View
215
Download
0
Category
Tags:
Preview:
Citation preview
Decoding the Kwikset SmartKey™
Shmoocon 2009
Shane LawsonFraternal Order of LockSport
(FOOLS)
FOOLS?
FOOLS is a locksport group primarily from Bloomington, Indiana
We run the lockpicking attractions at Notacon
Also helped with the lockpicking village at DC16
About the SmartKey
ANSI Grade 1 Deadbolts
Resists bump attacks Re-Keyable on
demand Anti-drill bearings in
cylinder
Operation
The mechanics of the key do not function like standard pin tumbler locks
Pins have a ledge The ledge interfaces with sawtooth wafers The wafers engage the sidebar
Cylinder Dissection
Side view shows pins, springs, and wafer ledges which hold the wafers during the re-keying process
Pin Ledges
Wafer Ledges
Wafers
Right-hand notch is for the sidebar
Left-hand notches fit on the pin ledges
Wafer Housing
Fits to the pin housing Completes the
cylinder inside the lock
Also houses the sidebar
What makes the re-key function work
ReKeying
Turn the key 90 degrees Insert the 'learning tool' Pull the tool and key out Insert new key Turn back to normal Remove key The new key works, old one doesn't
The 'Learning Tool'
Can be replaced by: Paperclip Toothpick Plastic Anything that fits in
the hole and can push the wafer housing back.
How it Works
When the lock is turned and the tool pushes in, the wafers are pushed off of the pin ledges
The new key goes in setting new pin depths Turning the lock back snaps the wafers back,
and the teeth engage at the new depths.
Supplies
KW1 Blank Sewing Needle Anti-Theft tag Alligator Clip Super Glue JB Kwik/JB Weld
Tools
Dremel Cutting wheel Shaping tip Vice Scissors (for shim)
Decoder Prototype
Decoder Operation
The pennant on the needle acts as a feeler By shifting the angle of the needle, the pennant
can easily move past the housing Once free, the pennant will touch against any
free saw teeth By counting the teeth, the key depth is
discovered
Concept of Operation
Extended Operation
Note the anti-drill bearing in the cylinder
Highlighted
Decoder Chart
Ridges Depth0 61 52 43 34 25 1
Cost Summary
KW1 Blank = 1.50 Sewing Needles = 1.50 Aluminum Shims = free Superglue/Epoxy = free if you have it, if not $2
at a dollar store Total cost = 5.00
What that $5 buys
This works on all of the smartseries locks
Each one has the same cylinder design
Subdermal fingerprint readers and numbered keypads make no difference if you can decode the manual override.
Thanks
(Demos available)
bloomingtonfools.org
Recommended