:So, you were listening to the lock in the proof-of-concept Youtube clips? Very cool concept!
Nothing visible IIRC, but then we didn't exactly look for it since it's somewhat unexpected.
Could this be mitigated by mounting the lock in a way that you can't access the front of it and/or covering it in soundproof material?
Like, for round Scandinavian cylinders there is this cover (NoWay Security NCH4S and NCH4TV) that covers all of the outside except a small area around the keyhole with a thick layer of hardened steel.
What about other form-factors? If others are actually available - I have mostly seen MCS as Euro cylinders.
Yes in the first videos I just hid the listening device trying to decide how important it was to hide that info or not.
I don't believe it can be mitigated much, there would always be something that resonates, I'm using a piezo mic, which seems to work pretty well on almost any surface that connects to the lock, you could even put it on a tool that is inserted in the lock if you wanted (like the magnetic shield).
The gen 2 locks make less noise, but turning up the gain makes them sound the same, so generally the plastic rotors make no difference. The video was made with the gen 2 locks, earlier gen are only easier and more apparent noises.
I do have a design for an all-in-one tool that would be pretty awesome, I don't know if I can build a prototype, but I'm hoping to. It should both make picking faster and decode the lock which would be handy if you wanted to makeup a key, or use the tool as a temp key to any locks keyed alike. It would also prevent the need for a plug spinner or picking the lock twice. For some reason EVVA feels that without a 360 the security has not been broken. To me it's obvious, but with the method released I feel others can try it out and judge for themselves.
Re: MCS Pick??
Posted:
Sun Aug 13, 2017 10:12 pmby greengrowlocks
droshi wrote:Yes in the first videos I just hid the listening device trying to decide how important it was to hide that info or not.
I don't believe it can be mitigated much, there would always be something that resonates, I'm using a piezo mic, which seems to work pretty well on almost any surface that connects to the lock, you could even put it on a tool that is inserted in the lock if you wanted (like the magnetic shield).
The gen 2 locks make less noise, but turning up the gain makes them sound the same, so generally the plastic rotors make no difference. The video was made with the gen 2 locks, earlier gen are only easier and more apparent noises.
I do have a design for an all-in-one tool that would be pretty awesome, I don't know if I can build a prototype, but I'm hoping to. It should both make picking faster and decode the lock which would be handy if you wanted to makeup a key, or use the tool as a temp key to any locks keyed alike. It would also prevent the need for a plug spinner or picking the lock twice. For some reason EVVA feels that without a 360 the security has not been broken. To me it's obvious, but with the method released I feel others can try it out and judge for themselves.
Awesome video! and a very ingenious method you developed. After watching I briefly looked into the materials online. I don't currently own an MCS but would like to try your technique when I obtain one. The magnetic shielding comes in different thicknesses and the rolls are rather expensive. Do you remember what thickness magnetic shielding you used?
As for the listening device do you feel a stethoscope would be adequate or is a piezo mic w/headphones the ideal tool?
I imagine identifying the set rotors would be similar to a audio version of the "jiggle test" on your average slider lock?
Re: MCS Pick??
Posted:
Mon Aug 14, 2017 11:59 amby huxleypig
Making an all-in-one tool is pretty demanding. I have a system that utilises the same vulnerability but getting a pick, and everything else needed in there is no easy task.
The make-up key can be problematic too, emulating the way Evva have got the keys' magnets to be polarised differently on both sides. Doable but not easy.
Re: MCS Pick??
Posted:
Mon Aug 14, 2017 1:07 pmby Patrick Star
Can't you just simulate it with separate magnets for each side and magnetic shielding between them?
IIRC people here on the forum came up with a working makeup key some time ago, but maybe it was never completed or such.
Re: MCS Pick??
Posted:
Mon Aug 14, 2017 2:34 pmby huxleypig
Yes, you can simulate it. I mean, it can be done with superglue and a bit of anything...It's just the challenge of fitting it all in there and getting the spacings/orientation bang on.
Re: MCS Pick??
Posted:
Tue Aug 15, 2017 8:17 amby droshi
greengrowlocks wrote:droshi wrote:Yes in the first videos I just hid the listening device trying to decide how important it was to hide that info or not.
I don't believe it can be mitigated much, there would always be something that resonates, I'm using a piezo mic, which seems to work pretty well on almost any surface that connects to the lock, you could even put it on a tool that is inserted in the lock if you wanted (like the magnetic shield).
The gen 2 locks make less noise, but turning up the gain makes them sound the same, so generally the plastic rotors make no difference. The video was made with the gen 2 locks, earlier gen are only easier and more apparent noises.
I do have a design for an all-in-one tool that would be pretty awesome, I don't know if I can build a prototype, but I'm hoping to. It should both make picking faster and decode the lock which would be handy if you wanted to makeup a key, or use the tool as a temp key to any locks keyed alike. It would also prevent the need for a plug spinner or picking the lock twice. For some reason EVVA feels that without a 360 the security has not been broken. To me it's obvious, but with the method released I feel others can try it out and judge for themselves.
Awesome video! and a very ingenious method you developed. After watching I briefly looked into the materials online. I don't currently own an MCS but would like to try your technique when I obtain one. The magnetic shielding comes in different thicknesses and the rolls are rather expensive. Do you remember what thickness magnetic shielding you used?
As for the listening device do you feel a stethoscope would be adequate or is a piezo mic w/headphones the ideal tool?
I imagine identifying the set rotors would be similar to a audio version of the "jiggle test" on your average slider lock?
Here's the material I used:
https://www.amazon.com/gp/product/B00NLP5EGQI don't know about a stethoscope, but I would guess so, just test it out, I went electronic so I could adjust volume if need be.
Re: MCS Pick??
Posted:
Wed Aug 16, 2017 2:20 pmby mhmh
@droshi, thanks for the explanations. Now, what will happen if there are two rotors that have to be set in a way that they push each other away magnetically? (Like two north poles next to each other.) Can this be the case for specific key codes?
Also, some answers to previous questions:
a) The tool by Klaus Drumm did exist, and it did work for early versions of the MCS where the rotors would just spin freely and could be caught by the sidebars. It got lost in the mail from Germany to the Netherlands, and a paper trail proof existed for that.
b) We used custom-made octagonal magnets for the make-up-key (custom-made in China), 8 of them with a thin steel sheet in the middle, and thin double sided adhesive tape to hold them.
c) We made an electromagnet setup (4 coils per rotor, but quite thick, so it could only work on one side) and that did rotate a rotor to a defined position. It also got very hot, so I was afraid that it would melt the insulation, and we never continued to try it fully.
Re: MCS Pick??
Posted:
Thu Aug 17, 2017 9:21 pmby droshi
As far as I can see on my locks, no matter how you orient the rotors, they don't interfere with each other. This was with playing with the rotors with the sidebars off. It makes me guess that the scenario you mention wouldn't matter much. Though I still have plans that the real goal is a tool that holds all rotors in a fixed position. Stay tuned!