As a locksmith and expert witness, Do Not Copy or Do Not Duplicate is an only an instruction to the holder of the key not to copy it. The exception are US Postal and US Government keys which make it unlawful to copy. State Universities may also have a State law protecting them. Then there are patent controlled keys, which the manufacturer has the option to sue anyone who replicates those keys. If the manufacturer determines a threat to the patent, they may sue - even if they just want to prove a point and drain your bank account and run up your credit cards in legal fees. Medeco is a good example of a company that has an aggressive legal position. Holding a key you copied is also potentially a legal burglary tool. I also have the side milling machine in this presentation and it’s a royal bitch to get it right. The side milled key is not held in place as well as it’s a bit sloppy. The high security locks are really tight tolerances. Literally one thousands on an inch can be the difference in a working key and not. I don’t agree it’s easy to use a lathe to copy these. The spacing is so tight that you will be spending a great deal of time. Many test keys get ruined. And I know exactly what I am doing... It’s never impossible, but really something far more for machine precision type of people who are THE most determined and willing to accept a slow and for some endlessly agonizing torment and defeat. There is a big difference between an experienced locksmith and am amateur in reality.
2-man rule has two different keys too... to prevent someone from duplicating... so that is not a huge risk. 2man rule is also done via software for high security areas, like inside an HSM... where two or more people have a "password" and when all people type in their "password" it makes the master password via salting the final insert to match the encrypted master.
I made several copies of the public housing keys for my friends using Jet's commercial/AIR NS blanks [green color] for 6-pin Biaxials while I worked in my dad's hardware store. 1) Configured the copies by the Medeco machine 2) Then use an automatic machine to trim down the sides of the neck, with a monster-locking-wrench for stability They all work seamlessly, I charged $10.00 for each copy, I have no licenses of any kind for key cutting just working out of passion.
Interesting presentation. I rarely encourage an end user to buy restricted keyway locks because the lock cylinders and key blanks have a 4-6 week lead time from any given manufacturer. On top of that the owner must provide a letter of authorization for a distributor to purchase these products and it must be snail-mailed to the manufacturer (most commercial hardware manufacturers only sell to authorized distributors, not directly to end user). If a building owner needs keys in a hurry that ain't gonna happen. I'm skeptical that the average hacker will have the skills to make a restricted keyway as shown in the clip but I admire their ability to do so. Bottom line: there's faster and easier ways to breach physical security.
For a few months, my local Fry's Electronics had one of those automatic key machines. This one must have been configured differently, because it would duplicate ANY key. You could do electronic car fobs and restricted keys, too. It didn't ask. I had my mail key, pool key, and gate keys all duplicated (good thing, too, since I lost one of the pool keys at the pool.) The apartment complex where I was living at the time charged $50 for replacement keys. Unfortunately it was eventually changed to do only house keys. Bah. It's also how I discovered that the USPS does _NOT_ change the locks on the apartment complex's mail box. You have to pay the post office (or maybe the apartment? I remember paying at the post office, though) $25 for a mail key because they claim they have to have a new one made every time someone moves into/outof an apartment. After I had moved out, I still had the key duplicates and had forgotten about them for well over a year. I went to the apartment to drop them off, and out of curiosity I tried my mail key on my old post box. Still worked.
There's one huge difference between hacking a software lock and a physical lock. For the former the « thief » can possibly take all the time he wants before even being noticed, whereas the later the « thief » needs to be fast. That to say if your house is harder to get into un-noticed than your neighbour you're already diminishing by a lot the odds of being robbed.
Lookup "Key Blank Cross Reference" I found one site that gives a pdf of 190 most common for free and another site that gives access to their database of over 84k for $20/yr (4,500 pictures)
Keyline and Silca sell machines that has complete databases of key profiles inside. Just insert your key and it will show which blanks fit and how much filing needs to be done. Locksmiths have used these for decades.
Yeah, "safe places" do exists but only in our imagination! It's only a matter of invested time to go through any security measures, either physical or cyber! The question is: to who are you standing in the way!?! Between the illegal government activities, and the "civilian" AKA not backed up by corrupt law enforcement groups the lines are very blurred!
that leaves visible and distinct tool marks on locks whereas this wouldnt. Its for sure a rare occurrence but sometimes its important to breech a lock without anyone being able to know because of an obvious brute force entry or less subtle marks made on pins when a lock is picked.
I think it’s because it was too expensive for them to get their hands on one. They mentioned the price was prohibitive. Also it’s more valuable to learn about the cheaper and easier methods they discussed.
The version a locksmith can buy is right around $10,000 and uses proprietary software that doesn't allow for you to cut restricted keyways. They do also offer a version of software to law enforcement that supposedly does allow for restricted keyways .However i have never heard of it being made available to the public.
@@blakeeverett6267 Ahhhhhhhhhh, ok. So you created the (chocolate rain) comment first that allowed Filip to make his excellent reply. I see! I thought Filip had the most excellent reply to some totally random message. So Filip's reply is still most excellent, but quite as excellent as I first thought. lol.
Excellent point, does anyone have info what ever that is the case? Easy enough to fix, but again cloning key if you are one of the operators is not that difficult.
@@km5405 firstly, the russian ones need codes to arm the warhead. Not sure about the Titan II, but all newer US ones do as well. Those codes are what actually keeps the nuclear arsenal safe.
For the 2 keys it would be best to get unique keys, possibly from 2 manufacturers. The government would have the type of money to spend on having a completely unique key made for such things.
Lots of locks today combines Key + NFC-Code sent by the key. Still can be defeated by serious hackers, but if you use the same model as for car-keys it basically becomes a total bother to defeat, and the intruder will have to get hold of a legit key instead.
So many decent concepts but not sharing anything with the community isn't really useful and doesn't bring anything forward. Also no mention of individuals who did a lot of the work before You is pretty lame.
Because this talk is about when you want permanent access to a facility with hundreds of locks. Where they've spent money to have a "special" keyway unique to that facility / organization. This talk can be summed up as, if someone manages to steal at least one of those facilities locks, then they can make master keys for the entire building!
Its fairly easy to make aut, that these guys are from Canada, aye? Its funny how easy they get around with out saying "Like" every 3 word. Makes them sound so much smarter than their southern neighbor.
There are many different things here, but this is one that should stand out. If someone manages to steal at least one of a facilities locks, then they can make master keys for the entire building!
As a locksmith and expert witness, Do Not Copy or Do Not Duplicate is an only an instruction to the holder of the key not to copy it. The exception are US Postal and US Government keys which make it unlawful to copy. State Universities may also have a State law protecting them. Then there are patent controlled keys, which the manufacturer has the option to sue anyone who replicates those keys. If the manufacturer determines a threat to the patent, they may sue - even if they just want to prove a point and drain your bank account and run up your credit cards in legal fees. Medeco is a good example of a company that has an aggressive legal position. Holding a key you copied is also potentially a legal burglary tool. I also have the side milling machine in this presentation and it’s a royal bitch to get it right. The side milled key is not held in place as well as it’s a bit sloppy. The high security locks are really tight tolerances. Literally one thousands on an inch can be the difference in a working key and not. I don’t agree it’s easy to use a lathe to copy these. The spacing is so tight that you will be spending a great deal of time. Many test keys get ruined. And I know exactly what I am doing... It’s never impossible, but really something far more for machine precision type of people who are THE most determined and willing to accept a slow and for some endlessly agonizing torment and defeat. There is a big difference between an experienced locksmith and am amateur in reality.
Very interesting!
A master key will unlock anything, a Master lock will secure nothing.
This should be called "When lockmakers cut corners"
haha . . . cut . . . corners
Paging lockpickinglawyer and BosnianBill please pick up the pink courtesy phone.
Losing a lock is a threat model I've always found interested
2-man rule has two different keys too... to prevent someone from duplicating... so that is not a huge risk. 2man rule is also done via software for high security areas, like inside an HSM... where two or more people have a "password" and when all people type in their "password" it makes the master password via salting the final insert to match the encrypted master.
My favorite security system was Rand Corporation in Santa Monica in 1970. There was a guard who knew everyone and had book of individuals authorized.
35:15 you can simply rotate all the disks as far clockwise as they will go and then get the pick that LockPickingLawyer and BosnianBill made
Good luck with that Protec2. No one has picked that lock (yet)...
Thor Lancaster ruclips.net/video/6UZ6tcvgd9U/видео.html
I made several copies of the public housing keys for my friends using Jet's commercial/AIR NS blanks [green color] for 6-pin Biaxials while I worked in my dad's hardware store.
1) Configured the copies by the Medeco machine 2) Then use an automatic machine to trim down the sides of the neck, with a monster-locking-wrench for stability
They all work seamlessly, I charged $10.00 for each copy, I have no licenses of any kind for key cutting just working out of passion.
Interesting presentation. I rarely encourage an end user to buy restricted keyway locks because the lock cylinders and key blanks have a 4-6 week lead time from any given manufacturer. On top of that the owner must provide a letter of authorization for a distributor to purchase these products and it must be snail-mailed to the manufacturer (most commercial hardware manufacturers only sell to authorized distributors, not directly to end user). If a building owner needs keys in a hurry that ain't gonna happen. I'm skeptical that the average hacker will have the skills to make a restricted keyway as shown in the clip but I admire their ability to do so. Bottom line: there's faster and easier ways to breach physical security.
Tough audience; I was applauding ;-)
For a few months, my local Fry's Electronics had one of those automatic key machines. This one must have been configured differently, because it would duplicate ANY key. You could do electronic car fobs and restricted keys, too. It didn't ask. I had my mail key, pool key, and gate keys all duplicated (good thing, too, since I lost one of the pool keys at the pool.) The apartment complex where I was living at the time charged $50 for replacement keys. Unfortunately it was eventually changed to do only house keys. Bah.
It's also how I discovered that the USPS does _NOT_ change the locks on the apartment complex's mail box. You have to pay the post office (or maybe the apartment? I remember paying at the post office, though) $25 for a mail key because they claim they have to have a new one made every time someone moves into/outof an apartment. After I had moved out, I still had the key duplicates and had forgotten about them for well over a year. I went to the apartment to drop them off, and out of curiosity I tried my mail key on my old post box. Still worked.
There's one huge difference between hacking a software lock and a physical lock.
For the former the « thief » can possibly take all the time he wants before even being noticed, whereas the later the « thief » needs to be fast.
That to say if your house is harder to get into un-noticed than your neighbour you're already diminishing by a lot the odds of being robbed.
Never been interested in locks, but this is fascinating.
that titan 2 key looks exactly like my ring of newspaper rack keys. . . .
Great research and work. Thanks for a great presentation!
This was fantastic. Really great stuff!
The funny thing about those USPS arrow keys is that is is a felony to even posses them.
It should be a felony to use same key on multiple locks instead.
Fantastic talk! Thank you for sharing =) Are there plans to publicly release the keyway-comparison software?
Medeco gets defeated.
Bowley: Hold my pick set.
Pff, Bowley aint a patch on Medeco.
Billy’s a big boy!
I want that software! 9:15 Is it available for download ?
Lookup "Key Blank Cross Reference" I found one site that gives a pdf of 190 most common for free and another site that gives access to their database of over 84k for $20/yr (4,500 pictures)
Keyline and Silca sell machines that has complete databases of key profiles inside. Just insert your key and it will show which blanks fit and how much filing needs to be done. Locksmiths have used these for decades.
Does the AWS disc at the rear of Protec II not have any bearing?
7:50 Machine is a Wenxing WX-22
Yeah, "safe places" do exists but only in our imagination! It's only a matter of invested time to go through any security measures, either physical or cyber! The question is: to who are you standing in the way!?! Between the illegal government activities, and the "civilian" AKA not backed up by corrupt law enforcement groups the lines are very blurred!
Is a safe place like a safe space, because master lock makers might get triggered.
Great presentation 😊
You know this seems like a fuck ton of work when you could probably slip the latch or do other more low tech attacks
that leaves visible and distinct tool marks on locks whereas this wouldnt. Its for sure a rare occurrence but sometimes its important to breech a lock without anyone being able to know because of an obvious brute force entry or less subtle marks made on pins when a lock is picked.
excellent talk
All that pointing to the screen and walking away from the mic could have been avoided with a 2 dollar laser
Not talking about "black boxes" and how they work isn't very hacker-ethical, no?
I think it’s because it was too expensive for them to get their hands on one. They mentioned the price was prohibitive. Also it’s more valuable to learn about the cheaper and easier methods they discussed.
The version a locksmith can buy is right around $10,000 and uses proprietary software that doesn't allow for you to cut restricted keyways. They do also offer a version of software to law enforcement that supposedly does allow for restricted keyways .However i have never heard of it being made available to the public.
Go on then big guy, go buy one and reverse engineer it. Afterwards publish the results with your full name attached to it. We're all waiting.
I believe LockPickingLawyer did a video on decoding master keys.
Deveint has a talk about it as well
An XTS3000? Might as well be rocking an Astro Saber
what about keys with magnetic elements?
The Two Man Rule can be overcome with one man,two keys, and some string....
Or abnormally long arms.
So basically, James Bond could still make a quick clay model of a key and still get laid! Excellent!
These nerds brought it but why do they keep stepping away from the mic to breath?????
If there's anything Chocolate Rain taught me, is to move away from the mic to breathe.
Filip Suciu
Ha! That’s got to be one of the best replies I’ve ever read! Seriously.
I’m glad someone got the reference 😂
@@blakeeverett6267 Ahhhhhhhhhh, ok. So you created the (chocolate rain) comment first that allowed Filip to make his excellent reply. I see! I thought Filip had the most excellent reply to some totally random message. So Filip's reply is still most excellent, but quite as excellent as I first thought. lol.
Well, Rob Ford got in to the Toronto City Hall...
The man knew his cracks.
A nit. The color is magenta, not pink.
This doesn't help with my combination. I've been trying to get into the box for 13 years, now
Solve it algorithmically.
Doesn't work with best cormax
Nuclear missile example, that's if the keys are the same.
i seem to recall atleast the russian ones needing special alloys due to the heat the equipment generates.
Excellent point, does anyone have info what ever that is the case? Easy enough to fix, but again cloning key if you are one of the operators is not that difficult.
@@Hellsong89 yes I would think the training and gaining entry would be more difficult. Not to mention that the missiles would have to be prepped ?
@@km5405 firstly, the russian ones need codes to arm the warhead. Not sure about the Titan II, but all newer US ones do as well. Those codes are what actually keeps the nuclear arsenal safe.
For the 2 keys it would be best to get unique keys, possibly from 2 manufacturers. The government would have the type of money to spend on having a completely unique key made for such things.
Lots of locks today combines Key + NFC-Code sent by the key. Still can be defeated by serious hackers, but if you use the same model as for car-keys it basically becomes a total bother to defeat, and the intruder will have to get hold of a legit key instead.
whyyyy vertical videos?!
why does this guy always sound like he's asking a question when he talks
He is Canadian
i love these videos but that tactical vest is some cringy shit
So many decent concepts but not sharing anything with the community isn't really useful and doesn't bring anything forward. Also no mention of individuals who did a lot of the work before You is pretty lame.
If you don’t cut the damn lock in half wtf you need a key for?
Because this talk is about when you want permanent access to a facility with hundreds of locks. Where they've spent money to have a "special" keyway unique to that facility / organization. This talk can be summed up as, if someone manages to steal at least one of those facilities locks, then they can make master keys for the entire building!
Its fairly easy to make aut, that these guys are from Canada, aye? Its funny how easy they get around with out saying "Like" every 3 word. Makes them sound so much smarter than their southern neighbor.
Vertical filming on all their demonstrations.
Love the canadian
As a locksmith I’m not even going to get into how many things these guys got wrong, I don’t have the time or patience.
Reg Rock lazy
Honest question: If I am an adversary duplicate a key wrong but it works in the door I'm trying to get through, is it still wrong?
Reg Rock Ouch you sound a bit sour.
Can someone give a TL;DW for this?
There are many different things here, but this is one that should stand out. If someone manages to steal at least one of a facilities locks, then they can make master keys for the entire building!
Jesus, there are simply too many presentations on keys. WAY too many.
If you ignore half of them, you'll reduce your stress by 50%.
Really grasping at straws here.... just useless