Results from the ozseccon 2018 tamper evident challenge showing how many seals were bypassed and the top 3 winners

OzSecCon 2018 Tamper Evident Challenge

Boo and Mos Challenges, Conferences, Tamper Evident 5 Comments

OzSecCon 2018 held a two day tamper evident challenge. There were 70 people in the competition and 494 tamper evident seals were broken.

There were 15 challenges:

  1. Tamper evident wristband
  2. Paper envelope sealed with wax
  3. Plastic chain with Bsealed LightLock
  4. Tamper evident holographic label
  5. Paper envelope sealed with tamper evident security seal label
  6. Non-transfer tamper evident label
  7. Plastic mail bag
  8. Metal chain with Bsealed EnaBolt 4
  9. Bsealed X-Safe clear bag (red seal)
  10. Bsealed X-Safe opaque bag (blue seal)
  11. Plastic chain with Bsealed EnaTail 2 fixed length seal
  12. Metal chain with EnaShackle 1
  13.  Plastic chain with Bsealed Mini-JawLock
  14.  Metal chain with Bsealed EnaStrip 2 metal
  15. Screws sealed with Fuzzy Coat nail polish

The fun part was that not everyone had the same way to bypass the seals and we made new friends and learnt different ways to bypass seals. Some ways were easier and quicker than how we usually do it.

One thing we learnt with these challenges is you should always take the easiest path, which might not even touch the seal. A bypass is a bypass.

After last year at OzLockCon, we got lots of tools and other stuff together to bring with us. Last year was hard as it was the first time we played with tamper evident seals and didn’t know what to use or what tools we needed. So this time we made a tamper evident challenge kit bag and brought it along. Some stuff we couldn’t bring with us, like chemicals and cans as they weren’t allowed on the plane. We were worried with all the tools but they let us bring it.

black kit bag for tamper evident challenge with numerous tools

We have another blog post talking about what was in the bag to help others make their own ready for next year.

As we said in our tamper evident bypass talk at OzSecCon 2018, we will be adding lots to this blog including lots of detail on how to beat these 15 challenges. Until then, here are some of the bypasses we used.

Tamper Evident Wristband

Black tamper evident wristbands with white writing saying google ozseccon

These are wristbands like the ones they put on us when we go to places like Boing Central. Mum and dad said they also use them for clubs and concerts. This was one of the first types we tried last year. If you try and take them off, the white bit with the squiggly lines rips. Using a syringe and some nail polish remover, we squirted it on the glue which then gets all soft and you can slowly peel it off and reuse it. The challenge for the competition was to take it off one wrist and put it back on the other with no sign of tampering. Easy!!!

We have a full rundown of how to do it along with a video in this blog article.

Paper Envelope Sealed with Wax

White paper envelope sealed with red wax seall

We had this challenge last year. The wax is melted on the envelope and a 5 cent coin is pressed into the wax leaving a mark. Last year we heated the wax, opened the envelope, removed the paper, reheated the wax and used 5 cents to make a new mark on the wax. This year we got tricky. We realised there was a big gap where the end of the envelope was sealed. Using some tweezers we were able to grab the note inside and twist it out of the envelope, bypassing the seal. Always take the easiest way when bypassing a tamper evident seal ????

Plastic Chain with B-Sealed LightLock

Yellow plastic chain sealed with a red B-Sealed LightLock tamper evident seal

This challenge was a plastic chain that had been connected using a red B-Sealed LightLock. With this one we also took the easy way. As the Google team running the comp told us, in the real world, a lot of the time people just check to see if a seal has been tampered with. They don’t take a really close look or check the serial number. The B-Sealed LightLock has a serial number on it and we saw that the Google team didn’t record the serial number when they gave us the seal. So we just cut it and put on a new seal from the test table. These seals are pretty easy to shim but this saved us a few minutes and was fun being sneaky ????

Tamper Evident Holographic Label

Tamper evident holographic label attached to a plastic device

The next challenge was to remove a tamper evident label. From our experiments with holographic labels we thought this would be a total-transfer label and be removable with heat or with a chemical attack. As we couldn’t bring our chemicals with us on the plane, all we had was nail polish remover which was supplied for the competition. Nail polish remover is made from acetate and this usually wrecks holographic labels. So we used our heat gun, warmed it up and carefully pealed it off with no damage.

Paper Envelope Sealed with Tamper Evident Security Seal Label

Paper envelope sealed with a red security seal tamper evident label

We got all excited with this label as we had never seen one of these before. We didn’t want to use a chemical attack with only an acetone based chemical as it seems to always wreck the layer of red in red seals, so we were thinking trying heat. Then we realised it was the same type of envelope as the wax seal. Out came our tweezers again and bypassed the seal completely!

Non-Transfer Tamper Evident Label

Red non-transfer tamper evident label on plastic device

The feel and look of this label was like the non-transfer labels we had tested at home and like the blue one in our tamper evident challenge video. We didn’t have ay chemicals we wanted to risk on it so we went back to the heat gun. After a few minutes of warming it up it peeled off easily with no marks.

B-Sealed X-Safe Opaque Value Bag

B-Sealed opaque value bag

We had used these B-Sealed X-Safe Value bags before and we even had a demo of this in our OzSecCon 2018 talk so knew it just needed some heat to open. Again we used the heat gun. You have to be careful though or it can melt the bag. So glad we brought the heat gun. It was getting so much use from us and other people in the challenge.

Metal Chain with B-Sealed EnaBolt 4

Blue B-Sealed EnaBolt 4 on a metal chain

Next up was the trickiest seal we had come across, a B-Sealed EnaBolt 4, but we had done some research and testing before the conference incase this one came up. If you want to know how to bypass one of these, check out this article and there’s also a link in there to our video of the bypass.

B-Sealed X-Safe Clear Bag (Red Seal)

B-Sealed X-Safe clear plastic tamper evident bag with red tamper evident seal

We weren’t happy when they handed us a B-Sealed X-Safe clear tamper evident bag with a big envelope inside. These bags are REALLY hard to get into and out of without leaving a mark. We have tried all sorts of chemicals and even freezing  but none of them work. The only way we have found is using a slow heat and taking a really long time. The secret is removing as little as possible of the red tape. As it was a big envelope inside, we twisted the bag around a bit to fold the envelope over a couple of times to make it small. See the picture above. This means we only had to lift some of the tape. We didn’t manage to do it very well and lost some points ????

B-Sealed X-Safe Opaque Bag (Blue Seal)

B-Sealed X-Safe tamper evident bag with blue security seal that has been voided

These B-Sealed X-Safe bags are just as hard as the clear ones. You can see in the picture what it looks like when you pull the seal open and voids the tape. We didnt want to waste as much time with this one so we used a different attack that doesn’t work well on the clear bags. You can see on the picture above the mark where it says “DO NOT CUT HERE TO OPEN”. We took a razor blade from our kit bag and cut along this line, which is funny cause it says don’t cut ???????????? We took out the envelope and using our heat gun, carefully melted the cut back together. Worked perfectly and the Google team didn’t notice. Full points!!!

Plastic Chain with B-Sealed EnaTail 2 Fixed Length Seal

Orange B-Sealed EnaTail 2 fixed length seal with yellow plastic chain

These B-Sealed EnaTail 2 seals are tricky. You cant see in the picture but they have a bit cut out and its very soft near where it joins so if you pull very hard it breaks. Also if you hold it with pliers it leaves a bad mark and you lose points. There are 4 little catches inside so we asked dad to make us some shims. Using the Dremel he made 4 shims and helped us get them into the join. We then popped it open. We also have another easier bypass we developed so make sure you check out this method.

Metal Chain with EnaShackle 1

Yellow B-Sealed EnaShackle 1 with metal chain

We have played with the B-Sealed EnaShackle 1 padlock seals heaps at home and can shim them and use electrolysis to dissolve the clips. Electrolysis is the most fun but takes ages and sometimes doesn’t work well. We can usually shim them so we had dad make us another shim with the Dremel. He was making too much noise in the room so Barney made him go to the workshop. Bye dad!! We tried the shim but because the clips were pushed all the way in, we couldn’t get the shim in the right place. The bends in the metal bit on the shackle are there to stop this type of shimming. Good job by B-Sealed, bad for us. We were about to give up on this one when Naraka, another competitor told dad how he used a vice to pop the shackle open and pull it apart. We went to the workshop and tried this and had it open in a few minutes. Thanks Naraka!!! We made a video of this bypass which you can check out on our YouTube channel.

 Plastic Chain with B-Sealed Mini-JawLock

White B-Sealed Mini-JawLock tamper evident seal

This isn’t the actual B-Sealed Mini-JawLock seal from the competition in the picture above. They were yellow but the same type. This is one from home we had been practicing on. We used a shim and got this one open.

 Metal Chain with B-Sealed EnaStrip 2 Metal

Light blue B-Sealed EnaStrip 2

When we saw the B-Sealed EnaStrip 2 seal we were a bit worried as we had no idea how they worked. We have some of these at home but we hadnt played with them. We went and got a spare one from the Google team as you can get extras for R&D to help you bypass them. Dad got the Dremel out again and cut one open so we could see how the catch works. It was actually pretty simple inside and we thought a shim would work. Again we told dad what to make and he made another shim. So glad we brought the Dremel this year. Using the shim we slid it between the two pieces of metal. It was very tight so we heated the plastic with the heat gun so it expanded. The shim then slid in and we could pop it open.

Screws Sealed with Fuzzy Coat Nail Polish

Black Sally Hansen Fuzzy Coat Nail Polish jar and hand with polish applied to nails

The very last challenge was using Sally Hansen Fuzzy Coat Nail Polish. They put this over screws on a laptop or keyboard and take a photo of them. The idea is that if you remove the polish and put new polish back after removing the screws, its very hard to get all the little lines in the nail polish back in the same spot. They even use an app on their phones with before and after pictures that tell you if its the same. We had a go but didnt work and got no points for this challenge. HoodyPony who came first got three of the 4 screws the same. Was amazing and you can see from his score he had a massive lead because of it. Awesome job!!!

The Tamper Evident Challenge was really fun and we made lots of new friends which is the best part. We will be practicing and cant wait for next year!!!

scoreboard from the tamper evident challenge showing the final scores

 

 

Boo has a passion for bypassing tamper evident devices, having first got her tiny 6 year old hands on them at BSides Canberra in 2017. When she isn't bypassing tamper evident devices or lock picking, she can be found writing code, programming her robot, performing gymnastics manoeuvres or taking other children down in the MMA dojo.

Mos aka MrOldSkinny, loves to hack things together whether it be hardware, software or a combination of both! When he isn’t doing crazy hacks you will find him picking locks, tampering with tamper-proof devices, and finding weaknesses in security controls. All the cybers will be his!

Comments 5

  1. Pingback: Tamper Evident Seal Bypass - EnaTail 2 Fixed Length Seal | MOS & BOO

  2. Pingback: Bypassing a Bolt Seal - Spin Attack | MOS & BOO

  3. Pingback: How to Bypass a Tamper Evident Bag - Serial Number Swap | MOS & BOO

  4. You kids are amazing hey, I can’t believe your skill level, I have been training in the field for years as a hobbyist and you blow me away. Would love to connect and do some training with you guys.

    Very impressed.

  5. Pingback: Detecting unauthorized physical access with beans, lentils and colored rice – BIXRAT

Leave a Reply

Your email address will not be published.