Physical exploits: lock picking

War driving, phreaking, etc.

Moderator: 127.0.0.1

Physical exploits: lock picking

Postby lbreevesii » Mon Feb 21, 2005 11:55 am

I don't know if anybody has heard about this, but the bike lock manufacturer "kryponite" pulled all of their locks from the market a few months ago.

The reason? the tubular locks were the perfect size for the insertion of a bic pen to be used to pick the lock. the soft plastic of the pen would mold itself to the keyways of the lock and presto, 10 cent bic defeats 90 dollar lock.

PM even did an article on it. http://www.popularmechanics.com/science ... 03151.html

Well today i had a brainstorm. why not adapt the bic ideato make it so that it can be used on most any tubular lock?? so today, armed with a lighter(to resize the shaft of the bic) and a pack of bic pens i am going to see how well my idea will work. i expect a high success rate. and no i do not intend to go picking drink machines or anything like that. i'm going to use locks i have around the hosue, like on my computer's bezel and what not.

ahh the mighty bic!
User avatar
lbreevesii
Level 3 Tech
 
Posts: 223
Joined: Mon Aug 30, 2004 10:05 pm
Location: North Wilkesboro, NC

Postby DnH500 » Mon Feb 21, 2005 1:03 pm

nice find
User avatar
DnH500
Jr Admin
 
Posts: 472
Joined: Fri Sep 24, 2004 12:20 pm
Location: Nottinghamshire, UK

Postby lbreevesii » Mon Feb 21, 2005 2:42 pm

i'm workin on a good consistant way of necking down the pen to various sizes. my current idea is using an old rifle shell casing, not sure how well it will work yet though. any other ideas on how to properly size the tube?
User avatar
lbreevesii
Level 3 Tech
 
Posts: 223
Joined: Mon Aug 30, 2004 10:05 pm
Location: North Wilkesboro, NC

Bic Pen Tubular Locks

Postby billhalle » Sat Apr 21, 2007 12:56 pm

Gentlemen,
I remember back in the early 1970's tubular locks that were UL Listed because they were built with a pin within a pin. The idea was thatinstead of just one level of pins to line up at the shear line, an additional 5 pins would have to be lined up as well. Other features such as a hardened face on the lock, dummy very hard pins that did not move past the shear line, and the entire assembly was drilled through the entry door to the alarm box.
Usually referred to as a shunt switch, this switch might shunt or short across the Normally Closed magnetic contact on the entry door, allowing the store owner time to put his key in the main control and disarm the system for the day.

When locks are evaluated by UL, the standaard is always, "How much time" they assign to a particular device to open it.
The bottom line is that the burglars simply put a shot of hair spray into the open face of the tubular lock. Then when the storeowner secures for the night, the pins are trapped on either side of the shear line, allowing the shaft of the lock to be turned by needle nose pliers. Oops that UL listing was GONE!

In a more recent example of boondoggle, about 10 years ago the US Government with the US Nave in the lead, decidedthat the Group 1R combination locks had to be replaced because it was possible for a computer dialer to turn the wheel and then actuate the throw lever in the center of the dial, thus trying out arount 200,000 combinations until the lock opened (I have one of the dialers, and have invested in heavier motors, dial grips etc, so that I have one atache case filled with the dialer, and the other atache case (matching of course) filled with accessories, etc.

This setup will open any of the Group 2 combination locks, even on safes that have been left out in the weather for over 10 years.
Now the boondoggle was (still is) that the X07 electro- mechanical lock (a true hybrid) cost the US Government $850.00 each, and Congress awarded the sole source contract to Lockmasters in the amount of $250 MILLION dollars. Nice order, huh?
Well the reason that we now are on the X09 is that serious flaws were discovered in the X07. You see these locks are retrofitted in already drilled (and some tapped) holes. The hole through the door for the old lock's shaft (yeah, I'm talkin' 'bout SHAFT!) was always at least 5/15 of an inch, often 3/8 of an inch in diameter. Through this hole the Locksmith must thread a super dainty flat cable, that plugs to the lock circuit board on the inside of the door.

Now the burglar has two quick ways of opening this lock (remember the locks are rated as to TIME it takes to defeat the lock). First with a 4 inch round rubber mallet, filled with lead shot to give the door a dead blow. There is a solenoid just on the other side (inside) of the door that puts a 3/16 hardened pin about 3/16 of an inch blocking the bolt from retracting unless the coil around it is energized, causing the armature to move no more than 1/4 inch and allow the bolt to open. By the same token the few good dead blows right on the proper edge of the container will cause this tiny armature to bounce 1/4 inch back, and the door pops open.

The other way is to simply remove the dial, pull out the flat cable, and then insert a a tool that looks like it has two curved antenna. Those two springs are actually contacts. By placing the two contacts across the exposed wire connections to the security solenoid and then a battery voltage from the wires connected to those two contacts and completes the circuit and your in. So much for 250 MILLION dollars, huh?
billhalle
n00b
n00b
 
Posts: 1
Joined: Sat Apr 21, 2007 11:57 am
Location: USA


Return to Physical Exploits

Who is online

Users browsing this forum: No registered users and 1 guest

cron