Hakar at the Gate

I was reading the paper while eating lunch. There was an ad for something titled "Hackers @ the Gate" near the back page of my paper. Not sure what that title even means. There were two featured speakers shown in the ad. One of them was Arati Prabhakar. Umm, is Hakar her real last name?

Turns out it is. She is the head of the Defense Advanced Research Projects Agency (DARPA). Previously she was head of the National Institute of Standards and Technology (NIST). If those credentials are not enough, she has a PhD in Applied Physics from CalTech. Bamn.

I went online to check out the link from the ad. Turns out this was for the Cybersecurity Summit being held tomorrow morning. The funny thing is that the other featured speaker was Mike Rogers, Chairman of the House Intelligence Committee. Yeah he might be a big deal. But Hakar is the one that caught my attention.

Making the Master

Sometimes you cannot get access to key blanks. That's okay. You can buy a bunch of locks and study similar keys that work. Or you can go the route of a smart key. This is a key that can potentially open multiple different locks. Just be warned that you might need to use a little force to budge the lock open.

If you do have access to some blanks, you can try a couple times to get through. The key (no pun) is to cut one key depth at a time. You might be able to create a key that works on multiple locks. You produce a master, then you become the master. Sounds like Star Wars, right?

The Reflecting Key

Some dude who goes by the handle Josh invented a key called the reflecting key. It was a simple but effective hack. This is also called the smart key. The key itself has wafers. You can look inside to see the heights that the key needs to be to unlock the lock.

The key itself is hollowed out. There is an angle that shines up into the lock mechanism. You can take pictures of what you see in the key. There are six possible depths you need to measure. This works on Schlage locks, even the secure ones.


Let's talk about rake keys. These are also called gypsy keys. You take a key blank and file it down. In essence you use the key like a pick. There is a large bump at the end of these type of keys. They are the same types used for automobiles.

This is a subset of what's known as impressioning. Like with rake keys, you start with a key blank. Then you use the lock itself to get information on how to modify the key to fit. You will need a file to carve the key. You will also need a magnifier to spy on the lock you are trying to bypass.

You should have a couple of key blanks if you are trying this technique. You should also have something to hold the key steady like vice grips. You put the blank in the lock and turn it. The marks on the key indicate how you should cut it.

You can color the key with a sharpie to see where the lock interacts with the key. Or your could use ultraviolet rays to do the trick. The goal is to produce a real key that works in the lock.

Key Hacking Scandals

High profile locks has been in the news. One that comes to mind is the Diebold voting machines. They showed the keys used to unlock the machines in public. Someone took a picture of the keys. Now they are owned. And if you can believe it, the same key opens up all the machines. WTF?

Next up we have the New York City metro transit authority. They use Yale locks throughout their travel systems. Those locks have been hacked. In fact, you can pick up a master key on the black market for about $50.

A prominent reporter bought an NYC MTA master key to use for a story he was writing. Ooops. The reported showed a picture of himself and his key. Now you average Joe does not even have to shell out the fifty bucks to bypass the MTA security.

Copying Keys

Schlage is one of the most common lock manufacturers in the USA. However the experts say they are not the most secure. Some simple techniques can be used to get past such locks if you know a few things.

You can make an impression of an existing key very quickly. Talking about a few minutes here. This works for all but high security locks. Put the working key in some putty. Makes a three dimensional impression. Let it harden and you are good to go for cutting a copy.

So if you lose access to your keys for even a short time, you are as good as owned. This is true even for secure locks. And you just don't have to lose physical possession of your key. Someone can take a picture of the key and clone it. Experts can just look at your key and figure out how to replicate it.

If you are trying to dup a key, you should try a couple different combinations. One of them is bound to work if you have a little skill. You can take advantage of the possible layouts of keys.

If you cannot take possession of a key, you can use long range photography to get the 411. Software now can even take into account the rotation of a key in a picture.

Lock Ownage

I watched a video from DefCon 18 on key attacks. Talking about phyiscal keys that open locks. Learned a whole lot in about an hour. Wish I was there in person. Took a couple pages worth of notes. Will record the highlights in the next few posts so I can keep this info around.

It might sound simple. But the best way to attack a lock is to get ahold of a key that works in it. If you possess the key, even for a short time, you can duplicate it in general. The key tells you all kinds of good stuff about the lock.

You can inspect the cuts made in the key. You can pretty much figure out the type of lock that it fits. Sometimes the actual model number of the lock is stamped on the key. You can measure the depth of the key cuts using tools such as a micrometer, a gauge, or caliper.

Information on locks is not hidden or made obscure. It is out there in the general public. Not too safe. Even the standard sizes of key cuts for all kinds of locks is freely available. Not good if you are truck to deter lock picks.