Duplicating Restricted Mechanical Keys

Conference:  Defcon 27



The presentation discusses various techniques to bypass locks and keys, and suggests remediation strategies to improve security.
  • Various techniques to bypass locks and keys were demonstrated, including bumping, impressioning, and decoding.
  • Remediation strategies to improve security include using mastered or sectional keyways, adding delays and motion sensors, and conducting forensics to detect tampering.
  • Locks and keys are still effective security measures, but should not be relied on as the sole means of protection.
  • Security should be airtight and robust, even if a master key is lost.
  • Forensics can be used to detect tampering and identify the specific technique used.
The presenter describes a scenario where an intruder attempts to steal the key to the city from Toronto City Hall. The security system includes motion sensors and guards, as well as delays and obstacles to slow down the intruder. This illustrates the importance of creating a robust security system that can withstand various techniques of bypassing locks and keys.


Secure facilities in North America use lock systems like Medeco, Abloy, Assa and Mul-T-Lock partly to resist lock picking, but also to prevent the duplication and creation of unauthorised keys. Places such as the White House and the Canadian Parliament buildings go so far as to use a key profile exclusive to that facility to ensure that no-one is able to obtain key blanks on which to make a copy. However, there are tens of thousands of unrestricted key blank profiles in existence - many match very closely to these restricted key blanks, and can be used instead of the real blanks to cut keys on. Moreover, keys are just pieces of metal - we will present numerous practical techniques to create restricted keys without authorisation - including new attacks on Medeco, Mul-T-Lock and Abloy key control systems. We will touch on all aspects of key control, including patents and interactive elements, and discuss how to defeat them and how facility managers can fight back against these attacks.