[HN Gopher] Bypassing Door Passwords
___________________________________________________________________
Bypassing Door Passwords
Author : sockpuppets
Score : 41 points
Date : 2022-01-08 10:39 UTC (12 hours ago)
(HTM) web link (sockpuppets.medium.com)
(TXT) w3m dump (sockpuppets.medium.com)
| yeldarb wrote:
| This makes me nostalgic. The first homebrew app I ever
| released[1] helped you pick combination locks with the help of
| your Playstation Portable.
|
| Looks like the original site that described the algorithm is long
| dead, but the gist was that once you have the first number from a
| Masterlock (which you can listen for) the search space of the
| second two can be reduced with a pretty simple algorithm and so
| there are only a few dozen combinations to try.
|
| [1] http://forums.qj.net/psp-development-forum/7427-release-
| psp-...
| sockpuppets wrote:
| Source Code: https://github.com/aydinnyunus/gateCracker
| https://github.com/aydinnyunus/gateCracker-REST
| egberts1 wrote:
| As an alternative, I find Lockly to be an awesome asset for my
| household.
|
| I regularly hack my Lockly locks via Bluetooth and wireless.
|
| It's holding up pretty good.
|
| https://lockly.com/
| netizen-936824 wrote:
| How secure is their fingerprint reader? More secure than the
| ones on mobile decides I hope?
| egberts1 wrote:
| everyone that walked through the front door has been asked at
| least once to try the fingerprint mechanisms (as an
| unregistered finger) and failed (zero false positive).
|
| Unfortunately, my wife's fingerprint is scrubbed shallow from
| excessive hand washing and gets a false negative quite often.
|
| Otherwise, one has to remember the orientation and angle of
| finger consistently to get near 100% of the time. And
| experience gets you there.
|
| The part that I like best is the number pad gets scrambled
| each time you pressed a key while entering in your digits (4
| to 8 digits): the glass plate would then offer no clue as to
| what are the most frequent positions are.
|
| Furthermore, any shoulder surfer would be thoroughly stymied
| by a set of three digits to each of the keypad positions (of
| which one of the 3 digits has the correct digit, other two
| got randonly chosen).
| vizzah wrote:
| you regularly attempt to hack? and they're holding up? or you
| regularly manage to actually hack them? In such case how this
| asset can be awesome? =)
| egberts1 wrote:
| I hack without a key and i get rebuffed in all my attempts.
|
| I hack with my KNOWN keys (which gets scrambled) to get in.
| sockpuppets wrote:
| Blog Post For the Research :
| https://sockpuppets.medium.com/bypassing-door-passwords-4004...
| Mountain_Skies wrote:
| Am I the only one who thought about BBSes when seeing the
| headline?
| ipiz0618 wrote:
| Never knew streamlit now has a cloud sharing platform. The UI has
| improved so much as well
| htgb wrote:
| I the blog post is preferable, as the linked page doesn't provide
| any context: https://sockpuppets.medium.com/bypassing-door-
| passwords-4004...
| VeninVidiaVicii wrote:
| Same. I clicked the link and thought I must've opened a wrong
| window.
| sockpuppets wrote:
| I added source code and blog post links on the demo page.
| sockpuppets wrote:
| thank you for response
| dang wrote:
| Ok, we've changed to that from
| https://share.streamlit.io/actuallytest/test2/main/main.py.
| Thanks!
| zinekeller wrote:
| Actually an interesting article (for context:
| https://news.ycombinator.com/item?id=29850750), and demonstrates
| that locks are indeed only keeping honest people honest.
| Unfortunately, it seems that locks suffer from the dilemma of
| being low-cost enough while looking that it provides security.
| Nextgrid wrote:
| A long time ago I was looking at security of contactless-related
| security systems such as door access control. The security is
| absolutely terrible for the most part; there was very little
| cryptography and the cryptography there was is often broken (by
| others that is - I don't have the skills to break it myself, I
| just looked at existing open-source tools), so seeing
| undocumented backdoor passwords is not surprising.
|
| The general feeling that I got is that outside of IT there's a
| lot of people who think "it's on a computer so it must be
| secure". Maybe that's technically true in the sense that it's
| secure because they have no clue how to use a computer and think
| that their idea of the difficulty of using one is enough security
| but obviously that's not the case.
|
| Many systems were (and are even today - the industry is very slow
| and physical security companies that are responsible for
| selling/installing these systems rarely have the skills to
| evaluate them) just based on an ID the keycard broadcasts
| unencrypted - there is no challenge response nor encryption,
| _even_ when the keycard itself supported at least _some_ crypto
| (Mifare Classic for example - that is broken but at least it
| would be an attempt at making it secure).
|
| Systems that use Mifare Classic would make you think that you'd
| need to break the crypto and copy the secret data from the card
| (which is possible and there are open-source toolkits to do it)
| but in reality you don't even need to bother as copying the UID
| (which is unencrypted and broadcast in the clear) is enough.
|
| Systems that use HID (which seems like it would be secure, if I
| remember right those use at least some form of cryptography) that
| I interacted with as a user (at a well-known tech company) used
| USB readers in what looked like keyboard emulation mode which
| "typed" the public UID of the card during provisioning. I am not
| sure if the actual readers on the doors did anything more (maybe
| the provisioning step just looks up a UID in a DB and doesn't
| technically need to be secure, as the readers will only use that
| UID to lookup a public key in the DB and then do proper
| authentication?) but there could be potential for a flaw too.
| meibo wrote:
| A lot of RFID door openers also just use mechanical relays to
| power the locking mechanism, which can be triggered from
| outside with a strong magnet.
|
| In the end it probably depends on what your threat model is. To
| keep out thieves, most of them are probably unsuited.
| Nextgrid wrote:
| The cheap, self-contained ones yes. But I'm talking about
| "proper" ones where the reader and controller are separate.
|
| While it indeed depends on the threat model, the problem is
| that a lot of these electronic systems are sold at a high
| price to building management companies while being horribly
| insecure. At least if they were cheap then fair enough - you
| get what you pay for - but that isn't the case here; they
| provide a false sense of security.
| Spooky23 wrote:
| The building management companies were fine with commercial
| keys in the 80s. They are paying for a system to map
| entitlement to lock.
|
| The quality of the lock is a small part of the overall
| equation.
|
| I'll give you an example of my home. The previously
| homeowner installed a high quality Medeco lock. It's
| difficult to pick (unless you are YouTube's
| lockpickinglawyee) and the keys are a pain to duplicate.
|
| Secure, right? Not really. My front door is on a porch with
| a window, and you could trivially use a thin metal bar to
| pop the window open, assuming that you wanted to keep the
| noise down.
| Nextgrid wrote:
| It's actually secure in the sense that the lock is
| difficult to pick and breaking the window leaves evidence
| of the break-in.
|
| In contrast, exploiting these electronic locks leaves no
| evidence - the same would apply to easily pickable
| mechanical locks of course, but at least the shitty
| mechanical ones are cheap.
| BenjiWiebe wrote:
| Though if he's referring to "picking" the window's latch,
| then that wouldn't necessarily leave any evidence.
| Spooky23 wrote:
| I was thinking of using a jimmy bar to pop the window
| lock.
|
| I'm a pretty insignificant person without enemies. My
| risk profile is a crackhead stealing my TV or whatever. A
| more organized criminal could find a dozen other ways in.
| lol768 wrote:
| > just based on an ID the keycard broadcasts unencrypted
|
| This isn't necessarily the end of the world. At the end of the
| day, all that matters is the threat model.. to break an access
| system designed in this manner using a plain UID you're going
| to need what, something specialised like a Proxmark to be able
| to read it any real distance away (and even then, IIRC it's
| like a ruler's distance you'll be able to do). Otherwise, you
| need physical possession of my access card, no?
|
| Your average burgler is going to have no idea what any of this
| stuff even is.
|
| To me, the scheme being (as you describe) "horribly insecure"
| in this way is less of a concern than e.g. a lock that can be
| easily bumped.
| Nextgrid wrote:
| You can tap someone's keycard or wallet with an Android phone
| and get the UID; here's an example app: https://play.google.c
| om/store/apps/details?id=com.nellon.mif....
|
| That's much easier than picking even the shittiest lock where
| you'd need picking tools which have less plausible
| deniability than let's say a phone, and yet these "secure"
| keycard systems cost significantly more than a shitty lock.
| BenjiWiebe wrote:
| Actually the worst locks are so easy to pick that you just
| insert your tension tool and turn.
|
| But those aren't usually on doors. The two like that I've
| seen: TSA approved luggage lock, high power handheld laser
| safety lockout.
| HWR_14 wrote:
| As someone once pointed out, safety lockout locks being
| easy to pick is a feature. They are a very strong
| communication device, not a security measure.
| oolonthegreat wrote:
| neato. must be noted that these locks are used in almost all
| apartment entrances in Turkey.
___________________________________________________________________
(page generated 2022-01-08 23:03 UTC)