Bumping locks

How to open Mul-T-Lock (pin-in-pin, interactive, 7x7), Assa (6 Twin), !"M (ix, #imple wit$ %all), L&'( ("ctro #imple), )vva T(*, &()" (#imple + stan#ar#), *or%in, ',a,,en$ain an# a variet- o, ot$er expensive mec$anical locks wit$out su%stantial #amage, usuall- in un#er . secon#s, wit$ little training an# using onl- inexpensive tools/ Barry Wels & Rop Gonggrijp Toool - The Open Organization Of Lockpickers
barry@toool.nl, rop@toool.nl

Last revision: Jan ary !"# !$$% http://www.toool.nl/bumping.pdf A%stract

&n this paper 'e (escri)e an n(eresti*ate( lock-opening techni+ e )y 'hich a large variety of *echanical locks can )e opene( + ickly an( 'itho t (a*age )y a relatively ntraine( attacker, -*ong other things 'e e.a*ine ho' this 'orks# 'hy it 'orks )etter on so*e locks than on others# 'hether one co l( (etect that this techni+ e 'as se( against a lock an( 'hat the lock-in( stry co l( (o to protect ne' locks against this techni+ e, /n(erstan(ing the threat of this ne' *etho( of *anip lating locks is of a((e( i*portance )eca se 'e have fo n( that this *etho( act ally 'orks better on the *ore e.pensive *echanical locks generally consi(ere( to )e *ost resistant to *anip lation,

're,ace 1 2$- pu%lis$ t$is3

We (eci(e( to p )lish 'hat 'e kno' a)o t this *etho( )eca se 'e feel those that (epen( on the sec rity of locks 0or any other piece of technology for that *atter1 nee( to )e a)le to contin o sly re-eval ate their sec rity having f ll kno'le(ge of any threats, This v lnera)ility is si*ply too generic: it affects *any locks an( cannot )e 2fi.e(2 )y a single lock *an fact rer 'orking in secrecy ntil a ne' an( )etter lock can )e release(, -ltho gh 'e have f rther refine( the *etho( 'e 'ere originally sho'n# 'e (i( originally learn a)o t it thro gh a p )lic appearance )y 3la s 4och, -n( 'e notice( yet other people kne' ho' to *ake it 'ork even )etter too, &n other 'or(s# this kno'le(ge is 2o t there2# the cat is o t of the )ag, Given these circ *stances# rather than allo'ing kno'le(ge of this *etho( to sprea( slo'ly a*ongst those that co l( attack nkno'ing victi*s# 'e (eci(e( to p )lish so that facility *anagers can re-eval ate their sec rity an( see 'hether a((itional sec rity *eas res nee( to )e taken at so*e locations, &f yo (isagree# 'e enco rage yo to rea( 567 an( 5!7 for a *ore thoro gh n(erstan(ing of the (isc ssion on 'hether or not to p )lish infor*ation (escri)ing sec rity fla's )efore engaging in any heate( (e)ate, 6

4
4/0

&ntro#uction to locks an# lock securitHow locks work

8in t *)ler locks# fro* the cheapest to the *ost e.pensive all 'ork in ro ghly the sa*e 'ay, The key sli(es (o'n the key'ay in the inner cylin(er of the lock, -s it *oves# the c ts in the key *ove stacks of t'o or *ore pins# *oving in holes (rille( thro gh the o ter an( inner cylin(er, 9*all springs )ehin( these pins p sh the pins )ack after a high point on the key has passe(, When the correct key is all the 'ay in an( the 2sho l(er2 of the key rests against the inner cylin(er# all the gaps )et'een the pins insi(e the lock align on the 2sheer line2# an( the inner cylin(er is free to t rn,

8hotos co rtesy of :att Blaze

The pict re a)ove sho's a 2c t-a'ay2 version of a si*ple pin t *)ler lock 'ith the correct key inserte(, ;or a * ch *ore thoro gh intro( ction to the inner 'orkings of locks# please refer to 5<7,

4/4

'icking locks

Lock can )e 2picke(2, - skille( operator can se tools to feel an( *ove in(ivi( al pins in the lock, Lockpicking allo's one to open a lock )y e.ploiting the fact that the pin stacks are never perfectly aligne(, This ca ses so*e pins to )e st ck )et'een the inner an( o ter cylin(er )efore others, Beca se of this# one can feel that certain pins are correctly aligne( )efore all the pins are aligne(, -n( )eca se the o ter pins that 'o l( ja* )efore others 'ill re*ain on the o tsi(e of the inner cylin(er after the lock is t rne( slightly# one can s ccessively place the pins in the correct position an( open the lock, Lockpicking takes + ite a )it of practice, -part fro* intelligence professionals# cri*inals an( locks*iths practicing it# lockpicking has )eco*e a reg lar sport# co*plete 'ith official cl )s an( cha*pionships6, Lock *an fact rers have (efen(e( ne' locks against picking )y inserting so-calle( 2* shroo* pins2# )y *aking key'ays narro'er 0provi(ing less space for tools1 an( )y lo'ering the *echanical tolerances of the lock *an fact ring process, 09ee pict re of =>>- lock on page ?1 Going over the (etails of locks an( lock picking 'o l( )e o tsi(e of the scope of this paper, 8lease refer to the @:&T G i(e to Lock 8icking@ 5<7 if any of the a)ove is nclear,

9s(ev 09portsfre n(e (er 9perrtechnik Ae tschlan( e>1 in Ger*any an( Toool 0The Open Organization Of Lockpickers1 in The 4etherlan(s,

4/.

T$e snapper pick, lockpick gun an# vi%rating tools

-nother *eans of opening locks 'itho t the key is )y sing a snapper pick# lockpick g n or vi)rating tool, These (evices all e.ploit 4e'ton2s la' that says that for every action there is an e+ al an( opposite reaction, :ost people are fa*iliar 'ith 4e'ton2s cra(le# a (evice 'hich is often se( to (e*onstrate this la', &f a )all all the 'ay on the left or right si(e is lifte( p an( let loose to colli(e 'ith the ro' of s spen(e( )alls# this )all 'ill transfer all its energy to the ne.t )all an( so forth# ntil the )all on the other en( *oves to s'ing a'ay fro* the other )alls, When it s'ings )ack# the process is reverse( an( the original )all s'ings p, The sa*e principle can )e o)serve( ( ring a ga*e of )illiar(s: one )all hits another one# an( this )all contin es on'ar( 'hereas the first )all no' lies still, This principle can )e se( to open locks: if i*p lse energy is transferre( to the first pin# it 'ill ten( to stay in place an( the secon( pin ten(s to *ove a'ay fro* the first one# ntil the spring stops it an( p shes it )ack to to ch the first pin, - 2lockpick g n2 s ch as the one sho'n )elo' 'ill# 'hen the trigger is p lle(# tension a spring an( then 'hen the trigger is p lle( all the 'ay se the force of that spring to snap the nee(le p for a short (istance# ) t 'ith a very sharp an( po'erf l *otion, By positioning this nee(le into the lock# j st to ching the pins# an( then p lling the trigger# one tries to hit all the pins si* ltaneo sly, By then *aking the lock t rn in the split-secon( )efore all the pper pins are p she( )ack )y the springs in the lock# one can open the lock, The a*o nt of t rning force an( the ti*ing 'ith 'hich to apply it re+ ire so*e training, >i)rating picks se the sa*e principle e.cept *any ti*es a secon(# re+ iring less training on the part of the operator, - snapper pick is the si*pler version of a pick g n, The lock in( stry has create( locks that are *ore resistant to this techni+ e, :ore resistant locks have narro'er key'ays# preventing tools fro* )eing inserte( in the first place# an( *aking it har(er to transfer the i*p lse energy to the pins, :ore resistant locks also have s*aller tolerances# creating less space for the pins to )o nce aro n(,

lockpick g n!

snapper pick<

&n this case a special g n# *a(e )y 3 rt B hlke, The hea( on this g n can )e reverse( to snap either p or (o'n# allo'ing picking of 2= ropean style2 locks 'here the pins are p she( p )y the springs, < &*age taken 'ith per*ission fro* @Locks# safes# an( sec rity@ 5C7# page %?D

<

.
./0

Bumping locks
Histor-

B *ping# so*eti*es also calle( 2Rapping2# has )een a kno'n techni+ e for at least the past %$ years, - ) *p key is (escri)e( in :arc To)ias2s reference 'ork @Locks# 9afes# an( 9ec rity@ 5C7 on page "$<, ;e' people se the techni+ e# an( the *etho( (oes not see* s ccessf l against a large n *)er of locks nless the 2*ini*al *otion *etho(2 (escri)e( )elo' is se(, Once correctly se(# 'e fo n( this techni+ e to )e i**ensely po'erf l# allo'ing a large variety of locks to )e opene(, We (i( not invent this techni+ e# an( others pro)a)ly tho ght of so*e of the sa*e refine*ents 'e (i(, We (o feel ) *ping is n(eresti*ate(# an( this paper e.ists to point to its effectiveness,

./4

'rinciple + Bump ke-s

9o 'e have a )asic trick to open a lock )y *aking the secon( pin j *p a'ay fro* the first# ) t no efficient *eans to apply this energy to the )otto* pin, -s it t rns o t# the )est 'ay to transfer energy to the pins is sing a key, ;irst of all# 'e nee( a 2) *p key2 for the lock in + estion, - ) *p key is a key in 'hich all the c ts are at *a.i* * (epth, The pict re )elo' sho's ) *p keys for vario s locks, B *p keys are so*eti*es calle( 2EEE2 keys )eca se all c ts are at *a.i* * 0E1 (epth,

-s yo can see yo can c t ) *p keys for )oth reg lar pin t *)ler locks as 'ell as for 2(i*ple locks2# 'hether 2pin-in-pin2 or not, J st re*e*)er to take a'ay all the *aterial that co l( )e taken a'ay )y the (eepest co*)ination for that position, There are *achines that 'ill c t a key )ase( on the n *)ers that represent the (epth at each position, Faving access to s ch a *achine spee(s p the process of creating a ) *p key that has the c ts in the e.act right position# altho gh one can also se a file an( a stea(y han( to create one, B *p keys# once c t# can )e copie( on reg lar key-c tting e+ ip*ent, Go (o not necessarily nee( to have an nc t key 0calle( 2)lank21 to *ake a ) *p key: )eca se all the c ts of a ) *p key are at *a.i* * (epth# any se( key for a given lock can )e converte( into a ) *p key,

./.

T$e pull-%ack met$o#

4o' there are (ifferent *etho(s for sing s ch a ) *p key to transfer force to the pins insi(e the lock, When 'e first learne( of the *etho(# 'e 'ere tol( to first insert the key all the 'ay# an( then p ll it )ack one pin, Then# hit the )ack of the key 0the part 'here yo nor*ally hol( on to it1 'ith a soli( o)ject s ch as a ha**er# an( then t rn the key a split-secon( later, We fo n( the e.act ti*ing for the t rning of the lock to )e critical# re+ iring + ite a )it of practice, While this *etho( 'orke( on so*e locks# it (i( not 'ork on a great *any others, -*ong other pro)le*s: 'hen keys ha( very (eep c ts# the trick ten(e( to not 'ork either )eca se the pins 'o l( still )e p she( in too far )y the parts of the ) *p key )et'een the (eepest points,

./5

T$e minimal-movement met$o#

4or*ally# if yo insert a key all the 'ay into the lock# the pins insi(e the lock to ch the (eepest point of the c t in the key at the point 'here the sho l(er of the key *akes contact 'ith the inner cylin(er of the lock, By filing a tiny )it of *etal off )oth the tip an( the sho l(er of the key# 'e can create a ) *p key that can go j st a little )it (eeper into the lock, When s ch a ) *p key is inserte( all the 'ay into the lock# it 'ill )e p she( o t again a tiny )it )y the force of the springs insi(e the lock# ntil the pins again rest on the (eepest point in the key c ts, We fo n( filing off )et'een $,!% an( $,% ** 'orks )est# ) t yo *ay 'ish to e.peri*ent for the )est res lts, We fo n( it is very easy to take off too * ch, -ll yo nee( to (o is *ake s re that 'hen the key is in all the 'ay# the pins to ch the si(es of the c ts instea( of the )otto*s, 9eeing the key )e p she( )ack a fraction of a *illi*eter )y the springs in the lock *eans yo have file( a'ay eno gh *aterial fro* the sho l(er,

B *p key, 4ote that tip an( sho l(er are not yet *o(ifie(,

4o' that 'e have o r ) *p key# 'e nee( to hit the )ack of the key 'ith so*ething that applies the right a*o nt of i*p lse po'er# 'itho t having so * ch 'eight that it 'o l( (a*age the ) *p key or the lock, We se a special ) *ping tool ) ilt )y 3 rt BHhlke calle( the To*aha'k# ) t anything 'ith not too * ch 'eight an( prefera)ly also so*e s'ing# s ch as a ( ll )rea(-knife hel( )y the )la(e or the han(le of a ha**er co l( also 'ork,

- pict re sho'ing the gap )et'een the lock an( the sho l(er of a 2*ini*al *ove*ent2 ) *p key,

The ) *ping of a lock sing the 2To*aha'k2,

9o*e keys (o not have a sho l(er: s ch is the case 'ith the : l-T-Lock keys, &n this case# the (epth of the key'ay (eter*ines ho' far one can insert the key, To create a ) *p key# one 'o l( theoretically only nee( to c t off a )it fro* the en( of the key, Fo'ever# the en( of the key an( the insi(es of the lock 'ere fo n( to )e too fragile to 'ithstan( the repeate( ha**ering 'hile 'e 'ere trying to open the lock, Oliver Aie(erichsen ca*e p 'ith an innovative 'ay of *aking s re the key 'o l(n2t go too (eep, Take off a piece at the en( to allo' for the key to go f rther in# an( then c t a gl e stick in t'o# an( gl e the t'o half-ro n( pieces to the key after heating the* eno gh to *elt a )it of the gl e, &n so*e cases# *ost nota)ly 'ith so*e (i*ple key locks# the force nee(e( is s*all eno gh that one can hol( the ) *p key )ack )et'een one2s fingers: no nee( for gl e or anything else,

./6

Multi-principle locks

9o*e locks e*ploy t'o (ifferent principles# s ch as the -ssa T'in "$$$, This is a very sec re lock# an( one of o r for*er favorites, One part of the lock is a reg lar pin t *)ler *echanis*# 'hile another part is a si(e)ar *echanis*, -ltho gh ) *ping 'ill s ccessf lly attack the pin t *)ler part# the si(e)ar *echanis* hol(s, /nfort nately# it looks like *ost T'in "$$$2s sol( in a certain region have the sa*e si(e)ar# to allo' for locks*iths to store pre-c t si(e)ar )lanks for copying, &f this is the case# one co l( si*ply c t a ) *p key o t of any key 'ith the correct si(e)ar for a region,C

By the 'ay: (i( 'e *ention 'e collect si(e)ar profiles of the -ssa T'inI &f yo have a key# please *ail a (etaile( pict re of it# co*plete 'ith the region 'here yo )o ght the key# to barry@toool.nl

"

./6

'ro%lems

&t is very easy to (a*age the lock an(Jor the ) *p key sing any ) *ping *etho(, The force nee(e( to transfer eno gh i*pact energy to the pins can ca se the sho l(er of the key to *ake a (ent on the front of the inner cylin(er# as sho'n )elo', The photo of the L&89 OKTRO ) *p key sho'n to the right sho's the res lt of the forces on the sho l(er# an( also sho's (a*age to the (i*ples fro* repeate( ) *ping, :ore serio sly# ) *ping can ca se *inor (efor*ations# ca sing the ) *p key to get st ck in the lock, /s ally e.tra force 'hen p lling it o t helps to re*ove the ) *p key# ) t in so*e cases it can get very st ck, The ) *p key sho l( )e *a(e o t of the har(est *etal availa)le: softer *etals 'ill + ickly (efor* at the sho l(er# ca sing the ) *p key to go too (eep an( not 'ork, We pre(ict a large *arket for har(ene( steel ) *p keys for the pop lar high-sec rity cylin(ers, -lso# so*e locks 'here the inner cylin(er is *a(e o t of softer *etals can )e (a*age( + ite easily )y the sho l(er of the ) *p key,

./7

7e,inements + &#eas

One co l( envision a 'ay to cla*p the key )et'een t'o pieces of *etal# possi)ly attache( to a s*all r ))er )lock that to ches the lock, This 'ay one co l( hit the key 'itho t i*pacting the lock in the sa*e (a*aging 'ay the sho l(er of the ) *p key (oes, The r ))er 'o l( )e chosen s ch that it 'o l( (efor* only )y the fraction of a *illi*eter nee(e( for ) *ping to 'ork, 9ho'n is Jort 3naap2s sol tion for a : l-T-Lock &nteractive# ) ilt o t of t'o nylon 'ashers an( a piece of har( r ))er 'hich 'e have fo n( to co*pletely prevent (enting, ;or the ti*e )eing# p tting either a thick r ))er )an( s ch as se( in the postal syste* or a tie-'rap )et'een the sho l(er an( the lock see*s to prevent or (i*inish (enting, 0White tie-'raps see* to )e the to ghest# an( one can tie it tho gh the key-ring hole on the key to keep it in place,1

)xpensive locks

We2ve notice( ( ring o r e.peri*ents that the *ore e.pensive a lock 'as# the better this *etho( 'orke(, B *ping 'orks on so*e high-en( locks 'e never tho ght co l( )e *anip late( easily# an( can )e very har( or i*possi)le to get to 'ork on very ine.pensive locks, There are a n *)er of reasons for this, ;irst of all the *ore e.pensive locks are *a(e o t of har(er *etal# ca sing less (efor*ations on i*pact, Then e.pensive locks also have tighter tolerances# allo'ing for s*oother *otion of the parts insi(e, The fact that so*e of these locks have narro'er key'ays that )lock nor*al tools (oesn2t )other s: o r ) *p key (oesn2t nee( *ore roo* than the nor*al key, &n fact: the s*oother everything is# the less of the i*pact force is 'aste(, 9o it looks like everything that se( to *ake a lock 2goo(2 'orks in favor of this *etho(# ) t 'e s spect a large n *)er of less e.pensive pin t *)ler locks to also )e v lnera)le, We have either ) *pe( or personally 'itnesse( the ) *ping of the follo'ing locks 0in no partic lar or(er1: -ssa T'in "$$$ : l-T-Lock pin-in-pin : l-T-Lock interactive : l-T-Lock ?.? L&89 Octro L&89 3eso AO: &L 3G AO: %-pin =>>- T9K Beiss &3O4 %-pin Kor)in %-pin &K=O (i*ple A,L,K, %-pin Lince (i*ple -B/9 %-pin 8faffenhain G=G= -8<$$$ >achette Ko(e*

&mportant #isclaimer: please note that the a)ove list (oes not *ean to i*ply that every cylin(er of a na*e( )ran( an( type 'ill open rea(ily sing ) *ping, Locks are e.pensive an( 'e are not a co**ercial testing la)# so 'e have ha( only a very li*ite( n *)er of testing locks availa)le to s, The presence of a lock in the a)ove list j st *eans ) *ping 'orke( on at least once on a cylin(er that 'e ha( access to, To s this *eans that type of lock is at least s spect# an( f rther research is nee(e(, -lso# it is very pro)a)le that a great *any locks not on this list are v lnera)le too, -lso note that 'e have seen locks that ) *p open + ite easily a n *)er of ti*es# an( then for so*e reason )eco*e ver- har( to ) *p# even tho gh the reg lar key still 'orks,

8orensics

Lock forensics is# a*ong other things# the science )ehin( kno'ing 'hether a lock 'as opene( sing *anip lation, Lockpicking# for instance# often leaves tiny scratces on the pins in places 'here the reg lar key 'o l( not scratch, The first sign that a lock 'as ) *pe( is the (ent *a(e on the o tsi(e of the inner cylin(er )y the sho l(er of the ) *p key, B t as previo sly (isc sse(# there are 'ays to *ake s re this (enting (oesn2t occ r# an( in so*e cases# s ch as the : l-T-Lock ) *p key 'eMve sho'n# no (ents 'ill )e *a(e on the o tsi(e, -lso )e'are that )oth ol(er an( softer 0cheaper1 locks 'ill have a (ent there even if they 'ere never ) *pe(, Looking at the pins on the insi(e of a ) *pe( lock co*pare( to pins fro* a lock that 'asn2t ) *pe( sho'e( no (ifferences that co l( )e (etecte( )y the nake( eye or )y sing a *agnifying glass, &t co l( 'ell )e that (ifferences can )e fo n( n(er a *icroscope, We lack the )asic *etall rgic kno'le(ge# the forensic e.perience an( the necessary e+ ip*ent to say anything concl sive a)o t the pins 'e e.a*ine(, Given that the insertion of a ) *p key isn2t * ch (ifferent fro* inserting a reg lar key# 'e2( s spect no special scratch *arks 'o l( )e fo n( other than *ay)e so*e *iniat re (ents an( (efor*ations ca se( )y the i*pacts, /ntil *ore is kno'n# 'e think it is (iligent to ass *e that any lock that can )e ) *pe( can also# 'ith so*e care# )e ) *pe( 'itho t leaving any telltale traces,

*onclusions

The perfect lock (oes not e.ist, With eno gh training# tools an( ti*e# al*ost any lock can )e *anip late(, 8ractical sec rity is al*ost al'ays a tra(e-off )et'een the cost of the lock an( the ti*e an( effort nee(e( for an attacker to open the lock, Fo'ever: in ter*s of *echanical lock sec rity# 'e )elieve that this v lnera)ility e.poses a f n(a*ental fla' in a large n *)er of e.isting *echanical lock (esigns, Resistance against this attack 'ill have to )e incorporate( in all f t re high-en( locks# an( j (ging )y their o'n (esign criteria a large n *)er of high-en( locks seen to(ay * st )e consi(ere( fla'e(,

6/0

7e-evaluating ,acilit- securit-

&f yo r present sec rity (epen(s on one or *ore *echanical locks presently tho ght to )e very resistant to *anip lation# yo sho l( at least investigate 'hether these locks can )e ) *pe(, :an fact rer clai*s as to ho' *anip lation-resistant a certain lock is sho l( )e consi(ere( 'orthless nless the clai* specifically *entions resistance to ) *ping, &f yo e*ploy a type of lock that can )e ) *pe( an( yo r sec rity criteria (o not allo' for a lock that can )e opene( )y nskille( attackers in <$ secon(s then yo sho l( replace the locks in + estion, &n instances 'here sec rity is of the t*ost i*portance# yo *ay 'ish to i*ple*ent e.tra sec rity *eas res ass *ing even high-en( *echanical locks can )e opene( in * ch less ti*e than previo sly ass *e(, =*ploying a n *)er of (ifferent high-en( locks for a given entry *ay a(( a((itional sec rity, The fact that a lock has a key'ay-shape for 'hich )lanks are not generally availa)le offers little protection: (evices e.ist that can create a )lank 'hen given a key# or even a

pict re of the o tsi(e of the lock, -lso note that one (oes not nee( a )lank to c t a ) *p key: any key 'ill (o, This *ay )e a goo( ti*e to consi(er (eploying electronic locks an( electro*echanical opening *echanis*s,

6/4

Locks t$at resist %umping

There are *echanis*s that (o not allo' for the t'o pins to separate e.cept 'hen sli( si(e'ays# s ch as se( in the =*hart interlocking lock 0'hich is not )eing pro( ce( any*ore1, -s far as 'e can see# s ch a *echanis* 'o l( s ccessf lly foil the ) *ping attack, -lso so*e *echanis*s 'hich have a one-piece locking *echanis* 0s ch as a 2si(e)ar21 *ay resist ) *ping%, Locks that involve rotating (iscs 0s ch as -)loy 8rotec1 or *agnets 0s ch as =vva :K9 an( -nker1 are also not s scepti)le to this attack", 3la s 4och sells *o(ifie( stan(ar( = ro profile locks 'hich lock p 0i,e, 2)roken ) t close(21 pon *ost atte*pte( *anip lations# incl (ing ) *ping, 5%7

Acknowle#gements

The a thors 'ish to thank Walter Belgers# :att Blaze# :anfre( BNlker# 3i* Bohnet# 8a l Boven# Ajango Bijls*a# 8a l Kro 'el# Oliver Aie(erichsen# Fan ;ey# J lian Far(t# Jie**e# Jor( 3naap# 3la s 4och# :arcel van (er 8eijl# :arc To)ias# Ro) Bo*er an( 3 rt BHhlke an( all the other people fro* Toool an( 9s(ev for their inp t on this topic an(Jor for energizing (isc ssion on the sec rity of locks in general, &n a((ition# the a thors 'ish to thank :att Blaze# 8a l Boven an( :arc To)ias for per*ission to se ill strations,

/nless the si(e)ar co*)ination is kno'n# s ch as is the case 'ith the -ssa T'in "$$$ 'here the sa*e si(e)ar see*s se( for *any locks sol( in a certain region, " B *ping co l( still )e se( to attack a pin t *)ler portion of a * lti-principle lock,

6$

7e,erences
567 5!7 5<7 5C7 5%7 :att Blaze# On the discussion of security vulnerabilities#
http://www.crypto.com/hobbs.html

8a l Klark# Full Disclosure Debate Bibliography#

http://www.wildernesscoast.org/bib/disclosure-by-date.html

Theo(ore T, Tool# MIT Guide to Lock Picking# 6EE6#

http://www.toool.nl/mit.pdf

:,W, To)ias# Locks safes and security !second edition"# !$$$# &9B4 $-<ED-$?$?E-! 3la s 4och# http://semtechnologie.de/technik.htm

TRADUCCIN

*erra#uras c$ocan#o
*9mo a%rir Mul - t - cerra#ura (patilla - en - patilla, interactivo, 7x7), Assa (6 gemelo), !om (&:, $o-uelo con la pelota), la%ios ($o-uelo #e "ctro), )vva T(*, &()" ($o-uelo + ampli,ica#or; la norma), *or%in, ',a,,en$ain - a variet- o, otras cerra#uras mec<nicas costosas sin el #a=o cuantioso, generalmente presente %a>o . segun#os, con no little entrenar - usar solamente $erramientas econ9micas/ Barry Wels & a*perioO Rop Gonggrijp Toool - la organizaciPn a)ierta (e Lockpickers
Barry@toool.nl, rop@toool.nl

Qlti*a revisiPn: !" (e enero# !$$% Http://www.toool.nl/bumping.pdf

7esumen
=n estes instr *entos (e crR(ito (escri)i*os n )lo+ eo infravalora(o - la tRcnica (e ina g raciPn por la + e na varie(a( gran(e (e cerra( ras *ecSnicas p e(e ser a)ierta rSpi(a*ente y sin el (aTo por n atacante relativa*ente sin for*aciPn, =ntre otras cosas revisa*os cP*o esto tra)aja# por + R tra)aja *ejor so)re alg nas cerra( ras + e so)re otros# ya sea + e no po(Ua notar + e esta tRcnica f e se contra na cerra( ra y el lo + e el in( stria (e - (e cerra( ra po(Ua hacer proteger n evas cerra( ras contra esta tRcnica, Ko*pren(er la a*enaza (e este n evo *Rto(o (e *anip lar )lo+ eos es (e la i*portancia a(icional por+ e he*os (esc )ierto + e este *Rto(o f nciona en reali(a( *ejor so)re las cerra( ras *ecSnicas *Ss costosas en general consi(era(as ser *Ss contrario a la *anip laciPn,

're,acio - ?por @uA #ivulgar esto3

Aeci(i*os p )licar el lo + e sa)e*os so)re este *Rto(o por+ e senti*os + e a+ ellos + e (epen(en (el tUt lo (e cerra( ras 0o c al+ ier otro trozo (e tecnologUa para esa co*posiciPn1 tienen + e po(er valorar s tUt lo + e tenUa conoci*ientos co*pletos (e c al+ ier a*enazas constante*ente respecto a -, =sta v lnera)ili(a( es sPlo (e*asia(o genRrica: afecta * chas cerra( ras y p e(e ser @-rregla(o@ por n fa)ricante (e cerra( ra solo + e 'ork la reserva hasta + e n n evo )lo+ eo *ejor p e(e ser (a(o a conocer, - n+ e he*os refina(o el *Rto(o *Ss lejos f i*os *ostra(os original*ente# apren(i*os so)re Rl0ellaJeso1 original*ente a travRs (e na presentaciPn en pV)lico por 3la s 4och, G notS)a*os + e las aVn otras personas s pieron cP*o hacerlo tra)ajar incl so *ejor ta*)iRn, =n otras pala)ras# estes conoci*ientos lo son 2-hU@# el gato es f era (e la )olsa, Tenien(o en c enta estas circ nstancias# rather than per*itir + e conoci*ientos (e este *Rto(o se e.tien(a (espacio entre a+ ellos + e po(Uan atacar a vUcti*as ignorantes# (eci(i*os p )licar con el propPsito (e + e los (irectores (e la instalaciPn p e(en respecto a - valorar s tUt lo y ver si las *e(i(as (e garantUa s )si(iaria tienen + e ser to*a(as en alg nas )icaciones, 9i ste( no estS (e ac er(o# lo ani*a*os a leer 567 y 5!7 para no *Ss *in cioso co*pren(ien(o (e la (isc siPn so)re 'hether or not (iv lgar la infor*aciPn (escri)ien(o las fallas (e seg ri(a( antes (e participar en c al+ ier (e)ate acalora(o, 6

4 &ntro#ucci9n para cerra#uras - seguri#a# #e cerra#ura

4/0 *9mo las cerra#uras tra%a>an
9 jete con alfileres cerra( ras (e vaso# (el *Ss )arato al *Ss costoso en el + e to(os tra)ajan )r sca*ente (el *is*o *o(o, =l clave sli(e el key'ay en el cilin(ro interior (e la cerra( ra, K an(o se * eve# los re( cciones en el clave ca*)ian (e l gar pilas (e (os o *Ss alfileres# ca*)ian(o (e l gar ag jeros perfora(os a travRs (el cilin(ro e.terior e interior, Los *anantiales pe+ eTos (etrSs (e estos alfileres e*p jan los alfileres hacia atrSs (esp Rs (e + e n *ejor *o*ento so)re el clave ha pasa(o, K an(o la tecla correcta es all the 'ay in y la @=spal(a@ (el clave concl ye contra el cilin(ro interior# to(as las )rechas entre los alfileres (entro (e la cerra( ra se alinean so)re la @LUnea a)sol ta@# y el cilin(ro interior es free torcer,

Las fotos cortesUa (e :att ar(en

La i*agen anterior in(ica n versiPn (e @Korte - a@ (e na cerra( ra (e vaso (e patilla si*ple con el clave correcto inserta(o, 8ara na intro( cciPn * cho *Ss *in ciosa para los 'orkings interiores (e cerra( ras# por favor haga referencia a 5<7,

4/4

8orBar cerra#uras

La cerra( ra p e(e ser @;orza(o@, /n opera(or e.peri*enta(o p e(e sar herra*ientas (e sentir y ca*)iar (e l gar alfileres in(ivi( ales en la cerra( ra, Lockpicking per*ite + e no a)ra n )lo+ eo e.plotan(o el hecho (e + e las pilas (e patilla n nca son alinea(o perfecta*ente, =sto ca sa + e alg nos alfileres sean clava(o entre el cilin(ro interior y e.terior antes (e otros, Ae)i(o a esto# no p e(e sentir + e los ciertos alfileres son alinea(os correcta*ente antes (e + e to(os los alfileres sean alinea(os, G por+ e los alfileres e.teriores + e 'o l( atestar otros antes + e(arSn so)re el e.terior (el cilin(ro interior (esp Rs (e + e la cerra( ra es gira(a ligera*ente# no p e(e poner los alfileres en la posiciPn correcta s cesiva*ente y a)rir el )lo+ eo, Lockpicking to*a + ite a )it of prSctica, 9epara(o profesionales (e inteligencia# cri*inales y cerrajeros + e lo practican# lockpicking se ha hecho n (eporte reg lar# co*plete con cl )es oficiales y cha*pionships6, Los fa)ricantes (e cerra( ra han (efen(i(o n evas cerra( ras en contra (e escoger insertan(o @-lfileres (e hongo@ tan - lla*ar# hacien(o key'ays *Ss angosto 09 *inistrar less espacio para herra*ientas1 y )ajan(o las tolerancias *ecSnicas (el proceso (e fa)ricaciPn (e cerra( ra, 0>ea la i*agen (e cerra( ra (e =>>- so)re page ?1 &r por enci*a (e los (etalles (e cerra( ras y cerra( ra escogien(o 'o l( estar f era (el alcance (e estes instr *entos (e crR(ito,, 8or favor cons lte la @G Ua (e :&T (e cerrarse con llave escogien(o@ 5<7 si ning no (e el anterior estS poco claro,

9s(ev 09portsfre n(e (er 9perrtechnik Ae tschlan( electronvoltios1 en -le*ania y Toool 0el -)ierto La organizaciPn (e Lockpickers1 en 8aUses Bajos,

4/. )l punB9n #e cu%eras, arma #e ,uego #e lockpick $erramientas vi%ran#o

Otros *e(ios (e a)rir )lo+ eos sin el clave son san(o nas c )eras p nzPn# ar*a (e f ego (e lockpick o herra*ienta vi)ran(o, =stos (ispositivos e.plotan la ley (e 4e'ton + e (ice + e para ca(a efecto hay na reacciPn ig al y op esta all, La *ayorUa (e las personas estSn fa*iliariza(as con la c Ta (e 4e'ton# n (ispositivo + e es se hacer na (e*ostraciPn (e esta ley a *en (o, 9i na pelota to(o el ca*ino so)re el e+ ipo iz+ ier(o o (erecho es levanta(a y (eja(a loose para chocar con la fila (e pelotas s spen(i(as# esta pelota transferirS all its f erza a la prP.i*a pelota# etcRtera# hasta + e la pelota so)re the other final se * eve fl ct ar f era (e the other pelotas,, K an(o se *enea hacia atrSs# el proceso es inverti(o y la pelota original se *enea arri)a, =l *is*o principio p e(e ser o)serva(o ( rante n parti(o (e )illar: na pelota choca con another one# y esta pelota continVa hacia a(elante *ientras + e la pri*era pelota estS ten(i(a apaci)le ahora, =ste principio p e(e ser se a)rir )lo+ eos: si la energUa (e i*p lso es transferi(a a la pri*era patilla# c i(arS + e(arse en s l gar y la seg n(a patilla c i(a * (arse (el pri*ero# hasta + e la pri*avera lo pare y Lo e*p ja para tocar la pri*era patilla, /na @-r*a (e f ego (e lockpick@ co*o el one *ostra(o a)ajo# c an(o el activa(or es apreta(o# tensarS na pri*avera y l ego se + e la f erza (e a+ ella pri*avera ro*pa la ag ja por na (istancia )reve# pero con na *ociPn * y afila(a y f erte c an(o el activa(or sea apreta(o to(o el ca*ino, Kolocan(o esta ag ja en la cerra( ra# sPlo tocar los alfileres# y l ego apretar el activa(or# no trata (e golpear to(os los alfileres si* ltSnea*ente, Facien(o el t rno (e cerra( ra en el - (e fracciona*iento (e acciones seg n(o entoncesJl ego antes (e + e to(os los alfileres s periores sean e*p ja(os )ack por los * elles en la cerra( ra# no p e(e a)rir el )lo+ eo, =l *onto (e se volver la f erza y la oport ni(a( con + e aplicarlo re+ ieren n poco (e entrena*iento, Los p nzones vi)ran(o san el *is*o principio e.cepto las * chas veces n seg n(o# re+ irien(o less entrena*iento so)re la parte (el opera(or, /no p nzPn (e c )eras es el versiPn *Ss si*ple (e n ar*a (e f ego (e p nzPn, La in( stria (e cerra( ra ha crea(o )lo+ eos + e son *Ss contrario a esta tRcnica, Los )lo+ eos *Ss contrarios tienen key'ays *Ss angostos# i*pi(ien(o herra*ientas (e ser inserta(os en pri*er l gar# y haciRn(olo *Ss (ifUcil transferir la energUa (e i*p lso a los alfileres, Los )lo+ eos *Ss contrarios ta*)iRn tienen tolerancias *Ss pe+ eTas# crean(o el espacio para los alfileres re)otar por to(as partes *enos,

G n! (e lockpick

Las c )eras escogen<

=n este caso na ar*a (e f ego especial# hecho por 3 rt B hlke, La ca)eza so)re esta ar*a (e f ego p e(e ser inverti(o para ro*perse arri)a o a)ajo# a(*itien(o forzar (el @=stilo e ropeo@ cerra( ras (on(e los alfileres son e*p ja(os p )y los *anantiales, < La i*agen to*ar con el per*iso (e @Kerra( ras# cajas f ertes# y seg ri(a(@ 5C7# pSgina %?D

<

.
./0

*erra#uras c$ocan#o
Historia

Khocar# a veces ta*)iRn lla*a(o @Golpear@# ha si(o na conoci(a tRcnica ( rante por lo *enos los %$ aTos anteriores, /na clave (e prot )erancia es (escrito en el tra)ajo (e referencia @Kerra( ras# cajas f ertes# y seg ri(a(@ (e :arc To)ias 5C7 so)re page "$<, 8ocas personas san la tRcnica# y el *Rto(o no parece e.itoso contra * chas cerra( ras a *enos + e el @:Rto(o (e *ovi*iento *Uni*o@ (escrito a)ajo es sa(o, /na vez correcta*ente sa(o# encontra*os esta tRcnica (e ser enor*e*ente f erte# per*itien(o + e na varie(a( gran(e (e cerra( ras sea a)ierto, 4o inventa*os esta tRcnica# y otros pensaron en alg nas (e las *is*as *ejoras + e hici*os pro)a)le*ente, 9enti*os + e chocar es s )esti*a(o# y estes instr *entos (e crR(ito e.isten para (estacar s efectivi(a(,

./4

)l principio + el amperio; teclas #e Bump

-sU + e tene*os n tr co )Ssico para a)rir n )lo+ eo hacien(o la seg n(a )if rcaciPn (e patilla lejos (es(e el principio# pero ning nos *e(ios eficientes (e aplicar esta f erza a la patilla inferior, Ko*o gira# la *ejor *anera transferir la f erza a los alfileres estS san(o na tecla, -ntes + e na(a# necesita*os na @Klave (e prot )erancia@ para la cerra( ra en c estiPn, /na clave (e prot )erancia es n clave en el + e to(os los recortes estSn en la prof n(i(a( *S.i*a, La i*agen a)ajo las f nciones topan contra teclas para cerra( ras varias, Teclas (e prot )erancia son lla*a(os a veces 2Las teclas (e EEE por+ e to(o corta estSn en la prof n(i(a( (e *S.i*o 0E1,

K an(o ste( p e(e ver + e ste( p e(a cortar teclas (e prot )erancia para cerra( ras (e vaso (e patilla tanto reg lares tanto co*o para @Kerra( ras (e hoy elo@# 'hether @- (e patilla en patilla (e -@ o not, 9Plo rec er(e llevarse to(a la tela + e po(Ua ser se lleva(a por la co*)inaciPn *s prof n(a para esa posiciPn, Fay co*p ta(oras + e cortarSn na tecla so)re la )ase (e los nV*eros + e representan la prof n(i(a( en ca(a posiciPn, Tener acceso para tal *S+ ina acelera el proceso (e crear na prot )erancia la tecla + e tiene los re( cciones en el p esto (e (erecho e.acto# a n+ e no ta*)iRn p e(e sar n fichero y na *ano fir*e para crear no, Teclas (e prot )erancia# corta(o na vez# p e(en ser copia(o en la tecla reg lar e+ ipo - c tting, /ste( hace no necesaria*ente la necesi(a( (e tener na clave integral 0lla*a(o @=spacio en )lanco@1 para hacer na prot )erancia el clave: por+ e to(os los

cortes (e na prot )erancia la tecla estSn en la prof n(i(a( *S.i*a# c al+ ier tecla sa(a para na cerra( ra en partic lar p e(e ser converti(o en na prot )erancia la tecla,

./.

)l tir9n - el mAto#o trasero

-hora hay *Rto(os (iferentes para sar tal prot )erancia clave para la f erza (e transferencia a los alfileres (entro (e la cerra( ra, K an(o nos entera*os (el *Rto(o pri*ero# f i*os (ichos + e insertar la tecla pri*ero to(o el ca*ino# y l ego jalarlo na patilla, =ntoncesJl ego# golpee la parte posterior (el clave 0la parte (on(e ste( lo s jeta nor*al*ente1 con n o)jeto sPli(o co*o n *artillo# y l ego gire la tecla n fracciona*iento (e acciones - seg n(o (esp Rs, =ncontra*os la oport ni(a( e.acta para el girar (e la cerra( ra ser crUtico# re+ irien(o + ite a )it of prSctica, :ientras este *Rto(o f nciona)a so)re alg nas cerra( ras# no intentP convencer so)re ticket otros, =ntre los otros pro)le*as: c an(o las teclas tenUan re( cciones * y hon(os# el tr co no c i(a)a no f ncionar ta*poco por+ e los alfileres to(avUa serUan e*p ja(os (e*asia(o lejos por las piezas (e la prot )erancia + e la tecla entre el *s prof n(o ap nta,

./5

)l mAto#o #e movimiento #e - mCnimo

4or*al*ente# si ste( inserta na tecla to(o el ca*ino en la cerra( ra# los alfileres (entro (e la cerra( ra tocan la posiciPn *s prof n(a (el re( cciPn en el clave en la posiciPn (on(e la espal(a (el clave hace el contacto con el cilin(ro interior (e la cerra( ra,, -rchivan(o a tiny )it of *etal (e tanto la p nta co*o la espal(a (el clave# po(e*os crear na prot )erancia la tecla + e p e(e entrar en la cerra( ra sPlo n po+ ito (eeper, When s ch na prot )erancia (e + e la tecla es inserta(a to(o el ca*ino en la cerra( ra# serS e*p ja(o otra vez n po+ ito por la f erza (e los *anantiales (entro (e la cerra( ra# hasta + e los alfileres se apoyan en la posiciPn *s prof n(a en los recortes (e clave otra vez, =ncontrS)a*os la e*pasta( ra off entre $,!% y $,% o)ras (e *ilU*etros *ejor# pero ste( p e(e (esear e.peri*entar para los *ejores res lta(os, Aesc )ri*os + e es * y fScil + itarse (e*asia(o, To(o + e ste( tiene + e hacer ser hacer seg ro eso c an(o el clave estS en to(o en l gar (el + e la *anera# los alfileres tocan los e+ ipos (e los re( cciones el 8artes inferiores, >er el clave ser e*p ja(o a fraction of n *ilU*etro por los * elles en la cerra( ra + iere (ecir + e ste( ha archiva(o eno gh *aterial (e la espal(a,

Tope contra la tecla, 4otar esa p nta y La espal(a no es to(avUa no *o(ifica(o,

-hora + e tene*os n estra prot )erancia la tecla# nosotrose 4ece To golpear la parte posterior (el si(a( clave con -lgo + e aplica lo correcto a*o nt of f erza *otriz (e i*p lso# sin tener tanto peso + e (aTarUa el tecla (e prot )erancia o el )lo+ eo, /sa*os na herra*ienta chocan(o especial (esarrolla(a por 3 rt BHhlke lla*a(o el hacha (e g erra# pero algo con no (e*asia(o peso y preferente*ente ta*)iRn n poco (e *argen (e crR(ito# co*o n c chillo (e - (e pan a) rri(o s jeta(o por la hoja o el asa (e n *artillo ta*)iRn po(Ua tra)ajar,

/na i*agen + e in(ica la )recha entre la cerra( ra y la espal(a (e no

2=l *ovi*iento *Uni*o@ topar contra la tecla,,

=l topar (e na cerra( ra + e sa el @Facha (e g erra@,

-lg nas teclas no tienen na espal(a: s ch es el caso con el - T (e : l - teclas (e )lo+ eo, =n este caso# la prof n(i(a( (el key'ay (eter*ina cP*o lejos p e(e insertar el clave no, 8ara crear na prot )erancia la tecla# no sola*ente necesitarUa cortar n poco (el final (el clave en teorUa, 9in e*)argo# el final (el clave y los interiores (e la cerra( ra eran fo n( estar (e*asia(o (R)il para soportar repeti(o (ar *artillazos *ientras estS)a*os tratan(o (e a)rir el )lo+ eo, Oliver Aie(erichsen t vo na *anera innovativa (e se aseg rar (e + e el clave no se f era (e*asia(o hon(o,, W Utese n artUc lo en el final (e tener en c enta el clave (e irse *Ss a(entro# y l ego corte na palo (e cola en (os# y peg e lo (os La *ita( (e - (o)la artUc los al clave (esp Rs (e calentarlos lo s ficiente*ente (erretir a )it of la cola, =n alg nos casos# *Ss nota)le*ente con alg nas cerra( ras (e clave (e hoy elo# la f erza necesita(a es + e no p e(e s jetar la prot )erancia la tecla hacia atrSs entre one2s (e(os lo s ficiente*ente pe+ eTo: ning na necesi(a( para cola o otra cosa,

./6

- #e Multi @ue el principio %lo@uea

-lg nos )lo+ eos e*plean (os principios (iferentes# co*o los -ssa T'in "$$$,, Xste es na cerra( ra * y seg ra# y no (e n estros e. favoritos, /na parte (e la cerra( ra es n *ecanis*o (e vaso (e patilla reg lar# *ientras + e otra parte es n *ecanis*o (e rec a(ro, - n+ e chocar atacarS el acrP)ata (e patilla con R.ito =n parte# el *ecanis*o (e rec a(ro resiste, Aesafort na(a*ente# parece *ost ge*elo "$$29 ven(i(o en cierta regiPn tiene el *is*o rec a(ro# a(*itir + e cerrajeros al*acenen - (e pre cortar espacios en )lanco (e rec a(ro para hacer copias,, 9i esto es el caso# no sPlo po(Ua cortar na prot )erancia (e c al+ ier tecla la tecla con el rec a(ro correcto para na regiPn,C

- propPsito: Y*enciona*os + e colecciona*os perfiles (e rec a(ro (el ge*elo (e -ssaI 9i ste( tiene n clave# por favor envie por correo na i*agen (etalla(a (e Rl0ellaJeso1# con la regiPn (on(e ste( co*prP la tecla# a )arryZtoool,nl

"

./6

'ro%lemas

=s * y fScil (aTar la cerra( ra yJo la prot )erancia la tecla san(o c al+ ier *Rto(o chocan(o, La f erza nee(e( transferir eno gh energUa (e i*pacto a los alfileres p e(e ca sar + e la espal(a (el clave haga na a)olla( ra so)re el (elantero (el cilin(ro interior# co*o *ostrar a)ajo, La foto (e los la)ios so)re los + e clave (e prot )erancia (e OKTRO in(ica(o a la (erecha in(ica el res lta(o (e los ejRrcito la espal(a# y ta*)iRn in(ica el (aTo para los hoy elos (e repeti(o chocar, :Ss seria*ente# chocar p e(e ca sar + e (efor*ations *enores# ca sar la prot )erancia la tecla get st ck en la cerra( ra,, La f erza general*ente a(icional c an(o jalarlo ay (a + itar la prot )erancia la tecla# pero en alg nos casos p e(e ponerse * y atasca(o, =l tecla (e prot )erancia (e)e ser hecho af era (el *Ss fir*e *etal (isponi)le: los *etales *Ss s aves (efor*arSn el clave (e irse (e*asia(o hon(o y no el tra)ajo en la espal(a# ca sar la prot )erancia rSpi(a*ente, 8ronostica*os n *erca(o gran(e para claves (e prot )erancia (e acero acost *)ra(os para la *S.i*a pop lar - cilin(ros (e seg ri(a(, Ta*)iRn# alg nas cerra( ras (on(e el cilin(ro interior es hecho af era (e *etales *Ss s aves p e(en ser (aTa(o * y fScil*ente por la espal(a (e la prot )erancia la tecla,

./7

Las me>oras + el amperio; las i#eas

/no po(Ua prever na *anera (e s jetar con a)raza(era la tecla entre (os en + e trozos (e *etal# posi)le*ente fijP a n )lo+ e (e go*a pe+ eTo esot Toca la cerra( ra, Ae esta *anera no po(Ua golpear la tecla sin afectar la cerra( ra en la *is*a *anera perj (icial + e la espal(a (el clave (e prot )erancia hace, La go*a ser escogi(o s ch + e 'o l( (efor*ar sola*ente por la fracciPn (e n *ilU*etro nee(e( para chocar tra)ajar, 9ho'n es la sol ciPn (e Jort 3naap 8or n - T (e : l - )lo+ eo interactivo# (esarrolla(o af era (e (os lava(oras (e nilPn y na pieza (e go*a ( ra + e tene*os fo n( i*pe(ir se a)ollar total*ente, 8or el *o*ento# poner na go*a gr esa co*o sar en el siste*a postal o na envoltorio (e - (e cor)ata entre la espal(a y la cerra( ra see* lo i*pe(ir o (is*in ir se a)ollan(o, 0=nvoltorios (e - (e e*pate )lancos see* ser el to ghest# y no p e(e e*patarlo a n+ e el f n(a*ental - el ti*)re e*)oca en la tecla (e g ar(arlo en s l gar,1

*erra#uras costosas

Fe*os nota(o ( rante n estros e.peri*entos + e el *Ss costoso na cerra( ra era# el *ejor este *Rto(o f nciona)a, Topar contra o)ras so)re alg na *S.i*a - cerra( ras (e final + e n nca pensa*os p (o ser *anip la(o fScil*ente# y po(er ser * y (ifUcil o i*posi)le para get to 'ork so)re cerra( ras * y econP*icas, Fay varias razones para esto, -ntes + e na(a las cerra( ras *Ss costosas son hechas af era (e *etal *Ss fir*e# ca san(o less (efor*ations so)re el i*pacto, =ntoncesJl ego las cerra( ras costosas ta*)iRn tienen tolerancias *Ss aj sta(as# per*itien(o la seTa *Ss s ave (e las partes (entro, =l hecho (e + e alg nas (e estas cerra( ras tienen key'ays *Ss angostos + e )lo+ ean herra*ientas nor*ales no nos *olesta: n estro clave (e prot )erancia no necesita *Ss espacio + e la tecla nor*al, - (ecir ver(a(: el *Ss s ave to(o es# la less (el i*pacto f erza ser *algasta(o, -sU + e look like to(o + e solUa hacer n cerra( ra @-rtUc lo@ tra)aja a favor (e este *Rto(o# pero sospecha*os + e her half a trillion )lo+ eos (e vaso (e patilla less costosos sean ta*)iRn v lnera)le, Fe*os chocar o presenciar el topar (e the follo'ing cerra( ras personal*ente 0en ning na or(en especial1: [ Ge*elo (e -ssa "$$$ [ : l - t - - (e patilla (e cerra( ra en patilla (e [ : l - t - el )lo+ eo interactivo [ : l - t - ?. (e cerra( ra? [ La)ios Octro [ La)ios 3eso [ 3g (e Ao* &L [ % (e AO: - patilla [ T9K (e =>>[ % (e &3O4 (e Beiss - patilla [ [ [ [ [ [ [ [ [ Kor)in % - patilla Foy elo (e &K=O A,L,K, % - patilla Foy elo (e Lince % (e -B/9 - patilla 8faffenhain -8 (e G=G=<$$$ >achette Ko(e*

!escargo #e responsa%ili#a# importanteD por ,avor note @ue la lista anterior no @uiere insinuar @ue ca#a cilin#ro #e una marca nom%ra#a - el tipo se a%rir< ,<cilmente usan#o c$ocar/ Las cerra( ras son costosas y no so*os n la)oratorio (e pr e)a (e co*ercial asU + e he*os teni(o sola*ente n nV*ero * y li*ita(o (e cerra( ras (e pr e)a ase+ i)les a nosotros, La presencia (e na cerra( ra en la lista anterior sPlo + iere (ecir + e chocar tra)ajP on por lo *enos na vez so)re n cilin(ro al + e tenUa*os acceso, - nosotros esto + iere (ecir + e ese type of cerra( ra es por lo *enos sospechosa investigaciPn a(icional es necesita(a, Ta*)iRn# es * y pro)a)le + e ticket )lo+ eos so)re esta lista son v lnera)les ta*poco, Ta*)iRn note + e he*os visto cerra( ras + e chocan a)rirse * y fScil*ente varias veces# y l ego por alg na razPn pPngase * y har( topar contra# a n+ e el clave reg lar to(avUa tra)aja,

8orensics

;orensics (e cerra( ra es# entre otras cosas# la ciencia )ehin( sa)er si n )lo+ eo f e a)ierto san(o *anip laciPn, Lockpicking# por eje*plo# (eja scratces (i*in tos en los alfileres en (on(e el clave reg lar no se rascarUa places a *en (o, La pri*era seTal (e + e na cerra( ra f e topa(a es la a)olla( ra hecha so)re el e.terior (el cilin(ro interior por la espal(a (e la prot )erancia la tecla, 8ero co*o previa*ente ha)la(o (e# hay *aneras (e aseg rarse (e + e este se a)ollar no oc rra# y en alg nos casos# co*o el - T (e : l clave (e prot )erancia (e cerra( ra + e he*os *ostra(o# ning na a)olla( ra serS hechas so)re el e.terior, Ta*)iRn tenga c i(a(o con eso tanto *Ss viejo y las 01 cerra( ras *Ss )aratas *Ss s aves ten(rSn na a)olla( ra allU incl so si n nca eran topa(o, :irar los alfileres so)re el interior (e na cerra( ra topa(o contra co*para(o con alfileres (e na cerra( ra + e no f e topa(a no in(ica)a ning na (iferencia + e po(Uan ser (etecta(as por la si*ple vista o san(o na l pa, 8o(er )ien ser + e las (iferencias p e(en ser encontra(o )ajo n *icroscopio, Karece*os (e los conoci*ientos *etalVrgicos )Ssicos# la e.periencia forense y el e+ ipo necesario (e (ecir algo concl yente so)re los alfileres + e revisa*os, Aa(o + e la inserciPn (e na clave (e prot )erancia no es * cha (iferente (e insertar n clave reg lar# sospecharUa*os + e ning na *arca sin ventaja especial serUa encontra(as aparte (e tal vez alg nas a)olla( ras en *iniat ra y (efor*ations ca sa(o por los i*pactos, Fasta + e *ayor canti(a( es sa)i(a# pensa*os + e es (iligente s poner + e c al+ ier cerra( ra + e p e(e ser topa(a ta*)iRn p e(e ser topa(os contra sin (ejar c al+ ier ac sPn vestigios# con n poco (e atenciPn,

*onclusiones

La cerra( ra perfecta no e.iste, Kon eno gh entrena*iento# herra*ientas y tie*po# casi c al+ ier cerra( ra p e(e ser *anip la(a, =l tUt lo prSctico es casi sie*pre n - (e co*ercio salien(o entre el gasto (e la cerra( ra y la Rpoca y el esf erzo necesita)a + e n atacante a)riera el )lo+ eo, 9in e*)argo: en relaciPn con el tUt lo (e cerra( ra *ecSnico# cree*os + e esta v lnera)ili(a( e.pone n (efecto f n(a*ental en her half a trillion (iseTos (e cerra( ra *ecSnicos e.istentes, La resistencia en contra (e este ata+ e ten(rS + e ser incl i(o en to(o negocio a tRr*ino alto - cerra( ras (e final# y j zgar por s propio (iseTo en + e criterios en + e * chos - alto ter*ina )lo+ eos vistos hoy (e)en ser consi(era(os i*perfecto,

6/0

7especto a seguri#a# #e la instalaci9n - valorar

9i s tUt lo act al (epen(e (e one or *ore cerra( ras *ecSnicas act al*ente pensa(as ser * y contrario a la *anip laciPn# ste( (e)e investigar si estas cerra( ras p e(en ser topa(o por lo *enos, Recla*os (el fa)ricante respecto a cP*o (e)e ser consi(era(o inVtil a *enos + e el recla*o *enciona la resistencia para chocar especUfica*ente - (e *anip laciPn contrario cierta cerra( ra es, 9i ste( e*plea a type of cerra( ra + e p e(e ser topa(a y s seg ri(a( los criterios no per*iten n )lo+ eo + e p e(e ser a)ierto por atacantes ine.pertos en <$ seg n(os en + e entoncesJl ego ste( (e)e ree*plazar las cerra( ras en c estiPn, =n los eje*plos (on(e seg ri(a( es (e la *ayor i*portancia# ste( p e(e (esear i*ple*entar *e(i(as (e seg ri(a( a(icionales + e as *en incl so - alto + e el final en + e los )lo+ eos *ecSnicos p e(en ser a)ierto en * ch less tie*po + e antes as *Ua, Aar tra)ajo a n nV*ero (e - alto (iferente + e el final )lo+ ea para na anotaciPn en partic lar p e(e aTa(ir la garantUa s )si(iaria, =l hecho (e + e na cerra( ra tiene n key'ay - la for*a para la + e espacios en )lanco no estSn en general (isponi)les )rin(a poca protecciPn: (ispositivos e.istir + e

p e(e crear n espacio en )lanco 'hen tenien(o en c enta n clave# o even no

&*agen (el e.terior (e la cerra( ra, Ta*)iRn note + e no no necesita n espacio en )lanco para cortar na prot )erancia la tecla: ningVn clave 'ill (o, Xste po(rUa ser n ) en tie*po (e consi(erar (esplegar cerra( ras electrPnicas y electro - los *ecanis*os iniciales *ecSnicos,

6/4

*erra#uras @ue se resisten a topar contra

Fay *ecanis*os + e no a(*iten + e los (os alfileres se separen e.cepto c an(o se (eslizar (e la(o# co*o sar en la =*hart se tra)an(o cerra( ra 0+ e no estar estan(o pro( ci(o *Ss1, Fasta (on(e po(e*os ver# tal *ecanis*o fr strarUa el ata+ e chocan(o con R.ito, Ta*)iRn alg nos *ecanis*os + e tienen no no - *ecanis*o artUc lo )lo+ ear 0s ch co*o no 2=l rec a(ro@1 po(er resistir ) *ping%, Blo+ eos + e s ponen girar (iscos 0co*o -)loy 8rotec1 O i*Snes 0co*o =vva :Ks y -nker1 son ta*poco propensos a este attack", 3la s 4och ven(e )lo+ eos (e perfil = ro s ales *o(ifica(os + e se )lo+ ean 0i,e,, 2=stropear pero cerrar@1 so)re la *ayorUa (e las intento (e *anip laciones# incl ir chocar, 5%7

Acuse #e reci%o

=l escritor (esear a tener la c lpa tener la c lpa 0capse+1# 0capse+1# 0capse+1# 0capse+1# 0capse+1# 0capse+1# 0capse+1# 0capse+1# 0capse+1# 0capse+1# Jie**e# 0capse+1# 0capse+1# :arcel van (er 8eijl# 0capse+1# 0capse+1 y 0capse+1 y to(o lo otro gente (e Toool y 9s(ev para s entra(a so)re este te*a yJo para vigorizante (e)ate so)re el seg ri(a( (e )lo+ eo en general,, -(e*Ss# los escritores (esean agra(ecer a :att Blaze# 8a l Boven y :arc To)ias por el per*iso (e sar il straciones,

- *enos + e la co*)inaciPn (e rec a(ro es conoci(a# s ch co*o ser el caso con el ge*elo (e -ssa "$$$ (on(e el *is*o rec a(ro parece sa(o para * chas cerra( ras se ven(iP en cierta regiPn, " Khocar to(avUa p (o ser se atacar n vaso (e patilla + e portion of n * lti - el principio )lo+ ea,

6$