@@tommybahama4418 No, he'll have disabled your alarm, picked your front door lock, tamed your dog, and unloaded your gun from underneath your pillow without you even stirring :D
"This is the LockPickingLawyer and what i have for you today is the vault door in Fort Knox, i only have about 20 minutes before the armed guards come storming in but i can get in to the vault in about 30 seconds.'"
@@CB-xr1eg Goldfinger has the solution: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-efOL7hF-YDU.html You need one of these: en.wikipedia.org/wiki/Special_Atomic_Demolition_Munition
Hello this is the lock picking lawyer. I just finished relocating borrowed assets from the vault and into my car. As you can see, the Fort Knox company did not take kindly to my pervious video, so they sent me some armed guards challenge. I was surprised that they actually respond to my video so it would be a shame to turn them down. Thankfully I have this crowbar that bosnianbill and I made. We will see how how will I pick myself out of this fight. ... ... ... And there we have it. No less than 25 seconds and we defeated their armor. What you just saw was the newest exploit of lock to lock ranged attack. A crowbar and lock combination as you can see is very effective against even the heftiest opponents, but it was a pretty good challenge nonetheless. In any case, have a nice day. Thank you.
At this point it would be easier to just convince him that there is nothing behind the lock worth getting into. But then he would simply take the lock as a challenge.
It would be actually fairly simple to stop him: You build a keypad that only sends they keystrokes to a controller unit on the inside of the door. That way, the only wires you can reach is sigal wires that don't do shit without the code. Bonus points if you put the controller unit in a metal box to prevent tampering by EMP or magnetism and make the opening-closing signal a little more complicated than just on-off on a certain wire. At that point, you'd either have destructive methods or defeating the controller left as methods of entry
This is why it is important to use an access control system that communicates to an internal controller that makes the decisions. Don't let equipment on the locked side make any decisions.
@@thimiraamaratunga7794 Multiple interesting ways to exploit, once it's a common flaw reviewed many times, he will skip it. For a very long video, it must be very interesting to try and bypass it in all the different possible ways.
@@bapanada9446 Or if he can find something interesting to use for the pick (Swiss army knife, Lego astronaut, gum wrapper, etc.). For Thanksgiving I was hoping he'd pick something with the wishbone from a turkey.
At this point, I'm almost completely convinced LPL is a retired cold war era operator. Dude reminds me of my dad and his buddies... growing up, I learned so much awesome shit from them. Hotwire cats? No problem. Breaking and entering? Literal childs play. Doing a target at 1000 yards in a high cross wind with high humidity from an elevated position? Piece of cake. Building or disabling an unstable IED? We do that shit before breakfast. It was an interesting childhood, and watching LPL's videos reminds me of weekends during the summer at my uncle house on the beach... we spent hours on the front patio picking locks, building improves listening devices, learning how to sweep for bugs... awesome shit to an 8 year old obsessed with Rambo, GI Joe, and James Bond.
The door to my storage room got locked accidentally today. I went through a bowl full of keys that came with the house and found the one that should open the door. It didn’t. The whole mechanism was gummed up. I thought about getting my picks out of the truck, but grabbed a 12” piece of wire laying beside the door and slipped the latch on the 2nd try. Moral of the story, bypassing is often easier than picking.
Let's just hope that anyone that cares about security buys an actual access control system, one where all the processing is done in a secure area. Even the company that makes the door strike has a system better than this.
Never mind Swiss Army Knife, the greatest ‘tool’ ever invented was the paper clip, I use them all the time for a variety of jobs, hardly any involving holding paper! Great series of videos by the way.
I was once working on an event packing up the stage into a basement and there was an RFID operated lock that gave access to an industrial elevator that rose from the ground to the outside and one of my work partners accidentally closed the little control door and the person authorized to access it went home for the day so I called security to open it but they didn't come for several hours so I unscrewed the rfid scanner, bridged the contacts and opened it. This being a federal institution, it actually set off a silent alarm and security STILL took an hour to arrive =____=
Federal institution, and it's that easy. Technology has outrun humans by do far, anybody with s little motivation can have their run of the world it seems. Personally I never trust tumbler key locks, they are medieval artifacts that haven't changed in a thousand years, ridiculous
The reality is, locks are meant to be opened. It might seem ironic to most, but if that weren't the case you may as well just weld whatever the lock goes to, shut. So long as that's the case, it can be opened without a key or code by just understanding the mechanism. That's why the old adage exists that locks only keep honest people honest.
How have they not sent someone to silence him?!? Although, considering he seems fairly pro-2A, if they did try, he’d have a good chance of protecting himself.
The guy who asks "What is anti-tamper switch?" Is the guy tied to the chair in the interrogation room. It's also likely that guy's car is getting towed from "visitor parking."
*Me:* _- Oh, a 4.5 minutes long video from LPL about an electronic lock! Must be a good one if it lasted this long._ *(Five minutes later)* *Me:* _- Oh... False alert - it's an exploit compilation video._
@Paul Martin I think a properly made electronic lock will not trust the outside unit. It might as well have wing nuts and security would be okay. Well made lock will continue to work flawlessly even if you cut the outside unit off and connect wires e.g. to mains voltage or to a welding transformer.
@@MikkoRantalainen idk I'll have to look at ours. The ones we have at work we maintain are a good bit more have end I'd say but most likely still gave trash security
I had a mini Victorinox keychain one some years back that I lost away from home, but I remember the one I had being called the Mini Champ. It was less than 3 inches in length.
When I was in the Navy I worked at a comm station in Keflavik. The building was somewhat secure. They wired the egress button separately from the outside control panel. That seems like such a simple thing but it really makes a lot of sense. Also there were no accessible screws from the outside of the door. Again, simple, but makes sense.
"Good morning, your honor. Yes, I know it's 2AM. Don't trouble yourself about how I got in. What's important is how you're going to rule in my case today."
My school has a system similar to this to get into the boarding houses and you can legit just shake the door handle back and forth and it opens in less than three seconds
CarterPlays Official not sure where you are from but in the UK secondary schools are almost always boarding schools, this means that pupils stay the night and effectively live in a boarding house until each holiday then they go home. It’s useful if people live far away for example there are lots of Russian students who fly directly from Russia into my school stay there and go back etc
You're a legend, watching your videos got me to order my first beginners lock picking kit and start practicing myself.. the way you do it makes it look so easy, effortless, like watching a piece of art being done... thanks for the inspiration to start this hobby and for the great content you put out!
As a industrial electrician with a heavy background in control wiring I’ve had to use this method quite a few times to get into electrical rooms when nobody is there to open the door in the early hours of the morning. It’s a simple method but most people have no idea how to do this so it’s not a real issue for the most part. I’ve never came across one with the security spring wired in with the exception of the federal reserve’s in a few cities
The anti tamper switch doesn't neccessarly need to be wired to an alarm, but one way to increase security is to have a relay (with keyswitch or button for reset) on the inside, where the lock wiring is also connected. The tamper switch is simply connected in series with the NO contact on the relay, then the reset/keyswitch over the NO and C contact, to the coil, so the pulled relay effectively powers itself. When tamper switch releases, the relay will lose power and only way to reset it is to reset via keyswitch or reset button. Then wire lock wiring in series with the second C and NO contact, only providing power to the lock if relay is pulled. This will create pretty much security for pretty low cost, as any tampering will disable the lock wiring, so regardless what attacker does, nothing will unlock the door, only way in is with physical key then press reset button or usevreset keyswitch on inside. An reed switch (nc) can be added in series with tamper circuit to prevent using external magnet to trip the inside relay. However, as we seen tamper switch can be easily be bypassed, but this creates a trap - like trap pins in a cylinder, once you trip the trap, your day is over.
These are awesome educational videos on how to bypass security and felony trespass into a secured area. I love it! Its like the Anarchist Cookbook but even better!
@@AttilaAsztalos I mean they did have an episode where a guy builds a (one-time use) Stargate out of Ebay-ordered raw materials and a toaster and/or microwave. Granted, that guy was of the species that originally created the things, but still.
Mr LockPickingLawyer Excellent presentation , as always. I am the small-scale technician , working in Greece , and use this keyboard too , Hoever.... I made some personal modification on it , replacing tamper switch with electro-optical coupling and connecting the chassis to 15 KV , low amps transformation. After removing the screws , any suspicious intruders get very dangerous electroshock -but only once . Afterwards the circuit is out , to avoid any possible LEGAL problems , for the owner. Do this for 10 plus years with success. No lawsuit yet...
I would like to suggest you do a macgyver type episode where you must escape from captivity. So remove handcuffs decode a door lock, open a gun safe. Hot wire a car and open a pad locked gate. It could be a fun episode.
I would love to see a TV contest show where there's like 10 doors in a clear-walled hallway, one hallway per contestant, and the first contestant to get out the final door wins the prize. Absolutely all tactics are valid, including under-door attacks, hinge attacks, latch attacks, kinetic attacks, and of course picking. Every episode they change up the doors and how they're secured, and bring in various locksports and pen tester people to compete.
You dear sir, among many other things you do, illuminate the many opportunities for improvement security companies could take advantage of. My sole hope is for your hard work not fall into the abyss of "ToDo: Low Priority" bin. Please keep on shining that bright light of yours!
Makes me happy that my door systems have their controllers on the inside of the building and where their are external components, either the card reader itself or a security relay between the video doorbell and the controller are designed to send a specific tone or series of sequence of voltage change and can't be jumped as easily as this.
I mean that’s kinda the point of this channel to inform people of security flaws to allow them to make more informed decisions about what security products to buy and what not to buy.
MacGyvering intensifies. As someone that grew up avidly watching the series (the original one mind you) this video is pornographic for me. Swiss Army knife AND paper clip? Ohhhhh yes
Erotic is right, this man's thumbs tell us he's packin' heat. And, yes - don't these companies ever test their 'safety' products with people who aren't paid to say they're perfect?
@@arletottens6349 No it wouldn't. If you had malicious intents you could easily just cut the side or the front and again disable the system. imo infrared movement sensor inside the box could cut it, but those are unnecessarily expensive and still have their weaknesses. the basic design is flawed like hanelyn1 described, that system does't make any sense. You can basically disregard everything and just send a current through the wires to the actual lock and its open.
Only thing that should pass from the key pad is a rolling code to the controller on the inside. Then the only way to hack it is to figure out how the code is rolling. Goes from any dude with a paperclip can pick it to a class one hacker.
@@wolfpack4128 "figure out how the code is rolling" i hope you mean "what code" not how. Any of the data shouldn't be handled in an unsecured area. They just send signal to the handler inside and the inside part checks if it's the right code not the outside part. There shouldn't be any wires connecting the actual lock to the unsecured area either. otherwise 9V battery will open it.
To unlock this keypad lock, you'll need: - A table - A wireless anti-static wristband - Some tweasers And a Swiss Army knife, which hopefully has a screwdriver in it.
When I worked on building control systems, I used this exact knife for most of my physical work from bathrooms to casinos to military research sites. I still have one on my key-chain and regularly use it for all sorts of little jobs. Old related joke, "The chainsaw starts with a roar and the rube asks, 'What's that noise'."
This was set up specifically for ease of bypassing. I've installed scores of seco-larm keypads over the years. They ship with tamper-proof screws that can't be unscrewed once tightened without the aid of a dremel or grinder to cut a groove into the screwhead. Also, in most cases the door is free egress just by turning the handle. You wouldn't combine a REX device with an electric strike. This allows you to disable the REX input altogether. My point is that with a little forethought and planning you can eliminate the risk of these bypass methods.
Love your videos... your awesome. I remember forever ago the pizza place I work at had one like that but they almost never closed the door so funny about that. I have learned so much it is terrifying how ‘good’ locks are. Typically I just pick lock at work when people lock there keys in lockers, toolboxes or cars (mostly ford trucks get picked) gm get coat hangers. Maybe some car videos for fun
Well, that's up to the buyer to put a sound alarm to the terminals, perhaps the seller of this electrical lock has a version that includes it, but it's cheaper to sell it without it and whoever acquires it can put any sound alarm they want in it. Anyways, this is just a big failure because the central components are exposed to the outside of the lock, make it pretty insecure as LPL showed.
You don't want to know how many people kept the electrical fire monitor system on "manual override", just because “those false alarms are soooooooo annoying”.
Used a professional unit for my garage door, took the extra step of removing the logic board and placing it in a secure container inside the garage. Now the only thing anyone had to work with was the wires to the keypad matrix and LEDs, they were all white and unmarked. A friend of mine had a similar unit with the same modification except he ran two extra colored wires to a couple of unused pads on the board. These were trigger wires going to a CS gas canister dispenser that had a tube running to the back of the weatherproof box terminating right above the wire harness. It did its job one day, never had an issue since.
Seems like, knowing where there would be a wire for an internal alarm is located, you could have felt for the wire first with the paperclip before hooking the spring.
It would be very cheap to make it a lot harder. Make an injection-molded piece of plastic that is around the circuit board that extends to the back of the plastic box. Minimal changes to the screw connectors would also be needed so the wire reaches them from over the board. The minimal thing to add is a plastic cylinder around the spring with a companion on the box. so you can just hold it back.
@@target844 It is wrong design from begining, no matter how tamper proof you make it. Keypads should be used only for sending wired/wireless data signal to the unlock system located inside. If signal gets authorised, doors gets unlocked. Simple as that. No silly unlock switches, control circuits or anything else that can be tampered with should be located in numpads outside security doors/ building!
"By pulling that spring to the side i ensured that the anti-tamper switch stays depressed" I have something in common with this anti-tampering switch. :(
We were one step above back kn the 80’s and use internal door hinge switches as the door open detection. Very clean and the key pads used security screws. All doors had cameras so if the door was opened, monitored cameras would alarm. Also pull the fire alarm and codes require magnetic doors to open
Reminds me of the story about Houdini in a jail cell trying to bypass the cell door lock, supposedly gave up and then discovered it was UNLOCKED the whole time!
Well my dad as a saying that feels fitting, mind you I’m translating, ”you only lock your door for honest folk”. If someone really wants in they usually do as this channel proves.
My dad (he's a locksmith^^) said: A lock is not a means to keep people out that really want in. It's a friendly reminder to other that it would be illegal to enter and you should not try.
These videos are helping to achieve my dreams of one day becoming a sophisticated thief of expensive art. I hope if I ever get caught, I can rely on the services of an equally sophisticated lawyer.
Not so much hire. They just send him "free samples" of the locks and wait for them to appear on his channel. I've seen that mentioned in previous videos. He's friends with the people at PacLock. Look for the skateboard video (#957).
I love when they change the unlock PINs at the factory I used to work at. Because within a couple hours I would have the master pin that works on every door regardless what the specific door code was..
As someone that has installed, maintained, repaired and replaced these types of access control devices I can assure you that this isn't a typical installation. It is especially different when there are additional tampers and triggers.
Wait a minute: if the anti tampering switch is not connected, the paper clip to hold the switch spring demonstration is not convincing! BTW, big fan. Love your videos. Glad you reveal these security flaws to help improve design and debunk false sense of security.
There were no wires to the anti tamper switch, that's why he removed the paperclip. He explained how the spring is kept activated by it being pressed on the backplate. Ex: if someone removed the screws and started taking the plate off, the spring would lose it's tension being separated from the backplate thus triggering the alarm.
I've got a similar cheap keypad / RFID on my house. However you can prevent all of these exploits by making the tamper trigger if the screws are even slightly loosened. Aside from this, also determine (or set) the exact time the keypad relay triggers the latch for, but instead of running that signal straight to the latch, run it to a small microprocessor (like an esp32, picaxe or arduino). The external electronics look for the exact trigger time, then outputs to the latch if correct. Also use N/C contacts with EOL resistors to determine if anything is being tampered with and have the electronics fail to a lock out state if triggered. Sounds a bit complicated , but mine's been working reliably off a Picaxe μP for over 10 years. The only annoying bit is the short delay before the door opens.