Foil, not just for hats anymore!

Tinfoil is apparently not just good for keeping the lizard people from reading your thoughts from afar, with a little wit and the silver stuff you can also wreak havoc on those high security and dimple locks that are just a little too hard to pick sometimes. Now available in kit form, compliments of China(tm)

Article and video on Blackbag.nl

We’ve seen some ways to bypass biometric security measures but here’s a new offering that we think will be hard to fool. The Safelock system is used in conjunction with a password to identify a specific user. This software records your typing style including the time between keystrokes, the time keys are held, and key pressure data. This information is then normalized and compared to the information stored about the user when the password was originally set. If you don’t fall within specifications that match the stored data, you won’t get in even with the right password.

The icing on the cake is that Safelock will look for malicious users. If you enter the wrong password, it will begin to record and analyze your typing style. If you make enough incorrect attempts you will be labeled as a security threat and locked out of the system altogether. We can only think of one reliable way to circumvent this and that’s using a man-in-the-middle method of recording the keyboard inputs of the legitimate user for playback later.

This is an innovative user identification system and we’re not the only ones that think so. [Jeff Allen] and [John Howard], students at SMU won first prize for the Student Innovation Contest at the 2009 User Interface Software and Technology Symposium.

via hackaday

[Ben] and his associates over at the University of California at San Diego came up with a way to duplicate keys using a picture of them. They developed an algorithm that uses measurements from known key blanks to extrapolate the bitting code. Because the software is measuring multiple points it can correct the perspective of the photo when the key is not photographed on a flat surface, but from an angle.

They went so far as to test with cell phone cameras and using a telephoto lens from 195 feet away. In most cases, correct keys were produced within four guesses. Don’t miss their wonderful writeup (PDF) detailing how key bitting works, traditional covert duplication methods, and all the details of their process. The lack of available code prevents us all from playing secret agent (or felon) with this idea but [Ben] did mention that if there is sufficient interest he might release it.

Lock bumping showed us how weak our security is, but this is a bit scary.

[Thanks Mike]

Do you remember the magnetic card spoofer in Terminator 2? It was a bit farfetched because apparently the device could be swiped through a reader and magically come up with working account numbers and pin numbers. We’re getting close to that kind of magic with [Jaroslaw's] card spoofer that is button-programmable.

Building off of a project that allows spoofing via an iPod and electromagnet, [Jaroslaw] wanted something that doesn’t require a computer to put together the card code. He accomplished this by interfacing a 16-button keyboard and a character LCD with an AVR ATmega168 microcontroller. Card codes can be entered with the buttons and verified on the LCD. Of course this is still dependent on you knowing the code in the first place.

As you know, credit cards use this technology. We don’t think Walmart is going to be OK with you pulling this out in the checkout line, not to mention local five-oh. This technology is also used for building access in Universities, businesses, and hotels. If used in conjunction with some other spy technology you’ll be on your way to becoming a secret-agent-man.

Yes, these are firesafes, but many many people use them to store real valuable stuff other than papers.

Here’s a few methods on how to open them.

Using a Screwdriver and penny:

Using a paperclip:

Using a homemade pick:

[Carlito] found a safe in his garage with mystery contents. It shows signs of attempted entry and makes interesting noises when shaken. What is the best solution to find out what is inside? Hack it open? Smash it? Blow it up? No, the best solution is to build a robot to try brute force cracking. The robot, housed in an old power supply case, is little more than a servo and a servo controller, communicating with his PC via USB. It seems like a good idea though. Unfortunately, he found it to be seriously lacking in torque, so he’s waiting now to upgrade. The contents of the safe are still a mystery.

Neat ideas, just not many people know I guess.

Pretty interesting idea and it makes sense logically, I might have to try this in the near future, it could come in handy on simple locks if you don’t have a set up bump keys around.

See the article here Duplicating A Key From Only A Picture