Hack Chat Transcript, Part 1

A event log for Physical Security Hack Chat

Deviant Ollam will let himself in

Dan MaloneyDan Maloney 06/03/2020 at 20:040 Comments

Deviant Ollam12:00 PM
Good evening, good morning, and good 'morrow... depending on what time zone you're in while reading this! 👍

Hello all, welcome to the Hack Chat today. I'm Dan Maloney, I'll be moderator today for our chat with Deviant Ollam. We'll be talking about physical security - locks, lockpicking, etc.

Hi @Deviant Ollam, welcome to the Hack Chat! Perhaps you can start us off with a little aboutyourself and how you got into the security game?

cdecde57 joined  the room.12:00 PM

Tametomo joined  the room.12:01 PM

Deviant Ollam12:01 PM
Sure thing

Deviant Ollam12:01 PM
Thank you for having me, BTW

Deviant Ollam12:01 PM

Deviant Ollam12:02 PM
I get a lot of folk who reach out to me or approach me at events and speak with awe over the idea that my career exists -- that I get paid to break into secure facilities -- and the first thing I try to always tell folk is that I got here by tripping over backwards into opportunities that I wasn't expecting, and that some of the best things you will get to do in your life are things you haven't even considered yet.

Deviant Ollam12:03 PM
I started as a computer and network engineer, with lockpicking merely as a hobby. That hobby became my full-time work (in a manner of speaking) and I credit this almost entirely to my attempts at giving away knowledge and teaching as much as possible

Dang, that's what I've been trying to tell my son for years now. You put it way better than I ever could have.

31337Magician joined  the room.12:03 PM

thomas.august joined  the room.12:04 PM

Zack Freedman joined  the room.12:04 PM

t.w.otto12:04 PM
looking forward to hanging out @Deviant Ollam

Deviant Ollam12:04 PM
How did others get involved with "hacking" (Depending on your definition of it)

31337Magician12:05 PM
I wanted to make airplanes do stupid things in flight simulator when I was a kid.

pop1312:05 PM
Mostly by just messing with stuff and discovering there is a community around it

t.w.otto12:05 PM
for me it was BBS's and it seemed like something super interesting, i like to tinker. then defcon. now its part of life

Deviant Ollam12:05 PM
@31337Magician oh totally! seeing how far straight up it could fly, etc? (or crashing it into things, or trying to)

For me, it's just wanting to know how everything works. Can't really do that with tearing it apart, whether it's hardware or software

31337Magician12:06 PM
I used to switch physics profiles of airliners and aerobats then join public servers and freak people out at the airfield.

Deviant Ollam12:06 PM
@pop13 absolutely... it's one thing to tinker and want to disassemble and learn, but meeting with communities of other folk who are resources is so rewarding

t.w.otto12:06 PM
and im teaching my spawn to tinker and question everything

Tametomo12:06 PM
Got into programming when I was 5, and was fascinated with breaking things in unusual ways.

Nicolas Tremblay12:06 PM
I always was interested in electronics and how stuff was built. The my boss wanted to know more about 3D printers. That got me to find Make magazine and the whole community.

Tametomo12:06 PM
Never grew out of that.

Lennaert Oudshoorn12:07 PM
Started programming when a teacher gave me a book about basic and let me sit behind the computer because I always finished my assignments early, rolled in to the rest from there.

Deviant Ollam12:07 PM
@t.w.otto do you find that you're buying kits or items specifically for that or using things around the house? my wife and i were saying recently how modern products (a remote control, for example) are all tabs and not screws and usual fasteners anymore, etc.

thomas.august12:07 PM
Officially, during an special IT audit for a DOD contractor. Unofficially, I learned a lot about radio and telephones as a kid.

pop1312:07 PM
And by taking stuff apart as a kid

Deviant Ollam12:07 PM
@Nicolas Tremblay what 3D printers do you have or use, may i ask? Our firm has a PRUSA

t.w.otto12:08 PM
that is a challenge. some kits some dumpster diving/ garage sales/etc everything is a plastic tab that always pops when you try to open the case

Deviant Ollam12:08 PM
@thomas.august I've been wanting to establish more connections with Ham folk and get better with radio, especially since we're seeing telephones be less reliable in big cities if there's an incident

thomc12:08 PM
Back in the days of early Internet, when it was still largely classed as "mischief". Then eventually became a choice between getting paid to do it, or trying to get away with it lol. I'm interested to know if you have any kind of formal methodology to work to on engagements, as I consider you someone who helps define how our industry progresses.

John Canty joined  the room.12:09 PM

Nicolas Tremblay12:09 PM
Took almost 3 years to convince my boss to buy a Makerbot 2X. I have an Anet A8 (heavily upgraded) at home

oz12:09 PM
Ham ops are some of the original sharers of knowledge

t.w.otto12:10 PM
the other side is with the maker movement has come the arduino and the Pi and etc so while tinkering with manufactured gear has gotten more frustrating. making whatever you want is more accessible.

@Deviant Ollam - you're playing my song. N7DPM

Deviant Ollam12:10 PM
@thomc that's such a valid point: the collapse and evaporation of space for curious kids to explore without massive ramifications if they do something dumb

Deviant Ollam12:10 PM
@Dan Maloney my wife has her license, i do not yet

Scott H12:11 PM
Speaking of @Tarah, congrats on the Fulbright Scholarship!

pop1312:11 PM
Yeah @t.w.otto you either have stuff intended for tinkering, and you have the stuff used in products which is really fun but locked down tight

Zack Freedman12:11 PM
I think some electronics have become *easier* to modify; so many devices run linux or have exposed JST ports

thomas.august12:12 PM
@Deviant Ollam growing up my neighbor had a 50" antennae on his house, his radio setup was epic. At night when the KH layer was right we could listen to truckers all over the southwest.

t.w.otto12:12 PM
@pop13 its a challenge. my goal as a hacker parent is to provide anything i can to allow them to get around the lock downs.

oz12:12 PM
I'd expect getting license to be a snap for anyone here. A weekend project at most, and more likely an evening with a study guide and a test the next day. Oz (N1OZ ) in DFW

t.w.otto12:12 PM
at least thats how i see it

Deviant Ollam12:12 PM she says thanks! We're very excited. I'm amazed, it's a tremendous honor for her and well-deserved.

Deviant Ollam12:12 PM
@thomas.august very cool

t.w.otto12:13 PM
I have picked locks but do not practice enough at all, i bumped the lock to my workshop about a week ago. first time using bump keys.

Deviant Ollam12:13 PM
@t.w.otto exactly... i've been thrilled seeing so many hacker voices discussing who to disrupt and subvert unconstitutional restrictions of freedom

thomas.august12:13 PM
Why pick when you can bump, why bump when you can bypass? :)

I tried bumping but never had any luck. The videos make it seem so easy

Deviant Ollam12:13 PM
@t.w.otto nice! may i ask how many attempts it took?

t.w.otto12:14 PM
took about 3-4

Deviant Ollam12:14 PM
something about bumping that is funny... most brand new bump keys need some breaking-in

t.w.otto12:14 PM
youngest locked the keys in the workshop

thomas.august12:14 PM
gotta sand em down

t.w.otto12:14 PM
and everything was locked up, so it was bump, pick or break

t.w.otto12:14 PM
figured i have had them for years lets try it out

Deviant Ollam12:15 PM
take a beater lock and wail on it with a new bump key 20 to 30 times hoping it will bump open. it likely will eventually. then try the same key on a better lock, then a better lock.

31337Magician12:15 PM
My oldest has taken a liking to picking H&W cuffs with a paperclip. He thinks he's Batman.

t.w.otto12:15 PM
oh this lock on this building is garbage

anfractuosity12:15 PM
Have you had a lock which seemed to pick ok for many attempts, then later it seems very difficult to pick? (i think the tools are ok)

31337Magician12:15 PM

thomas.august12:15 PM
Lock innards get worn down after repeated picking

31337Magician12:16 PM
Wow I combined H&K and S&W in my head...

t.w.otto12:16 PM
@anfractuosity yea the pins can get scratched and it gets harder

anfractuosity12:16 PM

anfractuosity12:16 PM

t.w.otto12:16 PM
at least thats what i have experianced

Deviant Ollam12:16 PM
@t.w.otto so glad you got in, and quickly! i was in a parking lot the other day and saw two guys fiddling with a car that had keys locked inside. I asked if they needed help. They said "no, but thanks!" so I went about my business. Came back 40 minutes later to my truck and they were still at it. I offered again, "I'm sure you've got this, but I am an entry technician... I have proper tools in my truck right now... want me to give this a shot?" (30 seconds later, the door was open)

Tametomo12:17 PM
It's been a treat, but also a horror over the years to see hardware hacking get easier, but at the same time, more restricted due to DRM.

Deviant Ollam12:17 PM
@anfractuosity I have seen locks that get "over-picked" so to speak. the springs wear down and don't perform as well

t.w.otto12:17 PM
@Deviant Ollam ha, they had no idea who you were... im glad you were there to help

pop1312:17 PM
Actually how hard is to pick a car lock?

anfractuosity12:17 PM
@Deviant Ollam cheers

thomas.august12:17 PM
@anfractuosity lockpicks are made of a harder material than the brass pins in a lock, so they wear down or get damaged. @Deviant Ollam don't you sometimes do lock forensics for this sort of stuff?

Deviant Ollam12:17 PM
@pop13 it depends greatly on the vehicle, especially its age. from the mid 70s until the late 90s or early 00s most car locks were relatively simply wafer ocks

pop1312:18 PM
And the modern stuff like the last 10 years?

Tametomo12:18 PM
Frankly needs to be a hacking bill of rights or so that puts the consumer in a position of being able to control their own hardware.

Deviant Ollam12:18 PM
@thomas.august yes, we have a lock forensics team...

pop1312:18 PM
Just interested, as almost every car maker over here in the EU uses the same style of key

oz12:19 PM
Or even just a right to repair

Deviant Ollam12:19 PM
@pop13 we're starting to see many more locks incorporating advanced wafers or what we'd say are locks with wafer-based sidebars. car keys with a "squiggle track" on them, etc

anfractuosity12:20 PM
ooh that sounds really cool re. forensics, not heard of that before re. locks

thomc12:20 PM
How are you able to carry lock picks with you over there? Do you need a locksmith permit, or is it just allowed? In the UK we could be charged with "going equipped [to commit a burglary]". If I'm heading to a job it is okay, but I can't carry them around every day.

Deviant Ollam12:20 PM
@pop13 they are still able to be attacked, but custom tools are MUCH more helpful.

anfractuosity12:20 PM
i assume that entails pulling the lock completely apart to do analysis on?

0xOverflow joined  the room.12:20 PM

pop1312:20 PM

oz12:20 PM
Are teh squiggle track keys a wafer variant? My VW uses them

Deviant Ollam12:21 PM
@thomc in the USA there are a variety of laws, that vary from state-to-state. still... ...lotta green on this map!

Deviant Ollam12:21 PM
@oz many are, yes

thomc12:21 PM
@Deviant Ollam nice!

thomas.august12:21 PM
I prefer to think of them as dental cleaning tools LOL

Deviant Ollam12:21 PM
@anfractuosity yes, there are specific ways of disassembling locks so as to preserve forensic evidence, tool marks, etc

t.w.otto12:21 PM
sculpture tools

thomas.august12:21 PM
You know, for those difficult to reach places

anfractuosity12:22 PM
neat, i guess you use metallurgical microscopes too for that @Deviant Ollam ?

31337Magician12:22 PM
@Deviant Ollam do you have any of the NFC implants, if so what do you use them for? I've been using it to send folks to my LinkedIn personally.

Deviant Ollam12:22 PM
@anfractuosity conventional microscopes tend to be sufficient

anfractuosity12:22 PM
gotcha :)

pop1312:23 PM
Do you have any interesting stories from the job to share (which you didnt talk about on cons)?

Deviant Ollam12:23 PM
@31337Magician both my wife and I have RFID implants, yes. neither of mine are NFC, however. one of hers is

Deviant Ollam12:24 PM
i have one implanted low-frequency RFID tag (a T5577, which is reprogrammable to be HID Prox, Indala, ioProx, EM, AWID, etc.) my other is a "Magic MIFARE" which is essentially an emulated NXP S50 (MIFARE classic)

t.w.otto12:24 PM
i have been strongly interested in a magnetic one for ever

Deviant Ollam12:24 PM
Tarah has the same Low Freq chip that I do (the xEM, T5577) and her other chip is an NTAG216 (so a Type-2 NFC chip)

anfractuosity12:25 PM
Have you ever played with non-electronic safe locks? or could recommend any books about them

Deviant Ollam12:26 PM
@anfractuosity I am a SAVTA certified safe technician and GSA safe and vault inspector. "yes" is the short answer. ;-)

anfractuosity12:26 PM
ooh :)

Deviant Ollam12:26 PM
there isn't any one safe-cracking book of which I'm aware, and my wife always says I have to write one.