At this point, it seems like Master Lock is just messing with you, Bill.
@williamjones4483
4 жыл бұрын
Nope, they are SCREWING with him!
@michaelgroves3919
4 жыл бұрын
Just fill the screw heads with jb weld
@FishFind3000
4 жыл бұрын
I think they wanna give him a heart attack or aneurysm.
@shrekdonkey9551
4 жыл бұрын
***CONSPIRACY THEORY***Bill works for Masterlock. If you watch he leaves the dumpster fire of a exploit till the end then shows it to u when most KZitemrs stop watching. And if you noticed all the exploit he looks at early all have been fixed vs Masterlock normal antics of bumbling it to hell. Then at end when he finally removes the facade you see the 2 screws holding the locking pins in and they are not secured with loctite on screws or even a security type screwdriver bit but instead just everyone has one Philips head screwdriver screw head and utterly lays waste to there name as a security company. But little do they know any publicity is good publicity even if it is for there failure as a security and lock company that cant get shit straight. And my theory is that Bill is backhandedly sponsored by Masterlock even though i have no proof and maybe be having a psychotic rant on a comment for a KZitem video. But anyways i bid you good day and enjoy this Saturday
@jmr
4 жыл бұрын
And on the 7th day Masterlock said @@@@ it!
@notsmoothie
4 жыл бұрын
Bosnianbill : "See if maybe MasterLock is hiding something behind this really nice rubber cover" MasterLock : *heavy sweating*
@rahulgkhs
4 жыл бұрын
First 17 minutes and me thinking 'why it's titled "junk", out of habit'?
@HSishi
4 жыл бұрын
Same here. Wondered where the catch is because I saw "JUNK!". I even checked if it says "NOT JUNK!" and read the description. Then I watched to the end ... But I have to admit, there's not much which can be done: Either you weld the cover's shackles to the cover, which is another weakness - you cannot weld these two materials sufficiently together. They could have used security screws, but the tools for them are not expensive anymore. They also could have used some high-tension Loctite glue but the danger is you screw the whole pack (screw plus shackle pin) and rotate the pin far enough to shove the bearing ball aside. Do that twice, the lock is open. No, a 360 degree cut-out against this vulnerability won't be good - that would leave a very thin "wire" which can easily be cracked by pulling the cover. I'm not sure if there's some sort of small, but strong pin-shaped bearing which would allow the screw to loosen a bit, then rotate completely with the screw. if you try to unscrew it, without rotating the engaged shackle. The best what they could have done is using stainless steel rivets. You need decent drills to get these out.
@angst_
4 жыл бұрын
Sometimes they use allen head bolts and then crush a hardened ball bearing into the hole. That would at least make resistant to drilling. Or they could have made the two shackle pins a single 'U' Design, so even if they were unattached from the front cover they would still have the front cover trapped shut.
@NeoAcario
4 жыл бұрын
@@angst_ Because of the two types of material not welding sufficiently... I think you have possibly the best idea there.. a U bolt of hardened steel.
@Sleeping_Insomiac
4 жыл бұрын
You could have the bolts threaded and screwing directly into the door material *and* have those outer screws threading through the door into the bolts.
@jcota2003
4 жыл бұрын
@@Sleeping_Insomiac Exactly what I was thinking. Doing that even if they got the screws out the lock still isn't defeated with out a lot of additional external damage. But at that point it is equal to most locks. And I was thinking the entire time has whatever engineer at Master lock finally watched some of these videos and figured it out? And then a silly mechanical SNAFU.
@peregrine1970
4 жыл бұрын
And just regular phillips, not even a 'security' screw.
@MaricopaJeff
4 жыл бұрын
It's almost like Master Lock designs in a fault on purpose.
@stallind
4 жыл бұрын
.003 cents of locktite red would be the answer to the crap.
@stallind
4 жыл бұрын
@David Daivdson generally in manufacturing cost is first concern. A drop of positive red is way cheaper then modifying a screw.
@chloejackson-reynolds418
4 жыл бұрын
@@stallind Why not just use a one way screw? They already use those on their directional lock
@brennencox516
4 жыл бұрын
Wouldn't welding or even epoxying them into place help a lot?
@rileyfenley522
4 жыл бұрын
When it comes to the physical security part Master-lock doesn’t upset and screws it up just like normal.
@johncashwell1024
4 жыл бұрын
"Screws" it up!
@dustysparks
4 жыл бұрын
Worker: "Not even any security screws?!" Bean Counters: "Too expensive" Worker: "NOT EVEN ANY LOCTITE?!" Bean Counters: "Did I stutter?"
@ravenoustraal
4 жыл бұрын
With the cover removed and the screws extracted, please lock it and try to pull it open. It looks as though the shafts of the locking bars go in far enough that the rotating movement created as the door swings down could bind on the bars, thus preventing entry. It may be more secure than you give it credit. EDIT: watch the follow up video for the answer to this question.
@sanderd17
4 жыл бұрын
I also wondered about that. Though its still strange why they don't just thread the pins into the body. Trusting on these tiny tolerances is still dangerous imo.
@Dawwwg
4 жыл бұрын
@@sanderd17 Yes, I think a bit of brute-force would still overcome any binding going on (in this specific design) ...
@lezokccb
4 жыл бұрын
I also think the same way. Bill, you really should try this.
@joshnelson7617
4 жыл бұрын
I second this
@joshhoover1202
4 жыл бұрын
This is what I was thinking. It think it will be difficult to open still requiring a lot of force.
@David-nh7px
4 жыл бұрын
Masterlock: This prototype is too secure, we didn't cut enough corners. Bean counter: Why not leave some regular Phillips screws exposed? It'll be cheaper to make that way. Masterlock: Perfect!
@paullessard
3 жыл бұрын
lol
@danromo635
4 жыл бұрын
Masterlock Tech Meeting: “Okay everyone, everything is looking great with our New Lockbox...So, in true Masterlock tradition, How can we screw it all up?”
@bloodgain
4 жыл бұрын
Literally, at that!
@cryptomnesiac
4 жыл бұрын
exactly!
@likebot.
4 жыл бұрын
Assistant to Quality Control raises his hand: "Yes, *Phillips?"* And the rest is history.
@adamwest8711
4 жыл бұрын
If there’s someone out there that can force a wild ferret into one of those, they’re not the kind of person I’d want to get caught stealing from.
@Tuck-Shop
4 жыл бұрын
Joseph the mink man probably could. He is training a monitor lizard to hunt rats too.
@OhSoTiredMan
4 жыл бұрын
Imagine them putting in deadly spiders and snakes
@thetechgenie7374
4 жыл бұрын
Ferrets are larger then that, it won't fit.
@KageShi
4 жыл бұрын
"I like this lock.... *peels rubber*... never mind." lol
@XxShantilisxX
4 жыл бұрын
I had such high hopes, only to be reassured that Master lock was going to leave an insanely easy bypass 🤦🏽♂️🙄
@gkeyman565
4 жыл бұрын
You knew there had to be a simple flaw, it's spelled "master lock". Great vid.
@xoniq-vr
4 жыл бұрын
Lol, 19 minutes into the video, I was almost falling off my chair: "No they didn't, they did NOT make a unpickable lock!" after all that smashing, I laughed out loud at those philops screws 😂 awww Master Lock at it's finest.
@davidid3146
4 жыл бұрын
"I've been saving this one for last because it is potentially destructive." ME: YEah that's why Im here.
@ChaosShadow00x
4 жыл бұрын
The guy at master lock realized he had done too good of a job, so to prevent getting fired he made it so you can unscrew the posts with an every day screw driver.
@JPA66
4 жыл бұрын
All that great design ruined by 2 screws "hid" behind a little rubber.
@larrybe2900
4 жыл бұрын
All they had to do is use a one way screw and it would have been a perfect lock or at least have a weird screw type not readily available if their thinking was a need for access this way for some reason.
@sanderd17
4 жыл бұрын
@@larrybe2900, weird screws don't help. The attacker can usually study the lock, search for exploits of that lock on the internet (or even buy such a lock to find the exploits) and buy such a special screwdriver for a few bucks. You should just not be able to enter the lock with just a knife and a screwdriver.
@JasperJanssen
4 жыл бұрын
Looks like a deliberate backdoor to me.
@larrybe2900
4 жыл бұрын
@@JasperJanssen That is where I come down on it. For all the thought put into designing it we are to accept 'easy' to be a psychological safeguard out of sight out of mind?
@larrybe2900
4 жыл бұрын
@@sanderd17 Granted but a deterrent at least. With a dab of locktite on the threads would have shown they really meant it. The fact they did not proves they wanted it this way. I agree with Jasper Janssen.
@MyTube4Utoo
4 жыл бұрын
*Master:* "We produce and sell junk, because you buy it!"
@ehsnils
4 жыл бұрын
The demand to register to be able to use the lock is as I see it a privacy issue - I don't really want to depend on an external service to lock up my stuff. And then failing on what we start to see as a classic Masterlock oversight.
@saschaschneider6355
4 жыл бұрын
I think you're taking "register" a bit too serious. I don't think you need to register it with a service but with the app
@kilrahvp
4 жыл бұрын
Yup, just bluetooth pairing.
@Cinkodacs
4 жыл бұрын
@@saschaschneider6355 Proprietary software only = privacy/security issues. Unless you analyze the network traffic of that software and you are sure it does not use anything else than BT (sure you could look at permissions, but I am not sure it's not just a catch-all give me everything permission request), it is insecure. It also limits the lifespan of the lock, the moment when they stop developing the app, that is the moment this lock's countdown to become obsolete starts.
@saschaschneider6355
4 жыл бұрын
@@Cinkodacs Yes, possibly. But my guess is that this software will be used for any similar lock Master puts out. And as this is BT chances are that somebody sooner or later will reverse engineer it and create a free app that can be used as a substitute. As for privacy concerns - you could simply use a device that has no internet connection, like a tablet without a SIM. But frankly, if you use a smartphone of any kind privacy is a mere illusion. It's a lost battle. You can put up a fight but there's no way to win. Your data is going to Google or Apple and app vendors no matter what. Until we get a smartphone environment that fulfils the FOSS criteria your only choice to keep your privacy is not using a smartphone. And getting such an environment is not realistic, I mean even Mozilla has failed creating one. And if we actually some day get one then you'll have to also create substitutes for all and any commonly used software. There's no way to catch up, too much proprietary shit going on. Yes, there's alternative marketplaces like f-droid, but the available apps simply are not up to snuff to most non-free ones. With Linux and GNU the development has begun early enough to provide valid alternatives but with smartphones that train has left the station years ago. Partly due to Google giving the illusion of providing a free environment. "Don't be evil" my a*beeeep*
@saschaschneider6355
4 жыл бұрын
@@marionette5968 which is not how this works and it's highly unlikely that this even can happen, even if there is such a database.
@Gnarlf
4 жыл бұрын
B: "Ok guys. Let's just make a last review. Does the Lock and the App work properly?" T: "Yes Sir!" B: "Good, but it is electronic, so can you disturb the electronics themself?" T: "Of course not!" B: "Great, but what about brute force. Can you simply break the hinges?" T:"Nope, these are damn tough!" B: "Perfect! Before i forget, are there any mechanical locks that could be picked instead?" T:"No Sir, all entirely electronic!" B:"Nice to hear that. I'm tired of these KZitem pickers screwing us over." T: "Not unless they remove the rubber cover" B: Glorious, so let us... what did you just say?
@lowlypawn
4 жыл бұрын
MasterLock slogan - Snatching defeat from the jaws of victory.
@SirHellmutt
4 жыл бұрын
I love how Bill and LPL and make a video about the exact same thing, both awesome and information, with one being 20 minutes and the other 2.
@Plugh13
4 жыл бұрын
A couple of steel pop rivets to hold the palls in would have gone miles toward improving the security of this box. Still susceptible to drilling, but that’s noisier than a screwdriver.
@KubedPixel
4 жыл бұрын
DAMN IT!! I WAS getting so so excited. FINALLY a lock Bill got defeated by.
@DeeSnow97
4 жыл бұрын
and a masterlock of all sorts... well, it wouldn't be master if they didn't put a ridiculous flaw in an otherwise perfectly good design
@KGiustOD
4 жыл бұрын
I wanted to see you hit those jumper terminals with 120V from a cut extension cord. Might not have worked, but it would have been interesting to see what happens when you overload the circuit.
@EliasMcCloud
4 жыл бұрын
The overload should be with DC, so the internal electronics manage DC as well though. If you use AC, a capacitor will blow up and that's it
@AttilaAsztalos
4 жыл бұрын
If they would have done the right thing, there would be a tiny DC/DC converter between the external power pins and the internals - it would still burn out if assaulted with high voltage, but the internals would stay unharmed and would continue to open as long as the battery lives. Of course one can effectively bet on them not having done that...
@FusionDeveloper
4 жыл бұрын
I still have a suspicion that Masterlock puts in a weakness/bypass so when someone loses the combo/key and calls them, they can quickly tell the customer a low-tech way to get in, without getting yelled at about having to buy some expensive tool or have some high-tech skill. Although that is probably not true.
@roycemark
4 жыл бұрын
Bill seemed so genuinely dissapointed to the point where he was kinda speechless.
@jklbubbublkj7939
4 жыл бұрын
didn't he just give his location away with that map?
@SoldererOfFortune
4 жыл бұрын
Yeah and there's a house that's totally blurred by Google at the address :D
@2BTO
4 жыл бұрын
jklbub bublkj masterlock goons pulling up
@alaeriia01
4 жыл бұрын
Somebody mail him a box of Master No. 3 locks as a joke.
@Hepheastius
4 жыл бұрын
Yeah, I hope he sees this and edits this vidya.
@pulsarphil
4 жыл бұрын
it's not blurred on google earth, and if you watch the vid where LPL raids the lock lab you can pretty quick figure out wich house it is.
@Subsonic-cd2en
4 жыл бұрын
Customer: well what if the battery dies and I don't have a 9v battery? Masterlock: Oh! Well in that case we have built in a handy bypass! All you need is a screwdriver!
@no-trick-pony
4 жыл бұрын
Master Lock is just memeing at this point.
@jeremyowen1
4 жыл бұрын
I did some door to door stuff for about a month just before the initial covid lockdown. We ended up in some really high end neighborhoods on several occasions, you know, homes I'll probably never afford. I swear I saw this exact lock hundreds of times. If not it was a similar model that looked identical.
@HiThisIsMine
3 жыл бұрын
I bought this lock... specifically because of your video. Well... I was thinking about getting it, and for a moment, after watching your video, I changed my mind... then I decided to get it so I can take off the plastic face, drill the Phillips notch out and superglue the cover back on. Aside from this major unbelievable flaw, the lock and app is pretty solid. Fix the flaw, and we’ve got a great key storage. I did however get a great deal on it and may not have paid full retail due to this issue. I found a brand new one on eBay for $60... the seller had a few... and probably saw your video and was discouraged from using it.
@augenbutter
4 жыл бұрын
By removing the two screws you're still NOT inside of the box. You had to apply a pair of pliers to the posts of the 17:47 OPEN box (how did that edit trick happen?) to remove the posts. However, to further safeguard it Masterlock could use screws with one-way heads. Of course with enough time and right tools you'll get into just about anything.
@2450logan
4 жыл бұрын
Might wanna blur out the location map on the iPad bill your joint is a no brainer..
@SpoilerAlert__
4 жыл бұрын
Party at his place
@alaeriia01
4 жыл бұрын
It's okay, he blurred out his house on Google Maps.
@belperite
4 жыл бұрын
@@alaeriia01 But not on Bing Streetside :(
@alaeriia01
4 жыл бұрын
@@belperite :0
@belperite
4 жыл бұрын
Just to add though, would anyone REALLY want to turn up at Bill's with anything less than good intentions? I imagine his basement looks like that one out of Tremors :D
@MisterMcHaos
4 жыл бұрын
"Defeat snatched from the jaws of victory"...
@bearwomack8610
4 жыл бұрын
Found your channel when I got interested in lock picking since then been watching the back log. Thank you for all your tips and reviews on locks to avoid.
@AngeredKabar
4 жыл бұрын
Much like breaking a key off in a lock, I wonder if you can send enough voltage into the backup contacts to fry the the electronics in order to deny service.
@olinseats4003
3 жыл бұрын
Depends on if they designed it to fail safe or fail secure
@wiktorwektor123
4 жыл бұрын
Master Lock: The combination you need is hard to guess - flat and philips screw driver.
@Murgoh
4 жыл бұрын
When known the flaw can be easily corrected, just drill out the screw heads or even simply "pre-strip" them with a screwdriver.
@Hybris51129
4 жыл бұрын
Maybe just spot weld the screwheads.
@AaronBStephens
4 жыл бұрын
Agreed. It could be modified pretty easily to remove the security flaw. The plastic cover may be damaged in the process, though.
@MikeKing001
4 жыл бұрын
The rest of the screw is super easy to drill out though. This is extremely vulnerable to physical attack. I don't like locks that can be defeated with a drill in under 60 seconds.
@Murgoh
4 жыл бұрын
This thing is made of aluminium so yes, easily defeated by power Tools. Also the shackle can probably be cut with bolt cutters or at least a cordless angle grinder as it's not very thick. Not many locks that can resist power tools.
@joestevenson5568
4 жыл бұрын
@@MikeKing001 "I don't like locks that can be defeated with a drill in under 60 seconds." Buying powertool resistant locks is a waste of time unless you have a steel door tbh.
@thefloridamanofytcomments5264
4 жыл бұрын
LPL brought me here. Why the hell am I actively following multiple locksmith channels?
@stevemcknelly5036
2 жыл бұрын
Bill, Happy retirement! Take care of yourself and enjoy life!
@jefffryesr.9511
2 жыл бұрын
you will be missed however the decision was absalutely the only one to have made many thanks for all of the videos and Much Respect J.
@thomasgibson7618
2 жыл бұрын
Happy retirement and thanks for all the great videos!
@drivecam101
4 жыл бұрын
The vulnerability can be fixed. 1) peel the top of the rubber piece that hides the screws back. 2) take the screws out. 3) apply permanent thread locker. 4) reinstall the screws. (even better if replaced by stronger grade screws) 5) drill or grind out the drive portion of the screw head so they can't be turned easily. 6) Fill the screw head recesses with epoxy (optional) 7) glue the rubber back into place. Now nothing short of power tools will get those screws out. But a power tool attack will destroy any portion of the lock so that's good enough.
@jamesstrain7062
4 жыл бұрын
You need to invest in some “EZ Out” bits. They are used for removing stripped screws. Buy the most expensive/hardest ones so they last forever(compared to the softer/cheaper ones). As a Carpenter I use mine quite a bit and they can be a lifesaver.
@AgateBrick
4 жыл бұрын
Do they make them in a wide range of sizes (as in small).
@markp8295
4 жыл бұрын
I have a thought on the powerline hack. The diode is more likely there for protection against the battery being connected the wrong way around. An oscilloscope will still see voltage drop since the external battery should be connected in the same polarity as the internal battery and thus be the same direction of current flow the diode allows.
@Printed_Riffs
Жыл бұрын
Glad I saw this. I ordered the wall box and I’m going to put a small weld over each screw head. It will be bolted to the trunk of a car.
@MrFmiller
4 жыл бұрын
A little Locktite on the post and/or stripping out the Phillips head would slow down removal. An easy out could defeat that but it would require additional tools. A portable reciprocating saw would be faster but then again any lock is susceptible to such an attack.
@Flying0Dismount
4 жыл бұрын
You don't need the keypad active to try a magnetic attack.. A solenoid or servo motor would not have its windings powered until it is time to open, and just having the controller active won't do anything.. If it's just a solenoid (which is what it sounds like- the multiple clicks is basically the standard practice of activating the solenoid several times in a row just in case it's stuck), you just need a much more powerful magnet as the core is iron or high permeability steel and would be attracted regardless of whether the surrounding circuit is active or not.
@Sypaka
4 жыл бұрын
Am I the only one who finds the sound on closing this device satisfying?
@hondatrix
4 жыл бұрын
Another reason why I just threw away my Master Lock locks...Thanks Bosnianbill, keep the videos coming.
@FailedSquare
4 жыл бұрын
The diode is for reverse polarity protection if you put the 9v on wrong. The signal blocking is just a bonus I guess
@Katnipkitkat_Cthulhu
4 жыл бұрын
Love the chopstick in the drill. Once I wanted to use an electric mixer but I only had a hand wisk so I rigged it up to my drill to get nice fluffy egg whites without much effort. lol
@nbrowser
4 жыл бұрын
Best part of the video...16:23..."WARNING This workplace does NOT give a shit about safety" Love the sign Bill!
@bosnianbill
4 жыл бұрын
Thanks! At least SOMEONE noticed! 😀
@dandesjardins937
4 жыл бұрын
The screws are intentional by Master Lock. Its their trademark. They always have to have an easy way in, just in case you forget your combination. They are thoughtful that way
@aussies4trump176
4 жыл бұрын
Disclaimer: No ferrets were hurt in the making of this video
@phalcon23
4 жыл бұрын
However the same cant be said about Mastorlock Locks....
@tthomassims9005
4 жыл бұрын
the diode is only to protect against putting the 9 volt on backwords but the method to rob the feedback is called a capictor which could be atmpted by drilling near the battery terminals and shorting the battery then the battery goes dead instantly as a fail safe then a ocsilscope attack could be attempted via the 9 volt connector I suspect without a dead main battery the 9 volt is disconnected by a mosfet
@Wavepush
4 жыл бұрын
Since it opens at an angle, wouldn't it be difficult for the locking lugs to just come out after you unscrew them?
@voxelfusion9894
4 жыл бұрын
Yeah, I'm not convinced it actually would've opened, even with the screws removed. Maybe he tried off camera and it worked, so no need for a correction?
@Wavepush
4 жыл бұрын
@@voxelfusion9894 He actually did a follow-up video showing him opening it with the screws The lugs don't protrude far enough into the top plate to resist the opening at an angle Damn
@ajwilson605
4 жыл бұрын
Bill.... For future reference, the diode on the external battery input can be biased to allow signal out to an oscilloscope. Just use a 1.5 volt battery, connect it to the lock, then hook your oscilloscope across the battery. The 1.5 volts will bias the diode "on" and your oscilloscope will be able to read fluctuations through the diode. This could possibly work on any electronic lock with an external battery port.
@DanielNoblett1111
4 жыл бұрын
the diode at the backup power contacts is primarily so can only use the 9v battery one way only
@markwhitis
3 жыл бұрын
"diode [...] robs us of feedback". Only if it is powered from internal battery. You don't need to wait for the battery to die to use an external power source. The diode is there to protect the circuitry when you connect the 9V battery backwards.
@monkeywr4ith
4 жыл бұрын
Edit: new video confirms they pull out! I thought the fit was tighter but nope, junk! Generally great video, but I doubt the posts would have actually pulled out after unscrewing. You were able to pull it out with pliers when open, but when closed there would be more rotational force since the door rotates out and down rather than going straight out. I would trust the lock well enough for most applications unless someone demonstrates the posts pulling out when opening rather than when already open.
@ice_aspect5847
4 жыл бұрын
That diode is for polarity protection. So you won’t fry the board when you put the battery in backwards.
@hedgeberg
4 жыл бұрын
Hey BB, Electrical Engineer here, wanted to correct some misconceptions real quick! First off, the Bluetooth connection may still be a viable option for attacking (not that it's really necessary, but...) since Bluetooth security is a colossal mess. While it is technically "encrypted", Bluetooth as a protocol is full of attack surfaces outside of the encrypted mode. As for the detection sidechannel (the "oscilloscope" method) that diode wouldn't actually prevent that. The diode is a standard charge input current protection, to protect from high voltage faults or backwards driving of the circuit. That being said, it's dubious as to whether or not that would even be a viable attack here. Individual button presses shouldn't cause any kind of usable noise for an attacker, it's the process of validating the passcode afterwards that can cause the kind of feedback you mentioned. Fortunately the 10 minute lockout makes that attack basically completely impractical. Finally, would need to look at the engagement mechanism, but it's likely that there are still electromagnetic bypasses. While it doesn't matter so much since the lock is clearly not well designed, if you could upload pictures of the actuators I'd really like to take a look to see what they used, since if they used a solenoid it should be totally possible to force the solenoids to engage using a broken-down microwave.
@RAkers-tu1ey
4 жыл бұрын
If they drop the price due to the flaw, I would buy one. I can see 2 or 3 easy fixes. A lot like the Beast padlock. I bought 3 for 5 bucks each after the LPL skewered them last year, and "repaired" them.
@rickmay1188
4 жыл бұрын
A quick fix for the screw problem would be to put permanent locktite on the screws... Once that stuff cures, it takes about 600 F's of heat to get it to release.... 2 cents worth of goop would have saved this thing.
@morethan4mph
4 жыл бұрын
That was looking so good! I was even thinking of getting one - unbelievable! Just unscrew it!
@riaganbogenspanner
4 жыл бұрын
The diode is for reverse polarity protection an should not hinder a power analysis with a 9V block.
@wolstech
4 жыл бұрын
Came to watch as soon as I saw "Master" and "(JUNK!)" in my notifications, and wasn't disappointed. I love seeing Bill's Master lock videos because it's basically impossible to not laugh at Master's stupidity while watching them. When he pulled that cover off, I facepalmed and said out loud..."Did they really just screw the lock bars on?"...yes, yes they did. On the bright side, you can at least modify it. Red locktite + stripped heads are probably the simplest aftermarket fix.
@divane1171
3 жыл бұрын
Oh man there goes the sales for that lock. Very weak for $120... Thanx for the detail love watching your videos very good presentation and camera work too💪🏻
@Romuls753
4 жыл бұрын
One thing they could do is pass a very small amount of current through the shackle that way if someone tries forcing their way in that way it sends a message to the device that it's registered to letting them know it's being tampered with.
4 жыл бұрын
I want to believe that one of those days Master Lock will produce a lock that is decent and secure, with not terrible security flaws
@markstr8309
4 жыл бұрын
Philips screws on the outside that hold the locking pawls is just apawling!
@jayyyzeee6409
4 жыл бұрын
I agree that those pawls shouldn't be mechanically secured from the outside. They might have tried securing them from the top or sides so it would have to be open to access the securing screws. However, I'm not sure it's completely valid to demonstrate an open by pulling one pawl out from the inside. The door opens along an arc, so once you've got the screws out, can you really open the door while the pawls are retained with those tolerances?
@darek4488
4 жыл бұрын
You can fix it. Drill the front of the screws completely round. Fill the space with JB Weld. Reglue the front rubber.
@BlackOrt
4 жыл бұрын
They only had to deliberately overdrive the screws to strip the heads, sheesh!
@volvo09
4 жыл бұрын
Yeah, strip the head out real good or use those screws with a head that snaps off when tight, super fast in manufacturing. Doesn't make it fort Knox, but at least it can't be opened with a simple screwdriver! Wow!
@Dawwwg
4 жыл бұрын
@@volvo09 Yes, assuming the screws are a pretty decent compound, it would have been good enough to leave the shackle as the obvious way to go ...
@Ayelmar
4 жыл бұрын
That wouldn't help -- use a battery-powered Dremel with a cutoff disc to cut a slot in the screw head, then use a flat-bladed screwdriver.
@TobbeArnesson
4 жыл бұрын
@@Ayelmar ur just drill out the screw heads...
@PsiChaos2701
4 жыл бұрын
You can hear the disappointment in Bill's voice when he finds the screws for the locking posts. Like, they made damn sure and went to great lengths to make it where nobody was going to beat the lock with an electrical attack, but at this point I must assume the chief lock engineer at Master enjoys playing a sick and twisted game of leaving a horrible exploit in every lock. Maybe it's an insurance policy for the day he gets fired; just turns to a life of burglary, with the knowledge of all the intentionally designed exploits present in Master locks.
@SmokeElectronics
4 жыл бұрын
Hmm some locktite and a drill bit could make those screws secure and permanently stripped. Significantly improving the security.
@rmp5s
4 жыл бұрын
But, can you actually open the door after removing the screws if it's locked?
@andycruzatx3387
4 жыл бұрын
Yeah , basically you would have to pry the door( after removing screws)with the same force it took to pull those pins out and it would open because of how the pins just slide out the door.
@Big31sky
4 жыл бұрын
Don’t worry, they’ll fix it by switching to torx security screws.
@johncashwell1024
4 жыл бұрын
I am watching this, waiting for the junk reveal, and its looking like a really good lock and then...just remove 2 Phillip's head screws and your in! Wow, that really is unbelievable! It's like they hired the best engineers they could, only to fire them just before the lock design was finished, only to have Billy the janitor finish the job!
@awmperry
4 жыл бұрын
They came so close to making a good thing for once. At least it’s an easy fix for the mk 2.
@nikushim6665
4 жыл бұрын
I dont think master put that diode there for that intent. Reverse current protection is more so to prevent the end user from damaging the circuit by accident. As for cracking the lock, im pretty sure you could easily cap the hash between the owner and the lock using a ubertooth. I really doubt they are using some high end AES encryption on that.
@schizy
4 жыл бұрын
*You didn't **_actually_** demonstrate opening with the screws removed.*
@harrickvharrick3957
4 жыл бұрын
One can still make this a useful product by hand of course, peeling the rubber back a bit and drill out the screwdriver profile from those screws, maybe adding a few drips of polyester, and gluing the rubber back will do the trick in this case, which usually can't be said from MasterLock. Still.. why they don't consult someone like Bill to evaluate their locks directly is difficult to understand.
@luan6862
4 жыл бұрын
A collab with a electronic/computer vulnerability specialist would be awesome here. Ignoring the (two) huge gaping holes in this locks security, trying something with the bluetooth would be absolutely fascinating to see. Thanks for the videos!
@Dimencia
4 жыл бұрын
KZitem brought me here from LPL... I feel like this is exactly like LPLs videos, except LPL does all this, *then* films a video showing us all the highlights in 2 minutes. It's neat seeing the whole process I'm not sure which style I like better. Better watch a few more, you know, for science...
@RennieAsh
2 жыл бұрын
You could partially improve this by supergluing the screws and drilling out the Phillips head part . Still vulnerable to actual drilling but at least not someone with a screwdriver!
@NaClO
4 жыл бұрын
so this is the great bosianbill that the lockpicking lawyer made the pick with
@greendryerlint
4 жыл бұрын
The diode may be there to protect the electronics if you attach the 9V battery backwards.
@BryanTorok
4 жыл бұрын
So, if Master changes those from Phillips head to one-way straight blade head screw, that would fix that security flaw for literally a few pennies. As for beating the case up in a totally destructive manner, I think we have to be reasonable in expectations. One could take a hack saw and cut the door knob off, but realistically nobody is going to that much trouble.
@likebot.
4 жыл бұрын
At least the ferrets are safe - and not because they're locked in :)
@EricH_1983
4 жыл бұрын
Quick fix guys if you own one!! Peel back the rubber and with a metal drill bit drill out the screw thread but not too deep, then solder over the screws and file solder flat, re-glue the rubber back..
@plasmaking3513
4 жыл бұрын
First thing i was thinking when i saw the philips screws was why they didnt use tork/shear bolts (the ones where the head breaks off leaving a flat/domed surface) instead. Sure you can still get them out using a hammer and a chisel but its faaaaaaaaaaaar better than using the most common screw in existence.
@DonzLockz
4 жыл бұрын
They sort of tried but as usual, it's still a Master so we can't be over optimistic. Lol
@kght222
4 жыл бұрын
2:02 shotgun slug from the bottom up will not care. the protection on this is all in the cladding, you can shove the lock out from the bottom, might take a little force, but that is the point.
@kght222
4 жыл бұрын
and hell, the only reason you would go shotgun on this is to have fun. that shackle can be cut inside the body with bolt cutters, it just isn't that big. the shackle is probably trash enough that someone holding the lock closed without having it locked to anything they could bend and malform it. anyone who knows anything about hard metal knows that shouldn't ever happen without tools. that is how crappy it is.
@junkman8742
4 жыл бұрын
AVE said the other day.. 'Have to get a burner phone so as to not give the app all a yer dik pics!'
@moxiesmotel
4 жыл бұрын
Thank you Bill, I finally found the right lock to secure my ferrets! (One at a time, they're big) =)
@thorlancaster5641
4 жыл бұрын
Even though the diode would prevent a passive powerline attack when the lock was powered by a battery, you could still hook up a current sensor and an external power supply to the terminals and still be able to measure fluctuations in current. If the internal circuitry/code is vulnerable to a powerline attack, this would make it possible.
@flatfingertuning727
4 жыл бұрын
A programmer who is mindful of power-sniffing attacks can fairly easily guard against the easier ones. If a lockbox is being used to hold keys for a door, what's important is that the lockbox be as secure as the door. Security beyond that will have limited value and may in fact be bad if if e.g. a passcode gets mis-set and it's necessary to gain entry without it.
@thorlancaster5641
4 жыл бұрын
@@flatfingertuning727 Yes, power-sniffing attacks are easy to prevent, but it's also really easy to accidentally write a function that would be vulnerable if you weren't thinking about power sniffing. For example, if I wanted to compare two arrays (what the user punched in vs. the real passcode in memory, I could easily write something like this: bool checkKeyBad(char* provKey, char* testKey, char keyLen){ for(char x = 0; x < keyLen; x++){ if(testKey[x] != provKey[x]){ return false; } } return true; } However, that function would be vulnerable to a power-sniffing attack, provided the micro and circuit were vulnerable. The time taken to return from the function would depend on the first wrong digit in the passcode. I wouldn't be surprised if the MasterLock used a function like this to check the passcode, but then again this attack is pretty pointless compared to just using a screwdriver. If I wanted to protect against power-sniffing, I would make sure that the execution path was the same regardless of passcode correctness. It's not how I'd normally write an array compare function and it takes longer on average, but it's more secure. Something like this would stop a power-sniffing attack. bool checkKeyGood(char* provKey, char* testKey, char keyLen){ bool rtn = true; for(char x = 0; x < keyLen; x++){ rtn &= (testKey[x] == provKey[x]); } return rtn; }
@henryokeeffe5835
4 жыл бұрын
Degaussers produce a very strong, but low frequency magnetic field. I would have used a device especially suited for EMI testing. Such a device can be made quite easily with one of those small $2 "high voltage generators / inverters" that are all over ebay, some turns of wire, and a high voltage ceramic capacitor (a few nF+) and a spark gap a few mm apart. The capacitor, coiled wire (5 turns, 2" diameter) and generator should all be wired in series, with the spark gap in parallel with the high voltage generator. This from experience produces enough EMI to destroy calculators, stereo systems and other consumer electronics at a range of about an inch.
@edrose5045
3 жыл бұрын
Why does the electronics need to be powered for the magnet to work? If it's just a solenoid, all it needs is a static magnetic field to pull the plunger away from the locking lugs. If it's a motor, a spinning magnet may in some cases turn the motor by interacting with the permeant magnets in the motor. I can't see why either of those would require there to be power
Пікірлер: 828