Good evening, good morning, and good 'morrow... depending on what time zone you're in while reading this! 👍
Hello all, welcome to the Hack Chat today. I'm Dan Maloney, I'll be moderator today for our chat with Deviant Ollam. We'll be talking about physical security - locks, lockpicking, etc.
Hi @Deviant Ollam, welcome to the Hack Chat! Perhaps you can start us off with a little aboutyourself and how you got into the security game?
Thank you for having me, BTW
I get a lot of folk who reach out to me or approach me at events and speak with awe over the idea that my career exists -- that I get paid to break into secure facilities -- and the first thing I try to always tell folk is that I got here by tripping over backwards into opportunities that I wasn't expecting, and that some of the best things you will get to do in your life are things you haven't even considered yet.
I started as a computer and network engineer, with lockpicking merely as a hobby. That hobby became my full-time work (in a manner of speaking) and I credit this almost entirely to my attempts at giving away knowledge and teaching as much as possible
Dang, that's what I've been trying to tell my son for years now. You put it way better than I ever could have.
How did others get involved with "hacking" (Depending on your definition of it)
I wanted to make airplanes do stupid things in flight simulator when I was a kid.
Mostly by just messing with stuff and discovering there is a community around it
for me it was BBS's and it seemed like something super interesting, i like to tinker. then defcon. now its part of life
@31337Magician oh totally! seeing how far straight up it could fly, etc? (or crashing it into things, or trying to)
For me, it's just wanting to know how everything works. Can't really do that with tearing it apart, whether it's hardware or software
I used to switch physics profiles of airliners and aerobats then join public servers and freak people out at the airfield.
@pop13 absolutely... it's one thing to tinker and want to disassemble and learn, but meeting with communities of other folk who are resources is so rewarding
and im teaching my spawn to tinker and question everything
Got into programming when I was 5, and was fascinated with breaking things in unusual ways.
I always was interested in electronics and how stuff was built. The my boss wanted to know more about 3D printers. That got me to find Make magazine and the whole community.
Never grew out of that.
Started programming when a teacher gave me a book about basic and let me sit behind the computer because I always finished my assignments early, rolled in to the rest from there.
@t.w.otto do you find that you're buying kits or items specifically for that or using things around the house? my wife and i were saying recently how modern products (a remote control, for example) are all tabs and not screws and usual fasteners anymore, etc.
Officially, during an special IT audit for a DOD contractor. Unofficially, I learned a lot about radio and telephones as a kid.
And by taking stuff apart as a kid
@Nicolas Tremblay what 3D printers do you have or use, may i ask? Our firm has a PRUSA
that is a challenge. some kits some dumpster diving/ garage sales/etc everything is a plastic tab that always pops when you try to open the case
@thomas.august I've been wanting to establish more connections with Ham folk and get better with radio, especially since we're seeing telephones be less reliable in big cities if there's an incident
Back in the days of early Internet, when it was still largely classed as "mischief". Then eventually became a choice between getting paid to do it, or trying to get away with it lol. I'm interested to know if you have any kind of formal methodology to work to on engagements, as I consider you someone who helps define how our industry progresses.
Took almost 3 years to convince my boss to buy a Makerbot 2X. I have an Anet A8 (heavily upgraded) at home
Ham ops are some of the original sharers of knowledge
the other side is with the maker movement has come the arduino and the Pi and etc so while tinkering with manufactured gear has gotten more frustrating. making whatever you want is more accessible.
@Deviant Ollam - you're playing my song. N7DPM
@thomc that's such a valid point: the collapse and evaporation of space for curious kids to explore without massive ramifications if they do something dumb
@Dan Maloney my wife has her license, i do not yet
@Tarah, congrats on the Fulbright Scholarship!Speaking of
@t.w.otto you either have stuff intended for tinkering, and you have the stuff used in products which is really fun but locked down tightYeah
I think some electronics have become *easier* to modify; so many devices run linux or have exposed JST ports
@Deviant Ollam growing up my neighbor had a 50" antennae on his house, his radio setup was epic. At night when the KH layer was right we could listen to truckers all over the southwest.
@pop13 its a challenge. my goal as a hacker parent is to provide anything i can to allow them to get around the lock downs.
I'd expect getting license to be a snap for anyone here. A weekend project at most, and more likely an evening with a study guide and a test the next day. Oz (N1OZ ) in DFW
at least thats how i see it
@.io she says thanks! We're very excited. I'm amazed, it's a tremendous honor for her and well-deserved.
@thomas.august very cool
I have picked locks but do not practice enough at all, i bumped the lock to my workshop about a week ago. first time using bump keys.
@t.w.otto exactly... i've been thrilled seeing so many hacker voices discussing who to disrupt and subvert unconstitutional restrictions of freedom
Why pick when you can bump, why bump when you can bypass? :)
I tried bumping but never had any luck. The videos make it seem so easy
@t.w.otto nice! may i ask how many attempts it took?
took about 3-4
something about bumping that is funny... most brand new bump keys need some breaking-in
youngest locked the keys in the workshop
gotta sand em down
and everything was locked up, so it was bump, pick or break
figured i have had them for years lets try it out
take a beater lock and wail on it with a new bump key 20 to 30 times hoping it will bump open. it likely will eventually. then try the same key on a better lock, then a better lock.
My oldest has taken a liking to picking H&W cuffs with a paperclip. He thinks he's Batman.
oh this lock on this building is garbage
Have you had a lock which seemed to pick ok for many attempts, then later it seems very difficult to pick? (i think the tools are ok)
Lock innards get worn down after repeated picking
Wow I combined H&K and S&W in my head...
@anfractuosity yea the pins can get scratched and it gets harder
at least thats what i have experianced
@t.w.otto so glad you got in, and quickly! i was in a parking lot the other day and saw two guys fiddling with a car that had keys locked inside. I asked if they needed help. They said "no, but thanks!" so I went about my business. Came back 40 minutes later to my truck and they were still at it. I offered again, "I'm sure you've got this, but I am an entry technician... I have proper tools in my truck right now... want me to give this a shot?" (30 seconds later, the door was open)
It's been a treat, but also a horror over the years to see hardware hacking get easier, but at the same time, more restricted due to DRM.
@anfractuosity I have seen locks that get "over-picked" so to speak. the springs wear down and don't perform as well
@Deviant Ollam ha, they had no idea who you were... im glad you were there to help
Actually how hard is to pick a car lock?
@Deviant Ollam cheers
@pop13 it depends greatly on the vehicle, especially its age. from the mid 70s until the late 90s or early 00s most car locks were relatively simply wafer ocks
And the modern stuff like the last 10 years?
Frankly needs to be a hacking bill of rights or so that puts the consumer in a position of being able to control their own hardware.
@thomas.august yes, we have a lock forensics team... https://enterthecore.net/post-intrusion-forensic-locksmithing/
Just interested, as almost every car maker over here in the EU uses the same style of key
Or even just a right to repair
@pop13 we're starting to see many more locks incorporating advanced wafers or what we'd say are locks with wafer-based sidebars. car keys with a "squiggle track" on them, etc
ooh that sounds really cool re. forensics, not heard of that before re. locks
How are you able to carry lock picks with you over there? Do you need a locksmith permit, or is it just allowed? In the UK we could be charged with "going equipped [to commit a burglary]". If I'm heading to a job it is okay, but I can't carry them around every day.
@pop13 they are still able to be attacked, but custom tools are MUCH more helpful.
i assume that entails pulling the lock completely apart to do analysis on?
Are teh squiggle track keys a wafer variant? My VW uses them
@oz many are, yes
@Deviant Ollam nice!
I prefer to think of them as dental cleaning tools LOL
@anfractuosity yes, there are specific ways of disassembling locks so as to preserve forensic evidence, tool marks, etc
You know, for those difficult to reach places
@Deviant Ollam do you have any of the NFC implants, if so what do you use them for? I've been using it to send folks to my LinkedIn personally.
@anfractuosity conventional microscopes tend to be sufficient
Do you have any interesting stories from the job to share (which you didnt talk about on cons)?
@31337Magician both my wife and I have RFID implants, yes. neither of mine are NFC, however. one of hers is
i have one implanted low-frequency RFID tag (a T5577, which is reprogrammable to be HID Prox, Indala, ioProx, EM, AWID, etc.) my other is a "Magic MIFARE" which is essentially an emulated NXP S50 (MIFARE classic)
i have been strongly interested in a magnetic one for ever
Tarah has the same Low Freq chip that I do (the xEM, T5577) and her other chip is an NTAG216 (so a Type-2 NFC chip)
Have you ever played with non-electronic safe locks? or could recommend any books about them
@anfractuosity I am a SAVTA certified safe technician and GSA safe and vault inspector. "yes" is the short answer. ;-)
there isn't any one safe-cracking book of which I'm aware, and my wife always says I have to write one.