mos and boo about to start bypassing tamper evident seals on a blue lock box

Tamper Evident Lock Box Challenge

Boo and Mos Tamper Evident, Challenges Leave a Comment

As part of our preparation for our presentation for OzSecCon 2018, we were given a 4 layer tamper evident lock box challenge to try. The goal of the challenge was to get into the box, copy a computer file, and reseal the box with all tamper evident seals back in place. We were given a few rules on what we could and couldn’t do. These were:

  1. We have to bypass the seals, not dismantle the box or use some other method of getting in
  2. No lockpicking of the lock. The key has to be used to unlock the box
  3. At the end, there must be no evidence the box has been tampered with or the file had been stolen

There were 4 types of seals:

  • A Padlock seal, with serial number
  • A non-transfer tamper evident label, with serial number
  • A tamper evident bag, with serial number
  • A total transfer tamper evident seal, no serial number

Having seals with serial numbers made it even harder as we couldn’t destroy the seal and swap it with another one. We had to be very careful not to wreck them.

We used 4 different methods to defeat the seals:

  • Padlock seal – we cut the wire, then used electrolysis to dissolve the metal, and then replaced the metal with new one from another seal
  • Non-transfer tamper evident label – we froze the label using an upside down can of compressed air
  • Tamper evident bag – we very slowly used a heat gun to soften the glue and open the bag
  • Total transfer tamper evident seal – we used a chemical bypass method using Shellite

Once we got through all 4 seals we accessed the “garbage file” which was funny as it’s from one of our favourite movies, Hackers! ????

We then replaced all seals with the USB key back in the bag and closed it all up.

Watch our video and see it all in action!!!

We can’t wait for our next challenge!!!

 

Boo has a passion for bypassing tamper evident devices, having first got her tiny 6 year old hands on them at BSides Canberra in 2017. When she isn't bypassing tamper evident devices or lock picking, she can be found writing code, programming her robot, performing gymnastics manoeuvres or taking other children down in the MMA dojo.

Mos aka MrOldSkinny, loves to hack things together whether it be hardware, software or a combination of both! When he isn’t doing crazy hacks you will find him picking locks, tampering with tamper-proof devices, and finding weaknesses in security controls. All the cybers will be his!

Leave a Reply

Your email address will not be published.