Inside the ‘Hack Bag’

We had a whole bunch of questions at OzSecCon 2018 and after the conference about what we had in our bag which we call The Hack Bag, so here it is, finally.

In 2017 when we first tried tamper evident bypasses at BSides Canberra and again at OzLockCon 2017 when we entered our first tamper evident competition, we had some big issues bypassing some of the devices as we didn’t have the right tools. At BSides 2018 we took a few tools, like a vice and heat gun but it still wasn’t enough. When we heard there would be a competition at OzSecCon we started to work out what we would need for all the different types of challenges we thought we might get. The bag was a big success and we don’t think there was anything we were missing. Even a lot of the other people in the comp were using our tools which was great helping each other out!

So, if you are planning to enter the next competition at a security conference, here is some of the tools we recommend.

Chemicals

Different chemicals are used to remove different types of tamper evident labels. These are Shellite, Acetone, Isopropyl Alcohol, Methylated Spirits, Mineral Turpentine and WD-40. Usually we put the chemical in a syringe and squirt it under the label to soften or destroy the glue.

Needles & Syringes

These are used for getting the chemicals under the label to the glue on tamper evident labels.

Shim Metal

Shims are thin pieces of metal. We use the shims to fit in tight or small places to help release locking mechanisms, like in padlock seals or on plastic bands. One of the best ways to make shims we have found so far is out of feeler gauges. You can get them at Bunnings or car shops. They are lots of different thicknesses so just pick the right one for what you are doing.

Hacksaw Blade

A hacksaw blade can be used to cut lots of different things, like plastic chains that are often used in tamper evident challenges. Its good if you need to cut a chain and stick it back again. Not that we would ever do this ????

Razor Blades

Razor blades are handy for lifting labels up after you have softened the glue with a chemical bypass. They can also be used for making very thin cuts in bags and other containers that you might want to stick back together later without leaving a trace.

Files

Files can be used for lots of things like filing edges on chains or shims after you have cut them. Anything that has a rough edge you need to make smooth.

Dremel

A Dremel is the fastest way to cut a shim to the size you want. A Dremel can also be used to cut through metal tamper evident devices if you need to. We used it a lot in the competition for making shims and also to cut tamper evident devices open to see how they work. When you know how they work you can then try and bypass them. Make sure you have safety glasses and ear muffs when using the Dremel!

Dremel Blades

Make sure you have at least a few spare Dremel blades. When cutting metal they can wear out real fast! We recommend the fibreglass reinforced cut off wheels as they last much longer than the normal cut off wheels and cut a lot faster and easier.

Bench Vice

At OzSecCon we used a vice to hold the metal while we made shims and also for picking locks. It can also be used to help open a type of padlock seal, which we will have in an article soon.

Needle Nose Pliers

These are great for holding lots of different things. When we were bypassing the EnaTail 2 Fixed Length Seal we had to make some tiny shims. We couldn’t have held them and got them into the seal without these pliers.

CO2 Extinguisher and Pillow Case

This was on our list but we didn’t take it with us this time as we flew to Melbourne and extinguishers are banned on planes. We will tell you all about this one in a REALLY fun post soon.

Safety Glasses

You need these to protect your eyes from chemicals and from bits of metal and plastic flying when you use the Dremel. We got these ones from Bunnings. They are only $12.95 and are really comfortable and look like snow boarding goggles ???? You can see us wearing them in our Tamper Evident Lock Box Challenge video.

Ear Protectors

If you are using any noisy equipment, like the Dremel, you should wear ear protectors so you don’t hurt your hearing.

Gloves

You should always wear gloves to protect your hands when using the chemicals!

Tweezers

We put tweezers in our Hack Bag incase we had something small to hold and we and lots of others ended up using them soooooooo much. They were great for sliding into sealed envelopes, grabbing the secret messages and pulling them out.

Spray Adhesive

We couldn’t take this one with us on the plane and luckily we didn’t need it. This is a craft glue that we have used at home in our experiments. Sometimes when using a chemical bypass to soften the glue the glue gets destroyed and you cant stick the tamper evident label back on. With this glue you spray it on the back of the label and it makes it like a sticker. You can then stick it back on!

Cotton Buds

Cotton Buds are handy for applying chemicals to a small section of a tamper evident label. We sometimes use them after we lift up the edge of a label to apply more without spilling it all over the surface of the thing the label is attached to. Sometimes too much chemical can mark things like paper and cardboard.

Picks/Dentists Tools

We have used picks before at conferences with some success but haven’t had much luck with dentist tools. For us making shims works better as they are thinner and less likely to damage the tamper evident device, but making them may take longer. We have seen other people use dentist tools well so we have added them here so you have a complete Hack Bag. If you use them or try them, let us know how you find them and what you used them on. Also the best place to buy them so we can get some. We don’t have any in our hack bag yet.

Heat Gun

This is one of the most important tools in the bag. Our heat gun got used so much by us and other people in the competition we thought it would burn out. The heat gun is great for warming up glue on labels and making them soft so you can just peel them off. It’s not as harsh as using chemicals. Also when you heat things like metal and plastic they expand, so you can use it to loosen locking mechanisms, like the EnaTail 2 Fixed Length Seal. Also, if there are any wax seals it will melt the wax very easily.

Glues

It is good to have some plastic glues incase you need to do some dodgy patch up work on a plastic seal you have broken or cut. We used them a bit at OzLockCon 2017 when we hadn’t worked out how to open some seals. Also, sometimes things just don’t work out and break and its a quick way to try and fix it.

So that’s it for the Hack Bag. We hope you get your hack bag happening for the next tamper evident bypass competition. If you do, be sure to take a photo and tag us on Twitter so we can see it!!!