Thoughts on the Forever Lock

The Forever Lock was introduced back in April by LockMan28 as an “unpickable lock”. It quickly picked up a lot of steam being featured on Digg, The Telegraph, Business Insider and other places.

I never paid it much attention until I was out drinking with a friend and he brought it up. Whenever I hear something is unpick-able, unbreakable, or any other un-something marketing term, I only roll my eyes. With my involvement in TOOOL, I have had the opportunity to see quite a few amazing openings and attacks. When I see something new I have to refrain from  getting all excited about what the attacks will possibly look like.

While I keep hoping that it will be an amazing technique, something magical, the reality is that most of these fall to  some of the same old time honored methods.

So it is the case with the Forever Lock.

My first impressions on the Forever Lock were “wtf?” followed by a “oh dear god why?”

To me it is a complete usability nightmare. I couldn’t imagine fiddling with that mechanical condom after work when I just  want to get on my bike and ride. I’m not a fan of adding complexity to what should be simple every day objects. Especially when the complexity offers no real benefit and gets in the user’s way.

So onto the attacks!

First up is a video by evva3ks in which he demonstrates a bump key attack. Bumping is a simple concept that takes advantage of Newton’s Third Law. I’m not going to explain it here but the Lock Wiki has a good write up.
This is a great attack as if you can successfully make a bump key you can easily open other locks using the same bump key without modification. This is a particularly devastating attack in my opinion since with practice it can be done quickly and once made does not require additional equipment.

Next up is a series of videos posted by Deviant Ollam in which
he demonstrates attacking the Not Quite So Forever Lock, through a
foil impressioning attack. If you are not familiar with Impressioning attacks, he does a great job of demonstrating the process here against a different kind of dimple lock and here against the Forever Lock.

Deviant also points out that the lock has poor tolerances in this video. Many locks suffer from this. Machining is expensive and one of the primary differences between cheaper (i.e. less secure) locks and higher security locks
is how tight the tolerances are. The Forever Lock also suffers from this making it possible to potentially open the lock with an unmodified key that shouldn’t. This also has implications for normal wear and tear, especially something that is designed for frequent outdoor use and is going to be jostled around. I can only imagine how the lock will function after a year.

In Information Security, we often need to learn how malicious actors work, the tools they use, the methodology they use as well as their mindset, before we can even hope to defend against them.

There is an ever growing library of knowledge out there on attacking locks. If you are designing a lock please, step back, take a look at the different attacks that are a Google search away and ask yourself how you could apply these attacks to your lock.

The same for locks and physical security in general. Otherwise, we are doomed to keep repeating past mistakes.

Book Review: Gray Hat Python

I really liked this book. If you are new to fuzzing, exploit development or Immunity Debugger or IDA Pro this book will be worth  your time to check out. But, if you are already familiar with these topics, this book would be too introductory for you  and I would probably skip it.

This book covers quite a bit of ground in its 181 pages. From debuggers, and fuzzers to emulation, each topic is introduced  well enough that you will have good base knowledge to continue on from where the book ends.

In the first chapter, we get a Python refresher. I say refresher as this book does not attempt to teach you Python.  While none of the Python in the book is particularly difficult, if you don’t have a grasp of programming in general
then I would highly recommend learning Python first. If you do know Python, this first section definitely shouldn’t  be skipped as it also introduces the ctypes library which is used extensively throughout the rest of the book.

The next three chapters in the book focus on debuggers. They cover a bit of debugger design, including as how to write a Windows debugger from scratch all in Python. Different types of breakpoints are introduced and you learn how each works at a low level. The book then introduces the PyDbg framework and finishes the debugger chapters by introducing the
popular Immunity Debugger, which has Python scripting capabilities.

Moving on through the next few chapters, the book introduces us to function hooking and code injection. Both topics are given great explanations with plenty of code examples and uses, such as file hiding and backdoors. These two chapters also serve as a starting point for the following few chapters, introducing us to Fuzzing. Like the previous chapters, Justin Seitz walks us through creation of a fuzzer from scratch, before introducing us to the Sulley fuzzing framework. He then walks us through the construction of a simple network fuzzer to fuzz an FTP service. Our education in fuzzing ends with using the Immunity driverlib to fuzz a Windows driver.

Read My Review on Amazon
Review My Review on Goodreads