BLOODY BRILLIANT thanks for the laugh, needed it🤘👹

wee bit late to the party and I'm not saying this as hate as I loved your story. but he does actually talk about your method twice, when he says about Alice having the crude option of opening up the lock to look and measure 15:31& 35:54

you are my hero, i'd love to get up to silly antics involving locks, but i know for sure i'll lose my apprenticeship when i get caught 😢

I agree. Other than your "shear line" caveat, well done. However, I would like to have seen mention of the ways to avoid "canyoning". Also, if you can get some unobserved moments, impressioning can often save a bit of time.

That is incradibly cool. And it also made me think of gone in 60 seconds for some reason

Happy to help!

Thanks! I enjoy giving them. I blogged about how I entered this field, BTW... deviating.net/words/?p=1096

thanks! :-) glad you liked it!

yup... thing is if you have a hole in the wall, you know an attack happend, if someone cloned a key, snuck in and snuck out with no obvious evidence you probably never know till say suddenly you find out like EVERY shred of confidential information you company had is now in public domain because someone snuck in, went hands on hardware and opened themselves a hole in your system

@catothewiser neodymium magnets are pretty strong, even small ones. The spinning magnetic disks are entirely separate from the keyway, which is the main source of dirt ingress. The only other source of dirt is between the cylinder and housing, which is generally a very tight tolerance and unlikely to let dirt in.

FiOS you instead of gratitude as do most of us such a but she is putting out some he is the great war even his physical security which is not his interview of the best researching the crypto awesome congregation is Alyssa professor is this academic tightally awesome to have a committee to Natalie's and professor down a U-Haul right near where I live in Philly

I think it also requires that Alice's key does not open any other door except hers. You will notice that the Master bitting is always the one alternative to Alice's key for that same pin. So this would actually be harder to pull off from a sub-master key, as then you might have to keep some of the bitting to your original key.

Technically, yes. If Alice's key has one bit in common with the master key, they could put in a master bit in anyway to lead her to a false solution. An interesting side effect if this is that would produce a key that unlocks exactly one other door. It would be really funny to arrange for all of the false solutions to open the same room. Inside the room is a guard whose only job it is to wait for someone to come in and get immediately fired.

yes, I a good example is my cubical mate has a key that can also open my drawer, so are keys are similar enough, but they have the masterpin, or we both have a master pin, and they have 2 on their key, etc etc. but this still only means another day with a few keys to learn the "True" master I guess, because for each pin, its either one, of the other (are maybe 3 if multi-mastered pins?)

With those 4 master pins, there are 2^4 = 16 keys that will open that lock. One of them must be the master to the whole system. The other keys could be sub-masters to a smaller group of locks. If you want to be certain, you might need to make all 16 keys.

I thought about this for a bit and in the given scenario, it is unlikely. Firstly, if her key has the master cut on that pin, there is no need for a master pin in the first place, so the pin stack would only have one shear line. For example, on Alice's lock, there is that three cut. Maybe that pin is also master keyed, but her specific key uses the master key cut on that pin. Again unlikely, since any master cut on a pin reduces the amount of available key bittings by ~4-5. Now what if there IS a master pin even though her key uses a master key value. We are working in a tiered system, after all. In that case, that would be the pin that distinguishes different master key classes, and she works at the lowest level of security, so it would be safe to assume that her key also uses that bitting and the other cut is the one for the top level key.

If you know shear line depths that *aren't* the master key (because they are visible on a change key) then you can eliminate those.

@@DeviantOllam Ahh ok, so to clarify, a master key will not have the same shear line depth on any of the cuts? Also thank you for the quick reply!

@@steepfrugut a change key should NOT share any master bittings with the master in a properly set up system... however its possible that it might in a badly setup system... i cant think of a reason a locksmith would do it on purpose other than to maybe make a copy harder since you might share some values but might not... but the number of possible keys is so low its not really a barrier to even a casual attacker

think dev likes the protec, i have evvas at home and my only complaint is what when we get HARD cold in winter they can become a little fussy... im guessing that many components with different thermal expansion and contraction that things dont line up quite right.. not had them refuse to open ever, but you can feel they arent totally happy... (or we got an eeeeh one)

Matthew Payne www.qtactical.com/easy-entrie-key-machine/

if you pay attention, you will notice every pin they choose is the alternative to hers her key requires that only her door opens with that key so by finding the other bitings that open that door, she's effectively finding a master key for that kind of lock

@@A_Wet_Duck Thank you for your reply... Honestly it's still not 100% clear for me, as a normal curious person that knows nothing in lockpicking / forging keys... Imagine that Alice starts with the master key... Without even knowing it... I mean, I would not. By your logic she would create a key that only opens her door at the end of the process...

Alice starts with the key that she has legitimately been given to use on only her door. She knows that her key is not the master key.

Alice's change key is 36235. First position: she finds there's a 3 and a 6. If the 3 is the master biting, that means Alice's change key is in fact a partial master that can open all doors with biting *6235. So she would have access to more places than she's supposed to. This could happen if someone messed up but it is very unlikely.

Christian Barnay the truth is that Al knows nothing and for $50K she ought to make one of every permeation of working possibility there is and make sure they work well in her own door before trying the alien.

nice Discovery! :-) And you are right, this is not a conventional way of building a master system. Typically, the top master key bitting values will include a mix of high and low it in cats so that some are above and some are below the bitting values of most if not all of the change keys in the entire system.

Ive seen this on 2 master keyed systems ive had keys for... i think its just lazy setup, probably building company employed locksmith being paid near dirt for his work so the company get what they pay for back in quality ...

it would... and would save a ton of time.. but also its wise to be aware its possible for a bitting to violate it, especially if whoever set up the mastering system was either very smart or very dumb... having a bitting on an important room thats functional but violates macs is a pretty great and VERY simple way to add some difficulty to copying a key.. not a lot but its a cheap way to add some complication to an attack

What is MACS? I'm a kid who learned how to rake but sucks at everything else...

To add to Mhairi, the TMK may be within MACS but the change key's bittings for the adjacent bittings plus the TMK won't. Matt Blaze's paper addresses this portion of the attack by saying that it is not a major problem because of the 1 time use of the test key therefore the chances of the key getting stuck is low.

peyton mcdevitt maximum adjacent cut system

I assume you would mostly use it to cut down the options. So if you had key A with 42643 that only opens door A and key X with 22463 that opens doors A, B, and C you could figure the different bittings (2_46_) are possible masters and make blank keys with those bittings and file down the last two to cut down on time.

Deviant Ollam and LPL have done videos together. LPL was there to learn. Deviant doesn't usually waste a lot of time picking locks. He decode, bypasses, disables, or avoids them more often than he picks them.

4 month old comment, but answering here in case anyone is wondering. Yes, the pins are pushed back down by springs. However, what lockpicking does is exploit the imperfections in a lock, in this case, the imperfection of the alignment of the pin chambers. In a perfect manufacturing process, the chambers of the plug would be perfectly aligned with the axis of the plug, and those are also perfectly aligned in the bible (the straight portion of the lock where the springs and driver pins reside). What happens in a lock in the real world, is those chambers are not perfectly aligned, so they bind when you force the plug to turn without a key, and they don't bind all at once, but in some sequence unique to the manufacturing tolerances that went into that lock. Which means one pin will bind before the others, and it can be lifted above the shear line, and the plug will turn just a little bit to keep the driver pin up while it binds on the next pin. Lockpicking exploits the manufacturing imperfections and tolerances of the lock. The better the manufacturing tolerances, the better the lock, but there's no way to have a perfect lock and maintain a large commercial production run. Drilling a series of holes that are aligned into a cylinder is hard, and the more precision means more cost. Some locks can have security pins that introduce the need for counter rotation when picking, which forces a picker to turn the plug back the opposite way in hope that they'll turn too much and cause pins that have been set before to become unset and need to be picked again.

I think perhaps I referenced our Ilco Ultracode. But Silca makes a great series of machines, too. Many brands do. The HPC Blitz is still the gold standard.

@@DeviantOllam Thanks a lot for the good quality info and the speedy response.

Thanks for the info. I knew that there had to be a "work-around" for proprietary keyways. Thanks.

Math checks out

Right, but that doesn't mean that any of those 32 keys can be the master key. If I understand this correctly, for any given pin the master height is guaranteed to be whichever one is not on your non-priviliged key, because they pick your key bitting randomly and the mastering pins represent the difference between your key and the master. The only exception I can think of is if the master happens to match your key at a certain position position and they include a randomly sized mastering pin anyway just to screw with you.

I don't think you were implying that any of those 32 could be the master, I'm just trying to wrap my head around this.

Not quite, I think it'd be 2^n where n is the number of mastered pins, so a mastered 5-pin lock with 3 mastered pins would have 8 keys.

This refers to the maximum/minimum change you can have between adjacent bitting cuts; if you have too big a change, it make the key/lock not work well and causes some issues with use!

Be careful that some key markings are not direct bitting codes but blind codes that need a codebook to translate into the corresponding bitting ( see en.wikipedia.org/wiki/Key_code ). That said, if you can get the bitting codes of several keys and accurately identify which are change keys (regular employee) and which are partial master keys (security agent, janitor) then you can first identify which positions are common to all keys and not mastered (like position 4 in the example of the video), then for the positions with varying values, you can cross out all values that appear on change keys and their neighbors. If there's only one value remaining, that's the master. If there's several remaining, you can look a partial masters for good candidates.

+technosasquatchfilms there used to be a BSides KC, not sure when it takes place or if it does any more

+DeviantOllam Cool, I will have to look in to it. Thanks!

technosasquatchfilms uh

well... magnetic viewing film shows magnetic fields, but not polarity. so you'd need to determine the north/south of things. and that's also possible, yes, but it does up the level of effort required somewhat.

It could be, indeed. Very interesting. I've seen that before, so it's not insanely rare... but I wouldn't call it the most common thing to have.

This attack is much more feasible if you are in possession of a change key or, at the very least, know it's bitting values. Because that low-authority key in a mastered system will *not* have master cuts on it. So the master depths are the ones you discover which are the opposite of the ones on a change key

1. Picking isn't surreptitious 2. picking doesn't tell you which is the master shearline and which is the user's change key shearline

MACS - Maximum Adjacent Cut Specification Basically, you can't have a super super shallow bitting cut on the key one position away from a super super deep cut. :-)

@@DeviantOllam It's really cool that you still answer questions on 4 year old videos. I'm pretty sure that you have an identical twin brother and you guys both play deviant, because there is no way one guy can do all the multitudes of crazy shit you accomplish.

DeviantOllam I was curious about alices key. A master key has to be a lower value than the non master key correct and as you said a one space master is way to thin and isn’t normally used so knowing these two things couldn’t you start out a lot closer to the master. Now I know a key will never be cut this way but for ease of reference let’s say alice key is cut 2-2-2-2-2. Now master has to be lower and more than one space could you not start out trying your master at 4-4-4-4-4

@@jamesfair9751 No, the master can be lower or higher, and in a good system at least some will be higher.

or with the "blank disk" option couldnt you do that in a low level pin tumbler lock too? just leave an empty hole?

The keyway on good disc detainers isn’t big enough to build something like that.

SHOULDNT is the important word there, its possible to occasionally find a lock that does, it usually wont be something too wild but could be a locksmith setting up a system had to get an extra door in on a system, the few ive seen tend to be on something lesser used like a utility space

She isn't - he's just explaining the theory of what you do to decode the master. In practice you're just skipping the combinations that would violate MACS. As he said - if you're not certain just skip and if you don't get it right then come back increasing MACS.

@@KB-mo3sx How are you supposed to know which bitting depths violate MACS? Is it just a fixed number of depths on either side of Alice's known bitting?

​@@Mriya6 It's set for a type of lock (tolerances in manufacturing etc). As long as you cut a key that doesn't violate macs it wont get stuck no mater the pinning of the lock. In short - the slopes on the key cannot be too high for it to push the pins up instead of sideways (force distribution). so you know you have: key 3 6 2 3 5 1st pin: 0 - no 0 cuts - NG 1 - as he said violates macs because there is 5 difference between 1 and adjacent 6 - NG 2 - only 1 difference from 3, so - NG 3 - known 4 - only 1 difference form 3, so - NG 5, 6, 7, 8, 9 - can be valid - in this instance it's a 6 At least that is how I understand it, I don't really have a lot of knowledge about locks - just approaching from logical process of elimination and engineering knowledge.

Best is an SFIC (Small Format Interchangeable Core) as someone who has built them and uses them the "control key" could be higher or lower than the change or master key and you would need to know all 6 or 7 cuts before it would work. But if you have access to a single core you can open it and get the "Control Key" bitting and then yes pull the core and turn the actuator

So like for schlage you use more #9?

BigDish101 I was taught to master locks at a complex i worked at. Took me a day to figure out how to use my lock if I lived there to make a master or approaches like this if I didnt

www.mattblaze.org

buy your own blanks

you file each cut on all keys. You only buy blanks.

you dont need 0s, for most locks you will not see a 0. just get a key with 1's and start there, if they ask, say you made a lock with all 1's because its your hobby

www.mattblaze.org/papers/mk.pdf www.mattblaze.org/masterkey.html

That is an incredibly plausible option, as well, yes.

Since you’re here, how did you do the lock animations? Just ppt or some more fancy after effects composition? Since its 4 years old - back than vs now

And... you would get a very fragile piece of plastic that would break off in the lock.

Depends on the kind of plastic you are using and your printers settings. You can absolutely print a key without having to worry about it snapping straight away. It wouldn't be a lasting solution, but for getting through a door once or twice, it works.

Don't forget that you could use a 3d print to cast a key out of metal

Intermediate Master Key? It is more commonly called sub masters. A typical master key system will have over 3,000 individual keys with over 1,500 sub masters. Which is the locksmiths job to not issue these keys unless required by the customer. You can have a cylinder that has a master wafer in each pin chamber. With a 6 pin system with a master wafer in each chamber will allow 32 different keys that will operate that one lock.

In a attempt to minimize the using of a existing key by taking a file to it is to use the shallowest cut in one of the positions on the Grand Master Key. This makes it a little more difficult to cut a customers key from being cut down to operate other doors since the position that's needed to be shallow is already cut deeper and therefore can not be made shallower.

Tylor B. Bumb key lol

Heh, well... Brute force in a logical sense, not a physical one. ;-)

@@DeviantOllam Ahh, jea! Of cause! Never thought about it in the physical meaning :-D