Slashdot Mirror
Steel Bolt Hacking
The beginning of the book discusses the origins of lock-picking sporting groups, crews in the U.S and Europe, competition around the country, and how to become a part of a lock-picking group. One of the groups out of Colorado Springs, DC719, are a bunch of computer geeks that have taken up the art of lock picking and sponsor a lock-picking contest every year at DefCon. According to Mr. Chick, computer people are the fastest group to pick up the art of lock picking. (I must warn you though, there are also a lot of disclaimers about the author not being responsible for the misuses of the information contained in this book.)
The book is fully illustrated with pictures of different types of lock picking instruments, tools to make your own picks as well as padlocks, deadbolt, and combination locks. There are pictures of locks that have been cut open and even how to crack push-button combination locks. (You know, the kind you find on the door to a server room.) I have to say, for a little book, (114 pages) it is brimming with valuable information for a beginner. What I didn't realize was that software isn't the only thing that has security vulnerabilities; mechanical things like padlocks and deadbolts do as well. What was scary to learn is how easy cheap locks can be picked, and that 80 percent of all locks used are cheap locks. Expensive locks are just likely to take a little longer.
I liked that the book didn't exaggerate. It didn't tell me that I was going to be a master lock picker after only a few tries. It took a little time, practice and sore fingers, but after a couple weeks of practice, I could pick every lock in my house. And as a computer person, I liked all of the jargon that was used to explain locksmith techniques. There was also enough humor to keep the book interesting; it's difficult to read any type of textbook and still maintain a reasonable interest. The illustrations are good and there is a resource section to purchase the tools you need from the Internet.
What I didn't like about the book: The most annoying point, I felt, is the considerable redundancy in methods between different types of locks to be picked. Also, the book suggests that there might be a lock-picking group in every city in the U.S., when in fact I am having a difficult time finding one in my are. And I live near D.C. -- You'd think there would be one on every corner around here. I think that the sport is still in its infancy and Mr. Chick is hoping his book will draw more people to it. The author put his e-mail address on the back of the book. He hasn't responded to my e-mail yet, but I suppose that he's probably a busy man.
All in all, I found the book informative, entertaining and worth the purchase price of 19.99.
You can purchase Steel Bolt Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
quicktime movie of the same.
-knowles
In DC, basic possession of lockpicking instruments is illegal, unless you are a licensed locksmith. You don't have to prove intent. This is the same in many other states. Be careful and don't do anything stupid.
If you're interested in learning a bit about lock picking, but aren't sure you want to spend $20 on this book yet, take a look at this article at Howstuffworks.com.
It offers a great introduction to lock picking, and has some nice graphics that really helped me understand how locks work, and how they can be circumvented. If you really get into it, then I'm sure this book would offer a lot more information to help you along.
Wait until the streep sweeper comes by and follow it down the street. The bristles are spring steel that is perfect for lock picks. They fall off, just pick them up off the street.
I've never made a set of picks so I don't know if this is true or not, but there was a decent lock picking culture at MIT in the late 70s.
You might also check out Ted the Tool's on-line book called the "MIT Guide to Lock Picking" found here among lots of other places.
I'm suprised no one has linked to the (in)famous MIT Guide to Lockpicking yet.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Speaking of MIT, why hasn't anyone mentioned the MIT lock picking guide ?
So does this book have any recommendations along those lines? What door locks, deadbolts, padlocks, bike locks, etc, follow the locksmith version of "best security practices"?
It seems that people in the hobby are reluctant to endorse brands. I saw Barry "The Key" Wels at HOPE this year. His presentation involved the pricey (and supposedly uber-secure) Medico locks and another brand of expensive lock that he agreed with the manufacturer to keep the brand name hidden during his talk.
When his talk shifted to his CryptoPhone project, he politely sidestepped an audience member asking what kind of lock he had on the doors of CryptoPhone's offices.
Where does the school board find them and why do they keep sending them to ME?
.:
Funky-type pdf
http://www.lysator.liu.se/mit-guide/MITLock Guide.pdf
~!-xor
http://www.lysator.liu.se/m it-guide/MITLockGuide.ps
:.
Depends where you live, actually. I'm a locksmith (which is to say, I took a correspondance course, and then did a whole lot of reasearch on my own), and according to Massachusetts (USA) law, owning a set of picks isn't illegal. Owning them with intent to commit a crime is what's illegal. Now... you can probably see the problem here. Go ahead, prove you're not intending to commit a crime...
Basically, if the police want an excuse to harass you, they have one. If you stay out of their way, and don't make it obvious, usually no one will care. Further, if you can prove you need them for your job, you're even less likely to get hassled.
Abloy locks employ a sidebar and rotating disks. It's very, very difficult to pick them for several reasons; sidebar locks are intrinsically difficult to pick (such as the old GM locks, which didn't have a pick set for them until the late 1980's or early 1990's, when some smartass figured out that you could use a special spring compression tool to allow the wafers to free-float. That makes them subject to move when vibrated or rapped, and the sidebar (which is then under spring pressure) can line them up.
Abloy has no such constraint. IIRC, the world record for picking an Abloy is 36 hours. That may have changed; I don't know.
For high security locks like Medeco, ASSA, Abloy, etc., the fastest way through them is a grinder. Used to be an ice pick attack to the latch, and although some locks are still improperly installed, that's largely gone the way of the dodo.
As a locksmith myself, I'd rather have Abloy on my doors more than anything else. But they're hard to find here in the US, so I use Medeco instead. Beats the hell out of a $15 Kwikset, lemme tell you.
First, the obligatory link to a mirror of the MIT Lockpicking Guide.
Second - as another poster noted, lock pins aren't typically made from high-strength alloys. A battery-powered hand drill (and a screwdriver to turn the lock when the pins are gone) is the best and fastest lock pick that there is. Didn't even leave any visible damage when I used this approach on a filing cabinet we'd lost the key to. Just pick a bit as wide as the key entryway, and drill down the line of pins.
Be advised that the lock tends to jam after closing again, as the remains of the pins fall back into their channels when the lock returns to its original position. But if you're drilling a lock, you're typically looking for a one-time solution anyways.
I haven't read it in a while, but wasn't the combination the STOCK combination from the factory?!
Feynman is my favorite wise-cracking, lock-hacking, bongo-playing, skirt-chasing Nobel physicist!
In the future, I would want to not be isolated from my friends in the Space Station.
I learned how to pick locks in college. It was a valuable skill in the dorms where people were consistently locked out by their roommates. Housing charged you $25 to let you back in. I charged $20.
An interesting side effect, I'm sure one that goes with just about any skill most people don't have, is the number of times you see people in movies doing it absolutely wrong.
People's desire to believe they are right is much stronger than their desire to be right.
Forget the link to B&N, try Amazon instead.
Ignorance is the root of all evil.
Read it again, dipstick. He never learned to pick locks by touch or sound, and as a matter of fact he found that it wasn't a necessary skill. He cracked combination locks by various methods which reduced the number of combinations which needed to be tried, and then used trial and error. IIRC he didn't crack the general's safe, but heard from another individual that the safe combination was set to the factory default (0-25-0 or 25-50-25).
Everything Fun In Jersey Is Illegal
...that includes lockpicks, and I've been told, carrying a prybar in your vehicle is a Bad Idea (potential police harassment for carrying "burglar tools"). Hey, I've been harassed for carrying a Victorinox (Swiss Army) pocketknife. Just a basic pocketknife w/ screwdrivers / scissors.
I'm a recovering South Jersey boy. When my wife moved to Jersey with me, within a few months she came up with a song:
Everything Fun In Jersey Is Illegal
Now enjoying a state that's much less restrictive.
I'm not a Lawyer.
1. It's illegal in the US, depending on your state's law. Some states don't allow you to own lockpicks, while others are more leniant.
2. Locksmiths are not banned from using lockpicks. You don't need special certifications to be a locksmith, but you do need a business license to order from many lockpick manufacturers.
~~~
Click here, you know you wanna!
Medico is the way to go...also, very very few criminals resort to actually picking locks when a sledge hammer and a crow-bar work quicker.
But medico is the way to go if you want an uber secure steel door with a steel frame set into concrete...but as with all things, the thing you would THINK is the weakest link in door security (like the lock) is actually the strongest. When you are thinking about installing a door, think the whole thing with frame along with the lock.
Also, go low-tech also and a good steel bar across the bottom of the door stops many people...also stops with the kick-in.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
I used to get the combinations for Masterlock combo locks in college all the time.
_ lock.html
This site has the full details:
http://www.people.fas.harvard.edu/~hillson/master
Nope. This model of lock must have either really crappy manufacturing or a design flaw or both. What they're doing is the equivalent to "raking" in a conventional lock -- that's when you put some tension on the cylinder and just run a pick along the pins without any attempt to feel the individual pins. It generally won't work in a lock with security features and tight tolerances (though sometimes you get lucky). In addition, tubular locks are usually designed so you have to turn it at least 1/4 turn to open it, which would involve picking the lock several times. The Kryptonite they show releases the shackle in an intermediate position -- bad design there. A real tubular lock pick should open those locks; a simple plastic cylinder of the right diameter should not.
And never forget the value of the handy old credit card. A friend and I got started in lockpicking with some sets we got off ebay back in middle school, and by the end of high school were quite profficient.
But I've found now that just about any locked door that doesn't use a deadbolt can be opened much faster with a credit card. I keep three of varying thickness in my wallet depending on the situation. I use my ID badge at work to get into the conference rooms because it's quicker than pressing in the door code.
Also, two butter knives work pretty well too if you have a reasonable gap between the door and frame, just alternate force on them to "walk" the latch out. Best part is, you haven't touched the door handle at all, so it's about as non-invasive as you can get
Okay, in many states you can legally own lockpicks as a hobbyist.
HOWEVER!!
IF YOU ARE ARRESTED FOR -ANY- CRIME, POSSESSION OF LOCKPICKS WILL CAUSE YOU TO ALSO BE CHARGED WITH POSSESSION OF 'BURGLERY TOOLS'! This could even include a speeding ticket if the Officer decides to search you. So if you are going to carry lockpicks on your person, BE CAREFUL!
A) They didn't have good jaws
B) They had WAY overprice jaws.
Unless he was an idiot/improperly trained, and tried to "spread" the lock, which doesn't work with hardened steel. Now, the Hurst "heavy cutters" make very short work of hardened steel, just make sure you're not on the path that the two halves will go when they finally separate.
(I'm a volunteer firefighter with a decently good bit of education/practice/use of Hurt's jaws).
A Mul-T-Lock is supposed to be virtually unpickable.
Now the "odds" question. If there are N possible combinations, and you try one of them, the probability that it is the right one is 1/N, and the probability that it is a wrong one is (N - 1)/N.
Now suppose the 1st try is a failure but the 2nd is a success; the odds of this are [(N - 1)/N] * [1/(N - 1)] = 1/N again. [The 1/(N - 1) factor comes from the fact that on the 2nd try there are N - 1 combinations to try, since you have tried one that does not work and, presumably, will not try it again.] The odds that you will succeed in one or two tries is the sum of the individual probabilities, because they are mutually exclusive events (that is, the first success cannot occur on BOTH the first and second tries). Generalizing to the case of a first success on the Kth try is straightforward.
You can buy some picks here, if you claim you're a locksmith.
They don't do a 'terrorist' background check.
Really all locks are vulnerable - locks are sort of like DRM or encryption - there has to be a protocol to get through the security and protocols can be hacked. In general there are three issues with locks: the complexity of the mechanism (that reduces the effectiveness of hacks, i.e. a five number combo is better than a three number against simply trying every combo), the precision and quality of the engineering (i.e a lot of cheap combo cable locks are vulnerable to very simple hacks of "feeling out" the combo hot spots caused by cheap, poor engineering - most lock packs including picking are aided by "play" in the mechanism itself, which is exploited), and the strength and quality of the securing (versus the locking) mechanism (to resist against brute force attack, far and away the most common way theives get past locks: they simply break them. It's hard to make a mechanism that a two inch piece of metal can open truly strong).
There's no simple answer. Ask a locksmith for help chosing the best bet for a particular job and be prepared to spend some money because top quality locks are expensive. And remember for the most part locks keep honest people honest and at best deter, slow or diver thieves (number one way thieves enter domiciles is doors and windows left open. Number two is straight force i.e. the swift kick or broken window).
Years ago I lived in a crummy apartment and there were a bunch of storage rooms past renters had put padlocks on and then abandoned. I was to clear these out for current renters. None of the locks were top of the line but they ranged from hardware store cheapies that cost a couple dollars to heavy duty name brands that might have been upwards of ten. In each case I opened the lock by inserting a short iron prybar about 3/4 inch diameter between the shackle and the body and just wrenching the shackle right out of the body of the lock. I was amazed by how easy it was with a little force and leverage, and not caring that I was wrecking the lock.
It Is the Nature of Information to Transgress Artificial Boundaries
Consumer Reports ran a battering ram into some locked doors. What gives first is the "strike plate", the usually flimsy piece of metal in the door frame that the bolt slides into.
The first thing to do is to replace that with a reinforced strike plate anchored with long screws. The Mag 3 has a full bucket to enclose the bolt and transfer load to the rest of the strike plate, which has four screw holes. Use 3" long #10 wood screws (drill a pilot hole first) and you're solidly anchored to the studs.
Then think about upgrading the lock. I have a hunch there are other brands as good as Medeco but less heavily promoted -- ask a locksmith. Medeco's engineering is brilliant, though.
Remember to consider key control. One attack mechanism is for your housecleaner's drug-addicted boyfriend to duplicate your house key.
Boy is this true. Having worked with card-access systems for 5 years, I always chuckle at the way movie characters get past these things, and not trip any alarms in the process.
Just some notes for those people contemplating getting past a card reader.
- Pulling apart the reader may trigger an alarm, not always but often enough.
- Shorting the wires together will not open the lock. What it will do is A) send lots of alarms (read fails) to the guard at the security desk. B) Very possibly short out the door control and make the door locked permanitly.
- From the Resident Evil movie, running a needle through a card reader will get you jack. Maybe its a good thing they just let her out.
- You will never "lock in" a single digit of a PIN combination on one a electronic combination lock by running through numbers. What you will do is send through a bunch of alarms to the guard.
- While cutting the wires to a door alarm will technically disable the alarm, the loss of the door loop will send through its own alarm. Those wires carry a specific resistance, if that changes an alarm is sent.
Those are about the worst offenders off the top of my head, in reality getting past an electronic lock is a pain in the ass, this is why the government/military uses them.Necessity is the mother of invention.
Laziness is the father.
Whine about it for awhile longer. Then use the Wayback Machine.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
Lever locks have the combination component one step removed from the input component, which makes them harder to force. If you try to force a lever lock, you may trash the levers, but that won't open the lock.
Safe deposit boxes are traditionally lever locks, although not always very good ones. Jail locks are usually level locks of massive size.
Lever locks are usually big rectangular boxes, unsuitable for embedding in a door. So they're not used much unless serious security is required, as in a jail.
I think you mean 14 1/2". Or sometimes 22 1/2". Not many carpenters on slashdot I guess. Also, you will need more than a pen knife to get through the 7/16" OSB sheathing that is so often used these days. On older houses you might even have 3/4" tongue and groove boards to get through instead of plywood or OSB.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
http://www.lockpicking101.com/.
Plenty of forums on lock-picking...
Relevant paragraphs for the lazy: