Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Students Release Code To 3D-Print High Security Keys

Posted by samzenpus on from the +10%-lockpicking dept.

Sparrowvsrevolution writes "At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage's attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads 'do not duplicate' printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5."

11 of 207 comments (clear)

  1. "Do Not Duplicate" by DexterIsADog · · Score: 5, Interesting

    Really? That makes them difficult to duplicate? On which planet?

    1. Re:"Do Not Duplicate" by DexterIsADog · · Score: 5, Interesting

      You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

      lol, how did you get modded insightful for something patently untrue?

    2. Re:"Do Not Duplicate" by Jah-Wren+Ryel · · Score: 3, Interesting

      on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

      That happens to be the same planet where you can just put a little piece of tape over the DND message, maybe write something on the tape so it looks like a label, and then nobody is the wiser.

      Or just go to a place like yelp to find locksmiths that don't care.

      --
      When information is power, privacy is freedom.
  2. Low-tech solution by Conspiracy_Of_Doves · · Score: 4, Interesting

    Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

    --

    Technoli
  3. Re:Long distance photo? by fuzzyfuzzyfungus · · Score: 3, Interesting

    I don't think so. A long distance photo is not going to give enough detail. You'll need a high resolution photo of the key.

    Wacky Fun!. That paper appears to deal with a less sophisticated key; but demonstrated successful attacks at 195 feet, with comparatively cheap apparatus.

  4. Uhm... not really impressive by dbitter1 · · Score: 5, Interesting

    Former locksmith here. The Primus (and nearly all of the other high security keys) are simply relying on patent protection to keep people from duplicating the keys. Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass (worst case) or just onto a normal key blank.

    If you want to see something that would impress me, look at a German company - DOM - that has a design that includes a floating ball bearing in the key, which is integral to making the lock work. If they could make THAT with a printer, I'd be impressed.

    One model:
    http://www.dom-sicherheitstechnik.com/DOM-ix-Saturn.667.0.html

    --
    For us carnivores, "Sucking the marrow out of life" isn't a transcendentalist philosophy but a practical instruction.
  5. patented blanks by gl4ss · · Score: 3, Interesting

    what the lock companies do is they patent the blanks.

    that's why lock companies come up with a new scheme every so often. and to buy those blanks you need to sign a contract that you wont copy without permission of the lock owner.. which is hard to check anyways.

    --
    world was created 5 seconds before this post as it is.
    1. Re:patented blanks by torkus · · Score: 3, Interesting

      This (mostly). You'll also see several of only selling additional blanks to locksmiths in an equal number to the customer codes they punch into their system. It's not perfect but it's another control

      Before the printing game this worked 100%...excluding the 'illegal' bootleg keys most locksmiths would buy from China...which are, of course, much cheaper. :)

      --
      You can get rich if you own a politician, but you have to be rich to buy one in the first place.
  6. Re:How quaint by Anonymous Coward · · Score: 2, Interesting

    I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

    How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

    The data on key cards can be replicated as well. Heck, even the new "e-passports" gaining popularity with governments around the world have been cloned in the past.

    Also, even locks that use key cards have mechanical elements. The bits can be secure as can be, but there may be physical ways to bypass the system.

    AFAIK, the only physical keying system that has not been hacked is Abloy's (non-Cliq) Protec. Short of drilling out the cylinder I don't think anyone has been able to get in without having a key. Or at least this was the case about a year ago (the last time I looked).

  7. You must not live in my jurisdiction by davidwr · · Score: 3, Interesting

    I my jurisdiction it is (or was, a decade ago) against the law* for a locksmith to copy keys that are both marked "do not duplicate" and which used blanks available only to locksmiths required the locksmith to go through paperwork to make sure the person requesting the copy was authorized by the lock-owner to do so. This typically involved asking the requester to provide the lock's "number" which presumably the lock owner had but which was not on the key or lock itself.

    Up until recent decades, one of the more practical ways to duplicate many security keys was to make a mold and build a key from it, like you saw in 1960s spy movies. Yes, that required physical possession, but it didn't require a locksmith.

    --
    *I'm not sure if the law has any real teeth, it may be just a "civil fine" or it may just open up the locksmith to civil liability if the key is misused, much like if a bartender serves a drunk person more booze and they drive and kill someone, the bartender can be sued by the victim's family.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  8. Re:How quaint by Anonymous Coward · · Score: 2, Interesting

    Overcoming 3D printers is simple.

    Make the key a box channel with the pins inside of it. Not a U-channel, a full box channel. No angle of visibility from the outside can image the functional workings of the key. And likely, an inner channel impression would not give you a good reading either.

    Making new ones would be a bitch, but, hey, I bet 3D printing could help with that. Generate pin shapes based on a GUID, and you're golden.