EEVblog
Вставка
- Опубліковано 4 лип 2015
- How secure are electronic locks used on safes?
Part 3 is where I show 5 ways to crack into a cheap safe! • EEVblog 1494 - FIVE Wa...
Dave tries a basic first attempt power line analysis attack on a standard La Gard (LG) 3740/3750 Basic electronic digital lock on a CMI home safe.
Can you crack an electronic digital safe lock with just a resistor and an oscilloscope?
All sorts of safe cracking techniques are discussed - thermal camera imaging, bumping, drilling, and spiking the solenoid.
And naturally there is a complete teardown of the La Gard lock and a demonstration on how it works.
And then Dave does something incredibly dumb, and has to fix it the old fashioned way, Hollywood style.
It's a tail of epic fails and stunning wins.
Part 2 is here: • EEVblog #771 - Electro...
Forum: www.eevblog.com/forum/blog/eev...
www.kaba-mas.com/media/654586/...
ST ST62T25 OTP Microcontroller
www.alldatasheet.com/datasheet...
AT93C46 www.atmel.com/Images/doc5140.pdf
EEVblog Main Web Site: www.eevblog.com
The 2nd EEVblog Channel: / eevblog2
Support the EEVblog through Patreon!
/ eevblog
EEVblog Amazon Store (Dave gets a cut):
astore.amazon.com/eevblogstore-20
T-Shirts: teespring.com/stores/eevblog
Donations:
www.eevblog.com/donations/
Projects:
www.eevblog.com/projects/
Electronics Info Wiki:
www.eevblog.com/wiki/ - Наука та технологія
![[1337] My New & Improved Robotic Safe-Cracker…](http://i.ytimg.com/vi/vkk-2QEUvuk/mqdefault.jpg)
![[1337] My New & Improved Robotic Safe-Cracker…](/img/tr.png)
![[1001] The ITL Robotic Safe Cracker! (ITL-2000)](/img/n.gif)
I see a person that puts a personal fail online, I respect it and I like it. Few can do that.
When you pulled out the 4-pin my first thought was "I bet he's going to talk about the lock for a bit then forget to plug it back in!" :D Well done sir!
"You bloody ripper!", "Beauty!", "Bob's your uncle!","In like flin!", "Bobby dazzler!", "Winner winner chicken dinner!"
Sevalecan It's "I'm in like Flynn" (probably, I don't know)
Probably. I guess I wasn't braining hard enough.
Dave should sell shirts with those sayings!
“Just like a bought one!”
Yeah, he got off a few times this video.
Watching this for the second time in a few years. This is truly fascinating. As an electrical engineer myself I find great enjoyment in watching your videos. Cheers from Canada!
Had me laughing my a** off a few times there, especially when you closed it with the power disconnected - doh! Brilliant work getting back into it, it was worth doing the video just for that!
Rather than cutting holes he could have gone in through the mounting holes and not damaged the safe using rods from the back
You don't think he thought of that? Mmmhmph. I think it's safe(theres a pun if you want it) to assume that that(cool a double that) is the first thing he looked into, considered, investigated thoroughly concluding that the only way was via drilling.
I have to say that it's a little scary that you wouldn't immediately assume that as well and in fact felt it would be prudent of you to comment pointing that option out. You really do look kinda silly. Your comment is congruent with "I have to breath air in order to survive" or "grass is green" watch I'll prove it "Instead of drilling new holes he should have used the existing ones" see no difference "the sky is blue" it's just silly.
I can open that faster than he can punch in the code. Pure trash
"I forgot to reconnect the Solenoid to the lock"
You're my spirit animal.
EEV: This lock is pretty damn secure
Lock Picking Lawyer: Hold my beer
Watch his account longer and it would be "hold my gun" seems like hes a hell of an avid collector.
Angle Grinder Guy: Hold my extra batteries
this is bloody brilliant! rarely have I been so entertained. I love you, Dave!
I thought at first that you fried the processor! Then I remembered the plug..LOL.
Eeh, I don't need a safe. I live in Canada, our burglars call ahead to let us know they're dropping by, don't want to interrupt dinner or anything...
Teth47 they apologize as they rob you too
Yeah I’m telling you
Thats toooo funny i like Canadians except the French speaking one are kinda stuck up it seams, but i like the rest just fine i ve known alot and all have been good folks (except the Frenchies sorry just my experience most French speaking people are stuck up except the cagons from the southern us ive met
Whenever I get a new mobile I program into my dictionary:
"aboot- about (Canadian)" and
"soory- sorry (Canadian)"
... it makes me feel worldly.
You must not be from Toronto or Quebec lmao
Pretty sure this was the best episode ever, Dave. I've been watching your videos for about a year and a half now, and being the noob that I am, most of them were hard to follow, but this one? This one was perfect! Understood every single bit! 🙌 Real bobby dazzler.
Dave, this is a great video! I always enjoy your insight into the design of a system, and especially your real-time commentary when trying to hack something!
Love that FAIL button!
The sad part is, I can relate to that level of dumb. :(
I think it's dumb and overused!
You could also defend from power line attacks by programming the micro controller correctly.
I suspect that since this lock strictly requires 6 digit pin all it does is store the numbers into memory regardless if correctness and when it sees six digits it compares the full string with the value stored in EEPROM. I could be wrong but this is how I would do it.
sghost128 You would need to do the string comparison properly (i.e. checking each digit and not bailing out on the first incorrect digit) but I assume they would do the right thing.
sghost128 yes, you'd need to use a constant time algorithm
sghost128 Actually, it can be even more secure than that: it can always hash the new code, no matter how long it is, and compare with the stored hash. This way, there is no need to lock to a specific the number of digits while still making the same process every time a new digit is typed.
Aylons Hazzud You still have to make sure your hash comparison is constant-time. That's not hard though.
Also, having a different time for each number of digits inserted is not a problem, because this is information the attacker already has (after all, they are inserting the digits ).
It must only not change according to the correctness of the code so far.
This channel is so interesting! You just know exactly what you're talking about, and it's very informative, even though I hardly know anything on the subject. Thanks!
Man I love these videos. I have no actual idea what's going on but it's fun as hell to watch. I find myself wishing I had even a quarter of this guys knowledge of electronics.
If you really want to know, you can go to engineering school.
Do the same with a $50 safe. I know they can be physically bumped and some simple short circuit attacks but I wanna see more advance techniques!
I'm only 50 seconds in, and I'm pumped for this video. Physical security and electrical engineering are some of my greatest passions, this is going to be great.
dude! that was one of your best videos. you turned a fail into a fun and educational. detour thanks for your time and your energy
Cheesy, but you're sincere and I like how you explain even how you failed and show how you fixed your mistake. Really fascinating video for different methods of non-invasive attacks.
This is like my favorite episode ever
liquidthex Glad you liked it!
Shoutout to Clint
2chws Maybe Basinger?
+Daniël's Tech & Music Channel This is far from Oddware
EEVblog - This was an incredibly entertaining and informative video. Great job rolling with the punches... I loved it!
You're the best channel on UA-cam! Always brings a smile watching your videos.
I never thought I would see Dave Jones break into a safe laparoscopically.
samthenerf Word of the day!
This was very interesting to watch ! :) Great video, Dave!
"Bob's your your uncle!" This video was really informative and fun to watch. I look forward to catching up on your other videos mate! Thanks!
Dave This is the best video ever!!! you put all your skills to work on this one.!!
*ROFLMA*
Epic! Priceless! One of the funniest thing I ever seen on UA-cam! I wish I had 1000 thumbs up to give you Dave... but you only have 860 videos or so. ;-)
I wonder if you could just use a neodym magnet on this one too. Many electronic safes can be opened by a big magnet to trigger the solenoid inside. Takes on average 5 secs.
Some of the magnets that are readily available today were probably not available when this safe was designed. Would be interesting to see what a crazy powerful magnet could do. That little pin might not move with gravity assistance (dropping it) but if even a small amount of magnetic field was able to penetrate it may move it. Not only would it be quick but it would also be non destructive. Might also be a handy rescue for those times when you forget to plug the solenoid cable back in. :)
pure entertainment and learning all in one! 😃 awesome video's mate keep up the top work! and happy new year from the UK ☺☺
I was choking on some laughter here. A fine video sir.
The safe was inspected by 'Clint', must be 100% secure
quincy8557 Probably an internal alias.
Prehistoricman no, it is definitely Mr. Eastwood
Son of a Zombie I did think that Mr Zombie
quincy8557 I know Clint, he inspected my shit. He's solid. Solid bro.
Who, Mr Clint Basinger of Lazy Game Reviews? I would definitely feel secure if my safe was inspected by him.
I couldn't stop laughing when I realised what happened (at around 8-9 min mark). We have all been in a situation like that at least once, where you just feel like the ultimate noob lol and Dave Jones' reaction was priceless :)
Safe saga was riveting indeed. Cheers!
That was quite a good experiment and very funny when you locked yourself out. First time I have discovered your channel, but I'll be back.
I have one of those cheap, Bunno's safes!
I use it as a DECOY! :)
My CMI floor safe (concreted in!) is elsewhere...
There's a video on UA-cam called DEF CON 21 - Melissa Elliott - Noise Floor Exploring Unintentional Radio Emissions
If you have a safe-shaped antenna, you should be able to "hear" the IC checking against the known combination, even through all that metal. Hey, you could even stick an antenna inside the safe through a bolt hole and use the safe as shielding from background crap.
Every time a button is pressed (or 6 numbers are entered), there will be a check in the form of a loop. During this loop, you should be able to inspect numbers inside the IC from the intensity of emissions from the data lines. Enter 4 random codes, and inspect what frequencies are the same in each emission. This should be the correct code.
Prehistoricman Yeah, those DEFCON speeches are really awesome and interesting. They trigger your inner hacker mentality.
Prehistoricman I've seen her before, she's really good. Think that's the one where she uses software defined radio to listen to the display bus on a laptop and reconstructs the screen. SDR compatible dongles are dirt cheap on ebay too.
Prehistoricman Only an idiot programmer would check for (in)correct digits BEFORE the 6th digit has been entered. This check would probably consume different power depending on the result. So, only do one final check, and nobody can intercept intermediate results (since there are none).
Frank Fahrenheit Wether to check during or after entering doesn't matter. When you loop trough an input buffer and break out at an incorrect digit, the parsing time gets altered too. As long as your checks don't break the loop and the difference between correct or wrong doesn't show up on the powerline either, you are safe.
Toon v Loop and break is also an unsafe method of comparing the code in this instance. The smart thing to do is add the inputs up into a single number, and compare that to the correct code. Doing so in the same number of instructions regardless of correct or incorrect code is fairly trivial.
*applause* what a save Dave! what's important is not how you fail, but you recover :)
Well this turned out to be a fun episode. The road to success truly IS paved with failure.
Dave, could you please check the patern when entering the last digit? I wouldnt expect any comparing beeng done before all digits are entered, they would just be saved. But it is possible, if the programer was lazy, that when the input string of digits is compared with the saved passcode, the comparison rutine breaks as soon as a difference is found, so you could se which of the entered digits was the first incorect one.
Viesturs Siliņš I like this idea, seems plausible.
Viesturs Siliņš So we can tell via the scope if the digits entered are correct? Wow, this seems useful.
Anyway, there definitely will be a different power draw when the correct digits are put in because the solenoid is powered.
Viesturs Siliņš Doesnt matter, once you put in all the digits if all it does is compare, theres no variation to tell you what digits are right, and you already know that it will be wrong, because its the wrong numbers.
This method would be just as fast as just putting in all the possible number combinations, because thats all youd be doing.
WeAreGRID
Not quite!
If the comparison is of a straightforward implementation, meaning you can tell which digit is the first not to match by examining the running time, then you can tell if the digits you entered match _by individual digit_ as opposed to _by the whole string_ .
And that means that instead of trying 6 digit variations (10^6 = 1 000 000), you only have to try 10*6 = 60 as the worst case!
In average it would be 5*6 = 30 tries, and, if the safe has 5 minute timeout after 4 tries, you get average cracking time of about 40 min. Not fast, but doable!
It all depends on the comparison routine, it would be very easy yo implement a special comparison algorithm that takes a constant time no matter how soon the comparison fails.
Prehistoricman
If the comparison routine is of a standard implementation then possibly yes!
Unfortunately the easily measured solenoid current can not be used because it only operates if all the digits ar correct, but we want to know which digit is first in the string to be false.
For example, if the comparison is not secured, the scope could give us the following information:
Lets say correct string is 123456 and the CPU spends 50us doing various housekeeping tasks that make up for a constant overhead and additional 5us for every digit comparison
At first we try entering 000000. And the scope shows 55us CPU activity - that means that the very first digit is wrong.
Next we try 100000. Now the activity period is 60us long. From that we can learn that at least one more digit matched because the CPU had to process more of them an took longer.
Now we know to try only 1xxxxx variations and move on to guessing the second digit by looking which one gives at least 65us delay.
We don't need to know how long exactly he CPU does the comparison, we just try out every digit in first position until the activity time increases and then move on.
Tim Hunkin has some interesting mechanical safe cracking stuff on his website and his 'Secret life of Machines' stuff is well worth tracking down. There are also some safe/lock cracking anecdotes in 'Surely you're joking Mr Feynman'.
biggest fail ever lmao, fell over, love you dave keep up the awsome work. fan for life.
The best electronics video I've ever seen on youtube.
I genuinely love your channel sir! That said, I don't ever have time to finish one and find myself skipping through them trying to catch the good parts. If you would filter your words to just the interesting parts, I bet you could reduce your 45 minute (average) videos down to about 20 minutes. Then, I could actually manage to finish one of your videos! You pick great topics but PLEASE maybe try to make them a reasonable length! Most people in this line of work, including myself, simply don't have hours a day to spend on UA-cam. Just a polite suggestion
Eric Denny watch it on 1&1/2x
I’m exactly of the same mind. Very interesting videos, admirable with regards to how faults of the user are admitted, but a good percentage of the video goes by with “yes, I understand, please move on” in the back of my mind. One thing to keep in mind is you’d miss all of the Australian “charm” if these were shortened ;)
Maybe a “digest” version of each video?
yeah you screwed up on the wire but watching you putting it back was very entertaining..it was way better than those Hollywood movies :)
I've been watching this 90 seconds, and I'm already 100% behind you. A friend described his Sandleford EZ75 as "not worth the cardboard box it came in" after being burgled. Thieves just bashed it open.
Nice video, really enjoyed the ingenuity of the plot.
As the battery connection is exposed, maybe it can be hacked by applying weird over-/undervoltages, negative voltages or combinations of that?
You also could use near field antennas (near the keyboard) used for emv probing to sniff.
You could make use of a more elaborated (low R) current sensing with higher bandwidth.
You could use more elaborate data processing on the captured signals, you could correlate antenna signals and wired signals (power current).
BTW, how does disconnecting the battery affect the safety lock out time?
Even if it is stored in eeprom, one may detect a false attempt prematurely and shut off the power just before it can store the failed attempt lock out time in eeprom, if it does that anyway.
And then you can probe the circuit at any point if you get a "sample" but not limit yourself to working with the TUA (Target Under Attack).
You see, if you want to spend the time, there is a lot more one could do... May not be worth it except for the experience gained.
He thinks he's detected a packet -- it's just the beeper! LOL!
Wow that was a fun video to watch! Nice work. I'm glad you had to drill and fish. That was super fun to watch you work! Awesome!
Far more entertaining then your usual videos, superb
I would try to capture lock's behavior after entering all 6 digits. It's doubtful that controller compares every entered digit. I bet it reads them in a buffer and then compares. This is the time to catch it.
That would tell you when the 6 digits are wrong or right but we would know that anyway it would open or not
Yeah, I'd have looked at correct key followed by incorrect and all the permutations upto the full six correct numbers Vs six incorrect or five correct and one incorrect. Seems like a bit of a half arsed job unless there was a lot edited out..or unless he found a good powerline exploit lol. Not everyone is LPL showing everyone the hidden secrets right out in the open. Didn't end so well for Barnaby Jack :/
Try to find the resonance frequency of the little spring and use a suboofer with this frequency. The pin should then vibrate and if you are lucky you can open the safe or damage the spring an turn it on its side. :-)
Update: To find the right frequency try to disconnect the battary and measure the power pin for some induced current
Haha once I seen you forgot to plug it in... I figured I'd sit back and watch the show. Good job!
I love this guy 😂 aye I just bought a stealth safe much like this one with the same style lock so this video is super informative!
You can also try undervolting that thing to make the software crash (and possibly flip that one magic pin high; these tiny MCUs don't have any notion of memory protection; they will execute whatever crap happens to come into the instruction stream) or overvolt it. It's common for MCUs to short pins high or low when they are fried. If that doesn't work... overvolt it massively (like 10-30 kV or so) then the spark might jump to the right spot.
pvc988 Second thought about crashing the IC. If the chip is made unstable after inputting 6 digits, it's possible that it will start executing data in the combination you entered. Depending on how these digits are stored, you may be able to write a 6-byte program to unlock the safe. It's unlikely but it would be one heck of a cracking job if it worked.
pvc988 under voltage sounds interesting, as it should not be too harmful. Overvoltage on the other-side: I think I saw a diode in there. This diode may act as an overvoltage protection. Given the LC-circuit formed by the wire and the decoupling, it would be tricky to get around the diode (and not to fry something in the process). But frying would be fun also (for the theft): Looking out the owner
If they designed this lock correctly (and it seems like they did) then there would be a brownout detection circuit to keep the micro in reset until a usable voltage is available. Most modern micros have a brownout detector built in, but it's also very common to have an external one as well.
Believe me, I've analyzed many of the embedded device's firmwares and I could probably count properly coded brown-out detection/handling routines on my fingers. It is one of the most neglected things by the programmers.
pvc988 sounds like a job for *****
I would not expect to see much on the power line for digit entry. The software would (should) just store each digit without any judgement on the individual number until it has all six numbers and then it would do a compare in which case its too late. Its not going to decide as you type each number in. There will be a time-out between numbers so that you do need to type them in with in a certain time period before it trashed what's already been entered.
But great video - loved the cheesy version of mission impossible :-)
Это наикрутейший канал!
Спасибо!
Как жаль, что у меня в округе нет таких преподавателей, как вы!
The fail was so epic, made my day :)
Dave,
You mention that you can replace the keypad in the event that it breaks, so you must be able to do so without access to the interior of the safe, is that correct? If so, would it be possible for someone to replace the keypad with one containing some kind of keylogger? That individual could potentially return after the safe owner has accessed the safe and obtain the code.
finnigan 16 That is a devil of a lot of miscreant effort to access some cat photos. (Likely content after owner estimates this safe's ability to protect the contents in the event of fire.) ;-)
I've used a larger capacity, thicker armoured safe with the same keypad/knob combo, in a medium sized retail business and that was storing the Christmas takings, as well as the rest of the year when there wasn't much worth having lol. It was however bolted to the floor, and was cut through with angle grinders in one memorable instance, mostly because they used our own stock from the shelves to do it! It's a common enough set up, though the quality of the internal circuitry may have changed over time or between models.
11:50
YOU HAD ONE JOB. ONE!
Amazing video, seriously. I loved it. It was like watching a good heist movie !
Fantastic Video Dave. Keep up the great work. Nick.
The code is always 6 digits, so I assume they are comparing the input with the secret key only when all digits are entered. With a sensitive enough power analysis, you should be able to detect which digit was incorrect as the micro iterates over the input and key. Even with a constant time comparison of the two, some flag or register in the micro will be set on the first wrong digit (otherwise your comparison would never fail).
Can a power analysis realistically discriminate a single bit difference, presumably SRAM or whatever this thing has?
I assume the "loop" would compare or subtract or xor each position and then add/or them up.
I wonder how those $300+/- ebay gunsafe locks fair, I know the safe has to be bolted to the wall and floor by law but if the crooks managed to get it loose I bet they could bang it on the floor a few times and release the lock. i will have to take a poke at mine before I install it and store valuables in it, might have been a waste of money.
Aussie50 No new safe costing $300 is any good. First step is, if it's not (oz only) a CMI, Chubb, Lord, Guardall, or Burg Wachter then it's likely crap. Only La Gard, Chubb, or S&G locks are worth their salt.
What you ultimately need is a dog!
Even just putting a warning sign that says "Beware of dog" can deter thieves ... yet there are those who don't even have half a brain :P
They likely wouldn't be able to figure out how to get it open any way xD
MrJohnny56789 If you didn't store it correctly, that's completely reasonable I'd say.
Damn. I didn't know Dave's audience consisted of insecure Ameritard gun nuts.
@Mr. Morningstar You are so right. I hate the gun laws in Australia. Notable three hours away in New Zealand my friends are using suppressors and we cant they are all shooting semi auto M16s and we cant. All the anit gun lobby people cite the shootings in the usa as the reason we cannot change. They are seriously phuked in the head and have no idea what they are talking about. I love my shooting for sports and just wish i could have a few more toys that would make it even more fun.
I did QC checks on some of the cheaper units in China prior to our acceptance of them. I found that you could open them with a bump on the top before they were installed but once bolted down you couldn't. I couldn't work out why that was so. I also had my laptop in a hotel safe and it would not open with the code I set. I asked the girl in charge if she could open it for me using the master code. She did not know whether it had one so i took a guess and used the factory code - yep it opened so then I had her get the manager and I showed her how to reset all her safes with a new code. She was really grateful, especially as i hadn't just kept quiet and opened the other safes!
That was such a silly thing to do but that was extremely entertainijg to watch and good on You finding a solution!
LoL I bet there was a Schrodinger's connector moment for a bit...
Thanks for making us all feel human Dave
Awesome video. It was nicely suspenseful in more ways than one. It was also fun seeing the mechanical engineering of the latch mechanism. It's true there's a big difference in the security of safes. My favorite bit is the made-in-China crap typically uses plastic gears and mechanisms and some are famous for the plastic bits stripping/breaking in normal use so even with the correct combination you can no longer get into your own safe.
Great analysis, you’re very skilled with the oscilloscope
Hey Dave,
One of my main concerns with electronic locks is at the firware/code level and being guaranteed that there are no secret code or keystroke backdoors. I was hoping after IDing the micro version, that you would try to pull out the machine code listing and examine it for manufacturer backdoor entry codes.
Unless these safes can be audited and proved safe (through things like code hashing), I fail to see how they can be trusted at all over, say, mechanical locks..
Tweeks
And your fear was proved real today.
I liked the part where Dave changed into a gynecologist.
Sweet video. I do post failure investigations. As part of that I find that recreating or researching possible scenarios to be extremely useful. This is exactly the sort of thing I do. To spend 3 months throwing crash test dummies out of vans to figure out the restraint failure. or a couple months on some G.F.C.I fault is pretty common.
Perhaps the solenoid might be susceptible to a strong magnetic field.
"DaveCAD" always cracks me up. :)
How about trying to remotely move the pin by moving a big neodymium magnet against the door?
Considered a neo mag but idk where to get a large one
Oh god when he had that cable unhooked I thought "I really, really hope he remembers to put it back in".
Then he forgot. *palm* oh man, I did something similar on one of those cheap safes. I knew it was coming but still, painfull lol.
Good thing he didn't get a TDR one.
Actually with the right tools he could have re-plugged the cable through the existing holes.
Dumb shit he is or rather was this vid is 5 years old.
Really funny,fun topic and just all round great episode.
8-bit EEVBlog Mission Impossible. Words I never thought I'd say.
They are pretty damn secure when you forget to plug the keypad in
wow this fail button couldn't be more appropriate, damn
djaysenpai Imagine it had been locked in the safe ! ;)
I'm so glad that someone else has days like these :) lol unlucky dude!
I love it when a push button lock has been in use for years and the buttons for unlocking it are all worn. Vegetable oil on the buttons would reveal which buttons were pushed without necessarily being noticed by the owner. This trick also works in some cases to detect if something was disturbed in your absence.
You didn't try:
Low voltage attack (brown out, slight power differences between the eeprom and processor, leading to "0" being read for all positions)
Power glitching attack (modulating the input power to cause glitches)
Power-up analysis (does it read the eeprom on initial battery attach?)
eformance a no-name Chinese lock in a similar style had the vulnerability of reading an I2C EEPROM at power up. The keypad was also connected via I2C, so you could trivially sniff the EEPROM data.
+eformance A low voltage attack? I would think the safe designers would have thought of that, simply because the safe runs on a battery. Otherwise, I could type in the wrong code, but by luck, it opened anyway because a dying battery confused the safe! For that matter, I could use a battery with a resistor or two, or bring one I know is almost dead.
Phil McGroin
Bear Grills ?
GexpGaminG
Vidste ikk' du så sådan noget!
Btw. det der build sammen med Asus og Corsair, bliver det til noget?
Så et Corsair 760T i bagrunden på et tidspunkt :-D
GexpGaminG I thought Steve Irwin lol
+V Singularity Three things... a sticky note reminding you not to lock yourself out...
"Beauty! Too easy! Haha"
Gets me everytime
Thanks for this video. I learned a lot about electronic lock safes.
you have a 3d printer you could of made a tool for the job
These locks are breakable via RF analysis .but you need 2 hours.
Jetset Willy This model in particular? Got any further info on that?
Its about the body thickness(and build material) not the lock mechanism.
One of my colleagues cracked the code in isolation room not sure of the model but the same size and same body thickness.
You're so much like me. Every single thing that you can do wrong in a project you do it :))))) I actually thought you reversed battery polarity when you locked it the first time.
But hey, this is what makes us special, being curious about stuff and asking that "what if", and more than that, actually putting that "what if" to the test to actually see the result.
I very much enjoyed this video , Thanks Dave :)
Could you not apply a voltage directly to the solenoid the same way you replaced the plug?
glenwoofit No, that's called spiking, and this lock is protected against that.
EEVblog you where able to get to the pins so you could spike the pins.
Graydon Treude He got to the solenoid pins after opening the safe, and then opening the lock mechanism... the safe is kinda already compromised at that point *facepalm*
TheHue's SciTech when he reconnected the pins from the out side he had total access to the pins from the out side
Graydon Treude Those were the keypad pins, not the solenoid pins. For goodness sake, he *specifically* went over this in the video, try watching the video.
What about trying to pull the solenoid pin inwards by using a magnet from the outside?
Crazy Hans The case is steel, it would shield the magnetism.
TheHue's SciTech Steel doesn't shield magnetism... You need something like Mµ metal for that. A giant electro magnet pulsed with high current and the handle being timely turned, should work; the question is, how many amps would you have to pulse to pull that spring back? If they were really smart, the pin isn't magnetic.
TheMrTape the pin has to be magnetic in order to allow the solenoid to pull it in...
TheMrTape Mu metal isn't something special, it just have a much higher permeability than steel. Both can work as magnetic shielding by essentially conducting the field around the shielded area, the higher permeability of the mu metal means you can use thinner sheets, but for very strong fields both metals would saturate(mu metal is probably more susceptible to saturation than the steel, actually)
Whether or not it would be possible to pull the plunger with an external magnetic field is hard to say the plunger may just stick to one of the other parts of the lock(And the lock may be designed to prevent such attacks). Either way, it probably isn't a practical attack. After all, the point is to either dissuade attacks or to make it to time consuming or expensive in resources to make it practical.
TheMrTape I would stuff it against one of those magnets they use at the junk yards to move crap around, should work a treat lol
Coolest video ever, the concept alone is awesome
Thanks Dave, really enjoyed this video.
Bob is not my uncle
He is now. ( ͡° ͜ʖ ͡°)
The milkman again?
Is there a lot of break-ins where you live?
CaptmagiKono No, quite rare.
EEVblog That is good, I would never personally need a safe like this for my junk. All of my money is with the bank, I only hope they have TDR safes with my money :P
CaptmagiKono It's Australia, they're too busy avoiding death from scary animals to steal from each other.
CaptmagiKono I don't need a security safe either. But the fire proof ones are handy for important documents etc.
CaptmagiKono Actually your money isn't safe at the bank. When you make a deposit you have given the bank an unsecured lone and permission to do what they will with it. Read the fine print.
Genius !!! You took a medium security age and made it totally invulnerable to electronic attacks.
Now the combination to get in requires a drill and metal screwdrivers.
I _KNEW_ you would forget to put the pin back in! I just knew it at the time you left it dangling! Oh boy!