Announcement

Collapse
No announcement yet.

Key Bumping is for Hacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Key Bumping is for Hacks

    This just trickled down from the ACM's SIGSAC. Evidently some guys have written a lot of Matlab code that will allow you to recreate a key just from an image. More info:
    http://vision.ucsd.edu/~blaxton/sneakey.html

    This very interesting use of Matlab was not the only thing going. They were able to take their output to a milling machine and regenerate the keys.
    Last edited by afterburn188; October 30, 2008, 14:42. Reason: update on talk
    afterburn

  • #2
    Re: Key Bumping is for Hacks

    Yep. These infos have been floating around for months. Apparently it was just "officially" released a couple of days ago. Completely makes sense, just with a photo measuring the bitting depths. EEP.

    But then, some keys have the bitting depths just PRINTED on them to make another key, so there's really no point. (Look at your keys, that's what the series of numbers is on printed at the top.) "Hey Joe, can I borrow your keys for a sec?"
    ======================================
    DJ Jackalope
    dopest dj in the galaxy. *mwah!*

    send in the drop bears!
    ======================================

    Comment


    • #3
      Re: Key Bumping is for Hacks

      jackalope is right, as are the kids in the Sneakey article. in fact, back when Johnny Long's latest book was being worked on, one of the pieces i contributed had to do with this phenomenon... use of a photograph in order to fab a replacement key.

      heh, word came back from the publishers that they felt it was too scary to include in the final version (or at least that's what Johnny told me... maybe he was just trying to flatter) but the article was given a home on the book's web site...

      http://www.notechhacking.com/2008/03...exposed-badges

      this technique doesn't involve telephoto lenses or high-res image captures... but the point is the same in all these posts... any key design that is easily-duplicated (especially the basic "blade" key) can be fiddled with and multiple attempts at replication can be made by persons with no special equipment.

      if you want a lock that is truly high security and wish to avoid having your keys duplicated nefariously, it is necessary to invest in a newer design... something that goes beyond the basic "i got a copy of this key at Home Depot" system. tubular and dimple keys are a start, although they have their own weaknesses for sure. rotating disk systems such as those produced by Abloy and other wicked shit like the magnetic code keys from Evva... that's where real security can be found. you're not going to be duplicating a key like that, no matter how many photos of it you take.
      "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
      - Trent Reznor

      Comment


      • #4
        Re: Key Bumping is for Hacks

        I understand that this had probably been done before. It takes no stretch of the imagination to come up with the idea. If you have a photograph of a key and are able to get some grasp of scale, anyone can see it being done. My reason for posting was to recognize the automated process of the system and the actual implementation. I feel too often people dream ideas up of what could be done but do not see it through to the end. There are so many who think ideas up but implementation seems to be scarce now a days. I know that I am biased in this respect as I am constantly surrounded by people who create a solution that "in theory" should work but never actually try to do it. The idea is thrown out there and it is beneath them to actually attempt to do it. Either that, or the system that is built is not practical in the least. After seeing an idea that I've thought about and discussed with others actually be developed, I felt it was worth some attention. I apologize if this is old news to everyone.
        afterburn

        Comment


        • #5
          Re: Key Bumping is for Hacks

          There are locksmiths that have claimed to have done this over a decade ago, asking their customer to take a picture f their key, or a carbon rubbing on paper with the key underneath, and fax that outline to the locksmith who adjusted for a change in size, made a key by numbers, and then mailed a key to the customer. It has come up before on mailing lists too.

          Heck, back in 2001, the people at a particular Locksmith Supply shop in Las Vegas talked about this as a method they had used with customers before, all without the aid of a computer, just a ruler, and a calculator, and a cut-by-numbers key duplication machine, and knowledge of the blank that needed to be used. Use of a computer and automation of such a process is an improvement on this technique, however.

          Of course, similar claims have been made about bumping being more widely known by locksmiths before that technique was announced to the public. (Check clearstar archives as one example.)

          Obviously, just because someone claims something as true doesn't mean it is.

          Comment


          • #6
            Re: Key Bumping is for Hacks

            Originally posted by TheCotMan View Post
            There are locksmiths that have claimed to have done this over a decade ago, asking their customer to take a picture f their key, or a carbon rubbing on paper with the key underneath, and fax that outline to the locksmith who adjusted for a change in size, made a key by numbers, and then mailed a key to the customer. It has come up before on mailing lists too.

            Heck, back in 2001, the people at a particular Locksmith Supply shop in Las Vegas talked about this as a method they had used with customers before, all without the aid of a computer, just a ruler, and a calculator, and a cut-by-numbers key duplication machine, and knowledge of the blank that needed to be used. Use of a computer and automation of such a process is an improvement on this technique, however.

            Of course, similar claims have been made about bumping being more widely known by locksmiths before that technique was announced to the public. (Check clearstar archives as one example.)

            Obviously, just because someone claims something as true doesn't mean it is.
            My favorite example from an actual locksmith (variations have shown up on TV shows) was a dog swallowing a key and recreating it from the Xray taken at the vet.

            It's not a major breakthrough as anyone in a lockpick contest can tell you, all you need is a glance at the key to help you get close enough to give you an edge
            Never drink anything larger than your head!





            Comment


            • #7
              Re: Key Bumping is for Hacks

              This was the first instance I read of an automated process for doing this. Here's an application of this that might let you see my view on the subject. Sure someone could try to walk up and socially engineer a key from a user, or sneak into the office and snap a picture. The risk factor of this varies depending on the installation. Now here is a method that would give you the same result, which lowers your risk factor.

              Say you set up a camera surveying a location where users are inclined to pull out their key chain (parking lot). As we all know, this is not very difficult with the cost of video cameras today. Now take the feed from that camera and run it through a modified version of the key searching algorithm. You would make it so that the algorithm flags every frame it finds a key, then constructs the key, and stores it. Now apply some opencv techniques and you've added facial recognition. You now have the key, indexed to a face (be it from a badge or their actual face), indexed also ideally to their license plate. All the information you need has been given to you in an automated process.

              Here is a parallel that I feel some people could appreciate: One could sift through a pcap file and manually attempt to reconstruct the IV's and then crack the WEP key by hand. Or one could gain physical access to the device and see the user enter the password. In reality, people tend to choose a different approach: an automated system that will go through looking for the packets needed and then deconstructing the key using some algorithm.

              Now this is exactly what the system I'm discussing would be capable of doing. It is the equivalent of aircrack for physical security. Sure it's a bit elaborate but the automation level has just been increased. Think of it like promiscuous mode for physical security. Consider the keys as...well keys. If the key is sent in plain text (expose them to the sight of others) they can be snarfed. If someone is carrying a camera and you flash your keys for a fraction of a second...bam they got you. Yes it could be done before but the ease factor of the process just increased. Maybe somewhere I went astray but this is the significance that I don't think should be taken lightly in my opinion.
              afterburn

              Comment


              • #8
                Re: Key Bumping is for Hacks

                Originally posted by afterburn188 View Post
                Maybe somewhere I went astray but this is the significance that I don't think should be taken lightly in my opinion.
                But which would you find more interesting?:
                * First time something is done
                * First time that same thing is automated

                Sure, automation is interesting, and fun, and provides great opportunity for optimization. Breaking keys using automation, and parallelism with automation are fun, but which would be more impressive?:
                * Finding critical failures in a widely used cipher
                * Finding ways to double the speed of a key-space search (realizing, that after about 18 months to 2 years, we get that anyway)

                I like automation. I think automation is cool. Automating complex tasks so, "even a monkey can do it," is something that I do as part of my job, but I don't find it nearly as sexy as genuine R&D.

                Does that mean that this kind of automation should be ignored? Nope.
                Does this mean that we should not talk about automation? Of course not-- Automation lowers the bar, and cost of entry for a wider segment of the population to gain access to tools and attack systems.
                Does this mean I don't get as big a 'woody' as when I read about the first-case, "proof of concept," ? Yep.

                I'm not typing that this is dumb. I'm not telling you this is a worthless topic. I am telling you that there really isn't much of a "wow-factor" in it to me.

                There are probably people reading this who have never encountered this as an idea, and to them, there really is a wow-factor. For those people, this is good. :-)
                Last edited by TheCotMan; November 3, 2008, 17:58.

                Comment


                • #9
                  Re: Key Bumping is for Hacks

                  I completely agree with you in that respect. I sometimes feel however that people tend to over look certain things under the notion that it can be done manually. You make the point of citing a critical design flaw in a cipher being discovered. One such method for doing this is to perform a statistical analysis of a range of data which uses the cipher looking for a pattern. A tool like this would allow for such a statistical analysis to be performed. The point of the matter is that this is another example of the bridging of a physical world application into the digital domain. People often attempt to separate the two and pretend that the two don't intermingle. Usually though, anytime something physical is brought into the digital domain the possibilities quickly grow. Often I've seen instances where people were unable to grasp the implications of this and ended up SOL and trying to cover the problem up rather than fix it. I just felt people should be aware that the process had entered the digital domain thus opening it up to a new angle. I understand that you and the others here personally are not like that, I just wanted to leave it on the record for others who are not aware of the situation the significance of this. Also: Long live good R&D
                  afterburn

                  Comment


                  • #10
                    Re: Key Bumping is for Hacks

                    i do agree with afterburn about the significance of the research that went into the matter. the mathematical principals which the researchers derived concerning key variation, randomness (or lack thereof) in the bitting, etc. was all pretty fascinating and well-done.

                    as anyone who's ever done the "master combo lock decode" trick knows, any algorithm that reduces the overall possible key space or cuts down on the work at all goes a long way towards making sure the finished product is accurate and that any subsequent attempts don't burn extra cycles needlessly.
                    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                    - Trent Reznor

                    Comment


                    • #11
                      Re: Key Bumping is for Hacks

                      This combined with a small desktop cnc mill to automagically spit out a key would be cool to see.

                      Comment


                      • #12
                        Re: Key Bumping is for Hacks

                        Originally posted by barry99705 View Post
                        This combined with a small desktop cnc mill to automagically spit out a key would be cool to see.
                        step one... use an Easy Entrie machine to mill a blank key that fits the lock's keyway profile...


                        step two... use an HPC Blue Shark code cutting machine to bit that blank key into a properly cut key for the lock you're attacking...


                        step three... automagical unlockery goodness
                        "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                        - Trent Reznor

                        Comment


                        • #13
                          Re: Key Bumping is for Hacks

                          Step 4: Profit!
                          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                          Comment


                          • #14
                            Re: Key Bumping is for Hacks

                            Should I make a little spring-cover for my Key? One that will cover it up until the point that it goes into the keyhole?

                            Or is that just a little too paranoid?

                            Product Idea anyone?

                            Comment


                            • #15
                              Re: Key Bumping is for Hacks

                              Originally posted by IamReck View Post
                              Should I make a little spring-cover for my Key? One that will cover it up until the point that it goes into the keyhole?

                              Or is that just a little too paranoid?

                              Product Idea anyone?
                              Wouldn't it be easier just to keep your keys in your pocket until they go into the keyhole?

                              If you're really paranoid you could always get a lock shield like they use around security doors with digital combination locks so people can't see what you're entering.
                              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                              Comment

                              Working...
                              X