The Reflecting Key

Some dude who goes by the handle Josh invented a key called the reflecting key. It was a simple but effective hack. This is also called the smart key. The key itself has wafers. You can look inside to see the heights that the key needs to be to unlock the lock.

The key itself is hollowed out. There is an angle that shines up into the lock mechanism. You can take pictures of what you see in the key. There are six possible depths you need to measure. This works on Schlage locks, even the secure ones.


Let's talk about rake keys. These are also called gypsy keys. You take a key blank and file it down. In essence you use the key like a pick. There is a large bump at the end of these type of keys. They are the same types used for automobiles.

This is a subset of what's known as impressioning. Like with rake keys, you start with a key blank. Then you use the lock itself to get information on how to modify the key to fit. You will need a file to carve the key. You will also need a magnifier to spy on the lock you are trying to bypass.

You should have a couple of key blanks if you are trying this technique. You should also have something to hold the key steady like vice grips. You put the blank in the lock and turn it. The marks on the key indicate how you should cut it.

You can color the key with a sharpie to see where the lock interacts with the key. Or your could use ultraviolet rays to do the trick. The goal is to produce a real key that works in the lock.

Key Hacking Scandals

High profile locks has been in the news. One that comes to mind is the Diebold voting machines. They showed the keys used to unlock the machines in public. Someone took a picture of the keys. Now they are owned. And if you can believe it, the same key opens up all the machines. WTF?

Next up we have the New York City metro transit authority. They use Yale locks throughout their travel systems. Those locks have been hacked. In fact, you can pick up a master key on the black market for about $50.

A prominent reporter bought an NYC MTA master key to use for a story he was writing. Ooops. The reported showed a picture of himself and his key. Now you average Joe does not even have to shell out the fifty bucks to bypass the MTA security.

Copying Keys

Schlage is one of the most common lock manufacturers in the USA. However the experts say they are not the most secure. Some simple techniques can be used to get past such locks if you know a few things.

You can make an impression of an existing key very quickly. Talking about a few minutes here. This works for all but high security locks. Put the working key in some putty. Makes a three dimensional impression. Let it harden and you are good to go for cutting a copy.

So if you lose access to your keys for even a short time, you are as good as owned. This is true even for secure locks. And you just don't have to lose physical possession of your key. Someone can take a picture of the key and clone it. Experts can just look at your key and figure out how to replicate it.

If you are trying to dup a key, you should try a couple different combinations. One of them is bound to work if you have a little skill. You can take advantage of the possible layouts of keys.

If you cannot take possession of a key, you can use long range photography to get the 411. Software now can even take into account the rotation of a key in a picture.

Lock Ownage

I watched a video from DefCon 18 on key attacks. Talking about phyiscal keys that open locks. Learned a whole lot in about an hour. Wish I was there in person. Took a couple pages worth of notes. Will record the highlights in the next few posts so I can keep this info around.

It might sound simple. But the best way to attack a lock is to get ahold of a key that works in it. If you possess the key, even for a short time, you can duplicate it in general. The key tells you all kinds of good stuff about the lock.

You can inspect the cuts made in the key. You can pretty much figure out the type of lock that it fits. Sometimes the actual model number of the lock is stamped on the key. You can measure the depth of the key cuts using tools such as a micrometer, a gauge, or caliper.

Information on locks is not hidden or made obscure. It is out there in the general public. Not too safe. Even the standard sizes of key cuts for all kinds of locks is freely available. Not good if you are truck to deter lock picks.

Anatomy of a Scam

I like to look at my spam folder in Gmail every once in a while. You never know what type of gems pop up in there. Today I found a scam email that rose the bar for letters from Nigeria. This time around, the story was that the FBI found that I was communicating with scamsters. The FBI negotiated on my behalf with some foreign country and has a settlement to pay me in the form of an ATM card. I just need to send in $250.00 total...

Here are the pieces of the email that I thought were getting better. They reference some specific units in the FBI. They also put the J. Edgar Hoover postal address in the email. And get this. They even make reference to the fact that there are some scammers out there that I may have lost money to! Precious.

Where do they continue to foul up? Well the email came from somewhere in France. Umm the FBI sends email from, right? They also want me to send my $250 to someone using their Gmail address. Once again, wrong domain. Gmail put all kinds of warnings around this email stating that it is most likely a ploy to steal my money.

Nice try guys. You are indeed stepping up your scamming skills. But you have not hit the home run yet. When will they ever learn?

Demoscene Drama

Someone released a 128 byte demo namd Wolf128 the other day. They tagged it as being done by Red Sector Inc. The demo is very cool. I have no idea how it could be implemented in 128 bytes alone. The real story is that people took offense at the work being credited to Red Sector Inc (RSI).

To tell you the truth, I did not know who the heck RSI is/was. That's because they are very old. They were started in the 1980s writing demos for the Commodore 64. In the 1990s they moved to writing demos for the Amige.

Sometime later the crew joined forces with with a group called TRS. Collectively they were then known as Tristar Red Sector Inc, or TRSI. Yeah. I know. Who cares right? Well apparently TRSI alumni do. Nevertheless, the demo is cool. Check out the Wolf128 page.