Key Milling

From Noisebridge
Jump to navigation Jump to search

Noisebridge can mill perfect keys with a CNC machine!

The initial revision of this process was developed by Torrie Fischer. Contact her with any questions about this documentation by visiting her user page.

Much of this content was sourced from a forum post on The Home Machinest!.

The Requirements[edit]

  • A CNC mill.
  • A Schlage 5 Cylinder blank key
  • The five pin type numbers from shoulder to tip

A bump key, for example would be 99999. A 00000 is *not* a blank key!

The Process[edit]

Schlage is a huge company, and their locking systems are available anywhere on the planet. The law of large numbers leads to the conclusion that if a large corporation could charge a relatively cheap amount ($15-$50) for a simple door lock, they must have a huge profit and therefore low input costs.

To produce millions of locks every day at a cheap price, they'd want to take advantage of antiquated designs and mass production. The tumbler pin design naturally leads to a limited number of configurations. 10 per pin, in fact. Here's an illustration of their types:

Pin Type Cut depth
0 0.005
1 0.020
2 0.035,
3 0.050,
4 0.065,
5 0.080,
6 0.095,
7 0.110,
8 0.125,
9 0.140

Additionally, there are 5 standard positions for each of the pins:

Pin Position Distance from Shoulder
0 0.231
1 0.387
2 0.543
3 0.699
4 0.855

Considering this limited range of variability and the constants elsewhere (key thickness, length, width), it is entirely possible to describe a Schlage 5 Cylinder key within a simple set of rules. In fact, there are only 100000 different keys out there. The key blade length, thickness, width of the flat spot for the pin, shoulder length, etc are all constant.

A set of specifications can be derived from these constants and variables to reliably reproduce any key configuration. I assume no responsibility for what you do with this information. This is instead a demonstration of the unreliability and lack of real security that a lock might give for something you really care about. Classical tumbler pin locks are not safe from a crafty hacker!

The Kind Robots[edit]

There exists a python script to produce GCode that can then be fed to a CNC mill, such as the [MaxNCMill]. It requires the configuration of Pin Types as input, and will output GCode that you can cut a key with.

The code is availble on github. Free of use.

Preparing the specimen[edit]

Since you're not likely to have access to a 3D probe with which you can zero the key, here's how you'll do it:

  1. Clamp the key flat in place soon-to-be-cut-blade-side-up with the entirety of the blade sticking in a millable area, such as elevated above the surface by a piece of wood.
  2. It must be exactly squared with respect to the grooves in the milling platform.
  3. Zero the tool's X and Y so that the tool's sides are barely scraping the corners of the key's shoulder with the widest radius when lowered.
  4. Zero the tool's Z to be just barely touching the top of the key's surface with the tip.
  5. Start milling

How they work their magic[edit]

Since each PIN is at a known location, and each pin type has a known depth, there exist only 10 control points along an otherwise straight line. The script generates these points as tool movements. The movement will consist of:

  1. A preparatory positioning of the tool
  2. Moving to the shoulder
  3. Cutting each pin's groove in multiple passes

By default, the script will do it in 1% increments by pass for quality. It will produce 10 passes per milled layer for a total of 100 layers. If your mill supports it, you can watch the comments in the GCode for producing a percentage progress. The process takes about 10 minutes and can likely be sped up by modifications to accurately use the bit's full size and remove a constant stream of metal instead of occasional tiny bits.

More Documentation[edit]

The resulting G code is well documented, probably moreso than the python script. This is to assist the hacker in understanding the precise reason for each movement, as GCode can be quite cryptic.