Want The Key To The City? No, The REAL Key!

Just as an FYI, I picked my first lock at about 5 years old. My Dad’s desk. I’ve picked locks up to a Schlage 7 tumbler, but that was 45 years ago before all the fancy lock types in use today (and after that got more interested in electronics and encryption problems).

But I’m not the only one. At various hacker conferences, there’s often a group of folks who either started out on physical locks, or are just interested in them too. I’ve followed some of the advances in the technology (and some of it is really exotic – from liquid nitrogen and a hammer to using gallium to cause some metals to expand into crumbles).

Well, this is one I’d not seen before. It seems many cities are requiring folks to put a box ( the Knox Box) on their building with a set of their keys in it. Then the Fire Department has a key to all the boxes in the city (or county, or even State). But what happens if a Black Hat gets a key? How about if they just now how to make keys? (I once disassemble my dorm room lock, figured out the pattern, and then made a master key to the entire complex… BUT, I didn’t do anything bad with it. Worst I ever did was used it to get back into MY room one weekend when the building was closed for some holiday and I’d forgotten something. But the point is, there ARE lots more people like me…)

So this 18 year old (gee, about the same age I was ….) figures out how to 3-D print your own Knox Box key. All that’s needed is you have to have the (mandated) Knox Box… So anyone with the box, can have a “Key to the City” – every butcher, baker, candle stick maker, and bank…

19 minutes to knowing, then download the open source code and find yourself a 3-D printer…

Subscribe to feed

Advertisements

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , , . Bookmark the permalink.

9 Responses to Want The Key To The City? No, The REAL Key!

  1. H.R. says:

    “This is highly illegal. Please do not attempt this yourself.

    This has been a Public Service Announcement, courtesy of this station.

    We now resume your regular programming.”
    ;o)
    .
    .
    .
    Odd that… Tuesday, while mowing the lawn, I popped Roger Miller’s King of the Road into my mental playlist. I have ear plugs, doncha know. I gotta protect what little hearing I have left. I play music with my brain. I have hundreds, perhaps thousands, of hours of music memorized.

    Anyhow, the song comes ’round to “… and every lock that ain’t locked when no-one’s around…” I just loved that line, as well as “Two hours of pushin’ broom buys an 8 by 12 4-bit room.”

    Good song to listen to when pushing a mower.

    Meanwhile… “I didn’t read that here. Nobody saw me reading that here. You can’t prove I read it and know how to do it and anyhow, it’s already fenced, so you can’t prove I ever had it.”
    [H/T, Bart Simpson]

  2. p.g.sharrow says:

    A lock is for keeping an honest man honest. If you understand the guts to the device you can pick it. or break it, if it is worth it.
    ” I know every engineer on every train,
    all of their children and all of their names,
    and every hand out in every town,
    and every lock that ain’t locked when no ones around.” 8-)…pg

  3. E.M.Smith says:

    I always loved that song… and “Can’t roller skate in a buffalo herd”…

    What I really like about this particular video is how the guy combines some newest tech with some very low tech. So need a clean profile of the keyway to know how to make a blank? Saw the lock in half!

    Then, scan it, digitize it, write a shape description of it in CAD software, and 3D print it… So tell me again why I need to have access to your super duper custom not-sold-to-anyone blanks? I have a hack saw and a scanner / 3D printer…

    Then the application of understanding (and terminology) I learned as part of RSA Encryption and the whole “what makes strong encryption” to the idea of lock boxes. So things like “Physical key escrow” is a weak approach (and a physical lock box IS key escrow!). Just love the way it ties the two domains together (computer keys / encryption and then physical metal keys / lock box).

    This is another one of those things where, had you told me some city was mandating everyone put their keys in a lock box on the side of ALL the businesses and there would be a Master Key; I’d have said “That’s crazy. It’s a stupid thing to do.” And now I find out a lot of big cities have done this, and here’s a demo of just why it is a Stooopid thing to do!

    I especially like when he points out that a photo from a few hundred feet away or just the online posted pictures, is enough to make a key. There’s all sorts of image manipulation software these days to take that image, normalize it (rotate, flatten, remove distortions) and then convert to CAD data.

    Then they have made That One Key into the literal key to the city. Talk about a big fat juicy target that will attract thousands of attackers with lots of money. What would it be worth to the Mafia, the CIA, the FBI, (but I repeat myself), several dozen other national intelligence agencies, professional burglary rings, Drug Cartels etc. etc. to have a key that lets them into ALL buildings? (All have fires, so… I’m pretty sure the Government Offices will not be exempt). Want to read some court records? “Adjust” the charges for one of your folks in the slammer? Remove some evidence from the warehouse? Here’s your key…

    One of THE major reasons locks work is because they are all different. Large work function to defeat them ALL and little reward to defeating any one. This makes it “defeat one, get everything” and that’s a whole different situation.

    For that kind of stupid, you need a government mandate…

  4. wyzelli says:

    When I first started as an Apprentice Instrument Fitter, one of my first tasks was to fabricate myself a workshop key from an old blank. This included filling some of the hollows and then hand filing to match a sample key. That was then my key to use.

    I also have learned to pick locks, though my feel is not as good as it probably should be. I can pick simple padlocks fairly easily. A basic lock picking learner / starter kit from Banggood dot com cost less than $30.

  5. Gary says:

    More evidence that every technological advance ultimately causes more problems than it solves.

    Somebody must have identified this as a “law” or is it just a variation on Murphy’s?

  6. Steve C says:

    It’s certainly great fun, hacking locks. I still have a couple (at least, I don’t remember ever throwing them away, which is nearly the same thing …) of master keys to parts of my old university, and even one going back to schooldays, when all the lockers had the same style padlock. Not played with lockpicking recently (say about 40 years :-), but if any such stupid legislation should appear here I’m ready for it thanks to this post.

    We’re in good company, too – Feynman was one of us!

  7. Larry Ledwick says:

    Every solution, creates a new problem (TM LL)

  8. philjourdan says:

    I saw one of those at the office building and was wondering about it. YOu are right, that sounds kind of risky.

  9. Chris in Calgary says:

    @Gary:
    > More evidence that every technological advance ultimately causes more problems than it solves.

    That’s the worst thing I’ve heard all day. Extend that a few generations and you arrive at the inevitable end of the world. (Trouble is, it just might be true.)

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.