Slashdot | AT&T Identifies Widespread Security Hole - In Locks

Slashdot | AT&T Identifies Widespread Security Hole - In Locks Here's the method in a nutshell.

1) get a normal key that opens a lock.

2)count the notches, if its a 5 pin tumbler, then buy 6 more blank keys. ($2.00)

3) cut 5 keys to be identical to the original except at one of the pin position, let it be full height. SO that you now have 5 keys each with a full height blank at a different pin postion.

3.b) reducing the complexity. it's not physically possible to have a full height position adjacent to a deeply cut position. No problem, just cut it as high a possible, the master key suffers the same limits too, and this reduces the complexity of the pattern.

4) insert the first key. does it turn? No then file off 0.010" of metal and try again. within 7 tries, usually only one or 2 it will turn. congatulation you now know the pin 1 master height.(duh: ignore the turning at the original height.)

5) insert key2, rinse, lather repeat.
the beauty of this crack twofold. first, you are discovering the master heights of each pin independently, so the combinatorics is just linear in the number of resolvable pin heights not the product of pin-positions times pin heights. Second, you are also simultaneously factoring the ordinary key out of the master key combination, thus only discovering the master key not some useless key that is part paster and part ordinary key (that would only owrk on that particular lock).

6) Exception: if you cannot find the a pin height that opens one of the tumblers (ignoring the obvious one for the original key) then the original key height is the one for the master too.