I wonder what makes it take a minimum of 0.7s per combo, it seems like it could be sped up substantially.
Further, while standing somewhere for five minutes may be obvious in some situations, there are many cases in which it wouldn't be obvious at all, or the response time would be great enough that this could still be quite useful to bad guys.
Finally, "security through counting on slow hardware" is probably even worse than security through obscurity.
Even if the person is stone guilty I don’t think the police should be willy nilly destroying property in the process of serving a warrant.
I know much of the focus is rightly on increasing accountability for the damage done to humans, but I always cringe at the thought of how much damage they can cause while performing a search. Imagine if your kid, or roommate had a warrant and they came in, smashed all your drywall and left you with the bill.
The fact that law enforcement isn't responsible for damages during a search is problematic. When it's done somewhere when they've screwed up the address is even worse. "oops, sorry" should not be enough.
FTFY
Besides being for fun, the main draw seems to be that it picks the lock _and_ gives you the bitting. So if you lose all your keys, your locksmith is now in and can easily remake keys without swapping out the lock core.
There may be cases were it's (much) cheaper to pay a locksmith to stand there for ten minutes and spend a few minutes at a key machine, rather than pick a lock in 30 seconds and spend 10 minutes installing a $100 high end lock cylinder.
Law enforcement can use pick guns, which will open a large majority of door locks, if they don't want to just use a battering ram for some reason.
There are a ton of legitimate reasons to use lock picks, though - being able to use a pair of paperclips, or office supplies, can get you into network cabinets in a pinch, or if you lock your keys in your house or car and have a pick kit in your wallet. If a friend has an emergency and they know you can do it, it can save locksmith fees. Kids can lose keys in astonishing ways.
And the hobby is fun - it's manual dexterity, skill, obscure technical knowledge, and you gain an appreciation for all the lockpicking content out there, and get to see the brazen plot devices when movies portray lockpicking in ridiculous ways. There are engineering attempts at creating unpickable locks with some awesome youtube videos, with engineering geeks creating elaborate locks and shipping them to the lockpickinglawyer or other content creators.
It's also important from an educational standpoint. Knowing how secure you are is important, because assumptions can lead to tragic results. If you have a glass door, it doesn't matter if you've got a million dollar unpickable lock. If you know how trivial it is to open most padlocks, and what form factors of locks are most susceptible, you can make better decisions about securing storage units, trailers, outdoor gates, bikes, and so forth.
A device like this is a novelty, not a serious security threat, and I'd argue the threshold for building it exceeds the threshold for which there are a thousand other trivially accessible ways of bypassing a given lock. There are tools similar to this device in spirit, in which you set pins for a key type manually with the key inserted, and with a little practice, will get you through a door in under a minute.
Start here and enjoy! https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ
I see comments like these all the time on Reddit and Hackernews. Hackers are like, "locks aren't security, a sledgehammer breaks them" and it appears to betray a mental threat model of "what if the cops want my thing" and never "what if someone wishes to do me harm while I am in my house" or "what if a criminal wants to not get caught taking my things" or "what if someone wants to lie in wait in my house", which are not risks to these commenters. They are to a lot of people though.
This isn’t the movies. 99% of the time people need their own lock picked because they lost they key
- lock picking hobbist
- snap gun
- sledgehammer
And you simplified their comment to "locks aren't security because a sledgehammer breaks them" then proceeded to describe threat models where a sledgehammer doesn't work in detail. It's not a very constructive discussion.
Lock companies put out a lot of advertising to make it seem like their products work far better than they actually do.
You need more than that to prevent theft. They are like the first layer of an onion.
They keep honest people honest and give a few moments more work to those that are dishonest. It's a promise to society that you'll act decent. Needless to say they mean nothing to those that break promises.
In almost all cases, with a lock or not, by the time you figure out the lock is broken (10 minutes or 10 days) your shit is long gone and you better have your security onion setup with multiple layers if you want the foggiest idea what happened.
If you have an above average risk of having your shit stole or becoming under attack you better have a whole shit load more layers in your defense or you're screwed.
I live in a pretty low-crime area. From time to time, residents complain about things being stolen from their cars. Every single time that I've seen, the cars have been unlocked. A thief certainly could smash a window to steal from a locked car, but the thieves around here seem to be opportunistic and won't go that far.
It does nothing for the type of criminals that work in groups and steal tires of 50 cars at once, or whatever soup de jour of automobile parts they want at that moment.
I wasn't addressing picks at all. My opinion there is that it's the lock maker and lock owner's responsibility to resist picking, and the rest of us have no obligation to keep it more difficult by not making tools.
100%, especially while driving as you say. When teaching my daughter driving I tell her to watch for people other people breaking the law/bad driving in other ways and distance yourself from them. The probability of them doing something else stupid in the next few minutes when your in their vicinity approaches unity, and it reduces your chances of being what they hit.
Ninja assassins are low on the list of possible threats, but never zero.
The biggest risk to me personally is the junkies and porch pirates, so signs and out of reach and very visible cameras have gone up to make them uncomfortable and feel too paranoid to mess with the locks.
Rayleigh criterion: to resolve an angle of 4E-6 rad (key bitting step is 0.015inch =~0.4mm , two blocks is 2 * 200ft =~100m), you'd need a ~140mm aperture lens. Can you really buy one (with a camera no less) for $200?
Anyway, locks and keys are inconveniences that keep people from casually abusing civil boundaries, is the point, and not all reasons for overcoming those are nefarious.
A covert camera placed near the keyhole is probably a better solution anyway, because most people don't flash their keys when just walking on the street (maybe when unlocking a car, but with keyless that's becoming rare).
I suppose serious defenders will need to get an EVVA MCS, if that's their threat model :-) Just don't let the really serious lockpickers near the lock with a contact microphone.
https://www.evva.com/int-en/products/mechanical-locking-syst...
Easy picks can mess with that. If I can open this with my tools in two shakes of a lamb's tail because the tolerances are far too big probably that guard doesn't notice, whereas if I'm there heaving and grimacing for ten minutes, or I need a sledgehammer or an angle grinder, they'd have to be completely moronic not to realise I'm not on the up-and-up.
Security through locks doesn't work in the first place. At least not locks that can be picked by this robot. Pick gun is a thing.
Locks are very good at discouraging honest people and lazy, opportunistic people. They are not very good at discouraging generally skilled and motivated people, or people who are specifically interested in what's behind a specific door.
Locks are no obstacle if the intruder is willing to use social engineering. But if all they're trying to do is get into my garden shed, they're going to have to manipulate me or my spouse. Or somehow get past my dog. Meanwhile, my dog has absolutely no bearing on a bad actor getting access to my bank account. But similarly, bringing the full might of the best electronic security to bear to protect a chainsaw and a rake seems a bit excessive. And sort of beside the point, since I've not built my garden shed to withstand creation of an additional door (by e.g. a sawzall or a fireaxe).
You can cut virtually any padlock with a battery powered angle grinder or battery powered hydraulic bolt/rebar cutters in under 30 seconds, there’s hundreds of YouTube videos that demonstrate it if you want to see for yourself. Lithium-ion battery powered tools changed the game.
Locks do not provide real physical security, they just keep honest and lazy people out.
Really?! I had no idea! I had such a miniscule understanding of what portion of the threat space locks address that the second sentence in the very fucking post you're replying is this:
> Locks are very good at discouraging honest people and lazy, opportunistic people.
I'm so ignorant of the threat space, that the sentence immediately following that one goes:
> They are not very good at discouraging generally skilled and motivated people, or people who are specifically interested in what's behind a specific door.
I guess you're right, the two sentences I wrote 76 characters before the one you're shitting all over as evidence of my ignorance have absolutely no bearing on the context of the statement I made. They just exist entirely disconnected from any other sentences in that same post. I bow to your superior intellect and analytical skills.
[0] Blog about it: https://joeleb.com/safe-cracking-robot-defcon/
[1] Defcon video: https://www.youtube.com/watch?v=v9vIcfLrmiA
Somewhat less impressive than I was expecting. The wire idea is neat though.
Or discover when locks are built really badly: https://www.youtube.com/watch?v=yeDcOhWvq7I
They are a kinetic attack on the pins, but they don't shear or shatter them.
Two of them in total, if I counted right.
I registered my first account in 2011 or so and even then it had plenty of "pro-big corporate" energy here.
"One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations."
Pick a fight with a room full of pedants snicker snicker.
The modern acception focused on online computer security came much later. That meaning is neither the one used in the name of this site nor the one that would be relevant to this conversation.
To summarize: today's hackers are also yesterday's hackers, but yesterday's hackers may or may not be modern hackers.
They did retract they record for its lack of objectivity.
> In the sense of the word that means people who write code, not people who break into things
It would be like if you were going over a list of pros and cons and when you got to the cons some guy was like "wow, you work with criminals, huh?" Then you tell him not that sort of con and he says "yeah, typical nerd bickering".
C'mon.
Hopefully these people do realize that a lock is a promise saying "you belong to a society, be nice". They do very little beyond that, especially these days with small, powerful powertools.
Instead of assuming the person you're chatting with is talking about slavery, and then when they clarify they're not talking about slavery, and you saying that it could be about slavery, you could just as easily say, "oh I misunderstood you". Sometimes humans have misunderstandings. Languages are messy. Just let it go.
You're free to leave only if another country accepts you which is not a given.
Your agreement is irrelevant. Have you registered for selective service? Paid taxes? Have a drivers license? Check youtube for "sovcit traffic stop" to see what happens when people think they can live independent from the rest of society. The Amish must obey traffic laws just like everyone else.
>> Also I'm free to leave.
Nope. Many an american has fled to canada to avoid taxes/draft/jail. They are caught eventually. Citizenship is not property. You cannot just set it aside when you dont agree with its obligations. There is a process for leaving. It isnt short, easy, cheap or in any way guaranteed.
Maybe when attacking a padlock on a highschool locker, or the door on an amazon-basics "safe", but try attacking something not primarily designed to be cheap/light. Try cracking the door on a money safe at a substantial business, a safe approved by an insurance provider for the storage of large sums, Even an ATM will resist power tools far longer than it will take the cops to show up.
It'll also spit in your face with a paint that's incredibly hard to wash off.
This is not true.
This site stopped being Startup News just like Facebook became the 'metaverse' overnight.
Now, the robot is hardly something you put together between dessert and coffee. Someone building this must have a live for hardware and lockpicking is just a pretext.
And think about the cats!
We are made to be technical tinkerers, playing with tech, seeing if sending that input to that program will crash it. I see it not as a moral issue but as a technical skill, to understand how to work with systems, explore what doesn't work. That way you gain skills in how to make things work better.
> In the sense of the word that means people who write code, not people who break into things
https://github.com/etinaude/Lock-Picking-Robot/tree/main/ima...
I was surprised that those thin copper wires can actually push the pins up, I thought they would slide off to the side or compress themselves against the more solid/rigid pins.
But… does it do commentary like “one is binding”, and does it try twice to see if it was a fluke? :)
It could do the "what I have for you today ..."routine though!
Or McNallyOfficial's.
The devil is in the details though, there are some subtle features that need to be incorporated into the mechanics for the sputnik to work right. I have built a sputnik from scratch before, only after talking to Oli Diederichsen at a LockCon did I get some additional clues.
Also, I think there are plenty of other interesting things one could do besides brute forcing the lock with a simpler tool. Falle Safe has a single-wire variant on this for decoding locks. Again, the devil is in the details, just ramming wire up a pin stack doesn't get the job done.
Great work by the author.
[0] Lock bumping (Wikipedia): https://en.wikipedia.org/wiki/Lock_bumping
A friendly competition to see who can build the fastest robot that can open a small range of the most commonly used locks.
Those darn electrocutor locks! Best laugh this week :D
On the mechanical side there would certainly be some challenges (having to work within a key that's all the deepest cuts, using something that could push up to "shallowest cut" level without deforming, general structural strength problems) but once you had a viable insertable key portion built you might be able to read a lock based just on the amount of spring resistance at each pin. You could also provide tension while probing for pins under tension. If covert agencies don't already have pretty portable devices like that it's because they don't care enough to create them not because of some true technical problem with doing so.
Access to computers - and anything which might teach you something about the way the world really works - should be unlimited and total. Always yield to the Hands-On Imperative!
All information should be free.
Mistrust authority - promote decentralization.
Hackers should be judged by their acting, not bogus criteria such as degrees, age, race, or position.
You can create art and beauty on a computer.
Computers can change your life for the better.
Don't litter other people's data.
Make public data available, protect private data.
I've seen too many Lock-Picking Lawyer videos.
Tones of fun to work on
For my other projects check here: https://etinaude.dev/
rather inelegant, similar to an autodialer for safes.
i was hoping to see something that worked like a human lockpicker!
JKCalhoun•3w ago
Maybe like this wild machine: https://youtu.be/CLcOZhq2GjQ?si=LJktKRzeHPRyXcXR&t=155