good & bad security & Using Penetration testing for inspiration of eberron “puzzles” (and locks/security).

Prophesised by dragons...tempered by magic...forged in war...
The Book-House: Find Eberron products.
Post Reply
Posts: 86
Joined: Tue Jul 04, 2017 1:23 pm
Gender: male

good & bad security & Using Penetration testing for inspiration of eberron “puzzles” (and locks/security).

Post by tetrasodium » Mon Feb 04, 2019 12:00 am

Pen testers are effectively burglars who get paid by a company/organization to test the physical security of their own facilit(y/es). In doing that testing there are a number of different methods that range from social engineering, lock fiddling, exploiting poor design, just making a hole, & many more. These methods range from “overt” methods that are obvious to anyone that comes along. Covert methods that are not obvious to the normal users. And “surreptitious” methods that are not detectable as something other than a normal user(ie employee) access even under testing. The best part about it is how many of these methods are trivial to get a vague grasp on & not much harder to understand. With the vague grasp & understanding comes the ability to use that knowledge for fun as a gm, adventure designer, and potentially a player too. I’m going to use the rest of this to summarize some great presentations about pentesting methods, some of them are the kind of thing that can be implemented on site like ye old “dc XX locked door” that everyone is familiar with, others are interesting and allow things like an adventure to circumvent “what do you mean every door has a dc35 lock & most doors are made of adamantium!?!?!!”.
Ye Old lock
The really interesting stuff will come in later sections, but I want to start with the obvious before getting into fun stuff. I’m not going to talk about ways that lock picking can be leveraged,adventure designers already use it to death & it’s boring because either the players fail & it doesn’t matter or the players fail & there is a work around built into the adventure. Not only is it boring, it is often going to be one of the very last things attempted during pen testing.

Given that lock picking is likely to be the last thing attempted, the question of all the interesting things they are going to try first comes up… and oh boy are they interesting. I’m going to cover a bunch of things that I feel can be applied in an eberron game below. The order I’m choosing to present things in is simply based on what I think is needed to get the most out of later sections. Feel free to skip around, but at least the first couple sections are (depending on your understanding of certain topics) semi-foundational ones.

Master Keys
Most everyone has heard of a “Master Key” even if they don’t know what it is or how it works. With a master key, you can have individual keys for each door, a master key that opens every door, and more interestingly for us a key that just opens some doors (ie all of floor five, all of marketing, just r&d, etc). This excellent presentation covers a method to use one of those keys that only opens one door & change that key to open some or all doors along with both pitfalls as well as some lock types not vulnerable to such an attack. By using this sort of system & a known key recovered through other means, you now have a PC using standard thieve’s tools to make it into a key that will either open no doors, some doors, or all doors based entirely on the results of a roll. Even better is that depending on the adventure’s structure, you can design in extra attempts to make up for bad luck & party skill gaps. In later sections I’ll cover some ways you can obtain & generate said key as the adventure rather than designing ad adventure where everyone is watching bob make a pass/fail check. Fun fact on this whole master key section is that if a PC is using a file on a key to bring it to different bit depths, the mending cantrip will shift it to a “take 20” type of result given enough time (tens of minutes to an hour or more). By including a wand that allows the user to cast mending in the adventure you give your PCs a potential solution that only becomes apparent if they have an undamaged valid key and put the pieces together on how to use cantrips effectively. Such a wand might even be found in a janitor supply closet that your players might even get a laugh out of. If you have not tripped an alarm, a janitor supply closet type room is going to be a great place to fit in a short rest while out of sight.
REX sensors
A Request to EXit sensor is simply the eye on those automatic doors you see in some office buildings and nearly every retail store. Everyone likely to be reading this lives somewhere that automatic doors on retail buildings are common enough that they should be familiar with them on a conceptual level. What readers might not know is that many of them are both self-locking & trivially defeated from outside the locked door. Here is a quick and simple video showing how to do so on many of them using a cheap can of air. A large percentage of those sensors only look for movement & can as a result be defeated by anything that involves movement/difference. Some will look for changes in temperature (which the can of air does), some few expensive ones will have multiple sensors that look for both movement and a roughly human shape. Using magic as the sensor, you could tie it to a good number of things, but a living thinking guard is the only foolproof method, even a simple unarmed doorman on the other side of the door can sound an alarm. Fun fact is that someone who smokes or vapes also carries around something trivially capable of defeating these kinds of sensors :D While this might not seem much different from ye old lock, you can have a door with no external lock & describe it rather dramatically as a gm. A magic REX sensor should be a fairly common type of lock in eberron.
The under door Tool
[/url]These things are pretty simple[/url]. In essence, a doorknob on one side of a door is probably the same on the other side. If you have a lever or similar type door knob on one side, you probably have the same on the other side. An under door tool is a bit or metal & cable (or sometimes a coathangar!) that you can slide under the door & use to pull the lever on the other side where you don’t need to unlock the door first. They also tend to work on paddle & push bar style door latches. While the underside might be protected, the top of a door is rarely going to be protected enough to stop someone from doing nefarious things like sliding a loop of 35mm film through & pulling the lever up. There are a number of things that can be added to the door that make such a thing harder or impossible… or you could use a regular round doorknob.
Common “bullshit” Keys
But what if it’s a real key not on that list?
This one is harder in eberron, but it’s fairly trivial to copy a key from a photograph.& the difficulty in eberron is simply that “taking a picture” would be tough, but there are feats and cantrips that would allow you to remember, reproduce, or copy an object like described. Putting this in context of cost, a blank key is like 1-2$ US at home depot, you can buy calipers for around 10-20$, & a key punch machine like those displayed in the video range from about 1000-2000$usd at the low end for a simple manual punch to several thousand for the fancy automatic type ones you see in places like home depot making them all within the reach of PC’s at low/mid/late levels. The big automated ones are problematic due to size & noise, but those can be handled with a very full bag of holding/portable hole type thing in d&d
We have a bunch of common keys. Like it or not, a handful of keys will open most lockson toolboxes/cabinets/elevators/door access systems/etc. A lot of these kinds of keys are an excellent way that you can simply add flavor like “The Wizard’s bookcase was locked, but it’s obviously a standardized key so you pop it open trivially”. In addition it talks about how you might be able use investigative skills to lookup & purchase keys needed for things later (or if you go back) rather than other options like ye old thieves tools.

Red team or not
Here is a fun little video about the difference between “red/tiger team” type testing & everything else. In it, he presents a great variety of fun problems & solutions. He also presents a few of them in ways that could be easily converted into encounters.I highly recommend it. At one point, he even talks about a programmable rfid chip he has implanted in his hand that is the same sort you find in those rfid badge readers, keith mentions the arcane equivalent of a pin being worn by a guard in one of the thorn of breland books. He talks about the scope of a job & modeling of threats relevant to the client in a way that can be used to setup an “adventure” in a way that you as a gm/designer can throw PCs into a position they can’t win or do so in ways that tie their hands a bit (ie don’t hurt my staff) without the penalty for failure being “and you die”. That sort of thing also allows you as a gm/designer to involve the PCs with extremely powerful groups who might be involved with super nefarious stuff that you can surreptitiously expose your players to without actually getting them involved yet or force them to get themselves involved in thwarting who they thought was their powerful boss. With all the heist adventures in embers of the last war I don’t know if it’s a good idea or not for an adventure, if not you could always say it was something that they noticed on a job they got hired for.

Latch slipping
There are locks with security features built in to thwart latch slipping if they get installed right.. but that is not always the case. Here is a quick & simple little video showing how you can do latch slipping using a cut coke bottle rather than a latch slipping tool.
Copying keycards
This is a complicated subject that I won’t get into because your options will depend on what you are facing & you can just consider it the same as keys that happen to be magic. More secure keycard systems tend to have a two factor system on at least some doors where you need to badge and enter a pin number. Somatic gestures & verbal components being added to a physical token key like the one mmentioned in thorn of breland is an extremely reasonable thing
The fun stuff
I’m going to skip over the overt stuff like breaking down the door & drilling out the lock not because it wouldn’t happen in d&d but because it’s already well known that you can break down a door or lock & thus irrelevant to this. Now that a bunch of the basics are at least briefly noted, it’s possible to get into more in depth stuff. This video is about some of the tactics used in penetration testing. You can use a lot of this kinda stuff to spice up ye old entry door
Everyone has seen a door hinge, you might even have used a nail & hammer to remove/reinsert the pin from a door hinge for one reason or another, but now the difficulty is either burning a second level spell slot for silence or making some noise that might trigger an alarm/be heard by a guard if done too quickly or might take a few minutes of very softly tapping on that nail till you can take the door off its hinges. Once you have the door off its hinges, it doesn’t matter if it had a dc30 lock on an adamantine door, but you now have a door not on its hinges that needs to be put back ononce it is unlocked or has someone on the ptjer side to open it. That door is probably heavy & will take some work to line up the hinge pins. Treat it like a challenge Meld into stone might not get you in, but a specialized tool might allow you to remove the hinges through the wall because... “magic”. Face it, as a designer your locks can’t be too good or the players just immediately hit a brick wall in your adventure. If you assume that tools like this would exist or that the occasional hinge is installed on the wrong side of a locked door.. that dc30 lock on an adamantine door is perfectly reasonable because you have the barbarian trying to hold the door from falling, the rogue fiddling with the weak point (the hinges), maybe the spellcaster concentrating on a silence spell, and the bard/sorcerer doing his charismatic thing to distract the patrol or whatever… maybe they just leave the door off the hinges & a patrol finds it like that later. The jamb pin noted in the video would thwart this sort of attack yes, but it is extremely rare to see your PCs not willing to damage a door like destroying those.

Thumb turn flipper
A thumb turn defeat/flipper tool is a bit of hardware that will allow an attacker (like your PCs) to bypass a deadbolt provided there is a gap (like with double doors) here is a simple video showing one & showing it in use. While the tool is “restricted” making it hard to get if you aren’t a locksmith or security person, they are not especially expensive. If you factor in magic like mage hand, all you need is a simple mirror or the arcane equivalent of a wire snake camera (15-100$) to see under the door so you can just use mage hand to unlock it. It’s extremely reasonable to assume that an arcane wire snake camera equivalent exists as a common or uncommon magic item available in eberron to those with proper authorization like the latch flipper tool. Of course, your average PC is probably not authorized & thus is likely to be spending a good bit of coin ;D

Going back to REX sensors& things that would prevent latch slipping, he also talks about why installers will purposely make an effort to ensure that many of these security features are deliberately less secure than they could
Bridging a circuit to trip a relay, Deviant has a section about using one of those ultra common keys to open the doorking box & bridge the circuit with a bit of wire (like a high tech bent paperclip!) to trip the system into unlocking itself just like would happen if the thing were unlocked through normal means. An interesting coincidence is that Keith talks about using a wire & couple drops of mabaran nightwater to short out various wards in his books. The difficult part to doing a lot of this kind of stuff is in knowing what to do to meet your needs without setting off an alarm or breaking something once you have access. Even if you don’t have “The manual”, you can often find a chart/labels on the inside of a device or just follow the wires & make some guesses.
Elevator Hacking
very dangerous and potentially illegalbeware!! I include this one not because elevators fit well into eberron, it shows two other things. The first is examples of how a ward or enchantment could be subverted and/or repurposed. The second is that it includes a number of examples that are either an alarm for those who screw up or an extremely lethal trap that can and has maimed or killed people despite not being created as a trap. Here is a great video on the subject. Notice how the subject of common & universal keys comes up multiple times in it.
Last edited by tetrasodium on Mon Feb 04, 2019 3:46 am, edited 1 time in total.

Posts: 86
Joined: Tue Jul 04, 2017 1:23 pm
Gender: male

Re: good & bad security & Using Penetration testing for inspiration of eberron “puzzles”.

Post by tetrasodium » Mon Feb 04, 2019 12:02 am

Hopefullt his is useful & people enjoy the mental doors it opens. Questions & discussion are welcome :D

Post Reply

Return to “Eberron”